[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0vKMfmw95lY1O3n50AOLtg2VSB81kwJO9O89p7BVeOQ":3,"$fSJILKVK8OuqpYj-OMV2hUiuq2_JQQ-OqKsbIrxovavE":271,"$fp1OcrVwtgsM8qdLrSgozpBqNTKJkKAARMesCQ1_g-CI":275},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":41,"analysis":138,"fingerprints":251},"access-defender","Access Defender – Advanced VPN & Proxy Blocker","1.1.2","Huzaifa Al Mesbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuzaifaalmesbah\u002F","\u003Cp>Access Defender is the most comprehensive WordPress security plugin for blocking VPNs, proxies, and suspicious traffic. Protect your website from malicious users, spam, fraud, and unauthorized access with our advanced multi-provider detection system.\u003C\u002Fp>\n\u003Cp>NEW in Version 1.1.0: Revolutionary multi-provider system with automatic failover, real-time monitoring, and enhanced reliability!\u003C\u002Fp>\n\u003Ch4>Quick Start Video Tutorial\u003C\u002Fh4>\n\u003Cp>Watch our step-by-step installation and configuration guide:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgWUFEuK1ZhA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Ch4>Advanced VPN & Proxy Detection\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>99.9% Detection Accuracy – Industry-leading precision in identifying VPNs, proxies, and hosting providers\u003C\u002Fli>\n\u003Cli>Multiple Detection Methods – Comprehensive IP analysis using advanced algorithms\u003C\u002Fli>\n\u003Cli>Real-time Threat Assessment – Instant blocking of suspicious traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Provider System (NEW!)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>4+ API Providers – Choose from free and premium services\u003C\u002Fli>\n\u003Cli>Smart Auto-Rotation – Automatic switching between providers when limits are reached\u003C\u002Fli>\n\u003Cli>Zero Downtime Protection – Seamless failover ensures continuous security\u003C\u002Fli>\n\u003Cli>Load Balancing – Distribute requests across multiple providers for optimal performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Real-time Monitoring & Analytics\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Live Usage Statistics – Monitor API calls, success rates, and provider performance\u003C\u002Fli>\n\u003Cli>Detailed Reporting – Track blocked attempts, provider efficiency, and security metrics\u003C\u002Fli>\n\u003Cli>Performance Insights – Optimize your security setup with actionable data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Configuration Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free Provider Auto-Rotation – Perfect for small to medium websites\u003C\u002Fli>\n\u003Cli>Premium Provider Support – Enhanced reliability for high-traffic sites\u003C\u002Fli>\n\u003Cli>Flexible API Management – Easy switching between providers\u003C\u002Fli>\n\u003Cli>Custom Rate Limiting – Intelligent request management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User-Friendly Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup – Get protected in minutes\u003C\u002Fli>\n\u003Cli>Customizable Block Messages – Professional warning pages for blocked users\u003C\u002Fli>\n\u003Cli>Admin Bypass – Administrators never get blocked\u003C\u002Fli>\n\u003Cli>Bot-Friendly – Automatic detection and allowance of search engine crawlers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Access Defender?\u003C\u002Fh3>\n\u003Ch4>For Website Owners:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect against fraud, spam, and malicious activities\u003C\u002Fli>\n\u003Cli>Reduce server load from suspicious traffic\u003C\u002Fli>\n\u003Cli>Improve website performance and user experience\u003C\u002Fli>\n\u003Cli>Maintain compliance with security standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For E-commerce Sites:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Prevent fraudulent transactions and chargebacks\u003C\u002Fli>\n\u003Cli>Block suspicious purchasing patterns\u003C\u002Fli>\n\u003Cli>Protect customer data and payment information\u003C\u002Fli>\n\u003Cli>Reduce cart abandonment from bot traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For Content Creators:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect premium content from unauthorized access\u003C\u002Fli>\n\u003Cli>Prevent content scraping and theft\u003C\u002Fli>\n\u003Cli>Ensure genuine user engagement metrics\u003C\u002Fli>\n\u003Cli>Maintain advertising revenue integrity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported API Providers\u003C\u002Fh3>\n\u003Ch4>Free Providers (Auto-Rotation Enabled):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com (Free) – 45 requests\u002Fminute, reliable detection\u003C\u002Fli>\n\u003Cli>Additional Free APIs – Coming soon for enhanced rotation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Providers (Enhanced Performance):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ProxyCheck.io – Professional-grade detection with 99.9% accuracy\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – Advanced geolocation and VPN detection\u003C\u002Fli>\n\u003Cli>IP-API.com (Pro) – Premium tier with higher limits (Coming Soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Provider Management:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Sequential rotation through free providers\u003C\u002Fli>\n\u003Cli>Automatic failover when rate limits are reached\u003C\u002Fli>\n\u003Cli>Real-time provider health monitoring\u003C\u002Fli>\n\u003Cli>Intelligent request distribution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>E-commerce Websites – Prevent fraud and protect transactions\u003C\u002Fli>\n\u003Cli>Membership Sites – Control access to premium content\u003C\u002Fli>\n\u003Cli>Corporate Websites – Maintain security compliance\u003C\u002Fli>\n\u003Cli>News & Media Sites – Protect against content scraping\u003C\u002Fli>\n\u003Cli>SaaS Platforms – Prevent abuse and unauthorized access\u003C\u002Fli>\n\u003Cli>Any WordPress Site – Universal security enhancement\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy & Security\u003C\u002Fh3>\n\u003Ch4>Data Collection & Processing:\u003C\u002Fh4>\n\u003Cp>Access Defender prioritizes your privacy while providing robust security. Here’s how we handle data:\u003C\u002Fp>\n\u003Ch4>API Provider Data Sharing:\u003C\u002Fh4>\n\u003Cp>When checking IP addresses, minimal data is shared with selected API providers for detection purposes only.\u003C\u002Fp>\n\u003Ch4>Supported Providers & Their Policies:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>ProxyCheck.io – \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – \u003Ca href=\"https:\u002F\u002Fipgeolocation.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Security Measures:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Encrypted API Communications – All provider requests use HTTPS\u003C\u002Fli>\n\u003Cli>No Personal Data Storage – Only IP addresses are processed temporarily\u003C\u002Fli>\n\u003Cli>Automatic Data Purging – Logs are cleared regularly\u003C\u002Fli>\n\u003Cli>Secure Key Management – API keys are encrypted in database\u003C\u002Fli>\n\u003Cli>WordPress Security Standards – Full compliance with WP security guidelines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Analytics & Telemetry:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Opt-in Only – Data collection requires your explicit consent\u003C\u002Fli>\n\u003Cli>Anonymous Usage Data – Helps improve plugin performance\u003C\u002Fli>\n\u003Cli>No Personal Information – Only technical usage statistics\u003C\u002Fli>\n\u003Cli>Full Control – Disable anytime in settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License & Legal\u003C\u002Fh3>\n\u003Ch4>Open Source License\u003C\u002Fh4>\n\u003Cp>Access Defender is licensed under GPLv2 or later. This ensures the plugin remains free and open-source while providing you with the flexibility to use, modify, and distribute it according to your needs.\u003C\u002Fp>\n\u003Ch4>License Details:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free to use for personal and commercial projects\u003C\u002Fli>\n\u003Cli>Modify and customize according to your requirements\u003C\u002Fli>\n\u003Cli>Redistribute under the same license terms\u003C\u002Fli>\n\u003Cli>Access to complete source code\u003C\u002Fli>\n\u003Cli>Community-driven development and support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Legal Information:\u003C\u002Fh4>\n\u003Cp>This plugin provides security features but users should understand:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No 100% Guarantee: No security measure is completely foolproof\u003C\u002Fli>\n\u003Cli>Third-party Dependencies: Plugin functionality depends on external API services\u003C\u002Fli>\n\u003Cli>Service Availability: API provider changes may affect functionality\u003C\u002Fli>\n\u003Cli>User Responsibility: Proper configuration and monitoring are essential\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Best Practices:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Regularly monitor plugin performance\u003C\u002Fli>\n\u003Cli>Keep plugin updated to latest version\u003C\u002Fli>\n\u003Cli>Test configuration on staging environment\u003C\u002Fli>\n\u003Cli>Maintain backup security measures\u003C\u002Fli>\n\u003Cli>Review API provider terms periodically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using Access Defender, you acknowledge these terms and agree to use the plugin responsibly as part of a comprehensive security strategy.\u003C\u002Fp>\n","Advanced VPN & proxy blocker for WordPress. 99.9% accuracy, multi-API rotation, real-time monitoring. Protect against fraud & spam.",50,1685,60,2,"2025-10-02T04:29:00.000Z","6.8.5","5.9","7.4",[20,21,22,23,24],"firewall","privacy","protection","security","spam","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.1.2.zip",100,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":37,"avg_patch_time_days":38,"trust_score":39,"computed_at":40},"huzaifaalmesbah",11,410,95,30,91,"2026-05-19T15:16:11.348Z",[42,65,86,103,122],{"slug":43,"name":44,"version":45,"author":46,"author_profile":47,"description":48,"short_description":49,"active_installs":50,"downloaded":51,"rating":52,"num_ratings":53,"last_updated":54,"tested_up_to":55,"requires_at_least":56,"requires_php":57,"tags":58,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":28,"last_vuln_date":64,"fetched_at":30},"zero-spam","Zero Spam for WordPress","5.5.8","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1426861,82,143,"2026-03-16T18:51:00.000Z","6.9.4","6.9","8.2",[20,22,23,24,59],"spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.5.8.zip",96,5,"2024-04-15 00:00:00",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":16,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":25,"download_link":83,"security_score":84,"vuln_count":63,"unpatched_count":28,"last_vuln_date":85,"fetched_at":30},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","5.6","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",200,14039,78,7,"2025-06-15T19:08:00.000Z","4.6","7.2",[81,20,82,22,23],"anti-spam","login-attempts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip",92,"2024-12-05 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":28,"num_ratings":28,"last_updated":96,"tested_up_to":55,"requires_at_least":97,"requires_php":79,"tags":98,"homepage":101,"download_link":102,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"protect-my-infos","Protect My Infos","1.3.8","Yuga Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fyugaweb\u002F","\u003Cp>\u003Cstrong>Protect My Infos\u003C\u002Fstrong> is a WordPress plugin designed to protect sensitive information, such as phone numbers and email addresses, by obfuscating or hiding them on the frontend of your site.\u003C\u002Fp>\n\u003Cp>Emails and phone numbers are encoded and hidden from bots, while visitors can interact with placeholders to reveal the information.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate sensitive information with placeholders, blur effects, or base64 encoding.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[protect_my_infos]\u003C\u002Fcode> shortcode for integration in posts or pages.\u003C\u002Fli>\n\u003Cli>Fully customizable settings for icons, colors, and reveal texts.\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the PayPal Donate API to facilitate donations via PayPal’s secure platform.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name\u003C\u002Fstrong>: PayPal Donate API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To provide a “Donate” button for collecting user donations securely via PayPal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Donation amount\u003C\u002Fli>\n\u003Cli>Currency\u003C\u002Fli>\n\u003Cli>PayPal Merchant ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent to PayPal only when a user interacts with the “Donate” button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Links\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Flegalhub-full\" rel=\"nofollow ugc\">PayPal Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Fprivacy-full\" rel=\"nofollow ugc\">PayPal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin does not store or process sensitive personal information. All payment transactions are handled securely by PayPal’s platform.\u003C\u002Fp>\n","Protect sensitive information like emails and phone numbers from bots with advanced obfuscation techniques.",80,980,"2025-12-11T15:33:00.000Z","5.0",[81,99,100,21,23],"email-obfuscation","phone-number-protection","https:\u002F\u002Fwww.yugaweb.com\u002Fprotect-my-infos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-my-infos.1.3.8.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":27,"num_ratings":113,"last_updated":114,"tested_up_to":16,"requires_at_least":97,"requires_php":25,"tags":115,"homepage":120,"download_link":121,"security_score":84,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent &hellip;",10,2320,1,"2025-04-28T07:01:00.000Z",[81,116,117,118,119],"iframe-blocker","spam-protection","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":28,"downloaded":130,"rating":28,"num_ratings":28,"last_updated":131,"tested_up_to":55,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":136,"download_link":137,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"baskerville-ai-security","Baskerville AI Security","1.0.3","eQualitie","https:\u002F\u002Fprofiles.wordpress.org\u002Fequalitie\u002F","\u003Cp>Baskerville is a comprehensive WordPress security plugin that protects your site from malicious bots, AI crawlers, and unwanted traffic using multiple detection methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI Bot Detection\u003C\u002Fstrong> – Intelligent classification of bots vs. humans with configurable score thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GeoIP Access Control\u003C\u002Fstrong> – Block or allow traffic by country (whitelist\u002Fblacklist modes)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong> – CAPTCHA challenge for borderline bot scores with precision analytics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Fingerprinting\u003C\u002Fstrong> – Advanced client-side fingerprinting (Canvas, WebGL, Audio)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Detection\u003C\u002Fstrong> – Hidden links to catch AI crawlers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Analytics\u003C\u002Fstrong> – Live feed, traffic statistics, and Turnstile precision metrics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Under Attack Mode\u003C\u002Fstrong> – Emergency mode to challenge all visitors during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelist\u003C\u002Fstrong> – Bypass firewall for trusted IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form Protection\u003C\u002Fstrong> – Protect login, registration, and comment forms with Turnstile\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Bot Score System:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>0-39: Likely human (allowed)\u003C\u002Fli>\n\u003Cli>40-70: Borderline (optional Turnstile challenge)\u003C\u002Fli>\n\u003Cli>71-100: Likely bot (blocked)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Performance:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minimal overhead (~1ms with page cache, ~30-50ms without)\u003C\u002Fli>\n\u003Cli>APCu + file-based caching for GeoIP lookups\u003C\u002Fli>\n\u003Cli>Compatible with all major caching plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following third-party services:\u003C\u002Fp>\n\u003Ch4>Cloudflare Turnstile\u003C\u002Fh4>\n\u003Cp>When Turnstile is enabled, the plugin loads JavaScript from Cloudflare’s servers to display CAPTCHA challenges:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service URL: https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fapi.js\u003C\u002Fli>\n\u003Cli>Verification API: https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fsiteverify\u003C\u002Fli>\n\u003Cli>Data sent: Turnstile token, visitor IP address\u003C\u002Fli>\n\u003Cli>Purpose: Human verification to prevent bot access\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fwww.cloudflare.com\u002Fwebsite-terms\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Turnstile is only loaded when you enable it in plugin settings and provide your Cloudflare API keys.\u003C\u002Fp>\n\u003Ch4>MaxMind GeoIP Database\u003C\u002Fh4>\n\u003Cp>When you use the one-click GeoIP database installer, the plugin downloads the GeoLite2-Country database from MaxMind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database download URL: https:\u002F\u002Fdownload.maxmind.com\u002F\u003C\u002Fli>\n\u003Cli>Data sent: Your MaxMind license key (required for database download)\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for geo-blocking features\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The installer also downloads the MaxMind PHP libraries from GitHub:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GeoIP2 PHP API: https:\u002F\u002Fgithub.com\u002Fmaxmind\u002FGeoIP2-php\u002Farchive\u002Frefs\u002Ftags\u002Fv2.13.0.zip\u003C\u002Fli>\n\u003Cli>MaxMind DB Reader: https:\u002F\u002Fgithub.com\u002Fmaxmind\u002FMaxMind-DB-Reader-php\u002Farchive\u002Frefs\u002Ftags\u002Fv1.11.1.zip\u003C\u002Fli>\n\u003Cli>These are open-source libraries used to read the local GeoIP database. No visitor data is sent to GitHub.\u003C\u002Fli>\n\u003Cli>GitHub Terms of Service: https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fgithub-terms\u002Fgithub-terms-of-service\u003C\u002Fli>\n\u003Cli>GitHub Privacy Statement: https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fprivacy-policies\u002Fgithub-general-privacy-statement\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The database is stored locally on your server. No visitor data is sent to MaxMind during lookups.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Ch4>Data Collected\u003C\u002Fh4>\n\u003Cp>This plugin collects and stores the following visitor data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses\u003C\u002Fli>\n\u003Cli>Browser fingerprints (Canvas, WebGL, Audio hashes)\u003C\u002Fli>\n\u003Cli>User agent strings\u003C\u002Fli>\n\u003Cli>Country codes (derived from IP)\u003C\u002Fli>\n\u003Cli>Bot scores and classifications\u003C\u002Fli>\n\u003Cli>Timestamps of visits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Retention\u003C\u002Fh4>\n\u003Cp>Statistics are automatically deleted after the retention period you configure (default: 14 days). You can adjust this in Settings > Baskerville > Settings.\u003C\u002Fp>\n\u003Ch4>GDPR Compliance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All data is stored locally on your server\u003C\u002Fli>\n\u003Cli>No visitor data is shared with third parties (except Cloudflare when Turnstile verification occurs)\u003C\u002Fli>\n\u003Cli>Data retention is configurable\u003C\u002Fli>\n\u003Cli>Consider adding disclosure to your site’s privacy policy\u003C\u002Fli>\n\u003C\u002Ful>\n","Advanced WordPress security plugin with AI bot detection, GeoIP access control, and Cloudflare Turnstile integration.",221,"2026-04-03T11:17:00.000Z","6.2",[134,135,20,23,117],"anti-bot","captcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbaskerville-ai-security\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbaskerville-ai-security.1.0.3.zip",{"attackSurface":139,"codeSignals":184,"taintFlows":214,"riskAssessment":241,"analyzedAt":250},{"hooks":140,"ajaxHandlers":171,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":14,"unprotectedCount":28},[141,147,152,156,160,165,168],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","plugins_loaded","initialize_access_defender_plugin","access-defender.php",47,{"type":142,"name":148,"callback":149,"file":150,"line":151},"admin_menu","add_admin_menu","includes\\Admin\\AdminPage.php",122,{"type":142,"name":153,"callback":154,"file":150,"line":155},"admin_init","init_settings",123,{"type":142,"name":153,"callback":157,"priority":158,"file":150,"line":159},"handle_form_submission",20,125,{"type":161,"name":162,"callback":162,"priority":111,"file":163,"line":164},"filter","plugin_row_meta","includes\\Core\\Plugin.php",85,{"type":142,"name":166,"callback":167,"file":163,"line":37},"wp","check_access",{"type":142,"name":169,"callback":170,"file":163,"line":62},"admin_enqueue_scripts","enqueue_admin_assets",[172,178],{"action":173,"nopriv":174,"callback":175,"hasNonce":176,"hasCapCheck":176,"file":163,"line":177},"accessdefender_validate_api_key",false,"ajax_validate_api_key",true,99,{"action":179,"nopriv":174,"callback":180,"hasNonce":176,"hasCapCheck":176,"file":163,"line":27},"accessdefender_provider_status","ajax_provider_status",[],[],[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":189,"fileOperations":28,"externalRequests":14,"nonceChecks":211,"capabilityChecks":212,"bundledLibraries":213},[],{"prepared":187,"raw":28,"locations":188},8,[],{"escaped":62,"rawEcho":111,"locations":190},[191,194,196,198,200,202,204,206,207,208],{"file":150,"line":192,"context":193},579,"raw output",{"file":150,"line":195,"context":193},580,{"file":150,"line":197,"context":193},581,{"file":150,"line":199,"context":193},676,{"file":150,"line":201,"context":193},677,{"file":150,"line":203,"context":193},678,{"file":150,"line":205,"context":193},736,{"file":150,"line":205,"context":193},{"file":150,"line":205,"context":193},{"file":209,"line":210,"context":193},"includes\\Views\\admin\\settings-about.php",130,3,4,[],[215,233],{"entryPoint":216,"graph":217,"unsanitizedCount":28,"severity":232},"handle_form_submission (includes\\Admin\\AdminPage.php:135)",{"nodes":218,"edges":230},[219,224],{"id":220,"type":221,"label":222,"file":150,"line":223},"n0","source","$_POST (x2)",165,{"id":225,"type":226,"label":227,"file":150,"line":228,"wp_function":229},"n1","sink","update_option() [Settings Manipulation]",212,"update_option",[231],{"from":220,"to":225,"sanitized":176},"low",{"entryPoint":234,"graph":235,"unsanitizedCount":28,"severity":232},"\u003CAdminPage> (includes\\Admin\\AdminPage.php:0)",{"nodes":236,"edges":239},[237,238],{"id":220,"type":221,"label":222,"file":150,"line":223},{"id":225,"type":226,"label":227,"file":150,"line":228,"wp_function":229},[240],{"from":220,"to":225,"sanitized":176},{"summary":242,"deductions":243},"The 'access-defender' v1.1.2 plugin exhibits a generally strong security posture based on the provided static analysis.  It demonstrates good practices by employing prepared statements for all SQL queries, a high percentage of properly escaped outputs, and the absence of dangerous functions, file operations, and bundled libraries.  The limited attack surface, consisting of two AJAX handlers, is further strengthened by the presence of nonce and capability checks, indicating a conscious effort to protect these entry points.  Furthermore, the plugin's vulnerability history is clean, with no known CVEs or recorded past vulnerabilities, suggesting a history of responsible development and maintenance.\n\nHowever, there are minor areas for potential improvement. While all identified entry points have authentication checks, the presence of two AJAX handlers means these checks are critical for the plugin's security. Any oversight in these checks could expose the plugin to risks. The plugin does make two external HTTP requests, which, while not inherently problematic, represent potential attack vectors if not handled with extreme care regarding user input or data validation.  The taint analysis shows no critical or high-severity issues, which is a very positive sign, but the limited number of flows analyzed (2) means a more comprehensive analysis might reveal subtle issues. \n\nIn conclusion, 'access-defender' v1.1.2 appears to be a secure plugin with robust coding practices. The lack of past vulnerabilities and the strong implementation of security checks on its entry points are commendable. The main areas to monitor would be the thoroughness of the existing authentication and authorization checks on the AJAX handlers and the secure handling of the two external HTTP requests. Overall, the risk is assessed as low.",[244,246,248],{"reason":245,"points":211},"AJAX handlers present",{"reason":247,"points":14},"External HTTP requests made",{"reason":249,"points":113},"Limited taint analysis flows","2026-03-16T21:59:58.242Z",{"wat":252,"direct":261},{"assetPaths":253,"generatorPatterns":256,"scriptPaths":257,"versionParams":258},[254,255],"\u002Fwp-content\u002Fplugins\u002Faccess-defender\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Faccess-defender\u002Fassets\u002Fjs\u002Fadmin.js",[],[255],[259,260],"access-defender\u002Fassets\u002Fcss\u002Fadmin.css?ver=","access-defender\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":262,"htmlComments":263,"htmlAttributes":264,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":270},[],[],[265,266],"data-nonce","data-ajaxurl",[],[269],"accessdefender_admin",[],{"error":176,"url":272,"statusCode":273,"statusMessage":274,"message":274},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Faccess-defender\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":187,"versions":276},[277,282,289,296,303,309,316,323],{"version":6,"download_url":26,"svn_tag_url":278,"released_at":29,"has_diff":174,"diff_files_changed":279,"diff_lines":29,"trac_diff_url":280,"vulnerabilities":281,"is_current":176},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.1.1&new_path=%2Faccess-defender%2Ftags%2F1.1.2",[],{"version":283,"download_url":284,"svn_tag_url":285,"released_at":29,"has_diff":174,"diff_files_changed":286,"diff_lines":29,"trac_diff_url":287,"vulnerabilities":288,"is_current":174},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.1.0&new_path=%2Faccess-defender%2Ftags%2F1.1.1",[],{"version":290,"download_url":291,"svn_tag_url":292,"released_at":29,"has_diff":174,"diff_files_changed":293,"diff_lines":29,"trac_diff_url":294,"vulnerabilities":295,"is_current":174},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.0.4&new_path=%2Faccess-defender%2Ftags%2F1.1.0",[],{"version":297,"download_url":298,"svn_tag_url":299,"released_at":29,"has_diff":174,"diff_files_changed":300,"diff_lines":29,"trac_diff_url":301,"vulnerabilities":302,"is_current":174},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.0.3&new_path=%2Faccess-defender%2Ftags%2F1.0.4",[],{"version":125,"download_url":304,"svn_tag_url":305,"released_at":29,"has_diff":174,"diff_files_changed":306,"diff_lines":29,"trac_diff_url":307,"vulnerabilities":308,"is_current":174},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.0.2&new_path=%2Faccess-defender%2Ftags%2F1.0.3",[],{"version":310,"download_url":311,"svn_tag_url":312,"released_at":29,"has_diff":174,"diff_files_changed":313,"diff_lines":29,"trac_diff_url":314,"vulnerabilities":315,"is_current":174},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.0.1&new_path=%2Faccess-defender%2Ftags%2F1.0.2",[],{"version":317,"download_url":318,"svn_tag_url":319,"released_at":29,"has_diff":174,"diff_files_changed":320,"diff_lines":29,"trac_diff_url":321,"vulnerabilities":322,"is_current":174},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Faccess-defender%2Ftags%2F1.0.0&new_path=%2Faccess-defender%2Ftags%2F1.0.1",[],{"version":324,"download_url":325,"svn_tag_url":326,"released_at":29,"has_diff":174,"diff_files_changed":327,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":328,"is_current":174},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Faccess-defender\u002Ftags\u002F1.0.0\u002F",[],[]]