[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzJpazogCWzi-hqXMktQsXv571-uylPQJQMpcToLTwcE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":135,"fingerprints":242},"aperture","Aperture","1.0.2","aaronpk","https:\u002F\u002Fprofiles.wordpress.org\u002Faaronpk\u002F","\u003Cp>This plugin adds a \u003Ca href=\"https:\u002F\u002Findieweb.org\u002FMicrosub\" rel=\"nofollow ugc\">Microsub\u003C\u002Fa> endpoint to your WordPress site by using the hosted \u003Ca href=\"https:\u002F\u002Faperture.p3k.io\" rel=\"nofollow ugc\">Aperture\u003C\u002Fa> service. This lets you log in to social readers like \u003Ca href=\"https:\u002F\u002Fmonocle.p3k.io\" rel=\"nofollow ugc\">Monocle\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Findigenous.abode.pub\u002Fios\u002F\" rel=\"nofollow ugc\">Indigenous\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Findieauth\u002F\" rel=\"ugc\">WordPress IndieAuth plugin\u003C\u002Fa>. Please ensure that plugin is installed and activated first before attempting to install the Aperture plugin.\u003C\u002Fp>\n\u003Cp>When this plugin is activated, it registers a new account at \u003Ca href=\"https:\u002F\u002Faperture.p3k.io\" rel=\"nofollow ugc\">Aperture\u003C\u002Fa>. The \u003Ccode>\u003Clink rel=\"microsub\">\u003C\u002Fcode> tag is then added to your WordPress site automatically.\u003C\u002Fp>\n","This plugin adds a Microsub endpoint to your WordPress site by using the hosted Aperture service. This lets you log in to social readers like Monocle  &hellip;",10,2403,0,"2018-08-21T00:27:00.000Z","4.9.29","4.7","5.3",[4,19,20],"indieweb","microsub","https:\u002F\u002Fgithub.com\u002Faaronpk\u002Faperture-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faperture.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-04-05T02:35:35.982Z",[33,52,74,98,120],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":11,"downloaded":41,"rating":42,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":50,"download_link":51,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"yarns-microsub-server","Yarns Microsub Server","1.1.0","jackjamieson","https:\u002F\u002Fprofiles.wordpress.org\u002Fsurfjamrest\u002F","\u003Cp>Yarns Microsub Server helps you follow feeds from across the Web. Enter a website and Yarns will help you find and subscribe to its feed(s) in several different formats (Microformats, RSS, Atom, JSONFeed). Once you’ve added feeds, new posts are collected in the background for you to read whenever you want.\u003C\u002Fp>\n\u003Cp>Rather than viewing posts in Yarns itself, you can choose among \u003Ca href=\"https:\u002F\u002Findieweb.org\u002FMicrosub#Clients\" rel=\"nofollow ugc\">several different apps\u003C\u002Fa> to follow your feeds on your desktop or mobile device.\u003C\u002Fp>\n\u003Cp>No matter which app you choose to view your feed, your replies will be posted on your own website.\u003C\u002Fp>\n\u003Cp>Accompanied by other plugins that support \u003Ca href=\"https:\u002F\u002Findieweb.org\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> standards, Yarns can help use your personal website as the centre of your online identity.\u003C\u002Fp>\n\u003Ch3>Getting started\u003C\u002Fh3>\n\u003Cp>Please see instructions for installing and using Yarns at \u003Ca href=\"https:\u002F\u002Fjackjamieson.net\u002Fyarns-microsub-server-getting-started-guide\u002F\" rel=\"nofollow ugc\">jackjamieson.net\u002Fyarns-microsub-server-getting-started-guide\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please file an issue at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjackjamieson2\u002Fyarns-microsub-server\" rel=\"nofollow ugc\">github.com\u002Fjackjamieson2\u002Fyarns-microsub-server\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Acknowledgements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Relies on David Shanske’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdshanske\u002Fparse-this\" rel=\"nofollow ugc\">Parse-This\u003C\u002Fa> and Barnaby Walters’ \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmicroformats\u002Fphp-mf2\" rel=\"nofollow ugc\">PHP-MF2\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Inspiration from Ashton McAllan’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Facegiak\u002FWhisperFollow\" rel=\"nofollow ugc\">WhisperFollow plugin\u003C\u002Fa>, Kyle Mahan’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkylewm\u002Fwoodwind\" rel=\"nofollow ugc\">Woodwind\u003C\u002Fa>, and Aaron Parecki’s \u003Ca href=\"https:\u002F\u002Faperture.p3k.io\" rel=\"nofollow ugc\">Aperture\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Loading spinner created with \u003Ca href=\"https:\u002F\u002Floading.io\u002Fspinner\u002Fwedges\u002F-rotate-pie-preloader-gif\" rel=\"nofollow ugc\">loading.io\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Thanks to many members of IndieWeb’s community for feedback, suggestions, inspiration and help.\u003C\u002Fli>\n\u003C\u002Ful>\n","Using your own WordPress site, aggregate a social timeline of your favourite sites from across the Web and then view and reply to your feeds using a M &hellip;",2501,100,2,"2021-07-24T05:45:00.000Z","5.8.13","5.5","",[19,20,49],"reader","https:\u002F\u002Fgithub.com\u002Fjackjamieson2\u002Fyarns-microsub-server","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyarns-microsub-server.1.1.0.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":42,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":71,"download_link":72,"security_score":42,"vuln_count":28,"unpatched_count":13,"last_vuln_date":73,"fetched_at":25},"pubsubhubbub","WebSub (FKA. PubSubHubbub)","4.0.0","joshfraz","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshfraz\u002F","\u003Cp>This plugin implements the \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebsub\u002F\" rel=\"nofollow ugc\">WebSub\u003C\u002Fa> protocol (formerly known as PubSubHubbub) for WordPress. It enables real-time notifications when your blog is updated and provides a subscriber API for other plugins to consume WebSub-enabled feeds.\u003C\u002Fp>\n\u003Ch3>Publisher Features\u003C\u002Fh3>\n\u003Cp>When you publish or update a post, this plugin automatically notifies WebSub hubs, which then distribute the update to all subscribers in real-time.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sends realtime notifications when you update your blog\u003C\u002Fli>\n\u003Cli>Supports multi-user installations (WordPress MU)\u003C\u002Fli>\n\u003Cli>Supports multiple hubs\u003C\u002Fli>\n\u003Cli>Supports all feed formats used by WordPress (Atom, RSS2, RDF)\u003C\u002Fli>\n\u003Cli>Adds \u003Ccode>\u003Clink rel=\"hub\">\u003C\u002Fcode> and \u003Ccode>\u003Clink rel=\"self\">\u003C\u002Fcode> declarations to feeds and HTML\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Subscriber Features\u003C\u002Fh3>\n\u003Cp>The plugin provides a subscriber API that allows other plugins (like feed readers) to subscribe to WebSub-enabled feeds using WordPress hooks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>REST API callback endpoint for subscription verification and content delivery\u003C\u002Fli>\n\u003Cli>Hub discovery from topic URLs (HTTP Link headers and feed content)\u003C\u002Fli>\n\u003Cli>HMAC signature verification (SHA1, SHA256, SHA384, SHA512)\u003C\u002Fli>\n\u003Cli>Full lifecycle hooks for integration with other plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebsub\u002F\" rel=\"nofollow ugc\">WebSub W3C Recommendation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpubsubhubbub.github.io\u002FPubSubHubbub\u002Fpubsubhubbub-core-0.4.html\" rel=\"nofollow ugc\">PubSubHubbub 0.4\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Default Hubs\u003C\u002Fh3>\n\u003Cp>By default this plugin will ping the following hubs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpubsubhubbub.appspot.com\" rel=\"nofollow ugc\">Demo hub on Google App Engine\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpubsubhubbub.superfeedr.com\" rel=\"nofollow ugc\">SuperFeedr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebsubhub.com\" rel=\"nofollow ugc\">WebSubHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please contact us if you operate a hub that you would like to be included as a default option.\u003C\u002Fp>\n","A WebSub plugin for WordPress that enables real-time publishing and subscription capabilities.",100000,2054851,6,"2026-01-22T11:03:00.000Z","6.9.4","4.5","7.2",[68,19,69,53,70],"feed","pubsub","websub","https:\u002F\u002Fgithub.com\u002Fpubsubhubbub\u002Fwordpress-pubsubhubbub\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpubsubhubbub.4.0.0.zip","2024-01-24 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":64,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":95,"vuln_count":96,"unpatched_count":13,"last_vuln_date":97,"fetched_at":25},"activitypub","ActivityPub","8.0.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Enter the fediverse with \u003Cstrong>ActivityPub\u003C\u002Fstrong>, broadcasting your blog to a wider audience! Attract followers, deliver updates, and receive comments from a diverse user base of \u003Cstrong>ActivityPub\u003C\u002Fstrong>-compliant platforms.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQzYozbNneVc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>With the ActivityPub plugin installed, your WordPress blog itself functions as a federated profile, along with profiles for each author. For instance, if your website is \u003Ccode>example.com\u003C\u002Fcode>, then the blog-wide profile can be found at \u003Ccode>@example.com@example.com\u003C\u002Fcode>, and authors like Jane and Bob would have their individual profiles at \u003Ccode>@jane@example.com\u003C\u002Fcode> and \u003Ccode>@bob@example.com\u003C\u002Fcode>, respectively.\u003C\u002Fp>\n\u003Cp>An example: I give you my Mastodon profile name: \u003Ccode>@pfefferle@mastodon.social\u003C\u002Fcode>. You search, see my profile, and hit follow. Now, any post I make appears in your Home feed. Similarly, with the ActivityPub plugin, you can find and follow Jane’s profile at \u003Ccode>@jane@example.com\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Once you follow Jane’s \u003Ccode>@jane@example.com\u003C\u002Fcode> profile, any blog post she crafts on \u003Ccode>example.com\u003C\u002Fcode> will land in your Home feed. Simultaneously, by following the blog-wide profile \u003Ccode>@example.com@example.com\u003C\u002Fcode>, you’ll receive updates from all authors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: If no one follows your author or blog instance, your posts remain unseen. The simplest method to verify the plugin’s operation is by following your profile. If you possess a Mastodon profile, initiate by following your new one.\u003C\u002Fp>\n\u003Cp>The plugin works with the following tested federated platforms, but there may be more that it works with as well:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoinmastodon.org\u002F\" rel=\"nofollow ugc\">Mastodon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpleroma.social\u002F\" rel=\"nofollow ugc\">Pleroma\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fakkoma.social\u002F\" rel=\"nofollow ugc\">Akkoma\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffriendi.ca\u002F\" rel=\"nofollow ugc\">friendica\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhubzilla.org\u002F\" rel=\"nofollow ugc\">Hubzilla\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpixelfed.org\u002F\" rel=\"nofollow ugc\">Pixelfed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsocialhome.network\u002F\" rel=\"nofollow ugc\">Socialhome\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoin.misskey.page\u002F\" rel=\"nofollow ugc\">Misskey\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some things to note:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.\u003C\u002Fli>\n\u003Cli>Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will still resolve duplicate content issues with search engines and will enable ActivityPub author profiles to work.\u003C\u002Fli>\n\u003Cli>Once ActivityPub is installed, \u003Cem>only new posts going forward\u003C\u002Fem> will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>So what’s the process?\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the ActivityPub plugin.\u003C\u002Fli>\n\u003Cli>Go to the plugin’s settings page and adjust the settings to your liking. Click the Save button when ready.\u003C\u002Fli>\n\u003Cli>Make sure your blog’s author profile page is active if you are using author profiles.\u003C\u002Fli>\n\u003Cli>Go to Mastodon or any other federated platform, and search for your profile, and follow it. Your new profile will be in the form of either \u003Ccode>@your_username@example.com\u003C\u002Fcode> or \u003Ccode>@example.com@example.com\u003C\u002Fcode>, so that is what you’ll search for.\u003C\u002Fli>\n\u003Cli>On your blog, publish a new post.\u003C\u002Fli>\n\u003Cli>From Mastodon, check to see if the new post appears in your Home feed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: It may take up to 15 minutes or so for the new post to show up in your federated feed. This is because the messages are sent to the federated platforms using a delayed cron. This avoids breaking the publishing process for those cases where users might have lots of followers. So please don’t assume that just because you didn’t see it show up right away that something is broken. Give it some time. In most cases, it will show up within a few minutes, and you’ll know everything is working as expected.\u003C\u002Fp>\n","Connect your site to the Open Social Web and let millions of users follow, share, and interact with your content from Mastodon, Pixelfed, and more.",6000,495122,98,39,"2026-03-11T09:26:00.000Z","6.5","7.4",[75,90,91,19,92],"activitystream","fediverse","social-web","https:\u002F\u002Fgithub.com\u002FAutomattic\u002Fwordpress-activitypub","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitypub.8.0.1.zip",99,5,"2024-01-05 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":42,"num_ratings":108,"last_updated":109,"tested_up_to":64,"requires_at_least":110,"requires_php":66,"tags":111,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":13,"last_vuln_date":119,"fetched_at":25},"webmention","Webmention","5.6.2","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>When you link to a website you can send it a Webmention to notify it and then that website may display your post as a comment, like, or other response, and presto, you’re having a conversation from one site to another!\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebmention\u002F\" rel=\"nofollow ugc\">Webmention\u003C\u002Fa> is a notification that one URL links to another. Sending a Webmention is not limited to blog posts, and can be used for additional kinds of content and responses as well.\u003C\u002Fp>\n\u003Cp>For example, a response can be an RSVP to an event, an indication that someone “likes” another post, a “bookmark” of another post, and many others. Webmention enables these interactions to happen across different websites, enabling a distributed social web.\u003C\u002Fp>\n\u003Cp>The Webmention plugin supports the Webmention protocol, giving you support for sending and receiving Webmentions. It offers a simple built in presentation.\u003C\u002Fp>\n","Enable conversation across the web.",900,59493,8,"2026-01-01T12:43:00.000Z","6.2",[19,112,113,114,99],"linkback","pingback","trackback","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webmention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebmention.5.6.2.zip",95,3,"2026-04-01 19:17:16",{"slug":19,"name":121,"version":122,"author":121,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":42,"num_ratings":62,"last_updated":128,"tested_up_to":64,"requires_at_least":16,"requires_php":88,"tags":129,"homepage":132,"download_link":133,"security_score":95,"vuln_count":28,"unpatched_count":13,"last_vuln_date":134,"fetched_at":25},"IndieWeb","5.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Findieweb\u002F","\u003Cp>The IndieWeb Plugin for WordPress helps you establish your IndieWeb identity by extending the user profile to provide \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Frel-me\" rel=\"nofollow ugc\">rel-me\u003C\u002Fa> and\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Findieweb.org\u002Fh-card\" rel=\"nofollow ugc\">h-card\u003C\u002Fa> fields and optionally adding widgets to display this. It also includes a bundled installer for a core set of IndieWeb-related plugins. It’s\u003Cbr \u002F>\nmeant to be a one-stop shop to help WordPress users quickly and easily join the growing \u003Ca href=\"https:\u002F\u002Findieweb.org\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> movement (see below).\u003C\u002Fp>\n\u003Cp>Some of these plugins allow you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>send and receive comments, likes, reposts, and other kinds of post responses using your own site\u003C\u002Fli>\n\u003Cli>allow comments on others’ sites to show up as comments on your posts\u003C\u002Fli>\n\u003Cli>help make IndieWeb comments and mentions look better on your site\u003C\u002Fli>\n\u003Cli>allow support for webmentions\u003C\u002Fli>\n\u003Cli>add location support to your posts\u003C\u002Fli>\n\u003Cli>more easily syndicate your content to other sites to take advantage of network effects and other communities while still owning all of your original content\u003C\u002Fli>\n\u003Cli>link to syndicated versions of a post so that comments on your content in silos like Facebook, Twitter, Instagram can come back to your original post as comments there\u003C\u002Fli>\n\u003Cli>set up a MicroPub Server to use other posting interfaces. (You could potentially use services like Instagram, Foursquare, and others to post to your WordPress site.)\u003C\u002Fli>\n\u003Cli>Use your site to log into other services with \u003Ca href=\"https:\u002F\u002Findieweb.org\u002Findieauth\" rel=\"nofollow ugc\">IndieAuth\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The IndieWeb\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>The \u003Ca href=\"https:\u002F\u002Findieweb.org\u002F\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa> is a people-focused alternative to the ‘corporate web’ that allows you to be the hub of your own web presence.\u003C\u002Fstrong> It’s been written about in \u003Ca href=\"http:\u002F\u002Fwww.wired.com\u002F2013\u002F08\u002Findie-web\u002F\" rel=\"nofollow ugc\">Wired\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.theatlantic.com\u002Ftechnology\u002Farchive\u002F2014\u002F08\u002Fthe-new-editors-of-the-internet\u002F378983\u002F\" rel=\"nofollow ugc\">The Atlantic\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.slate.com\u002Fblogs\u002Ffuture_tense\u002F2014\u002F04\u002F25\u002Findiewebcamps_create_tools_for_a_new_internet.html\" rel=\"nofollow ugc\">Slate\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fgigaom.com\u002F2014\u002F09\u002F03\u002Fdont-like-facebook-owning-and-controlling-your-content-use-tools-that-support-the-open-web\u002F\" rel=\"nofollow ugc\">Gigaom\u003C\u002Fa> amongst others.\u003C\u002Fp>\n\u003Ch3>The IndieWeb, like WordPress, feels that your content is yours\u003C\u002Fh3>\n\u003Cp>When you post something on the web, it should belong to you, not a corporation. Too many companies have gone out of business and lost all of their users’ data. By joining the IndieWeb, your content stays yours and in your control.\u003C\u002Fp>\n\u003Ch3>The IndieWeb is here to help you be better connected\u003C\u002Fh3>\n\u003Cp>Your articles and status messages can be syndicated to all services, not just one, allowing you to engage with everyone in your social network\u002Fsocial graph. Even replies and likes on other services can come back to your site so they’re all in one place.\u003C\u002Fp>\n\u003Cp>Interested in connecting your WordPress site to the \u003Ca href=\"https:\u002F\u002Findieweb.org\u002F\" rel=\"nofollow ugc\">IndieWeb\u003C\u002Fa>? Let us help you get started.\u003C\u002Fp>\n","IndieWeb for WordPress!",600,30949,"2025-12-19T21:31:00.000Z",[130,19,131,99],"indieauth","posse","https:\u002F\u002Fgithub.com\u002Findieweb\u002Fwordpress-indieweb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findieweb.5.0.0.zip","2026-01-08 17:50:29",{"attackSurface":136,"codeSignals":166,"taintFlows":178,"riskAssessment":226,"analyzedAt":241},{"hooks":137,"ajaxHandlers":155,"restRoutes":156,"shortcodes":164,"cronEvents":165,"entryPointCount":28,"unprotectedCount":28},[138,144,148,152],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","wp_head","html_header","aperture.php",20,{"type":139,"name":145,"callback":146,"file":142,"line":147},"rest_api_init","register_routes",21,{"type":139,"name":149,"callback":150,"file":142,"line":151},"admin_notices","display_error",24,{"type":139,"name":149,"callback":153,"file":142,"line":154},"display_success",28,[],[157],{"namespace":158,"route":159,"methods":160,"callback":162,"permissionCallback":24,"file":142,"line":163},"aperture\u002F1.0","\u002Fverification",[161],"GET","anonymous",33,[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":28,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":177},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":13,"rawEcho":43,"locations":171},[172,175],{"file":142,"line":173,"context":174},93,"raw output",{"file":142,"line":176,"context":174},135,[],[179,211],{"entryPoint":180,"graph":181,"unsanitizedCount":118,"severity":210},"verification (aperture.php:81)",{"nodes":182,"edges":205},[183,187,192,195,199,203],{"id":184,"type":185,"label":186,"file":142,"line":173},"n0","source","$_POST['challenge']",{"id":188,"type":189,"label":190,"file":142,"line":173,"wp_function":191},"n1","sink","echo() [XSS]","echo",{"id":193,"type":185,"label":194,"file":142,"line":95},"n2","$_POST['error']",{"id":196,"type":189,"label":197,"file":142,"line":95,"wp_function":198},"n3","update_option() [Settings Manipulation]","update_option",{"id":200,"type":185,"label":201,"file":142,"line":202},"n4","$_POST['microsub']",104,{"id":204,"type":189,"label":197,"file":142,"line":202,"wp_function":198},"n5",[206,208,209],{"from":184,"to":188,"sanitized":207},false,{"from":193,"to":196,"sanitized":207},{"from":200,"to":204,"sanitized":207},"medium",{"entryPoint":212,"graph":213,"unsanitizedCount":118,"severity":225},"\u003Caperture> (aperture.php:0)",{"nodes":214,"edges":221},[215,216,217,218,219,220],{"id":184,"type":185,"label":186,"file":142,"line":173},{"id":188,"type":189,"label":190,"file":142,"line":173,"wp_function":191},{"id":193,"type":185,"label":194,"file":142,"line":95},{"id":196,"type":189,"label":197,"file":142,"line":95,"wp_function":198},{"id":200,"type":185,"label":201,"file":142,"line":202},{"id":204,"type":189,"label":197,"file":142,"line":202,"wp_function":198},[222,223,224],{"from":184,"to":188,"sanitized":207},{"from":193,"to":196,"sanitized":207},{"from":200,"to":204,"sanitized":207},"low",{"summary":227,"deductions":228},"The \"aperture\" plugin v1.0.2 exhibits a mixed security posture.  While it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and lacking any recorded vulnerabilities or CVEs, significant concerns arise from its attack surface and output handling.  The presence of an unprotected REST API route presents a direct entry point for potential attackers. Furthermore, the complete lack of output escaping means that any data rendered by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks if it originates from an untrusted source or is manipulated. The taint analysis also indicates two flows with unsanitized paths, though these are not currently classified as critical or high severity.  Overall, the plugin's strengths lie in its lack of historical vulnerabilities and its secure database interactions, but the identified risks in its attack surface and output sanitization require immediate attention to prevent potential exploitation.",[229,231,233,236,239],{"reason":230,"points":108},"REST API route without permission callbacks",{"reason":232,"points":62},"No output escaping",{"reason":234,"points":235},"Flows with unsanitized paths",4,{"reason":237,"points":238},"No nonce checks on AJAX",7,{"reason":240,"points":96},"No capability checks","2026-03-17T00:00:47.522Z",{"wat":243,"direct":248},{"assetPaths":244,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[],[],[],[],{"cssClasses":249,"htmlComments":250,"htmlAttributes":251,"restEndpoints":253,"jsGlobals":255,"shortcodeOutput":256},[],[],[252],"rel=\"microsub\"",[254],"\u002Faperture\u002F1.0\u002Fverification",[],[]]