[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fz25-DL4Iy__i0xeMs3fA0EjJC5qEsEoAVpuAltJrROw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":145,"fingerprints":211},"ab-wp-security","AB WP Security","1.51","abjelosevic","https:\u002F\u002Fprofiles.wordpress.org\u002Fabjelosevic\u002F","\u003Cp>Security plugin that stops User Enumeration in WordPress, removes WordPress Version Number, disable directory browsing and Disable XML-RPC\u003C\u002Fp>\n","Security plugin that stops User Enumeration in WordPress, removes WordPress Version Number, disable directory browsing and Disable XML-RPC",10,2486,0,"","4.8.28","3.8",[18,19,20,21,22],"block","disable-xml-rpc","enumeration","remove-wordpress-version-number","security","http:\u002F\u002Faleksandar.bjelosevic.info\u002Fabwps","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fab-wp-security.1.51.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":31,"trust_score":33,"computed_at":34},4,30,96,91,"2026-04-04T06:04:53.255Z",[36,61,86,107,127],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":33,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":60},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.9.4","6.3","7.4",[53,22,54,55],"fail2ban","user-enumeration","wpscan","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",6,"2025-06-26 00:00:00","2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":49,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":13,"last_vuln_date":85,"fetched_at":60},"zero-spam","Zero Spam for WordPress","5.7.7","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1423449,82,142,"2026-03-12T13:51:00.000Z","6.9","8.2",[77,78,22,79,80],"firewall","protection","spam","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.7.7.zip",92,5,"2024-04-15 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":30,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":14,"tags":100,"homepage":105,"download_link":106,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"manage-xml-rpc","Manage XML-RPC","1.0.2","brainvireinfo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainvireinfo\u002F","\u003Cp>You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Block XML-RPC by following way.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.\u003C\u002Fli>\n\u003Cli>Disable\u002FBlock XML-RPC for all users.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable\u002FDisable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.",6000,64108,60,"2024-12-02T07:10:00.000Z","6.7.5","4.0",[101,102,22,103,104],"block-xml-rpc","brute-force-attacks","xml-rpc-pingback","xmlrpc-php-attack","http:\u002F\u002Fwww.brainvire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-xml-rpc.1.0.2.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":94,"downloaded":115,"rating":46,"num_ratings":116,"last_updated":117,"tested_up_to":49,"requires_at_least":118,"requires_php":14,"tags":119,"homepage":123,"download_link":124,"security_score":32,"vuln_count":125,"unpatched_count":13,"last_vuln_date":126,"fetched_at":60},"oopspam-anti-spam","OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)","1.2.64","OOPSpam Team","https:\u002F\u002Fprofiles.wordpress.org\u002Foopspam\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.oopspam.com\u002F\" rel=\"nofollow ugc\">OOPSpam\u003C\u002Fa> is a modern anti-spam solution that uses advanced AI and machine learning to protect your WordPress forms and comments from spam. Our system has blocked over 1 billion spam attempts across 3.5M+ websites, maintaining 99.9% accuracy without compromising user privacy or accessibility.\u003C\u002Fp>\n\u003Cp>Unlike traditional CAPTCHA solutions that can hurt your conversion rates, OOPSpam works silently in the background, analyzing submissions against our extensive database of 500M+ malicious IPs and emails to catch both bot and human spammers.\u003C\u002Fp>\n\u003Ch3>Why Choose OOPSpam?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🚀 Zero Impact on User Experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– No CAPTCHA puzzles or challenges that hurt conversions\u003Cbr \u002F>\n– Works silently in the background without JavaScript or tracking\u003Cbr \u002F>\n– Maintains fast website performance with server-side processing\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Intelligent Spam Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n– Catch 99.9% of spam using advanced machine learning and contextual analysis\u003Cbr \u002F>\n– Protect against both automated bots and human spammers\u003Cbr \u002F>\n– Auto-detect spam patterns unique to your website’s context\u003Cbr \u002F>\n– Block spam from VPNs and known malicious sources\u003Cbr \u002F>\n– Prevent WooCommerce card testing attacks with advanced checkout protection\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔒 Privacy-First Design\u003C\u002Fstrong>\u003Cbr \u002F>\n– GDPR-compliant with no data stored on our servers\u003Cbr \u002F>\n– Optional IP and email analysis for maximum privacy\u003Cbr \u002F>\n– All logs stored in your WordPress database\u003Cbr \u002F>\n– Remove sensitive information from messages automatically\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🌍 Smart Geographic Controls\u003C\u002Fstrong>\u003Cbr \u002F>\n– Target your relevant market by blocking specific countries\u003Cbr \u002F>\n– Filter submissions by language to focus on your audience\u003Cbr \u002F>\n– Prevent fraud and abuse from high-risk regions\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚙️ Powerful Management Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– View and manage spam entries with detailed detection reasons\u003Cbr \u002F>\n– Export data for analysis or reporting\u003Cbr \u002F>\n– Rate limiting to prevent abuse and click fraud\u003Cbr \u002F>\n– Manual override options for complete control\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🏢 Perfect for Agencies\u003C\u002Fstrong>\u003Cbr \u002F>\n– Use one API key across unlimited websites\u003Cbr \u002F>\n– Centralized logging option in OOPSpam dashboard\u003Cbr \u002F>\n– Consistent protection across all your client sites\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>“It’s eliminated all spam, and even the need for CAPTCHA. Setup is quick and the interface is intuitive.” – @gotmick\u003C\u002Fp>\n\u003Cp>“Very responsive support and dev team. Customer support was amazing, response time was immediate and issues were solved instantly.” – @viv18germany\u003C\u002Fp>\n\u003Cp>“Pricing is perfect for agencies as they do tiers by actual # of API calls and no limit on the number of sites you can install this on.” – @squarecandy\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>By the Numbers\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>3.5M+\u003C\u002Fstrong> websites protected daily\u003C\u002Fli>\n\u003Cli>\u003Cstrong>1B+\u003C\u002Fstrong> spam attempts blocked\u003C\u002Fli>\n\u003Cli>\u003Cstrong>99.9%\u003C\u002Fstrong> detection accuracy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>24\u002F7\u003C\u002Fstrong> customer support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>500M+\u003C\u002Fstrong> malicious IPs and emails in our database\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Works With Everything\u003C\u002Fh3>\n\u003Cp>The plugin seamlessly protects your \u003Cstrong>comments\u003C\u002Fstrong>, \u003Cstrong>site search\u003C\u002Fstrong>, and \u003Cstrong>all major form plugins\u003C\u002Fstrong>. No extra configuration needed – it just works!\u003C\u002Fp>\n\u003Ch3>Supported form & comment solutions:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce Order & Registration\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Elementor Forms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Kadence Form Block and Form (Adv) Block\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>Breakdance Forms\u003C\u002Fli>\n\u003Cli>WS Form\u003C\u002Fli>\n\u003Cli>WPDiscuz\u003C\u002Fli>\n\u003Cli>Forminator\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Bricks Forms\u003C\u002Fli>\n\u003Cli>Toolset Forms\u003C\u002Fli>\n\u003Cli>Piotnet Forms \u003C\u002Fli>\n\u003Cli>GiveWP Donation Forms\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>Beaver Builder Contact Form\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>MemberPress\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>Jetpack Forms\u003C\u002Fli>\n\u003Cli>MC4WP: Mailchimp for WordPress\u003C\u002Fli>\n\u003Cli>SureForms\u003C\u002Fli>\n\u003Cli>SureCart\u003C\u002Fli>\n\u003Cli>QuForm\u003C\u002Fli>\n\u003Cli>HappyForms Pro\u003C\u002Fli>\n\u003Cli>Avada Forms\u003C\u002Fli>\n\u003Cli>MetForm\u003C\u002Fli>\n\u003Cli>ACF Frontend Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>OOPSpam Anti-Spam WordPress plugin requires minimal configuration. Check out our \u003Ca href=\"https:\u002F\u002Fhelp.oopspam.com\u002Fwordpress\u002F\" rel=\"nofollow ugc\">comprehensive WordPress guide\u003C\u002Fa> for detailed setup instructions. To get started quickly, \u003Ca href=\"https:\u002F\u002Fapp.oopspam.com\u002FIdentity\u002FAccount\u002FRegister\" rel=\"nofollow ugc\">get a key\u003C\u002Fa> and paste it into the appropriate setting field under \u003Cem>Settings=>OOPSpam Anti-Spam\u003C\u002Fem>. If you have a contact form plugin, make sure you enable spam protection on the settings page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note\u003C\u002Fstrong>: This is a premium plugin. You need an \u003Ca href=\"https:\u002F\u002Fapp.oopspam.com\u002FIdentity\u002FAccount\u002FRegister\" rel=\"nofollow ugc\">OOPSpam Anti-Spam API key\u003C\u002Fa> to use the plugin. Each account comes with 40 free spam checks per month.\u003Cbr \u002F>\nIf you already use OOPSpam on other platforms, you can use the same API key for this plugin.\u003C\u002Fp>\n","Protect your forms from spam with 99.9% accuracy - no CAPTCHA, no JavaScript, no tracking. Trusted by 3.5M+ websites.",221611,45,"2026-03-13T15:10:00.000Z","3.6",[120,121,122,22,80],"anti-spam","contact-forms","form-protection","https:\u002F\u002Fwww.oopspam.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foopspam-anti-spam.1.2.64.zip",3,"2025-10-30 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":25,"num_ratings":137,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":51,"tags":141,"homepage":143,"download_link":144,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"wpf2b-addon-blocklist","WP fail2ban Blocklist","2.2.2","invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F","\u003Cp>There are many plugins that use a database to check for malicious IPs \u003Cstrong>after\u003C\u002Fstrong> they connect, and of course \u003Ccode>fail2ban\u003C\u002Fcode> stops \u003Cem>repeated\u003C\u002Fem> attacks, but what if bad IPs could be blocked \u003Cstrong>before\u003C\u002Fstrong> they attack?\u003C\u002Fp>\n\u003Cp>By working collaboratively – sharing attack data – \u003Cem>WP fail2ban Blocklist\u003C\u002Fem> does exactly that.\u003C\u002Fp>\n\u003Cp>The Blocklist Network Service (BNS) collects attack data from participating sites, performs some analytical magic, and sends back a list of IPs that are attacking sites now but haven’t yet attacked that site. In other words, each site periodically gets a unique list of IPs to block \u003Cstrong>preemptively\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>GDPR\u003C\u002Fh4>\n\u003Cp>The BNS doesn’t collect personal data, and bots don’t have rights.\u003C\u002Fp>\n\u003Cp>That said, the BNS only collects the minimum data required (time, IP, event), and only for IPs that have behaved maliciously.\u003C\u002Fp>\n\u003Cp>Of course, it is possible that some data is generated by \u003Cem>people\u003C\u002Fem> behaving maliciously, but the BNS has no way to differentiate – and nor should it: an attack is an attack.\u003C\u002Fp>\n\u003Ch4>Freemius\u003C\u002Fh4>\n\u003Cp>To work, the BNS \u003Cstrong>must\u003C\u002Fstrong> know:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>which sites are running the blocklist add-on,\u003C\u002Fli>\n\u003Cli>which version is in use,\u003C\u002Fli>\n\u003Cli>and a shared secret for secure communication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Freemius already provides all these, and \u003Cem>WP fail2ban\u003C\u002Fem> already uses Freemius; why reinvent the wheel?\u003C\u002Fp>\n\u003Cp>Therefore, unlike the core \u003Cem>WP fail2ban\u003C\u002Fem> plugin, you \u003Cem>must\u003C\u002Fem> opt into Freemius for the blocklist to work.\u003C\u002Fp>\n","WP fail2ban Blocklist is a collaborative preemptive blocklist for WordPress.",4000,26820,2,"2025-05-01T12:27:00.000Z","6.8.5","4.9",[142,53,22],"blocklist","https:\u002F\u002Faddons.wp-fail2ban.com\u002Fblocklist\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpf2b-addon-blocklist.2.2.2.zip",{"attackSurface":146,"codeSignals":186,"taintFlows":197,"riskAssessment":198,"analyzedAt":210},{"hooks":147,"ajaxHandlers":182,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":13,"unprotectedCount":13},[148,154,158,161,165,169,174,178],{"type":149,"name":150,"callback":151,"file":152,"line":153},"filter","the_generator","ab_wp_security_remove_version","ab-wp-security-plugin.php",129,{"type":149,"name":155,"callback":156,"file":152,"line":157},"script_loader_src","ab_wp_security_remove_wp_version_strings",130,{"type":149,"name":159,"callback":156,"file":152,"line":160},"style_loader_src",131,{"type":149,"name":162,"callback":163,"file":152,"line":164},"xmlrpc_enabled","__return_false",137,{"type":149,"name":166,"callback":167,"priority":11,"file":152,"line":168},"redirect_canonical","abwp_check_enum",145,{"type":170,"name":171,"callback":172,"file":152,"line":173},"action","admin_menu","ab_wp_security_menu_item",208,{"type":170,"name":175,"callback":176,"file":152,"line":177},"admin_init","abwps_settings",209,{"type":170,"name":179,"callback":180,"file":152,"line":181},"init","ab_wp_security_clean",211,[],[],[],[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":190,"fileOperations":30,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":196},[],{"prepared":13,"raw":13,"locations":189},[],{"escaped":13,"rawEcho":191,"locations":192},1,[193],{"file":152,"line":194,"context":195},112,"raw output",[],[],{"summary":199,"deductions":200},"The ab-wp-security plugin v1.51, based on the provided static analysis and vulnerability history, exhibits a generally positive security posture with no immediately apparent critical vulnerabilities. The absence of known CVEs, particularly unpatched ones, is a strong indicator of responsible development and maintenance. Furthermore, the static analysis reveals a remarkably clean attack surface with zero AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, none of these entry points appear to be unprotected. The code also demonstrates good practices by using prepared statements for all SQL queries and avoiding external HTTP requests, which can be common vectors for attacks. However, there are significant concerns regarding output escaping. With 100% of outputs not being properly escaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-provided data is ever incorporated into these outputs. The presence of file operations without explicit mention of sanitization or permission checks also warrants attention. In conclusion, while the plugin is strong in preventing direct code execution vulnerabilities and has a clean history, the lack of output escaping is a critical weakness that needs immediate attention to achieve a truly secure state. The absence of taint analysis results is also notable, though it might simply mean no such flows were detected or the analysis tool limitations.",[201,204,206,208],{"reason":202,"points":203},"No output escaping detected",8,{"reason":205,"points":125},"File operations present without context",{"reason":207,"points":84},"No nonce checks on entry points",{"reason":209,"points":84},"No capability checks on entry points","2026-03-16T23:26:01.689Z",{"wat":212,"direct":220},{"assetPaths":213,"generatorPatterns":214,"scriptPaths":215,"versionParams":217},[],[],[216],"\u002Fwp-content\u002Fplugins\u002Fab-wp-security\u002F",[218,219],"ab-wp-security\u002Fstyle.css?ver=","ab-wp-security\u002Fscript.js?ver=",{"cssClasses":221,"htmlComments":225,"htmlAttributes":229,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":236},[222,223,224],"wrap","icon-themes","icon32",[226,227,228],"\u003C!-- Add the icon to the page -->","\u003C!-- Make a call to the WordPress function for rendering errors when settings are saved. -->","\u003C!-- Create the form that will be used to render our options -->",[230,231,232,233],"name=\"ab-wp-security-user-enumeration\"","name=\"ab-wp-security-wp-version\"","name=\"ab-wp-security-xml-rpc\"","name=\"ab-wp-security-dir-browse\"",[],[],[]]