[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFO_KEr2Z6hXBWaRmlQbmXhgoLp5I2g61y5QIg2CEedI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":134,"fingerprints":241},"adamszokol-onion-service","Onion Service by Adam Szokol","1.0.2","Adam Szokol","https:\u002F\u002Fprofiles.wordpress.org\u002Fszokoladam\u002F","\u003Cp>The Onion Service by Adam Szokol plugin provides reliable functionality for integrating your WordPress site with the Tor network. It configures your site to handle .onion addresses, which can enhance accessibility and privacy for your visitors using the Tor Browser. This plugin is built to work effectively on both single-site and WordPress Multisite installations.\u003C\u002Fp>\n\u003Cp>A core feature is its administrative helper functionality. On activation, the plugin checks for and creates a necessary sunrise.php file for domain mapping support. It also attempts to add the required define( ‘SUNRISE’, true ); constant to your wp-config.php file, which is often the most complex step in the setup process. This modification is only attempted if file permissions allow it.\u003C\u002Fp>\n\u003Cp>The settings interface is available only to administrators (or Super Admins on Multisite), allowing you to easily map your .onion domains and manage the service status.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cp>Automatic sunrise.php Creation: Handles the creation and placement of sunrise.php for reliable domain mapping.\u003C\u002Fp>\n\u003Cp>Optional wp-config.php Modification: Attempts to safely add the SUNRISE constant to your configuration file, providing a setup assist.\u003C\u002Fp>\n\u003Cp>Unified Architecture: Works consistently across single WordPress sites and Multisite networks.\u003C\u002Fp>\n\u003Cp>Onion-Location Header: Automatically informs Tor Browser users that a private .onion version of your site is available.\u003C\u002Fp>\n\u003Cp>Full Domain Mapping: Assign unique .onion domains to specific sites in your installation.\u003C\u002Fp>\n\u003Cp>Service Status Control: Easily disable the onion service and display a custom maintenance message.\u003C\u002Fp>\n","A focused plugin designed to enable Onion Service & Mapping support for your WordPress site.",0,251,"2025-12-22T11:27:00.000Z","6.9.4","5.8","7.4",[18,19,20,21,22],"multisite","onion","privacy","security","tor","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadamszokol-onion-service.1.0.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"szokoladam",1,30,94,"2026-04-04T11:27:22.577Z",[36,50,69,86,110],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":14,"requires_at_least":46,"requires_php":16,"tags":47,"homepage":23,"download_link":49,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"onionify","Onionify – Onion Service for WP","1.0.3","Ivijan-Stefan Stipic","https:\u002F\u002Fprofiles.wordpress.org\u002Fivijanstefan\u002F","\u003Cp>Onionify is an independent plugin that enables WordPress websites to operate seamlessly through onion services (.onion).\u003C\u002Fp>\n\u003Cp>This plugin is not affiliated with or endorsed by the Tor Project.\u003C\u002Fp>\n\u003Cp>Onionify adds safe and standards-compliant integration for onion access – rewriting runtime URLs when requests arrive via .onion, preventing canonical redirects that might expose onion visitors to the clearnet, optionally adding the official Onion-Location HTTP header, and applying additional privacy-hardening measures (CSP, COEP, oEmbed and resource hints control) specifically for onion traffic.\u003C\u002Fp>\n\u003Cp>The plugin follows WordPress.org guidelines and is designed for secure public distribution:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No modifications to WordPress core.\u003C\u002Fli>\n\u003Cli>Uses WordPress filters and actions only.\u003C\u002Fli>\n\u003Cli>Fully compatible with multisite environments (per-site mappings and network defaults).\u003C\u002Fli>\n\u003Cli>Optional WP-CLI integration for advanced administration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚠ IMPORTANT WARNING\u003C\u002Fh3>\n\u003Cp>⚠ Warning: This plugin does not provide hosting-level anonymity or concealment of infrastructure. Onionify helps WordPress handle requests that arrive via onion service addresses, but it does not change or hide server configuration, hosting provider information, or other infrastructure-level metadata. If you require infrastructure-level protections or specialized operational procedures, consult authoritative technical documentation and qualified operational security professionals. Do not rely on this plugin for legal compliance or for anonymizing hosting details.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Detects .onion requests and safely rewrites generated WordPress URLs to the configured onion host at runtime.\u003C\u002Fli>\n\u003Cli>Does not modify database \u003Ccode>home\u003C\u002Fcode> or \u003Ccode>siteurl\u003C\u002Fcode> values – all rewrites occur at runtime only.\u003C\u002Fli>\n\u003Cli>Multisite support: per-site onion mapping (via Network Admin) and configurable Network Defaults.\u003C\u002Fli>\n\u003Cli>Optionally sends the Onion-Location header from the clearnet site to help browsers recognize the onion mirror.\u003C\u002Fli>\n\u003Cli>Optional privacy enhancements for onion visitors (CSP, COEP, X-Frame-Options, disable oEmbed, and tighten resource hints).\u003C\u002Fli>\n\u003Cli>Optional verification feature using a public list of known Tor exit addresses (opt-in only).\u003C\u002Fli>\n\u003Cli>Includes WP-CLI commands to list, map, and manage onion host configurations.\u003C\u002Fli>\n\u003Cli>Provides filter hooks for extensibility (including \u003Ccode>onion_is_onion_request\u003C\u002Fcode> and \u003Ccode>onion_verify_exit_list\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Carefully validated, defensive code compatible with PHP 7.4 – 8.x.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Quick usage (WP-CLI)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>wp tor-onion list\u003C\u002Fcode> – show mapping table (multisite) or single-site status.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp tor-onion map \u003Cblog_id|0> \u003Cexample.onion>\u003C\u002Fcode> – map blog_id (or 0 for single-site) to an onion host.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp tor-onion set --hardening=on|off --oembed=on|off --csp=strict|relaxed|off\u003C\u002Fcode> – quick toggles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings explained (concise + clear)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>.onion domain\u003C\u002Fstrong> – Host only, no protocol. Example: \u003Ccode>abcd1234xyz.onion\u003C\u002Fcode>. Leave empty to use Network Default (multisite).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send Onion-Location from clearnet\u003C\u002Fstrong> – When enabled, the plugin adds an \u003Ccode>Onion-Location: http:\u002F\u002F\u003Cyour-onion>\u003Cpath>\u003C\u002Fcode> header to requests on the clearnet site. This is useful to advertise your onion mirror to Tor Browser or other clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable onion hardening\u003C\u002Fstrong> – When enabled, headers and filters designed to reduce external resource loading (and privacy leakage) are applied to requests \u003Cem>only\u003C\u002Fem> when served via .onion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable oEmbed\u002Fembeds on .onion\u003C\u002Fstrong> – Blocks automatic fetching of oEmbed content (YouTube, Twitter, etc.) and discovery links to avoid loading third-party resources for onion visitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP mode\u003C\u002Fstrong> – \u003Ccode>Strict\u003C\u002Fcode>, \u003Ccode>Relaxed\u003C\u002Fcode>, \u003Ccode>Off\u003C\u002Fcode>, \u003Ccode>Custom\u003C\u002Fcode>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Strict\u003C\u002Fstrong> – safest. No inline scripts. Best for privacy; may break themes\u002Fplugins that rely on inline JS.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Relaxed\u003C\u002Fstrong> – allows inline scripts\u002Fstyles (\u003Ccode>'unsafe-inline'\u003C\u002Fcode>), useful for older themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Off\u003C\u002Fstrong> – plugin does not send a CSP header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom\u003C\u002Fstrong> – plugin will send \u003Cstrong>exactly\u003C\u002Fstrong> the policy you place into the Custom CSP text box. Only use if you understand CSP syntax.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Custom CSP – clear guidance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The \u003Cstrong>Custom CSP\u003C\u002Fstrong> field is used \u003Cstrong>only\u003C\u002Fstrong> when \u003Ccode>CSP mode\u003C\u002Fcode> is set to \u003Cstrong>Custom\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Enter the policy exactly as you want it sent. Examples below – copy\u002Fpaste if needed:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>1) Minimal secure WordPress (no external CDN):\u003Cbr \u002F>\n    \u003Ccode>default-src 'self';\u003Cbr \u002F>\nscript-src 'self';\u003Cbr \u002F>\nstyle-src 'self' 'unsafe-inline';\u003Cbr \u002F>\nimg-src 'self' data:;\u003Cbr \u002F>\nfont-src 'self' data:;\u003Cbr \u002F>\nconnect-src 'self';\u003Cbr \u002F>\nframe-src 'self';\u003Cbr \u002F>\nframe-ancestors 'self';\u003Cbr \u002F>\nbase-uri 'self';\u003Cbr \u002F>\nform-action 'self';\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>2) Relaxed (allows inline JS):\u003Cbr \u002F>\n    \u003Ccode>default-src 'self';\u003Cbr \u002F>\nscript-src 'self' 'unsafe-inline';\u003Cbr \u002F>\nstyle-src 'self' 'unsafe-inline';\u003Cbr \u002F>\nimg-src 'self' data:;\u003Cbr \u002F>\nfont-src 'self' data:;\u003Cbr \u002F>\nconnect-src 'self';\u003Cbr \u002F>\nframe-src 'self';\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>3) If you must use an external CDN – add only the exact host(s):\u003Cbr \u002F>\n    \u003Ccode>img-src 'self' https:\u002F\u002Fcdn.example.com data:;\u003Cbr \u002F>\nfont-src 'self' https:\u002F\u002Fcdn.example.com data:;\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cem>Tips & cautions:\u003C\u002Fem>\u003Cbr \u002F>\n– Start with \u003Cstrong>Strict\u003C\u002Fstrong>; if things break (admin bar, theme JS), switch to \u003Cstrong>Relaxed\u003C\u002Fstrong>.\u003Cbr \u002F>\n– Use \u003Cstrong>Custom\u003C\u002Fstrong> only if you know CSP; incorrect CSP can break admin, media, or login.\u003Cbr \u002F>\n– Avoid including public CDNs in onion mode where possible – best privacy practice is to host assets locally.\u003C\u002Fp>\n\u003Ch3>Multisite behavior\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Per-site mapping: Network Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Onionify allows mapping each blog_id \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> onion host.\u003C\u002Fli>\n\u003Cli>Network Defaults: Network Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Onionify \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Network Defaults lets you set default values (default onion host, default CSP mode, default hardening toggles) that sites inherit unless they override locally.\u003C\u002Fli>\n\u003Cli>Precedence: Per-site explicit setting \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Network Default \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugin internal default.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters & constants (developer)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>apply_filters('onion_is_onion_request', bool $is_tor, array $server)\u003C\u002Fcode>\u003Cbr \u002F>\nAllows other plugins\u002Fthemes to override detection. \u003Ccode>$server\u003C\u002Fcode> is a copy of \u003Ccode>$_SERVER\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>apply_filters('onion_verify_exit_list', bool $default)\u003C\u002Fcode>\u003Cbr \u002F>\nControls whether the plugin will verify IPs against the Tor exit list. Disabled by default.\u003C\u002Fli>\n\u003Cli>\u003Ccode>define('TOS_VERIFY_TOR_EXIT', true);\u003C\u002Fcode> – alternative to enable exit-list verification in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>onion_support_*\u003C\u002Fcode> option names used by the plugin: see Settings page. The plugin cleans up these options on uninstall.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you do not want automatic cleanup, do not use the admin “Delete” action; deactivate only.\u003C\u002Fp>\n\u003Ch3>Privacy, security, and limitations (be explicit)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin \u003Cstrong>only\u003C\u002Fstrong> adjusts WordPress behavior (URL outputs, selected headers, CSP, and resource hint handling) based on how visitors access the site (clearnet vs .onion).\u003C\u002Fli>\n\u003Cli>It does \u003Cstrong>not\u003C\u002Fstrong> anonymize or conceal server infrastructure details. Information such as hosting provider IP addresses, DNS records for clearnet domains, or other infrastructure-level metadata remains unchanged. Onionify is \u003Cstrong>not\u003C\u002Fstrong> designed or intended to provide anonymity or infrastructure concealment.\u003C\u002Fli>\n\u003Cli>Enabling the optional exit-address verification feature performs external HTTP requests to a trusted public source (only when explicitly opted in). If your hosting environment restricts outbound HTTP requests, use the WP-CLI interface or \u003Ccode>wp-config.php\u003C\u002Fcode> configuration after verifying your allowed hosts.\u003C\u002Fli>\n\u003Cli>The plugin operates with a privacy-first design: external requests are disabled by default, and its default configuration aims to reduce unnecessary third-party requests for onion visitors.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin can optionally fetch the official Tor exit relay list to verify requests against Tor exits.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service:\u003C\u002Fstrong> Tor Project – Exit addresses list\u003Cbr \u002F>\n\u003Cstrong>Endpoint:\u003C\u002Fstrong> https:\u002F\u002Fcheck.torproject.org\u002Fexit-addresses\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it is used for:\u003C\u002Fstrong> When exit verification is enabled, the plugin downloads the public list of Tor exit relays to check inbound requests.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong> The plugin performs a normal HTTP GET request from the server to the Tor Project endpoint. No user PII is sent; the request includes a generic User-Agent header and, as with any HTTP request, the server’s IP address is visible to the Tor Project. This request happens at most once per 24 hours due to caching and only if exit verification is enabled by the site owner.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to enable\u002Fdisable:\u003C\u002Fstrong> Exit verification is opt-in. It is disabled by default. It can be enabled via the plugin settings or by adding define(‘TOS_VERIFY_TOR_EXIT’, true) in wp-config.php. If your environment blocks external HTTP requests (WP_HTTP_BLOCK_EXTERNAL), the plugin will respect that unless the host is whitelisted in WP_ACCESSIBLE_HOSTS.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Provider policies:\u003C\u002Fstrong> See the \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fabout\u002Fprivacy_policy\u002F\" rel=\"nofollow ugc\">Tor Project privacy policy\u003C\u002Fa> and terms on their official website.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Use the WordPress.org support forum for the plugin. For commercial help or customizations contact https:\u002F\u002Finfinitumform.com\u002F.\u003C\u002Fp>\n","Serve WordPress cleanly over .onion with URL rewriting, Onion-Location, and privacy hardening.",238,"2026-03-13T08:10:00.000Z","6.0",[48,19,20,21,22],"csp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonionify.1.0.3.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":25,"downloaded":58,"rating":25,"num_ratings":31,"last_updated":59,"tested_up_to":60,"requires_at_least":61,"requires_php":23,"tags":62,"homepage":66,"download_link":67,"security_score":68,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"disable-directory-listings","Disable Directory Listings","2.0","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Prevent virtual directory listing services from listing the contents of directories, and\u002For show a page in place of a directory’s listing.\u003C\u002Fp>\n\u003Cp>The Apache web server can be configured to automatically display the listings of the contents of a web site’s file directory if no index file (i.e. index.html or index.php) is present.  This can expose files and information to visitors.  Of course the web server could be configured to not do this (the recommended approach), but sometimes you don’t have permission (you’re on a shared host), the know-how, or you want to selectively disallow virtual directory listings.  That’s where this plugin can help.\u003C\u002Fp>\n\u003Cp>If you want to test if your site has virtual directory listings enabled, try visiting http:\u002F\u002Fwww.YOURSITE.com\u002Fwp-includes (obviously, change the domain to match your own).  If you see a listing of PHP files then virtual directory listing is enabled for your site.\u003C\u002Fp>\n\u003Cp>This plugin can prevent visitors from seeing the contents of certain (or all) directories on your site (assuming your web server generates virtual directory listings).  It also allows you to use a WordPress page as the index for a directory\u003C\u002Fp>\n\u003Cp>By default, the following directories are protected:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>wp-includes\u002F\u003C\u002Fli>\n\u003Cli>wp-content\u002F\u003C\u002Fli>\n\u003Cli>wp-content\u002Fplugins\u002F\u003C\u002Fli>\n\u003Cli>wp-content\u002Fthemes\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It does NOT protect any other directory by default.  You can change this via the plugin’s admin settings page.\u003C\u002Fp>\n\u003Cp>TIP: When this plugin is activated (and more specifically, ater the permalink structure is updated as per the instructions below), WordPress will generate the themed 404 – Not Found page.  If you were to create a Page with the same name as one of the directories being disabled (i.e. ‘wp-includes’ or ‘wp-content’) then that page will be displayed instead of the 404 error message.  If you want to display a page for the ‘plugins’ and ‘themes’ directory, you must create them as children pages of a ‘wp-content’ page.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin only works for the Apache web server.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fdisable-directory-listings\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Prevent virtual directory listing services from listing the contents of directories, and\u002For show a page in place of a directory's listing.",7171,"2011-07-29T04:37:00.000Z","3.2.1","3.0",[63,64,65,20,21],"apache","coffee2code","directory-listings","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fdisable-directory-listings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-directory-listings.2.0.zip",85,{"slug":70,"name":71,"version":53,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":11,"downloaded":76,"rating":11,"num_ratings":11,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":84,"download_link":85,"security_score":68,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"surbma-gdpr-multisite-privacy","Surbma | GDPR Multisite Privacy","Surbma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsurbma\u002F","\u003Cp>This plugin is only for Multisite networks! It will give special privileges to every subsite administrator, that has the same email address, what is set as the main email address for that particular subsite. So every subsite can set their own privacy settings and they will have the option to export or remove personal data if required by the user. This is a very important feature if you want to compile with GDPR.\u003C\u002Fp>\n\u003Cp>Only one user will get the special capabilities to set and edit the privacy policy page and get access to user data export or removal pages. The user must be an administrator and the user’s email address must match with the default email address under Settings page.\u003C\u002Fp>\n\u003Ch3>The Problem…\u003C\u002Fh3>\n\u003Cp>By default, the new Privacy settings introduced in WordPress 4.9.6 is available only for single install Administrators or if you use a Multsiite install, it is available only for Super Admins. There is no default option to enable Privacy settings for subsites. It can be a big problem for you subsite users, because they can not meet the GDPR rules.\u003C\u002Fp>\n\u003Ch3>…and the solution\u003C\u002Fh3>\n\u003Cp>This plugin will give subsite Administrators access to these new privacy features. Only one administrator will get these new privileges per subsite, who has the same email, that is set under Settings page.\u003C\u002Fp>\n\u003Ch3>Other GDPR related plugins by Surbma\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsurbma-gdpr-proof-google-analytics\u002F\" rel=\"ugc\">Surbma | GDPR Proof Cookie Consent & Notice Bar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsurbma-gdpr-proof-gravity-forms\u002F\" rel=\"ugc\">Surbma | GDPR Proof Gravity Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About Surbma\u003C\u002Fh3>\n\u003Ch4>Other Surbma plugins\u003C\u002Fh4>\n\u003Cp>I have more, than 30 fantastic, FREE plugins in the official WordPress plugin directory. Please check them too here: \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsurbma#content-plugins\" rel=\"nofollow ugc\">Surbma plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Do you want to contribute or help improving this plugin?\u003C\u002Fh4>\n\u003Cp>You can find it on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-gdpr-multisite-privacy\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-gdpr-multisite-privacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>You can find my other plugins and projects on GitHub\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please feel free to contribute, help or recommend any new features for my plugins, themes and other projects.\u003C\u002Fp>\n\u003Ch4>Do you want to know more about me?\u003C\u002Fh4>\n\u003Cp>Visit my webpage: \u003Ca href=\"https:\u002F\u002Fsurbma.com\u002F\" rel=\"nofollow ugc\">Surbma.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Do you like and use my free plugins?\u003C\u002Fh4>\n\u003Cp>You can donate me for FREE here: \u003Ca href=\"https:\u002F\u002Fsurbma.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Surbma.com\u003C\u002Fa>\u003C\u002Fp>\n","A GDPR Multisite plugin, that adds special privileges to a subsite Administrator for Privacy settings.",1702,"2023-04-08T13:11:00.000Z","6.2.9","5.1","7.0",[18,20,21,82,83],"surbma","user","https:\u002F\u002Fsurbma.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsurbma-gdpr-multisite-privacy.2.0.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":14,"requires_at_least":99,"requires_php":16,"tags":100,"homepage":105,"download_link":106,"security_score":107,"vuln_count":108,"unpatched_count":11,"last_vuln_date":109,"fetched_at":27},"really-simple-ssl","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)","9.5.8","Really Simple Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Freallysimpleplugins\u002F","\u003Cp>Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.\u003C\u002Fp>\n\u003Ch3>Really simple, Effective and Performant WordPress Security\u003C\u002Fh3>\n\u003Cp>Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features.\u003C\u002Fp>\n\u003Cp>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy-to-use:\u003C\u002Fstrong> 1-minute configuration with short onboarding setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Ch4>Easy SSL Migration\u003C\u002Fh4>\n\u003Cp>Migrates your website to HTTPS and enforces SSL in just one click.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>301 redirect via PHP or .htaccess\u003C\u002Fli>\n\u003Cli>Secure cookies\u003C\u002Fli>\n\u003Cli>Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.\u003C\u002Fli>\n\u003Cli>Server Health Check: Your server configuration is every bit as important for your website security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Hardening\u003C\u002Fh4>\n\u003Cp>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent code execution in the uploads folder\u003C\u002Fli>\n\u003Cli>Prevent login feedback and disable user enumeration\u003C\u002Fli>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Username restrictions (block ‘admin’ and public names)\u003C\u002Fli>\n\u003Cli>and much more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Detection\u003C\u002Fh4>\n\u003Cp>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.\u003C\u002Fp>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email.\u003C\u002Fp>\n\u003Ch3>Improve Security with Really Simple Security Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002F\" rel=\"nofollow ugc\">Protect your site with all essential security features by upgrading to Really Simple Security Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Advanced SSL enforcement\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end.\u003C\u002Fli>\n\u003Cli>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Firewall\u003C\u002Fh4>\n\u003Cp>Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors.\u003C\u002Fli>\n\u003Cli>Region blocking – Only allow\u002Fblock access to your site from specific regions.\u003C\u002Fli>\n\u003Cli>Automated and customisable Firewall rules.\u003C\u002Fli>\n\u003Cli>IP blocklist and allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers\u003C\u002Fh4>\n\u003Cp>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.\u003C\u002Fli>\n\u003Cli>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.\u003C\u002Fli>\n\u003Cli>Automatically generate your WordPress-tailored Content Security Policy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Measures\u003C\u002Fh4>\n\u003Cp>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.\u003C\u002Fli>\n\u003Cli>Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Site Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose a custom login URL\u003C\u002Fli>\n\u003Cli>Automated File Permissions check and fixer\u003C\u002Fli>\n\u003Cli>Rename and randomize your database prefix\u003C\u002Fli>\n\u003Cli>Change the debug.log file location to a non-public folder\u003C\u002Fli>\n\u003Cli>Disable application passwords\u003C\u002Fli>\n\u003Cli>Control admin creation\u003C\u002Fli>\n\u003Cli>Disable HTTP methods, reducing HTTP requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Secure your website’s login process and user accounts with powerful security measures.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Step verification (Email login)\u003C\u002Fli>\n\u003Cli>2FA (two factor authentication) with TOTP\u003C\u002Fli>\n\u003Cli>Passwordless login with passkey login\u003C\u002Fli>\n\u003Cli>Enforce strong passwords and frequent password change\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)\u003C\u002Fp>\n\u003Ch4>Access Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict access to your site for specific regions.\u003C\u002Fli>\n\u003Cli>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Useful Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fknowledge-base-overview\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fdefinitions\u002F\" rel=\"nofollow ugc\">Security Definitions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">Translate Really Simple Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Fissues\" rel=\"nofollow ugc\">Issues & pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Flabels\u002Ffeature%20request\" rel=\"nofollow ugc\">Feature requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Love Really Simple Security?\u003C\u002Fh3>\n\u003Cp>If you want to support the continuing development of this plugin, please consider buying \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Really Simple Security Pro\u003C\u002Fa>, which includes some excellent security features and premium support.\u003C\u002Fp>\n\u003Ch3>About Really Simple Plugins\u003C\u002Fh3>\n\u003Cp>Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fabout-us\" rel=\"nofollow ugc\">Really Simple Plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For generating SSL certificates, Really Simple Security uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffbett\u002Fle-acme2-php\u002F\" rel=\"nofollow ugc\">le acme2 PHP\u003C\u002Fa> Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Freally-simple-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> as well!\u003C\u002Fp>\n","Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.",3000000,205655178,98,8803,"2026-02-26T10:57:00.000Z","6.6",[101,102,21,103,104],"2fa","https","two-factor","vulnerabilities","https:\u002F\u002Freally-simple-ssl.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.8.zip",96,3,"2026-03-15 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":33,"num_ratings":120,"last_updated":121,"tested_up_to":14,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":131,"vuln_count":132,"unpatched_count":11,"last_vuln_date":133,"fetched_at":27},"all-in-one-wp-security-and-firewall","All-In-One Security (AIOS) – Security and Firewall","5.4.6","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Ch3>THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios&utm_creative_format=description\" rel=\"nofollow ugc\">All-in-One Security (AIOS)\u003C\u002Fa> is a WordPress security plugin from the same, trusted team that brought you UpdraftPlus.\u003C\u002Fp>\n\u003Cp>It’s called ‘All-In-One’ because it’s packed full of ways to keep your WordPress website(s) safe and secure.\u003C\u002Fp>\n\u003Cp>It includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login security features\u003C\u002Fstrong> keep bots at bay. Lock out users based on a configurable number of login attempts, get two-factor authentication and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File and database security.\u003C\u002Fstrong> Get notified of file changes that occur outside of normal operations. Block access to key files and scan files and folders to spot insecure permissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall.\u003C\u002Fstrong> Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam prevention.\u003C\u002Fstrong> Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit log.\u003C\u002Fstrong> View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated and more.\u003C\u002Fp>\n\u003Ch4>WHY ALL-IN-ONE SECURITY?\u003C\u002Fh4>\n\u003Cp>AIOS has a near-perfect \u003Cstrong>4.7 \u002F 5-star user rating\u003C\u002Fstrong> across more than 1 million installs.\u003C\u002Fp>\n\u003Cp>Great for beginners and experts alike. AIOS guides you logically and clearly through each of its features which are all clearly explained. Security features are marked as basic, intermediate and advanced. Each step increases your security score. Turn them on and watch your protection grow!\u003C\u002Fp>\n\u003Cp>We have a large support team of software developers. That means we have the availability and the skillset to help you with the trickiest of queries.\u003C\u002Fp>\n\u003Cp>We comb the WordPress plugin directory for support tickets daily – most queries are responded to within 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Excellent plugin with numerous well-thought-out options for making a website more secure. I have been using it for years and am very happy with it. I recently had a small problem setting up a website and – even as a non-premium user – I received support very quickly. Highly recommended!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>For even more ways to stay safe and secure, upgrade to \u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002Fpricing?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios_premium&utm_creative_format=description\" rel=\"nofollow ugc\">AIOS Premium\u003C\u002Fa> – it packs a punch security-wise, whilst being \u003Cstrong>extremely cost-competitive\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>LOGIN SECURITY\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication (TFA)\u003C\u002Fstrong> – Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detect and manage ‘admin’ usernames\u003C\u002Fstrong> – Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify and correct identical login and display names\u003C\u002Fstrong> – Detect cases where the display name matches the username and provide guidance to improve login security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent user enumeration\u003C\u002Fstrong> – Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control login attempts\u003C\u002Fstrong> – Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lockout durations, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force user logout\u003C\u002Fstrong> – Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually approve new registrations\u003C\u002Fstrong> – Review and approve new user registrations to prevent spam and fake sign-ups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance WordPress salt security\u003C\u002Fstrong> – Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002F\u003Cbr \u002F>\n\u003Cstrong>Monitor and manage active sessions\u003C\u002Fstrong> – If a user is logged in who shouldn’t be, log them out or add them to a blacklist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SPAM PREVENTION\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block spam coming from bots\u003C\u002Fstrong> – Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor spam IP addresses\u003C\u002Fstrong> – Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block based on a configurable number of comments left.\u003C\u002Fp>\n\u003Ch4>FILE \u002F DATABASE Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Scan and fix file permissions\u003C\u002Fstrong> – Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable PHP file editing\u003C\u002Fstrong> – Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect sensitive files\u003C\u002Fstrong> – Prevent access to files like readme.html that might reveal information about your WordPress installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File change scanner\u003C\u002Fstrong> – Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent image hotlinking\u003C\u002Fstrong> – Prevent other websites from displaying your images via hotlinking and protect server bandwidth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure database backups\u003C\u002Fstrong> – Perform a database backup via UpdraftPlus from AIOS. Change the default ‘wp_’ prefix to hide your WordPress database from hackers.\u003C\u002Fp>\n\u003Ch4>FIREWALL\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Get .htaccess firewall rules\u003C\u002Fstrong> – Deny access to the .htaccess and wp-config.php files. Disable the server signature and limit file uploads to a configurable size.**\u003C\u002Fp>\n\u003Cp>Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get PHP firewall rules\u003C\u002Fstrong> – PHP firewall rules prevent malicious users from exploiting well-known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and Atom feeds and avoid cross-site scripting (XSS) attacks.\u003Cbr \u002F>\nBlock fake Google bots and POST requests made by bots – Block fake Google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Utilise 6G firewall rules\u003C\u002Fstrong> – Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>And more\u003C\u002Fstrong> – Blacklist (and whitelist) IP ranges and user agents and block unauthorized access to data by disabling REST API access for non-logged-in requests.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION ENHANCED [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong> is included in the free plugin. Upgrade to Premium if you’d like to:\u003Cbr \u002F>\nRequire TFA after a set time period – Mandate TFA for all admins or other roles after their accounts reach a specified age.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control how often TFA is required\u003C\u002Fstrong> – Set TFA to be required after a certain number of days on trusted devices instead of every login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customise design layout\u003C\u002Fstrong> – Adjust the TFA design to match your website’s existing layout and branding.\u003Cbr \u002F>\nEmergency codes – Generate one-time use emergency codes to regain access if you lose your TFA device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Multisite Compatible\u003C\u002Fstrong> – Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with login forms\u003C\u002Fstrong> – Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme My Login’ without additional coding.\u003C\u002Fp>\n\u003Ch4>SMART 404 BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block IPs based on 404 errors\u003C\u002Fstrong> – Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 Configuration\u003C\u002Fstrong> – Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g., 10 errors within 10 minutes).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 block by URL string\u003C\u002Fstrong> – Instantly block an IP address if a 404 event includes a specific URL string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 whitelisting\u003C\u002Fstrong> – Prevent particular IP addresses from being permanently blocked due to 404 events.\u003C\u002Fp>\n\u003Ch4>COUNTRY BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block traffic to the entire site or to specific pages or posts\u003C\u002Fstrong> – Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelist some users from blocked countries\u003C\u002Fstrong> – Whitelist IP addresses or IP ranges even if they are part of a blocked country.\u003C\u002Fp>\n\u003Ch4>MALWARE SCANNING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Automatic malware scanning\u003C\u002Fstrong> – Detect and protect against the latest malware, trojans, and spyware.\u003Cbr \u002F>\nAlerts you to blacklisting by search engines – Monitor your site for blacklisting by search engines due to malicious code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response time monitoring\u003C\u002Fstrong> – Keep track of your website’s response time to identify and address any performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Uptime monitoring\u003C\u002Fstrong> – Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advice and malware removal\u003C\u002Fstrong> – Need hands-on advice and support for malware removal? Our team of genuine cybersecurity experts is here to help.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notification if something’s amiss\u003C\u002Fstrong> – Receive notifications about any issues with your site so you can address problems before they escalate.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cp>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you are a developer and you need some extra hooks or filters for this plugin then let us know.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All-In-One Security plugin can be translated to any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently available translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Hungarian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.\u003C\u002Fp>\n\u003Cp>The collected information is stored on your server. No information is transmitted to third parties or remote server locations.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n","Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.",1000000,36139406,1693,"2026-01-28T22:15:00.000Z","5.0","5.6",[125,126,127,21,128],"firewall","login-security","malware-scanning","two-factor-authentication","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-security-and-firewall.5.4.6.zip",93,26,"2024-02-08 00:00:00",{"attackSurface":135,"codeSignals":177,"taintFlows":207,"riskAssessment":234,"analyzedAt":240},{"hooks":136,"ajaxHandlers":165,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":176,"unprotectedCount":11},[137,143,147,151,155,159,161,162,163,164],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","plugins_loaded","init","adamszokol-onion-service.php",44,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_enqueue_scripts","enqueue_admin_assets",59,{"type":138,"name":148,"callback":149,"file":141,"line":150},"admin_post_adam_save","handle_form_save",61,{"type":138,"name":152,"callback":153,"file":141,"line":154},"admin_post_adam_delete","handle_form_delete",62,{"type":138,"name":156,"callback":157,"file":141,"line":158},"template_redirect","send_onion_location_header",64,{"type":138,"name":139,"callback":140,"file":160,"line":142},"trunk\\adamszokol-onion-service.php",{"type":138,"name":144,"callback":145,"file":160,"line":146},{"type":138,"name":148,"callback":149,"file":160,"line":150},{"type":138,"name":152,"callback":153,"file":160,"line":154},{"type":138,"name":156,"callback":157,"file":160,"line":158},[166,172],{"action":167,"nopriv":168,"callback":169,"hasNonce":170,"hasCapCheck":170,"file":141,"line":171},"adam_search_sites",false,"ajax_search_sites",true,63,{"action":167,"nopriv":168,"callback":169,"hasNonce":170,"hasCapCheck":170,"file":160,"line":171},[],[],[],2,{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":176,"externalRequests":11,"nonceChecks":204,"capabilityChecks":205,"bundledLibraries":206},[],{"prepared":11,"raw":11,"locations":180},[],{"escaped":182,"rawEcho":183,"locations":184},52,12,[185,188,190,192,194,196,198,199,200,201,202,203],{"file":141,"line":186,"context":187},432,"raw output",{"file":141,"line":189,"context":187},441,{"file":141,"line":191,"context":187},444,{"file":141,"line":193,"context":187},451,{"file":141,"line":195,"context":187},455,{"file":141,"line":197,"context":187},458,{"file":160,"line":186,"context":187},{"file":160,"line":189,"context":187},{"file":160,"line":191,"context":187},{"file":160,"line":193,"context":187},{"file":160,"line":195,"context":187},{"file":160,"line":197,"context":187},6,8,[],[208,226],{"entryPoint":209,"graph":210,"unsanitizedCount":11,"severity":225},"\u003Cadamszokol-onion-service> (adamszokol-onion-service.php:0)",{"nodes":211,"edges":223},[212,217],{"id":213,"type":214,"label":215,"file":141,"line":216},"n0","source","$_POST",216,{"id":218,"type":219,"label":220,"file":141,"line":221,"wp_function":222},"n1","sink","header() [Header Injection]",303,"header",[224],{"from":213,"to":218,"sanitized":170},"low",{"entryPoint":227,"graph":228,"unsanitizedCount":11,"severity":225},"\u003Cadamszokol-onion-service> (trunk\\adamszokol-onion-service.php:0)",{"nodes":229,"edges":232},[230,231],{"id":213,"type":214,"label":215,"file":160,"line":216},{"id":218,"type":219,"label":220,"file":160,"line":221,"wp_function":222},[233],{"from":213,"to":218,"sanitized":170},{"summary":235,"deductions":236},"The adamszokol-onion-service plugin version 1.0.2 demonstrates a generally good security posture based on the provided static analysis. It boasts a small attack surface with all entry points being protected by either authentication or capability checks.  The absence of dangerous functions, raw SQL queries, and external HTTP requests are positive indicators. The plugin also performs a high percentage of output escaping, which is crucial for preventing cross-site scripting vulnerabilities.  Taint analysis shows no critical or high severity flows with unsanitized paths, further reinforcing its secure coding practices in this area.\n\nWhile the plugin has no recorded vulnerability history and implements strong security checks on its AJAX handlers, there are a few areas that warrant consideration. The presence of file operations, though not inherently insecure, could be a vector for attacks if not handled with extreme care.  Furthermore, the 19% of outputs that are not properly escaped represent a potential weakness that could be exploited.  Without specific details on the nature of these unescaped outputs, it's difficult to quantify the exact risk, but it's a common source of XSS vulnerabilities.\n\nIn conclusion, adamszokol-onion-service v1.0.2 appears to be a well-developed plugin with a strong emphasis on security fundamentals. The lack of historical vulnerabilities and the robust implementation of authentication and sanitization are commendable. However, the small percentage of unescaped output and the presence of file operations, even if seemingly benign, are minor concerns that could be addressed to further strengthen its security.",[237],{"reason":238,"points":239},"Outputs not properly escaped",4,"2026-03-17T06:16:57.598Z",{"wat":242,"direct":251},{"assetPaths":243,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[244,245],"\u002Fwp-content\u002Fplugins\u002Fadamszokol-onion-service\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fadamszokol-onion-service\u002Fjs\u002Fadmin-script.js",[],[245],[249,250],"adamszokol-onion-service\u002Fcss\u002Fadmin-style.css?ver=1.0.2","adamszokol-onion-service\u002Fjs\u002Fadmin-script.js?ver=1.0.2",{"cssClasses":252,"htmlComments":253,"htmlAttributes":254,"restEndpoints":272,"jsGlobals":273,"shortcodeOutput":275},[],[],[255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271],"id=\"adam_onion_run_setup\"","id=\"adam_onion_service_settings\"","id=\"adam_blog_search\"","id=\"adam_search_results\"","id=\"adam_onion_url\"","name=\"adam_onion_service_settings[onion_url]\"","name=\"adam_onion_service_settings[blog_id]\"","name=\"adam_save\"","id=\"adam_settings_update\"","name=\"adam_settings_update[action]\"","name=\"adam_settings_update[nonce]\"","id=\"adam_delete_all\"","name=\"adam_delete_all[action]\"","name=\"adam_delete_all[nonce]\"","class=\"adam-onion-service-site-item\"","data-blog-id=\"\"","data-site-url=\"\"",[],[274],"adamOnionData",[]]