[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRHbBql8GW6ysaCln3W1gZu_tyXlZDusEKQZmNUdsOdc":3},{"slug":4,"display_name":4,"profile_url":5,"plugin_count":6,"total_installs":7,"avg_security_score":8,"avg_patch_time_days":9,"trust_score":10,"computed_at":11,"plugins":12},"invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F",8,75560,88,1793,71,"2026-05-19T21:40:32.001Z",[13,39,57,73,84,102,116,131],{"slug":14,"name":15,"version":16,"author":4,"author_profile":5,"description":17,"short_description":18,"active_installs":19,"downloaded":20,"rating":21,"num_ratings":10,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":32,"download_link":33,"security_score":34,"vuln_count":35,"unpatched_count":36,"last_vuln_date":37,"fetched_at":38},"wp-fail2ban","WP fail2ban – Advanced Security","5.4.1","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">fail2ban\u003C\u002Fa> is one of the simplest and most effective security measures you can implement to protect your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cem>WP fail2ban\u003C\u002Fem> provides the link between WordPress and \u003Ccode>fail2ban\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1\nOct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>WPf2b\u003C\u002Fem> comes with three \u003Ccode>fail2ban\u003C\u002Fcode> filters: \u003Ccode>wordpress-hard.conf\u003C\u002Fcode>, \u003Ccode>wordpress-soft.conf\u003C\u002Fcode>, and \u003Ccode>wordpress-extra.conf\u003C\u002Fcode>. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nThe very first feature of \u003Cem>WPf2b\u003C\u002Fem>: logging failed login attempts so the IP can be banned. Just as useful today as it was then.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block User Enumeration\u003C\u002Fstrong>\u003Cbr \u002F>\nOne of the most common precursors to a password-guessing brute force attack is \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fblock-user-enumeration\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">user enumeration\u003C\u002Fa>. \u003Cem>WPf2b\u003C\u002Fem> can block it, stopping the attack before it starts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block username logins\u003C\u002Fstrong>\u003Cbr \u002F>\nSometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). \u003Cem>WPf2b\u003C\u002Fem> can require users to login with their email address instead of their username.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocking Users\u003C\u002Fstrong>\u003Cbr \u002F>\nAnther of the older \u003Cem>WPf2b\u003C\u002Fem> features: the login process can be aborted for specified usernames.\u003Cbr \u002F>\nSay a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Empty Username Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nSome bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Spam\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Attempted Comments\u003C\u002Fstrong>\u003Cbr \u002F>\nSome spam bots try to comment on everything, even things that aren’t there. \u003Cem>WPf2b\u003C\u002Fem> detects these and logs them as a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Pingbacks\u003C\u002Fstrong>\u003Cbr \u002F>\nPingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, \u003Cem>WPf2b\u003C\u002Fem> effectively rate-limits potential attackers by logging the IP address as a “soft” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block XML‑RPC Requests\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nThe only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; \u003Cem>WPf2b\u003C\u002Fem> Premium can block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Countries\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nSometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cloudflare and Proxy Servers\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will work with \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fcloudflare-and-proxy-servers\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa>, and the Premium version will automatically update the list of Cloudflare IP addresses.\u003Cbr \u002F>\nYou can also configure your own list of trusted proxies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>syslog Dashboard Widget\u003C\u002Fstrong>\u003Cbr \u002F>\nEver wondered what’s being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Health Check\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will (try to) check that your \u003Ccode>fail2ban\u003C\u002Fcode> configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of \u003Cem>WPf2b\u003C\u002Fem> not working as well as it can.\u003Cbr \u002F>\nWhen did you last run the Site Health tool?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ccode>mu-plugins\u003C\u002Fcode> Support\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> can easily be configured as a “must-use plugin” – see \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fconfiguration.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1#mu-plugins-support\" rel=\"nofollow ugc\">Configuration\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>API to Extend \u003Cem>WPf2b\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nIf your plugin can detect behaviour which should be blocked, why reinvent the wheel?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event Hooks\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nNeed to do something special when \u003Cem>WPf2b\u003C\u002Fem> detects a particular event? \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fdevelopers\u002Fevents.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">There’s a hook for that\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Web Application Firewall (WAF)\u003C\u002Fli>\n\u003Cli>Akismet support.\u003C\u002Fli>\n\u003Cli>Block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fli>\n\u003Cli>Block Countries.\u003C\u002Fli>\n\u003Cli>Auto-update Cloudflare IPs.\u003C\u002Fli>\n\u003Cli>Event log.\u003C\u002Fli>\n\u003Cli>Event hooks.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP fail2ban uses fail2ban to protect your WordPress site.",70000,1980109,84,"2025-04-29T15:21:00.000Z","6.8.5","4.2","7.4",[27,28,29,30,31],"brute-force","fail2ban","login","security","syslog","https:\u002F\u002Fwp-fail2ban.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban.5.4.1.zip",91,1,0,"2019-02-25 00:00:00","2026-04-16T10:56:18.058Z",{"slug":40,"name":41,"version":42,"author":4,"author_profile":5,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":23,"requires_at_least":50,"requires_php":25,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wpf2b-addon-blocklist","WP fail2ban Blocklist","2.2.2","\u003Cp>There are many plugins that use a database to check for malicious IPs \u003Cstrong>after\u003C\u002Fstrong> they connect, and of course \u003Ccode>fail2ban\u003C\u002Fcode> stops \u003Cem>repeated\u003C\u002Fem> attacks, but what if bad IPs could be blocked \u003Cstrong>before\u003C\u002Fstrong> they attack?\u003C\u002Fp>\n\u003Cp>By working collaboratively – sharing attack data – \u003Cem>WP fail2ban Blocklist\u003C\u002Fem> does exactly that.\u003C\u002Fp>\n\u003Cp>The Blocklist Network Service (BNS) collects attack data from participating sites, performs some analytical magic, and sends back a list of IPs that are attacking sites now but haven’t yet attacked that site. In other words, each site periodically gets a unique list of IPs to block \u003Cstrong>preemptively\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>GDPR\u003C\u002Fh4>\n\u003Cp>The BNS doesn’t collect personal data, and bots don’t have rights.\u003C\u002Fp>\n\u003Cp>That said, the BNS only collects the minimum data required (time, IP, event), and only for IPs that have behaved maliciously.\u003C\u002Fp>\n\u003Cp>Of course, it is possible that some data is generated by \u003Cem>people\u003C\u002Fem> behaving maliciously, but the BNS has no way to differentiate – and nor should it: an attack is an attack.\u003C\u002Fp>\n\u003Ch4>Freemius\u003C\u002Fh4>\n\u003Cp>To work, the BNS \u003Cstrong>must\u003C\u002Fstrong> know:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>which sites are running the blocklist add-on,\u003C\u002Fli>\n\u003Cli>which version is in use,\u003C\u002Fli>\n\u003Cli>and a shared secret for secure communication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Freemius already provides all these, and \u003Cem>WP fail2ban\u003C\u002Fem> already uses Freemius; why reinvent the wheel?\u003C\u002Fp>\n\u003Cp>Therefore, unlike the core \u003Cem>WP fail2ban\u003C\u002Fem> plugin, you \u003Cem>must\u003C\u002Fem> opt into Freemius for the blocklist to work.\u003C\u002Fp>\n","WP fail2ban Blocklist is a collaborative preemptive blocklist for WordPress.",4000,27242,100,2,"2025-05-01T12:27:00.000Z","4.9",[52,28,30],"blocklist","https:\u002F\u002Faddons.wp-fail2ban.com\u002Fblocklist\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpf2b-addon-blocklist.2.2.2.zip",92,null,{"slug":58,"name":59,"version":60,"author":4,"author_profile":5,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":36,"num_ratings":36,"last_updated":65,"tested_up_to":66,"requires_at_least":50,"requires_php":25,"tags":67,"homepage":71,"download_link":72,"security_score":55,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wp-fail2ban-addon-contact-form-7","WP fail2ban Add-on for Contact Form 7","2.0.0","\u003Cp>No matter how good your anti-spam measures, some will get past. This add-on logs spam form submissions via \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-fail2ban\u002F\" rel=\"ugc\">\u003Cem>WP fail2ban\u003C\u002Fem>\u003C\u002Fa>, and provides a new filter for \u003Ccode>fail2ban\u003C\u002Fcode>.\u003C\u002Fp>\n","WP fail2ban Integration with Contact Form 7 to log spam form submissions.",800,9295,"2024-09-12T10:35:00.000Z","6.6.5",[68,69,28,30,70],"classicpress","contact-form-7","spam","https:\u002F\u002Faddons.wp-fail2ban.com\u002Fcontact-form-7\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban-addon-contact-form-7.2.0.0.zip",{"slug":74,"name":75,"version":60,"author":4,"author_profile":5,"description":61,"short_description":76,"active_installs":77,"downloaded":78,"rating":36,"num_ratings":36,"last_updated":79,"tested_up_to":66,"requires_at_least":50,"requires_php":25,"tags":80,"homepage":82,"download_link":83,"security_score":55,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wp-fail2ban-addon-gravity-forms","WP fail2ban Add-on for Gravity Forms","WP fail2ban integration with Gravity Forms to log spam form submissions.",700,6919,"2024-09-12T10:36:00.000Z",[68,28,81,30,70],"gravity-forms","https:\u002F\u002Faddons.wp-fail2ban.com\u002Fgravity-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban-addon-gravity-forms.2.0.0.zip",{"slug":85,"name":86,"version":87,"author":4,"author_profile":5,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":47,"num_ratings":35,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":99,"download_link":100,"security_score":101,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wp-page-tree","WP Page Tree","1.1.1","\u003Cp>Similar to \u003Cem>Site Page Tree\u003C\u002Fem>, but better for SEO.\u003C\u002Fp>\n","Widget to display a navigable tree of pages.",40,4616,"2015-03-21T15:52:00.000Z","4.1.42","3.4.0","",[97,98],"page-tree","site-navigation","https:\u002F\u002Fcharles.lecklider.org\u002Fwordpress\u002Fwp-page-tree\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-page-tree.1.1.1.zip",85,{"slug":103,"name":104,"version":105,"author":4,"author_profile":5,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":36,"num_ratings":36,"last_updated":110,"tested_up_to":111,"requires_at_least":94,"requires_php":95,"tags":112,"homepage":114,"download_link":115,"security_score":101,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wp-mercurial","WP Mercurial","1.1","\u003Cp>Not everyone has the luxury of seperate development, staging, and live servers. \u003Cem>WP Mercurial\u003C\u002Fem> helps work around the limitations of a single server by automating many of the repetitive Mercurial tasks required when updating WordPress.\u003C\u002Fp>\n\u003Cp>Each time a plugin, a theme, or the core is updated, \u003Cem>WP Mercurial\u003C\u002Fem> will automatically run:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    hg -A commit -m '\u003Cdescription of update>' \u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The description is based on what was updated.\u003C\u002Fp>\n\u003Cp>\u003Cem>WP Mercurial\u003C\u002Fem> never pushes automatically.\u003C\u002Fp>\n\u003Cp>There is also a dashboard widget that provides all the basic Hg commands.\u003C\u002Fp>\n","Basic Mercurial functionality from the dashboard. Automatically commit after updating core, plugins, or themes.",10,1543,"2012-11-18T19:53:00.000Z","3.4.2",[113],"mercurial","https:\u002F\u002Fcharles.lecklider.org\u002Fwordpress\u002Fwp-mercurial","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mercurial.1.1.zip",{"slug":117,"name":118,"version":119,"author":4,"author_profile":5,"description":120,"short_description":121,"active_installs":108,"downloaded":122,"rating":123,"num_ratings":35,"last_updated":124,"tested_up_to":125,"requires_at_least":50,"requires_php":126,"tags":127,"homepage":95,"download_link":130,"security_score":101,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"wp-rest-api-security","WP REST API Security","1.1.2","\u003Cp>The REST API is essential for any modern web framework, but with it comes a huge attack surface. \u003Cem>WP REST API Security\u003C\u002Fem> reduces the attack surface by disabling all the REST API endpoints by default, allowing you to enable only those actually needed. Those that are enabled require authentication by default, allowing you to choose which to make public.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>N.B.\u003C\u002Fstrong> If you are using the new Block Editor you must keep nearly all the endpoints enabled for it to work, but none need be public.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Provides a UI to control which REST API endpoints are enabled and which require authentication.",1190,80,"2019-08-12T13:44:00.000Z","5.1.22","7.0",[128,129,30],"api","rest","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-security.zip",{"slug":132,"name":133,"version":134,"author":4,"author_profile":5,"description":135,"short_description":136,"active_installs":36,"downloaded":137,"rating":36,"num_ratings":36,"last_updated":138,"tested_up_to":139,"requires_at_least":50,"requires_php":140,"tags":141,"homepage":143,"download_link":144,"security_score":101,"vuln_count":36,"unpatched_count":36,"last_vuln_date":56,"fetched_at":38},"gopherduct","Gopherduct","0.9.0","\u003Cp>Almost all web browsers have abandoned Gopher; access to Gopherspace now requires a bridge – a Gopherduct.\u003C\u002Fp>\n\u003Cp>The plugin allows easy access to your Gopherhole from within WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is a Beta version.\u003C\u002Fstrong> “It Works For Me”, but there are almost certainly bugs.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Gopherspace\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Gopherspace URL is appended to the HTTP URL (e.g. \u003Ccode>\u002Fgopherspace\u002F0\u002Fmy\u002Ffoo\u002Fbar.md\u003C\u002Fcode>) so you can link directly from HTTP-space.\u003C\u002Fp>\n\u003Cp>Gophermaps are rendered as a table with some basic styling; in future this will change to allow better integration with themes.\u003C\u002Fp>\n\u003Cp>Currently implements only the basics – File, Directory (local only), HTML.\u003C\u002Fp>\n\u003Cp>Next up will be Images, then Search.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Markdown\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Files with an \u003Ccode>.md\u003C\u002Fcode> extension will be rendered as Markdown – no configuration necessary!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>robots.txt\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Gopherduct doesn’t yet do anything clever with the Gopherspace \u003Ccode>robots.txt\u003C\u002Fcode> file; for now, please remember to adjust your WordPress \u003Ccode>robots.txt\u003C\u002Fcode> file to preserve any exclusions etc.\u003C\u002Fp>\n","noun. 1) a conduit for Gopher, 2) WordPress to Gopherspace bridge.",790,"2020-08-25T01:12:00.000Z","5.5.18","7.3",[142],"gopher","https:\u002F\u002Finvis.net\u002Fplugins\u002Fgopherduct\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgopherduct.0.9.0.zip"]