[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNqBsdQase8OMBGXoKYPXjkJkDBoX_OIx95v7iVZQHno":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"sean212","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F",5,10200,88,30,86,"2026-04-04T13:56:51.849Z",[14,40,57,75,93],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":20,"downloaded":21,"rating":22,"num_ratings":23,"last_updated":24,"tested_up_to":25,"requires_at_least":26,"requires_php":27,"tags":28,"homepage":34,"download_link":35,"security_score":36,"vuln_count":37,"unpatched_count":37,"last_vuln_date":38,"fetched_at":39},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340310,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6","",[29,30,31,32,33],"lockdown","secure","security","vulnerability","website-security","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",{"slug":41,"name":42,"version":43,"author":5,"author_profile":6,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":46,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":46,"vuln_count":37,"unpatched_count":37,"last_vuln_date":38,"fetched_at":39},"rest-api-guard","REST API Guard","1.4.1","\u003Cp>Restrict and control access to the REST API.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>The WordPress REST API is generally very public and can share a good deal of information with the internet anonymously. This plugin aims to make it easier to restrict access to the REST API for your WordPress site.\u003C\u002Fp>\n\u003Cp>Out of the box the plugin can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable anonymous access to the REST API.\u003C\u002Fli>\n\u003Cli>Restrict and control anonymous access to the REST API by namespace, path, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings Page\u003C\u002Fh3>\n\u003Cp>The plugin can be configured via the Settings page (\u003Ccode>Settings -> REST API Guard\u003C\u002Fcode>) or via the relevant filter.\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Ch3>Preventing Access to User Information (\u003Ccode>wp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003C\u002Fh3>\n\u003Cp>By default, the plugin will restrict anonymous access to the users endpoint. This can be prevented in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'rest_api_guard_allow_user_access', fn () => true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Preventing Access to Index (\u003Ccode>\u002F\u003C\u002Fcode>) or Namespace Endpoints (\u003Ccode>wp\u002Fv2\u003C\u002Fcode>)\u003C\u002Fh3>\n\u003Cp>To prevent anonymous users from browsing your site and discovering what plugins\u002Fpost types are setup, the plugin restricts access to the index (\u003Ccode>\u002F\u003C\u002Fcode>) and namespace (\u003Ccode>wp\u002Fv2\u003C\u002Fcode>) endpoints. This can be prevented in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Allow index access.\nadd_filter( 'rest_api_guard_allow_index_access', fn () => true );\n\n\u002F\u002F Allow namespace access.\nadd_filter( 'rest_api_guard_allow_namespace_access', fn ( string $namespace ) => true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Restrict Anonymous Access to the REST API\u003C\u002Fh3>\n\u003Cp>The plugin can restrict anonymous access for any request to the REST API in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'rest_api_guard_prevent_anonymous_access', fn () => true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Limit Anonymous Access to Specific Namespaces\u002FRoutes (Allowlist)\u003C\u002Fh3>\n\u003Cp>Anonymous users can be granted access only to specific namespaces\u002Froutes. Requests outside of these paths will be denied. This can be configured in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'rest_api_guard_anonymous_requests_allowlist',\n    function ( array $paths, WP_REST_Request $request ): array {\n        \u002F\u002F Allow other paths not included here will be denied.\n        $paths[] = 'wp\u002Fv2\u002Fpost';\n        $paths[] = 'custom-namespace\u002Fv1\u002Fpublic\u002F*';\n\n        return $paths;\n    },\n    10,\n    2\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Restrict Anonymous Access to Specific Namespaces\u002FRoutes (Denylist)\u003C\u002Fh3>\n\u003Cp>Anonymous users can be restricted from specific namespaces\u002Froutes. This acts as\u003Cbr \u002F>\na denylist for specific paths that an anonymous user cannot access. The paths\u003Cbr \u002F>\nsupport regular expressions for matching. The use of the allowlist takes\u003Cbr \u002F>\npriority over this denylist. This can be configured in the plugin’s settings or\u003Cbr \u002F>\nvia code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'rest_api_guard_anonymous_requests_denylist',\n    function ( array $paths, WP_REST_Request $request ): array {\n        $paths[] = 'wp\u002Fv2\u002Fuser';\n        $paths[] = 'custom-namespace\u002Fv1\u002Fprivate\u002F*';\n\n        return $paths;\n    },\n    10,\n    2\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Require JSON Web Token (JWT) Authentication\u003C\u002Fh3>\n\u003Cp>Anonymous users can be required to authenticate via a JSON Web Token (JWT) to\u003Cbr \u002F>\naccess the REST API. Users should pass an \u003Ccode>Authorization: Bearer \u003Ctoken>\u003C\u002Fcode> header\u003Cbr \u002F>\nwith their request. This can be configured in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'rest_api_guard_authentication_jwt', fn () => true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Out of the box, the plugin will look for a JWT in the \u003Ccode>Authorization: Bearer\u003Cbr \u002F>\n\u003Ctoken>\u003C\u002Fcode> header. The JWT will be expected to have an audience of\u003Cbr \u002F>\n‘wordpress-rest-api’ and issuer of the site’s URL. This can be configured in the\u003Cbr \u002F>\nplugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'rest_api_guard_jwt_audience',\n    function ( string $audience ): string {\n        return 'custom-audience';\n    }\n);\n\nadd_filter(\n    'rest_api_guard_jwt_issuer',\n    function ( string $issuer ): string {\n        return 'https:\u002F\u002Fexample.com';\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The JWT’s secret will be autogenerated and stored in the database in the\u003Cbr \u002F>\n    rest_api_guard_jwt_secret option. The secret can also be changed via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter(\n    'rest_api_guard_jwt_secret',\n    function ( string $secret ): string {\n        return 'my-custom-secret';\n    }\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Allow JWT Authentication for Authenticated Users\u003C\u002Fh3>\n\u003Cp>Authenticated users can be authenticated with the REST API via a JSON Web Token.\u003Cbr \u002F>\nSimilar to the anonymous JWT authentication, users should pass an\u003Cbr \u002F>\n    Authorization: Bearer  header with their request. This can be\u003Cbr \u002F>\nconfigured in the plugin’s settings or via code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'rest_api_guard_user_authentication_jwt', fn () => true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Generating JWTs for Anonymous and Authenticated Users\u003C\u002Fh3>\n\u003Cp>JWTs can be generated by calling the\u003Cbr \u002F>\n    wp rest-api-guard generate-jwt [–user=] command or using the\u003Cbr \u002F>\n    Alley\\WP\\REST_API_Guard\\generate_jwt() method:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$jwt = \\Alley\\WP\\REST_API_Guard\\generate_jwt(\n    expiration: 3600, \u002F\u002F Optional. The expiration time in seconds from now.\n    user: 1, \u002F\u002F Optional. The user ID to generate the JWT for. Supports `WP_User` or user ID.\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Restrict and control access to the REST API.",100,3587,2,"2025-09-09T20:00:00.000Z","6.8.5","6.5","8.1",[54,41],"alleyinteractive","https:\u002F\u002Fgithub.com\u002Falleyinteractive\u002Fwp-rest-api-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-guard.1.4.1.zip",{"slug":58,"name":59,"version":60,"author":5,"author_profile":6,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":46,"num_ratings":48,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":27,"tags":68,"homepage":73,"download_link":74,"security_score":36,"vuln_count":37,"unpatched_count":37,"last_vuln_date":38,"fetched_at":39},"composer","WP Composer","0.1.2","\u003Cp>Adding Composer dependency management to WP CLI. Allows you to recursivly install\u002Fupdate composer packages inside of all of your WordPress plugins and themes.\u003C\u002Fp>\n\u003Ch3>What is this using?\u003C\u002Fh3>\n\u003Cp>This package uses a great piece of software called \u003Ca href=\"http:\u002F\u002Fwp-cli.org\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa>. It provides a command line interface for WordPress management. We are a plugin providing Composer management inside of WP CLI.\u003C\u002Fp>\n\u003Ch3>What’s Composer?\u003C\u002Fh3>\n\u003Cp>It’s the greatest thing to happen to the web since GIFs, Drop Shadows and dancing cats. Composer is a dead simple JSON-based dependency manager for PHP. For more information, check out \u003Ca href=\"http:\u002F\u002Fgetcomposer.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fgetcomposer.org\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>So this is complete Composer support?\u003C\u002Fh3>\n\u003Cp>No, not exactly! Sadly, I’m building this out and I’m trying to make some sweet WP-CLI and Composer integration. But for now, we only support a few command:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>install\u003C\u002Fli>\n\u003Cli>update\u003C\u002Fli>\n\u003Cli>diagnose\u003C\u002Fli>\n\u003Cli>help\u003C\u002Fli>\n\u003Cli>status\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d love to help out, please help! Make a pull request and let’s get coding!\u003C\u002Fp>\n\u003Ch3>How do I build Composer Management inside of my plugin?\u003C\u002Fh3>\n\u003Cp>Simple really! You just create a simple \u003Ccode>composer.json\u003C\u002Fcode> file like you would with any Composer project. From there, wp-composer will interface with each plugin\u002Ftheme that has composer support and it will generate the autoload files, too!\u003C\u002Fp>\n\u003Cp>Just include something like this inside your main plugin file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>require(__DIR__.'\u002Fvendor\u002Fautoload.php');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>It’s that simple.\u003C\u002Fp>\n","Adding Composer dependency management to WP CLI.",80,9222,"2013-07-15T03:14:00.000Z","3.5.2","3.3",[69,58,70,71,72],"command-line","dependency","php","wp-cli","http:\u002F\u002Fseanfisher.co\u002Fwp-composer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomposer.0.1.2.zip",{"slug":76,"name":77,"version":78,"author":5,"author_profile":6,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":37,"num_ratings":37,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":27,"tags":86,"homepage":91,"download_link":92,"security_score":36,"vuln_count":37,"unpatched_count":37,"last_vuln_date":38,"fetched_at":39},"enable-site-ping-wpmu","Enable Site Ping WPMU","1.0","\u003Cp>We are going to enable the WordPress ping service for each site in a WordPress MU Network. This allows each site to have a different ping list. By default, you have no ping list for WordPress MU sites.\u003C\u002Fp>\n\u003Ch4>New\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Nothing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Enables the custom ping for WordPress sites in WP MU.\u003C\u002Fli>\n\u003Cli>Individual site settings for WPMU.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>For help, checkout http:\u002F\u002Fsean-fisher.com\u002Fplugins\u002F\u003C\u002Fp>\n","We are going to enable the WordPress ping service for each site in a WordPress MU Network. This allows each site to have a different ping list.",10,4919,"2010-08-30T14:14:00.000Z","3.0.5","2.5",[87,88,89,90],"google","ping","posts","wpmu","http:\u002F\u002Fsean-fisher.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-site-ping-wpmu.1.0.1.zip",{"slug":94,"name":95,"version":78,"author":5,"author_profile":6,"description":96,"short_description":97,"active_installs":81,"downloaded":98,"rating":37,"num_ratings":37,"last_updated":99,"tested_up_to":84,"requires_at_least":100,"requires_php":27,"tags":101,"homepage":104,"download_link":105,"security_score":36,"vuln_count":37,"unpatched_count":37,"last_vuln_date":38,"fetched_at":39},"network-ping","Network Ping","\u003Cp>Running a WordPress MU network can be annoying when sites can be submitting different pings lists. The site will allow for a standard ping list for all sites in a WordPress MU instance. Custom ping lists will be disabled for each site and only the Super Administrator will be able to edit the list.\u003C\u002Fp>\n\u003Cp>Be sure to follow \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Ftalkingwithsean\u002F\" rel=\"nofollow ugc\">@talkingwithsean\u003C\u002Fa> for updates!\u003C\u002Fp>\n\u003Ch4>New\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Nothing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Standard ping lists for all sites in a WPMU instance.\u003C\u002Fli>\n\u003Cli>Editing for the ping list is restricted to the Super Administrator.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>For help, checkout http:\u002F\u002Fsean-fisher.com\u002Fplugins\u002F.\u003C\u002Fp>\n","Running a WordPress MU network can be annoying when sites can be submitting different pings lists. The site will allow for a standard ping list for al &hellip;",4314,"2010-08-30T14:17:00.000Z","3.0",[102,88,103,89,90],"network","post","http:\u002F\u002Fsean-fisher.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-ping.1.0.1.zip"]