[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftDVqKWM4PAvwuLp3qN3Xr6p2Cxj8BPKQzopvmr94KV4":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"marc4","Marc Armengou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarc4\u002F",4,200,100,30,94,"2026-05-20T09:07:44.059Z",[14,36,52,67],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":21,"num_ratings":21,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":32,"download_link":33,"security_score":9,"vuln_count":21,"unpatched_count":21,"last_vuln_date":34,"fetched_at":35},"security-hardener","Security Hardener","2.2.0","\u003Cp>\u003Cstrong>Security Hardener\u003C\u002Fstrong> applies WordPress security best practices based on the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fhardening\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration \u002F Security \u002F Hardening\u003C\u002Fa> documentation and widely accepted hardening measures. It uses WordPress core functions and follows best practices without modifying core files.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable file editor in WordPress admin\u003Cbr \u002F>\n* Optionally disable all file modifications (blocks updates – use with caution)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable XML-RPC completely (enabled by default)\u003Cbr \u002F>\n* Remove pingback methods when XML-RPC is enabled\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pingback Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable self-pingbacks\u003Cbr \u002F>\n* Remove X-Pingback header\u003Cbr \u002F>\n* Block incoming pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block \u003Ccode>\u002F?author=N\u003C\u002Fcode> queries (returns 404)\u003Cbr \u002F>\n* Secure REST API user endpoints (require authentication)\u003Cbr \u002F>\n* Remove users from XML sitemaps\u003Cbr \u002F>\n* Prevent canonical redirects that expose usernames\u003Cbr \u002F>\n* Optionally block author feed pages (\u003Ccode>\u002Fauthor\u002Fusername\u002Ffeed\u002F\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generic error messages (no username\u002Fpassword hints)\u003Cbr \u002F>\n* Login honeypot — silently blocks bots before any credential check\u003Cbr \u002F>\n* IP-based rate limiting with configurable thresholds\u003Cbr \u002F>\n* Security event logging (last 100 events)\u003Cbr \u002F>\n* Automatic blocking after failed attempts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> (clickjacking protection)\u003Cbr \u002F>\n* \u003Ccode>X-Content-Type-Options: nosniff\u003C\u002Fcode> (MIME sniffing protection)\u003Cbr \u002F>\n* \u003Ccode>Referrer-Policy: strict-origin-when-cross-origin\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>Permissions-Policy\u003C\u002Fcode> (restricts geolocation, microphone, camera)\u003Cbr \u002F>\n* Optional HSTS (HTTP Strict Transport Security) for HTTPS sites — max-age set to 1 year\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Hardening:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Hide WordPress version (meta generator tag and asset query strings)\u003Cbr \u002F>\n* Remove obsolete wp_head items (RSD, WLW manifest, shortlink, emoji scripts)\u003Cbr \u002F>\n* Security event logging system\u003Cbr \u002F>\n* Optionally disable Application Passwords for API authentication\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong> Always test security settings in a staging environment first. Some features may affect third-party integrations or plugins.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> This plugin does not send data to external services and does not create custom database tables. It stores plugin settings and a security event log in the WordPress options table, and uses transients for temporary login attempt tracking. All data is preserved on uninstall by default and only deleted if the “Delete all data on uninstall” option is explicitly enabled.\u003C\u002Fp>\n","Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.",990,0,"2026-04-02T19:24:00.000Z","6.9.4","6.9","8.2",[27,28,29,30,31],"brute-force","hardening","headers","login-protection","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-hardener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.2.0.zip",null,"2026-04-16T10:56:18.058Z",{"slug":37,"name":38,"version":39,"author":5,"author_profile":6,"description":40,"short_description":41,"active_installs":21,"downloaded":42,"rating":21,"num_ratings":21,"last_updated":43,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":44,"homepage":50,"download_link":51,"security_score":9,"vuln_count":21,"unpatched_count":21,"last_vuln_date":34,"fetched_at":35},"clear-internal-search-button","Clear Internal Search Button","2.1","\u003Cp>Adds a button to clear the search field inside the admin area that will save you time and make intensive search usage more convenient.\u003C\u002Fp>\n\u003Cp>Works in the search engine for posts, pages, comments, users, media library, categories, tags, plugins and themes.\u003C\u002Fp>\n","Adds a button in admin area to clear text of search field for posts, pages, comments, users, media, categories, tags, plugins, and themes.",2106,"2026-03-05T12:37:00.000Z",[45,46,47,48,49],"button","clear","internal","search","usability","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclear-internal-search-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclear-internal-search-button.2.1.zip",{"slug":53,"name":54,"version":55,"author":5,"author_profile":6,"description":56,"short_description":57,"active_installs":21,"downloaded":58,"rating":21,"num_ratings":21,"last_updated":59,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":60,"homepage":65,"download_link":66,"security_score":9,"vuln_count":21,"unpatched_count":21,"last_vuln_date":34,"fetched_at":35},"signed-posts","Signed Posts","0.5","\u003Cp>Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn’t occurred.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>In-browser verification:\u003C\u002Fstrong> The signature verification is done on the client side (in the visitor’s browser).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Methods:\u003C\u002Fstrong> OpenPGP (ASCII-armored detached signature) and DID (did:key, did:web) using Ed25519 detached JWS (b64=false).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Source of trust:\u003C\u002Fstrong> For OpenPGP, the author specifies the URL of their public key in their profile. For DID, the author sets their DID (did:key or did:web). For did:web, the plugin fetches \u003Ccode>https:\u002F\u002F\u003Chost>\u002F.well-known\u002Fdid.json\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status block:\u003C\u002Fstrong> An informative block is automatically added to the end of each signed article, showing the verification status (valid, invalid, or error).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author badge:\u003C\u002Fstrong> The author name in posts is enhanced with an icon and KeyID\u002Ffingerprint text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Source Code and Libraries\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>OpenPGP.js\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Version:\u003C\u002Fstrong> 6.2.2\u003Cbr \u002F>\n* \u003Cstrong>License:\u003C\u002Fstrong> LGPL-3.0-or-later\u003Cbr \u002F>\n* \u003Cstrong>Public Source Code:\u003C\u002Fstrong> https:\u002F\u002Fgithub.com\u002Fopenpgpjs\u002Fopenpgpjs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Web Crypto API\u003C\u002Fstrong>\u003Cbr \u002F>\n* Used to verify Ed25519 signatures for DID.\u003C\u002Fp>\n","Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn't occurred.",308,"2026-03-07T18:29:00.000Z",[61,62,31,63,64],"did","openpgp","signature","verification","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsigned-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsigned-posts.0.5.zip",{"slug":68,"name":69,"version":70,"author":5,"author_profile":6,"description":71,"short_description":72,"active_installs":21,"downloaded":73,"rating":21,"num_ratings":21,"last_updated":74,"tested_up_to":23,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":79,"download_link":80,"security_score":9,"vuln_count":21,"unpatched_count":21,"last_vuln_date":34,"fetched_at":35},"toys-for-playground","Toys for Playground","1.2.5","\u003Cp>\u003Cstrong>Toys for Playground allows you to set up development, training, and testing environments in WordPress Playground easily. No Playground API knowledge needed.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Generate a custom WordPress setup in Playground with just a few clicks, including theme, plugins, and the WordPress and PHP versions that you need.\u003C\u002Fp>\n\u003Cp>Can be useful for developers, trainers, and testers. Test configurations risk-free, entirely in your browser.\u003C\u002Fp>\n\u003Cp>Available toys:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cloner\u003C\u002Fstrong>\u003Cbr \u002F>\nClone site, theme, and plugins to Playground.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Generator\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate a Playground from scratch, with the theme and plugins you want.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Explorer\u003C\u002Fstrong>\u003Cbr \u002F>\nExplore any plugin directly from WordPress repository in Playground.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Theme Explorer\u003C\u002Fstrong>\u003Cbr \u002F>\nExplore any theme directly from WordPress repository in Playground.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sharer\u003C\u002Fstrong>\u003Cbr \u002F>\nGenerate Playground link of your current page for debugging or sharing.\u003C\u002Fp>\n","Toys for Playground allows you to set up development, training, and testing environments in WordPress Playground easily. No Playground API knowledge n &hellip;",3063,"2026-03-10T12:40:00.000Z","6.3","7.4",[78],"playground","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoys-for-playground\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoys-for-playground.1.2.5.zip"]