[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftd5Vq11nuQ-2XbUEeeRrxYCpqQiFYSo0chWAOSCo22A":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"juaevpa","Juanma Evaristo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuaevpa\u002F",1,10,100,30,94,"2026-05-19T19:22:29.292Z",[14],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":9,"num_ratings":21,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":32,"download_link":33,"security_score":9,"vuln_count":34,"unpatched_count":34,"last_vuln_date":35,"fetched_at":36},"lock-my-site","Lock My Site","1.5.9","\u003Cp>Lock My Site is a lightweight plugin that enables remote management of your WordPress site through a secure REST API. Perfect for agencies, freelancers, and anyone managing multiple WordPress sites.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Complete Health Check\u003C\u002Fstrong> – Monitor site status, PHP version, memory usage, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Update Management\u003C\u002Fstrong> – Manage plugins, themes, core, and translations updates remotely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Management\u003C\u002Fstrong> – Activate, deactivate, and get detailed plugin information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Management\u003C\u002Fstrong> – Switch themes and manage theme updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Optimization\u003C\u002Fstrong> – Clean up and optimize database tables\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong> – Basic security checks and recommendations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error Logs\u003C\u002Fstrong> – Access PHP error logs remotely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Management\u003C\u002Fstrong> – List users and roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>API Key authentication\u003C\u002Fli>\n\u003Cli>Optional HMAC signature verification\u003C\u002Fli>\n\u003Cli>Optional IP whitelist\u003C\u002Fli>\n\u003Cli>Rate limiting protection\u003C\u002Fli>\n\u003Cli>Automatic lockout after failed attempts\u003C\u002Fli>\n\u003Cli>API key expiration (90 days)\u003C\u002Fli>\n\u003Cli>Email alerts for suspicious activity\u003C\u002Fli>\n\u003Cli>Activity logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Endpoints\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Status & Health\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fping\u003C\u002Fcode> – Connection check\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fhealth\u003C\u002Fcode> – Complete site health status\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Updates\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fupdates\u003C\u002Fcode> – Available updates (plugins, themes, core, translations)\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Fplugin\u003C\u002Fcode> – Update a specific plugin\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Ftheme\u003C\u002Fcode> – Update a specific theme\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Fcore\u003C\u002Fcode> – Update WordPress core\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Fall-plugins\u003C\u002Fcode> – Update all plugins\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Fall-themes\u003C\u002Fcode> – Update all themes\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fupdate\u002Ftranslations\u003C\u002Fcode> – Update all translations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugins\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fplugins\u003C\u002Fcode> – List all plugins\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fplugins\u002F{plugin}\u003C\u002Fcode> – Get plugin details\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fplugins\u002Factivate\u003C\u002Fcode> – Activate a plugin\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fplugins\u002Fdeactivate\u003C\u002Fcode> – Deactivate a plugin\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fplugins\u002Fignored\u003C\u002Fcode> – List ignored plugins\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fplugins\u002Fignore\u003C\u002Fcode> – Ignore a plugin from bulk updates\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fplugins\u002Funignore\u003C\u002Fcode> – Remove plugin from ignored list\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Themes\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fthemes\u003C\u002Fcode> – List all themes\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fthemes\u002Factivate\u003C\u002Fcode> – Activate a theme\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fdatabase\u002Fstats\u003C\u002Fcode> – Database statistics\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fdatabase\u002Fcleanup\u003C\u002Fcode> – Clean database (revisions, drafts, spam, etc.)\u003Cbr \u002F>\n* \u003Ccode>POST \u002Fdatabase\u002Foptimize\u003C\u002Fcode> – Optimize database tables\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Logs\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Flogs\u002Fphp\u003C\u002Fcode> – PHP error log\u003Cbr \u002F>\n* \u003Ccode>GET \u002Flogs\u002Factivity\u003C\u002Fcode> – Plugin activity log\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Users\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fusers\u003C\u002Fcode> – List WordPress users\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following external services:\u003C\u002Fp>\n\u003Ch4>1. WordPress.org Checksums API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> \u003Ccode>https:\u002F\u002Fapi.wordpress.org\u002Fcore\u002Fchecksums\u002F1.0\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What it does:\u003C\u002Fstrong> Retrieves the official MD5 checksums for all WordPress core files so the plugin can verify that no core file has been modified or tampered with.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Only when a core integrity check is explicitly triggered by the site administrator via the authenticated REST API endpoint \u003Ccode>\u002Fsecurity\u002Fcore-integrity\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What data is sent:\u003C\u002Fstrong> The installed WordPress version number and the site locale (e.g. \u003Ccode>en_US\u003C\u002Fcode>). No personal data is sent.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> WordPress.org (Automattic Inc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of use:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fdomains\u002F\" rel=\"ugc\">WordPress.org Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">WordPress.org Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. WordPress.org Translations API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> \u003Ccode>https:\u002F\u002Fapi.wordpress.org\u002Ftranslations\u002Fplugins\u002F1.0\u002F\u003C\u002Fcode>, \u003Ccode>https:\u002F\u002Fapi.wordpress.org\u002Ftranslations\u002Fthemes\u002F1.0\u002F\u003C\u002Fcode>, and \u003Ccode>https:\u002F\u002Fapi.wordpress.org\u002Ftranslations\u002Fcore\u002F1.0\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What it does:\u003C\u002Fstrong> Returns the latest available translation package versions for plugins, themes, and WordPress core in the site’s locale, so the plugin can determine which translations need updating.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> When translation updates are checked, either on demand or as part of a full updates check, explicitly triggered by the site administrator via the authenticated REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What data is sent:\u003C\u002Fstrong> Plugin\u002Ftheme slugs, their version numbers, and the site locale. No personal data is sent.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> WordPress.org (Automattic Inc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of use:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fdomains\u002F\" rel=\"ugc\">WordPress.org Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">WordPress.org Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are the only two external services this plugin connects to. No other HTTP requests are made to any third-party service.\u003C\u002Fp>\n\u003Ch4>Important note about domain name references in the source code\u003C\u002Fh4>\n\u003Cp>The plugin’s security scanner contains a hardcoded list of well-known, legitimate third-party domain names used as a \u003Cstrong>local string-matching whitelist only\u003C\u002Fstrong>. This list includes domains such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>google-analytics.com, googletagmanager.com, googleapis.com\u003C\u002Fli>\n\u003Cli>maps.google.com, maps.googleapis.com\u003C\u002Fli>\n\u003Cli>tawk.to, crisp.chat, intercom.io, zendesk.com\u003C\u002Fli>\n\u003Cli>cdn.jsdelivr.net, cdnjs.cloudflare.com, code.jquery.com, unpkg.com\u003C\u002Fli>\n\u003Cli>recaptcha.net, gstatic.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>These domains are NOT contacted, called, or connected to in any way by this plugin.\u003C\u002Fstrong> No HTTP requests, API calls, or any form of network communication is made to any of these domains.\u003C\u002Fp>\n\u003Cp>The domain names appear as plain string constants in a PHP array. When the security scanner analyzes post and page content for potentially malicious script injections (e.g. \u003Ccode>\u003Cscript src=\"...\">\u003C\u002Fcode> tags), it compares the \u003Ccode>src\u003C\u002Fcode> attribute against this whitelist using local string matching. Scripts referencing whitelisted domains are recognized as legitimate and excluded from the scan results, reducing false positives. The entire comparison happens locally in PHP memory — no data leaves the server.\u003C\u002Fp>\n","Lightweight worker plugin for remote WordPress maintenance and management via secure REST API.",251,4,"2026-03-23T09:26:00.000Z","6.9.4","5.6","7.4",[27,28,29,30,31],"api","maintenance","management","remote","updates","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-my-site.1.5.9.zip",0,null,"2026-04-16T10:56:18.058Z"]