[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-DFSmsTYSYu3ebzvE1wHvVXhgPrihqwD7WMngq1ITrU":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":10,"num_ratings":10,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":15,"tags":16,"homepage":21,"download_link":22,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":133,"fingerprints":201},"abyssguard","AbyssGuard","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fabyssguard\u002F","\u003Cp>AbyssGuard is an invisible security layer for WordPress that protects your site from vulnerabilities, zero-day attacks, harvesters, spam, and hacking attempts – without breaking plugins or generating false positives.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>In order to make the necessary security checks, on each request this plugin connects to the AbyssGuard API, which is external to WordPress and to your site, sending a small amount of headers to be checked. The service is provided by AbyssGuard.\u003C\u002Fp>\n\u003Cp>Important: Please review our Terms of Service and Privacy Policy:\u003C\u002Fp>\n\u003Cp>Terms of Service: https:\u002F\u002Fwww.abyssguard.com\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fwww.abyssguard.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch4>Data being sent\u003C\u002Fh4>\n\u003Cp>The following data is transmitted to the AbyssGuard API on each request:\u003Cbr \u002F>\n1. Your API key (for authentication)\u003Cbr \u002F>\n2. Visitor’s IP address\u003Cbr \u002F>\n3. The visited URI (page URL)\u003Cbr \u002F>\n4. The visited host (domain name, for identification and settings)\u003Cbr \u002F>\n5. The visitor’s referrer (where they came from)\u003Cbr \u002F>\n6. Request method (GET, POST, etc.)\u003Cbr \u002F>\n7. Visitor’s User-Agent (browser information)\u003Cbr \u002F>\n8. Visitor’s Accept header (content types accepted)\u003Cbr \u002F>\n9. Visitor’s browser language\u003Cbr \u002F>\n10. Plugin identifier (indicates request is from WordPress plugin and its version)\u003C\u002Fp>\n\u003Ch4>Data NOT being sent\u003C\u002Fh4>\n\u003Cp>The following data is never transmitted:\u003Cbr \u002F>\n1. Cookies\u003Cbr \u002F>\n2. Headers not listed in the “Data being sent” section\u003Cbr \u002F>\n3. Request body\u002FPOST data\u003Cbr \u002F>\n4. Form data\u003Cbr \u002F>\n5. User credentials (session, browser storage)\u003C\u002Fp>\n\u003Cp>All communication is encrypted via HTTPS. The data is used solely for security verification purposes and relevant security logs. Only you (the account owner) can access your security logs through you AbyssGuard dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Anti Hacking\u003C\u002Fli>\n\u003Cli>Anti Spam\u003C\u002Fli>\n\u003Cli>Anti Harvesting\u003C\u002Fli>\n\u003Cli>Protection from plugins vulnerabilities\u003C\u002Fli>\n\u003Cli>Zero-Day Attack Protection\u003C\u002Fli>\n\u003Cli>Blocking automated bots\u003C\u002Fli>\n\u003Cli>Blocking vulnerability scanners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.abyssguard.com\" rel=\"nofollow ugc\">AbyssGuard\u003C\u002Fa>\u003C\u002Fp>\n","WordPress security plugin protecting from vulnerabilities, zero-day attacks, harvesters, spam, and hacking attempts.",0,140,"","6.9.4","2.7","7.0",[17,18,19,20],"anti-hack","anti-spam","firewall","security","https:\u002F\u002Fwww.abyssguard.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabyssguard.1.0.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":4,"display_name":4,"profile_url":7,"plugin_count":28,"total_installs":10,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,94,"2026-04-04T07:00:54.420Z",[33,54,73,95,115],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":23,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":51,"download_link":52,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":53},"forget-spam-comment","Forget Spam Comment","1.1.9","Gulshan Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthegulshankumar\u002F","\u003Cp>The fastest and GDPR compliant Anti-Spam plugin to prevent bot spam in the \u003Cstrong>Default Commenting System\u003C\u002Fstrong> of WordPress.\u003C\u002Fp>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please clear page cache after plugin activation.\u003C\u002Fli>\n\u003Cli>Only for default commenting system. Not for AMP.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Captcha-Free solution.\u003C\u002Fli>\n\u003Cli>Requires no settings.\u003C\u002Fli>\n\u003Cli>Automatic. No need of false-positive comment moderation.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003Cli>Fastest ever. A tiny inline JavaScript in just ~200 bytes does all magic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>To prevent spam comments plugin blocks the default action path (wp-comments-post.php) for bots and make it accessible over unique hash query string when a visitor scroll to leave a comment. This way it prevents automated spam comment done by bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demonstration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuwIfk08GSwk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nWatch on \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=uwIfk08GSwk\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Let’s support each other 🙏\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please Upvote Forget Spam Comment plugin at \u003Ca href=\"https:\u002F\u002Fwww.producthunt.com\u002Fproducts\u002Fforget-spam-comment#forget-spam-comment\" rel=\"nofollow ugc\">Product Hunt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>You can \u003Ca href=\"https:\u002F\u002Fwww.gulshankumar.net\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa> to report any issues. I’d be happy to assist.\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to stop spam comments in the default commenting system of WordPress",9000,75412,46,"2025-06-07T14:20:00.000Z","6.8.5","4.5","5.6",[18,19,49,20,50],"gdpr","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforget-spam-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforget-spam-comment.1.1.9.zip","2026-03-15T15:16:48.613Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":23,"num_ratings":64,"last_updated":65,"tested_up_to":13,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":71,"download_link":72,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":53},"botblocker-security","BotBlocker Security – Firewall & Bot Protection","1.6.14","Yevhen Leonidov","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobusstudio\u002F","\u003Ch4>WordPress Security Plugin & Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Every day, automated bots and hackers bombard websites with attacks.\u003C\u002Fstrong> Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24\u002F7 threat to your business. If you’re looking for \u003Cstrong>WordPress site protection\u003C\u002Fstrong>, you need a proactive defense that stops these attacks before they reach your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker Security is the all-in-one solution to keep your site safe from automated threats.\u003C\u002Fstrong> This powerful \u003Cstrong>WordPress security plugin and Web Application Firewall (WAF)\u003C\u002Fstrong> acts as a dedicated \u003Cstrong>anti-bot\u003C\u002Fstrong> firewall, blocking malicious traffic at the front gate without slowing down your site.\u003C\u002Fp>\n\u003Cp>BotBlocker’s setup and onboarding experience allows anyone to secure their \u003Cstrong>WordPress site\u003C\u002Fstrong> in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right \u003Cstrong>site protection\u003C\u002Fstrong> settings to protect your website.\u003C\u002Fp>\n\u003Ch4>🔥 WordPress Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>BotBlocker Security includes an endpoint \u003Cstrong>firewall\u002FWAF\u003C\u002Fstrong> that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker intercepts bad traffic at the earliest stage\u003C\u002Fstrong> – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Firewall Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time firewall rule updates via the BotBlocker Threat Defense Feed\u003C\u002Fli>\n\u003Cli>Real-time IP Blocklist blocks all requests from the most malicious IPs\u003C\u002Fli>\n\u003Cli>Early-init protection – blocks threats before WordPress loads\u003C\u002Fli>\n\u003Cli>Cloud-based threat intelligence – cross-checks every visitor against global threat databases\u003C\u002Fli>\n\u003Cli>No visitor data collected – only technical request parameters analyzed (GDPR\u002FCCPA-compliant)\u003C\u002Fli>\n\u003Cli>Brute force protection with login attempt limits and multi-layer verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📡 WordPress Security Scanner & Site Protection\u003C\u002Fh4>\n\u003Cp>Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive \u003Cstrong>site protection\u003C\u002Fstrong> across all entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>XML-RPC and API Protection\u003C\u002Fstrong> – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Prevention\u003C\u002Fstrong> – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Access Protection\u003C\u002Fstrong> – theme and plugin files securely protected from unauthorized access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Analysis\u003C\u002Fstrong> – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network & Protocol Control\u003C\u002Fstrong> – block obsolete HTTP\u002F1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Login Security & Bot Protection\u003C\u002Fh4>\n\u003Cp>All login attempts pass through multi-layer filtering and CAPTCHA verification:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-layer CAPTCHA Protection\u003C\u002Fstrong> – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2\u002Fv3\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Anti-bot Challenges\u003C\u002Fstrong> – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Ban System\u003C\u002Fstrong> – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access Simplification\u003C\u002Fstrong> – special mechanism to ease site administrator login while maintaining security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Control\u003C\u002Fstrong> – options including complete disabling\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication Support\u003C\u002Fstrong> – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠️ Security Tools\u003C\u002Fh4>\n\u003Cp>Comprehensive tools to block attackers and monitor your site in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Blocking Rules\u003C\u002Fstrong> – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-PTR-Host Mismatch Detection\u003C\u002Fstrong> – automatically detect and block fake crawlers (e.g., fake Googlebots)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist & Whitelist Management\u003C\u002Fstrong> – instantly allow or block any IP, ASN, range, or User-Agent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic Monitoring\u003C\u002Fstrong> – see all traffic in real-time: robots, humans, 404 errors, logins\u002Flogouts, file requests, and content consumption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server IP Identification\u003C\u002Fstrong> – prevent lockouts by automatically identifying and protecting server IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual Dashboard\u003C\u002Fstrong> – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs\u002Fcountries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Security Log\u003C\u002Fstrong> – every event logged with IP address, user agent, country, and blocking reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚡ Performance & Integration\u003C\u002Fh4>\n\u003Cp>BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – negligible overhead in normal conditions. Reduces database and server load during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Caching\u003C\u002Fstrong> – Redis and Memcached support for high-traffic environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Plugin Compatibility\u003C\u002Fstrong> – automatic \u003Ccode>DONOTCACHEPAGE\u003C\u002Fcode> + \u003Ccode>Cache-Control: no-store\u003C\u002Fcode> on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see \u003Ccode>docs\u002FCACHE-COMPATIBILITY.md\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Protection Compatibility\u003C\u002Fstrong> – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See \u003Ccode>docs\u002FDDOS-COMPATIBILITY.md\u003C\u002Fcode> for advanced configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Compatibility\u003C\u002Fstrong> – works with Cloudflare, CDN services, caching plugins, and optimizers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full IPv6 Support\u003C\u002Fstrong> – all security functions work with both IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Optimization\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem> – additional performance enhancements for high-traffic sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👤 Easy Setup & User-Friendly Interface\u003C\u002Fh4>\n\u003Cp>You don’t have to be a security expert to use BotBlocker:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Installation Wizard\u003C\u002Fstrong> – step-by-step setup guide for configuration in under 1 minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive Admin Panel\u003C\u002Fstrong> – organized settings with clear descriptions and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual\u003C\u002Fstrong> – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – built following WordPress best practices, tested with recent WP versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adjustable Logging\u003C\u002Fstrong> – configurable retention periods with time zone awareness and daylight saving support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security first – BotBlocker’s on guard!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Detection & Analysis\u003C\u002Fh4>\n\u003Cp>BotBlocker employs advanced multi-layer detection to identify and block threats:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detection Mechanisms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local and cloud signature databases with real-time updates\u003C\u002Fli>\n\u003Cli>IP reputation and blacklist checks with global threat intelligence\u003C\u002Fli>\n\u003Cli>DNS-based and PTR lookups to detect fake crawlers\u003C\u002Fli>\n\u003Cli>Heuristic and behavioral analysis for suspicious patterns\u003C\u002Fli>\n\u003Cli>Browser fingerprint and feature mismatch detection\u003C\u002Fli>\n\u003Cli>Header and protocol validation\u003C\u002Fli>\n\u003Cli>JavaScript challenge and capability verification\u003C\u002Fli>\n\u003Cli>Multi-layered CAPTCHA verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Comprehensive Request Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network & IP:\u003C\u002Fstrong> Full IPv4\u002FIPv6 support, blacklist\u002Fwhitelist, country\u002FGeoIP, ASN, hosting\u002FVPN detection, TOR detection, PTR\u002FDNSBL checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser & Client:\u003C\u002Fstrong> User-Agent validation, browser\u002FOS\u002Fdevice detection, fingerprint analysis, headless browser detection, JavaScript\u002Fcookie support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headers & Protocol:\u003C\u002Fstrong> Accept-Language, Referer validation, HTTP version control, Cloudflare\u002Fproxy detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Fingerprinting:\u003C\u002Fstrong> Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CAPTCHA Modes\u003C\u002Fh4>\n\u003Cp>Choose from various CAPTCHA types to protect your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Button\u003C\u002Fstrong> – one-click verification for quick validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong> – standard image\u002Fcheckbox challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> – invisible background scoring\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Color CAPTCHA\u003C\u002Fstrong> – select colored buttons challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Digits CAPTCHA\u003C\u002Fstrong> – floating math challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Images CAPTCHA\u003C\u002Fstrong> – animal image selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Shapes CAPTCHA\u003C\u002Fstrong> – floating shapes challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid Mode\u003C\u002Fstrong> – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Capabilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Early-init & MU plugin support\u003C\u002Fli>\n\u003Cli>Real-time cloud threat checks\u003C\u002Fli>\n\u003Cli>Dynamic and graphical anti-bot challenges\u003C\u002Fli>\n\u003Cli>Automatic logging with adjustable retention\u003C\u002Fli>\n\u003Cli>Session tracking and verification\u003C\u002Fli>\n\u003Cli>No visitor data collected — GDPR\u002FCCPA-compliant (see FAQ for admin notification details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BotBlocker Security does \u003Cstrong>not\u003C\u002Fstrong> collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.\u003C\u002Fp>\n\u003Ch3>Support and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product site: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Documentation: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact\u002Fsupport: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.\u003C\u002Fp>\n\u003Ch3>Credits & Authors\u003C\u002Fh3>\n\u003Cp>BotBlocker Security is developed and maintained by GLOBUS.studio.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Concept, architecture & code – Yevhen Leonidov: \u003Ca href=\"https:\u002F\u002Fleonidov.dev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fleonidov.dev\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Code, code review – Andrii Lukashevych\u003C\u002Fli>\n\u003Cli>Code, translations – Aleksandr Kinakh\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>BotBlocker Security – The first line of defense for your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.",2000,3799,6,"2026-03-10T18:22:00.000Z","5.0","7.4",[18,69,70,19,20],"brute-force","captcha","https:\u002F\u002Fbotblocker.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotblocker-security.1.6.14.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":23,"num_ratings":83,"last_updated":84,"tested_up_to":13,"requires_at_least":85,"requires_php":15,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":10,"last_vuln_date":94,"fetched_at":53},"injection-guard","Injection Guard","1.3.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Project URI:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPL v3\u003C\u002Fp>\n\u003Cp>Injection Guard is a WordPress plugin designed to block malicious query string attacks and suspicious URL parameters. It logs all incoming attempts, blocks harmful parameters, and adds extra security intelligence to your WordPress admin—like user session tracking and capability audit.\u003C\u002Fp>\n\u003Cp>The plugin uses the \u003Ccode>ig_\u003C\u002Fcode> prefix for database keys and functions, follows WordPress coding standards, and supports multiple languages. It’s compatible with pretty permalinks and helps in securing your site from automated bots and manual attacks.\u003C\u002Fp>\n\u003Ch3>Method A (Admin Panel)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to WordPress Admin > Plugins > Add New > Upload Plugin\u003C\u002Fli>\n\u003Cli>Upload the ZIP file and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to Settings > IG Settings and click “Save Settings”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Method B (Manual Upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the plugin package\u003C\u002Fli>\n\u003Cli>Upload the folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Finjection-guard\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Activate the plugin from the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>Visit Settings > IG Settings to configure\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Logs all unique query strings attempting to penetrate your website\u003C\u002Fli>\n\u003Cli>Blocks malicious or unknown query parameters\u003C\u002Fli>\n\u003Cli>Tracks login, logout, session start and duration per user\u003C\u002Fli>\n\u003Cli>Capability audit report for all WordPress users\u003C\u002Fli>\n\u003Cli>Multi-language support (FR, DE, ES)\u003C\u002Fli>\n\u003Cli>Bootstrap-based admin UI and dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software licensed under the GNU GPL v2 or later.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.",1000,32926,4,"2026-03-14T21:13:00.000Z","3.0",[87,19,20,88,89],"anti-hacking","sql-injection","wordpress-security","https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finjection-guard.1.3.0.zip",96,5,"2025-07-24 00:00:00",{"slug":96,"name":97,"version":47,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":45,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":12,"download_link":112,"security_score":113,"vuln_count":93,"unpatched_count":10,"last_vuln_date":114,"fetched_at":53},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",200,13895,78,7,"2025-06-15T19:08:00.000Z","4.6","7.2",[18,19,110,111,20],"login-attempts","protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip",92,"2024-12-05 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":23,"num_ratings":125,"last_updated":126,"tested_up_to":13,"requires_at_least":127,"requires_php":108,"tags":128,"homepage":131,"download_link":132,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":53},"cidram","CIDRAM","4.0.1","Maikuolan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaikuolan\u002F","\u003Cp>CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating from IP addresses regarded as being sources of undesirable traffic, including (but not limited to) traffic from non-human access endpoints, cloud services, spambots, scrapers, etc. It does this by calculating the possible CIDRs of the IP addresses supplied from inbound requests and then attempting to match these possible CIDRs against its signature files (these signature files contain lists of CIDRs of IP addresses regarded as being sources of undesirable traffic); If matches are found, the requests are blocked.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP >= 7.2.0\u003C\u002Fli>\n\u003Cli>PCRE\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Updating\u003C\u002Fh3>\n\u003Cp>Note: CIDRAM does not interact in any way with your database, and stores its own configuration settings, customisations, and related materials as flatfiles within its own directory. If you’ve not changed any of the default configuration settings and if you’re not using any customisations for this plugin, updating normally via the plugins dashboard, without need for any additional steps, should be sufficient and shouldn’t cause any problems. However, if you’ve modified the configuration settings for CIDRAM, or if you’ve made any customisations, I would recommend making backups of all of these prior to updating, due to that updating will overwrite all settings and customisations (after updating, you can then restore your customisations from your backups). Alternatively, if you update via the CIDRAM front-end updates page, all settings and customisations should be preserved.\u003C\u002Fp>\n","CIDRAM: A PHP-level CIDR\u002FIP-based firewall solution.",20,7357,12,"2026-01-19T16:26:00.000Z","4.8",[18,129,19,20,130],"cidr","waf","https:\u002F\u002Fcidram.github.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcidram.4.0.1.zip",{"attackSurface":134,"codeSignals":158,"taintFlows":194,"riskAssessment":195,"analyzedAt":200},{"hooks":135,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":10,"unprotectedCount":10},[136,142,146,150],{"type":137,"name":138,"callback":139,"priority":28,"file":140,"line":141},"action","init","verify_request","abyssguard.php",23,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_menu","add_admin_menu",26,{"type":137,"name":147,"callback":148,"file":140,"line":149},"admin_init","register_settings",29,{"type":137,"name":151,"callback":152,"file":140,"line":153},"plugins_loaded","load_textdomain",35,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":10,"externalRequests":28,"nonceChecks":10,"capabilityChecks":28,"bundledLibraries":193},[],{"prepared":10,"raw":10,"locations":161},[],{"escaped":163,"rawEcho":164,"locations":165},21,13,[166,169,171,173,175,177,179,181,183,185,187,189,191],{"file":140,"line":167,"context":168},317,"raw output",{"file":140,"line":170,"context":168},325,{"file":140,"line":172,"context":168},360,{"file":140,"line":174,"context":168},362,{"file":140,"line":176,"context":168},363,{"file":140,"line":178,"context":168},365,{"file":140,"line":180,"context":168},367,{"file":140,"line":182,"context":168},380,{"file":140,"line":184,"context":168},381,{"file":140,"line":186,"context":168},385,{"file":140,"line":188,"context":168},387,{"file":140,"line":190,"context":168},391,{"file":140,"line":192,"context":168},395,[],[],{"summary":196,"deductions":197},"The abyssguard v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis.  A significant strength is the complete absence of critical security signals such as dangerous functions, raw SQL queries, and unsanitized taint flows.  The plugin also demonstrates proper use of prepared statements for all SQL queries.  However, a concern arises from the output escaping, where 38% of outputs are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly reflected without adequate sanitization.\n\nDespite the positive indicators in the code analysis, the plugin has no recorded vulnerability history, which, while reassuring, doesn't entirely negate the potential risks identified in the static analysis. The presence of an external HTTP request without further details on its handling is a minor point of attention. The lack of nonce checks on any of the identified entry points (though there are none) is not a direct concern in this specific version but highlights a general practice to consider for future development. Overall, abyssguard appears to be a secure plugin with a few areas for improvement, primarily concerning output escaping.",[198],{"reason":199,"points":93},"Insufficient output escaping","2026-03-17T05:46:43.492Z",{"wat":202,"direct":207},{"assetPaths":203,"generatorPatterns":204,"scriptPaths":205,"versionParams":206},[],[],[],[],{"cssClasses":208,"htmlComments":209,"htmlAttributes":210,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[],[],[],[],[],[]]