[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6AK3I6Qbva95yUNmbf2_9eZE0n4HxtnuTZwOwgTVHFY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":141,"fingerprints":236},"approval-workflow","Approval Workflow","1.3.2","ericjuden","https:\u002F\u002Fprofiles.wordpress.org\u002Fericjuden\u002F","\u003Cp>Approval Workflow is meant to create a workflow process in WordPress. This plugin adds a box to the post edit screen when a user does not have publish permissions for that post type. It also allows you to set a WordPress role as the approvers. Note: this role must have publish permissions. The approvers get notified by email when someone has submitted something to the workflow. This works on WordPress Multisite too.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you need help setting up the roles, I’d recommend the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmembers\u002F\" title=\"Members plugin\" rel=\"ugc\">Members plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Approval Workflow is meant to create a workflow process in WordPress. This plugin adds a box to the post edit screen when a user does not have publish &hellip;",30,8088,0,"2012-08-15T16:08:00.000Z","3.4.2","3.0","",[19,20,21,22,23],"admin","administration","approval","dashboard","workflow","http:\u002F\u002Fwww.judenware.com\u002Fprojects\u002Fwordpress\u002Fapproval-workflow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapproval-workflow.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},7,210,89,86,"2026-04-04T15:19:09.554Z",[37,59,83,103,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"remove-dashboard-access-for-non-admins","Remove Dashboard Access","1.2.1","TrustedLogin","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrustedlogin\u002F","\u003Cp>The easiest and safest way to restrict access to your WordPress site’s Dashboard and administrative menus. Remove Dashboard Access is a lightweight plugin that automatically redirects users who shouldn’t have access to the Dashboard to a custom URL of your choosing. Redirects can also be configured on a per-role\u002Fper-capability basis, allowing you to keep certain users out of the Dashboard, while retaining access for others.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Dashboard access to user roles:\n\u003Cul>\n\u003Cli>Admins only\u003C\u002Fli>\n\u003Cli>Admins + editors\u003C\u002Fli>\n\u003Cli>Admins, editors, and authors\u003C\u002Fli>\n\u003Cli>or restrict by specific user capability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choose your own redirect URL\u003C\u002Fli>\n\u003Cli>Optionally allow users to edit their profiles\u003C\u002Fli>\n\u003Cli>Display a message on the login screen so users know why they’re being redirected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Blocking access to the Dashboard is a great way to prevent clients from breaking their sites, prevent users from seeing things they shouldn’t, and to keep your site’s backend more secure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Allow only users with roles or capabilities:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can restrict Dashboard access to Admins only, Editors or above, Authors or above, or by selecting a specific user capability.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Grant access to user profiles:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Optionally allow all users the ability to edit their profiles in the Dashboard. Users lacking the chosen capability won’t be able to access any other sections of the Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Show a custom login message:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Supply a message to display on the login screen. Leaving this blank disables the message.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.",30000,467245,92,78,"2024-11-29T20:13:00.000Z","6.7.5","3.1.0","5.3",[54,20,22,55,56],"access","login","restrict","https:\u002F\u002Fwww.trustedlogin.com\u002Fremove-dashboard-access\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-dashboard-access-for-non-admins.1.2.1.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":34,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":28},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5","7.4",[19,20,75,76,77],"dashboard-widget","error-reporting","php","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,1,"2019-02-25 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":17,"tags":98,"homepage":101,"download_link":102,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-hide-dashboard","WP Hide Dashboard","2.2.1","Drew Jaynes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrewapicture\u002F","\u003Cp>A simple plugin that removes the Dashboard menu, the Personal Options section and the Help link on the Profile page, hides the Dashboard links in the toolbar menu (if activated), and prevents Dashboard access to users assigned to the \u003Cem>Subscriber\u003C\u002Fem> role. Useful if you allow your subscribers to edit their own profiles, but don’t want them wandering around your WordPress admin section.\u003C\u002Fp>\n\u003Cp>Users belonging to any of the other WordPress roles will continue to see and have access to the other sections of the WordPress admin that correspond to their role’s capabilities.\u003C\u002Fp>\n\u003Cp>WP Hide Dashboard has been tested with WordPress in Single mode and Multisite mode, and works with both of them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: Version 2.2 requires a minimum of WordPress 3.4. If you are running a version less than that, please upgrade your WordPress install before installing or upgrading.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Works With:\u003C\u002Fh4>\n\u003Cp>The following is a list of plugins that work well (no conflicts) with the WP Hide Dashboard plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmembers\u002F\" title=\"Members\" rel=\"ugc\">Members\u003C\u002Fa> by Justin Tadlock\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadmin-bar-minimiser\u002F\" title=\"Admin Bar Minimiser\" rel=\"ugc\">Admin Bar Minimiser\u003C\u002Fa> by David Gwyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flogged-out-admin-bar\u002F\" title=\"Logged Out Admin Bar\" rel=\"ugc\">Logged Out Admin Bar\u003C\u002Fa> by Peter Westwood\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Known Conflicts:\u003C\u002Fh4>\n\u003Cp>The following is a list of plugins that are known to have conflicts with the WP Hide Dashboard plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.im-web-gefunden.de\u002Fwordpress-plugins\u002Frole-manager\u002F\" title=\"Role Manager\" rel=\"nofollow ugc\">Role Manager\u003C\u002Fa> (Use the \u003Ca href=\"http:\u002F\u002Fwww.im-web-gefunden.de\u002Fwordpress-plugins\u002Fiwg-hide-dashboard\u002F\" title=\"IWG Hide Dashboard\" rel=\"nofollow ugc\">IWG Hide Dashboard\u003C\u002Fa> plugin to hide the dashboard link.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frole-scoper\u002F\" title=\"Role Scoper\" rel=\"ugc\">Role Scoper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffresh-page\u002F\" title=\"Flutter\" rel=\"ugc\">Flutter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: Please let me know if there are other plugins that conflict with WP Hide Dashboard, and I’ll add them to the list.\u003C\u002Fp>\n\u003Ch4>Support:\u003C\u002Fh4>\n\u003Cp>Support is provided at: http:\u002F\u002Fwphidedash.org\u002F\u003C\u002Fp>\n","Hide the Dashboard menu, Personal Options section and Help link on the Profile page from your subscribers when they are logged in.",2000,175265,100,20,"2017-11-28T14:44:00.000Z","4.1.0","3.4.0",[19,99,20,22,100],"admin-bar","hide","http:\u002F\u002Fwphidedash.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-dashboard.2.2.1.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":93,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":120,"download_link":121,"security_score":122,"vuln_count":81,"unpatched_count":13,"last_vuln_date":123,"fetched_at":28},"slash-admin","Slash Admin","3.8.3","Giorgos Sarigiannidis","https:\u002F\u002Fprofiles.wordpress.org\u002Fgsarig\u002F","\u003Cp>Slash Admin gathers some common functions that you probably need in most of your websites. The plugin lets you change various different options in a WordPress website, keeps them active even if you switch your theme and helps you create a friendlier Admin Panel for you and your editors.\u003C\u002Fp>\n\u003Cp>If you are lost with the many options, here’s a presentation of the plugin’s \u003Ca href=\"https:\u002F\u002Fwww.gsarigiannidis.gr\u002Fslash-admin-best-features\u002F\" rel=\"nofollow ugc\">best features\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cem>Frontend\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to point to a static splash page.\u003C\u002Fli>\n\u003Cli>Option to convert email addresses characters to HTML entities to block spam bots.\u003C\u002Fli>\n\u003Cli>Show EU Cookie Law consent message (check screenshots about available options). Since v.3.0 it also supports WPML for different message per language.\u003C\u002Fli>\n\u003Cli>Add a “Loading” animation which hides itself when the page is fully loaded\u003C\u002Fli>\n\u003Cli>Enqueue your own Google Web Fonts, with option to load it locally for better performance and privacy\u003C\u002Fli>\n\u003Cli>Get rid of the word “Category:” in front of the Archive title (usually needed if your theme uses the_archive_title()).\u003C\u002Fli>\n\u003Cli>Add excerpt support to pages.\u003C\u002Fli>\n\u003Cli>Enable the use of shortcodes in widgets.\u003C\u002Fli>\n\u003Cli>Display a warning for users of old versions of Internet Explorer (IE8 or older). Yes, sadly there are still people who use Internet Explorer 8…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Administration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert Google Analytics tracking code (so as you don’t have to remember re-entering it in case you switch themes in the future)\u003C\u002Fli>\n\u003Cli>Hide Site Health from everyone except from a selected Admin (\u003Ca href=\"https:\u002F\u002Fwww.gsarigiannidis.gr\u002Fhow-to-hide-wordpress-site-health-from-everyone-but-you\u002F\" rel=\"nofollow ugc\">read more\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Hide ACF options from everyone except from the selected Admin\u003C\u002Fli>\n\u003Cli>Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email. By default, it will be sent to the admin email. Slash Admin allows you to override it (you can also add multiple recipients if you like). \u003Ca href=\"https:\u002F\u002Fwww.gsarigiannidis.gr\u002Fhow-to-hide-wordpress-site-health-from-everyone-but-you\u002F\" rel=\"nofollow ugc\">Read more\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Change the address that receives the Plugin and Theme auto-update email notifications\u003C\u002Fli>\n\u003Cli>Make WordPress respect the order of the tags you insert in a post (\u003Ca href=\"https:\u002F\u002Fwww.gsarigiannidis.gr\u002Fwordpress-post-tags-order\" rel=\"nofollow ugc\">read more\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Limit the number of revisions that WordPress keeps for each post (keeps the database cleaner)\u003C\u002Fli>\n\u003Cli>Prevent Post Updates and Deletion After a Set Period. Useful if you have many editors or in cases where an editor’s account is compromised, adding spam code to the posts (by disallowing editing of older posts you limit the damage)\u003C\u002Fli>\n\u003Cli>Enable Jetpack development mode\u003C\u002Fli>\n\u003Cli>Move Jetpack share and like buttons\u003C\u002Fli>\n\u003Cli>Maintenance mode. If checked, non-Admins will not be able to acess the WordPress backend and they will see a customizable message instead. Useful if you want to perform some maintenance work to your website and you don’t want your Editors to add or modify the content before you finish. Admins are not affected and they can always login as usual.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Login screen\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add your custom logo at the WordPress log-in screen\u003C\u002Fli>\n\u003Cli>Make the login screen logo (custom or default) linking to your website’s homepage instead of wordpress.org\u003C\u002Fli>\n\u003Cli>After login, redirect users at the homepage instead of their profile page\u003C\u002Fli>\n\u003Cli>Disable the Admin Bar for all users except Administrators. Applies only to the front-end. It’s useful if you want your site to be visible only to logged-in users (e.g. during developement phase), but you don’t want them to access the dashboard or get confused with the admin bar\u003C\u002Fli>\n\u003Cli>Add your custom CSS to the login screen to completely change its appearance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Non-admins\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide unnecessary options from the Admin menu for non admins (so editors won’t get overwhelmed with options that have no meaning for the current website).\u003C\u002Fli>\n\u003Cli>Disable tags and categories\u003C\u002Fli>\n\u003Cli>Hide specific pages from non admins. For example, you might not want your editors to have access to the static frontpage, the blog page or pages that you use as page templates.\u003C\u002Fli>\n\u003Cli>Allow editors to manage Menus and Widgets and access some other appearance settings previously acessible only to admins (for example, you might want to give your client the option to modify the website’s menu, but you would rather avoid making him\u002Fher an administrator).\u003C\u002Fli>\n\u003Cli>Hide notices about updating WordPress and other plugins for all users except from Admins (sometimes clients get confused with those notices and think that there is something wrong with the website).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>White label backend\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the “Howdy” message at the top right corner of the admin (both backend and logged-in frontend)\u003C\u002Fli>\n\u003Cli>Change the default footer text at the admin\u003C\u002Fli>\n\u003Cli>Replace the WordPress logo at the top left corner of the admin bar with your own (both backend and logged-in frontend)\u003C\u002Fli>\n\u003Cli>Replace the default Welcome message at the Dashboard with your own\u003C\u002Fli>\n\u003Cli>Add a Dashboard Widget to provide general or commercial information to your clients (for example: your contact info or links to support documentation)\u003C\u002Fli>\n\u003Cli>Add your own custom CSS for the Admin area\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Performance\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Emojis\u003C\u002Fli>\n\u003Cli>Disable wp-embed script from the frontend or load it conditionally\u003C\u002Fli>\n\u003Cli>DNS prefetching notifies the client that there are assets we’ll need later from a specific URL (outside our website’s domain) so the browser can resolve the DNS as quickly as possible.\u003C\u002Fli>\n\u003Cli>Link prefetching and prerendering. Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser’s cache. Prerendering downloads and renders the entire page and hides it from the user until it is requested, therefore, it should be used with caution.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Shortcodes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you manually include email addresses in your posts, you should consider disguising them in order to “fool” e-mail harvesters (check FAQ for details).\u003C\u002Fli>\n\u003Cli>Show a telephone number in a way that it is clickable. When clicked, if you are on a mobile device it opens the phone’s dialer and if you are on a desktop computer it prompts to make a call via a related program (e.g. Skype).\u003C\u002Fli>\n\u003Cli>If you develop your site on localhost or on a temporary URL, you might want to avoid absolute URLs inside posts and pages. That way you don’t need to update your links after migrating to your actual domain (check FAQ for details). \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Development functions\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using \u003Ccode>slash_dump()\u003C\u002Fcode> instead of \u003Ccode>var_dump()\u003C\u002Fcode> will wrap the output in \u003Ccode>\u003Cpre>\u003C\u002Fpre>\u003C\u002Fcode> tags, for better readability. \u003Ccode>slash_admin_dump()\u003C\u002Fcode> does the same thing, only this time the output is only visible to admins (can be handy if you want to debug a live site).\u003C\u002Fli>\n\u003Cli>Show warnings if the site is on air and debug mode is still on and if the site is on localhost and debug mode is off. Also, show warning if the website is on air and you have chosen to hide it from Search Engines.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Notifications\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Slash Admin displays the following notifications:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A list with the users who logged in during the past 15 minutes (except from you, obviously)\u003C\u002Fli>\n\u003Cli>A warning when debug mode is enabled (you should enable it when developing, but disable it when the site goes live)\u003C\u002Fli>\n\u003Cli>A warning when your site is hidden from search engines\u003C\u002Fli>\n\u003C\u002Ful>\n","Dozens of settings aiming at creating a friendlier administration environment for both Administrators and Editors.",500,27689,9,"2024-03-01T12:59:00.000Z","6.4.8","5.0","7.0",[19,20,22,55,119],"wordpress","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fslash-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslash-admin.3.8.3.zip",84,"2024-04-23 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":47,"num_ratings":31,"last_updated":134,"tested_up_to":135,"requires_at_least":17,"requires_php":17,"tags":136,"homepage":139,"download_link":140,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-local-toolbox","WP Local Toolbox","1.2.3","joeguilmette","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoeguilmette\u002F","\u003Cp>Through constants defined in wp-config, you can disable plugins, disable the  loading of external files, set search engine visibility, display or hide the admin bar, display the server name and change the color of the admin bar, or literally anything else you can think of. All without touching the database, so you can push and pull without worrying.\u003C\u002Fp>\n\u003Cp>For support, pull requests, and discussion: https:\u002F\u002Fgithub.com\u002Fjoeguilmette\u002Fwp-local-toolbox\u003C\u002Fp>\n\u003Ch4>Admin Bar\u003C\u002Fh4>\n\u003Cp>Change the color of your admin bar and display the name of the current server environment. Green for local, orange for staging, and of course, red for production. You can also force the front end admin bar to hide, to display, and can even set it to display when logged out.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_SERVER\u003C\u002Fstrong>: The name of your server environment. It will be displayed in the admin bar at browser widths greater than 1030px. If left undefined, the plugin will make no changes to the admin bar.\u003C\u002Fp>\n\u003Cp>If not defined as \u003Ccode>PRODUCTION\u003C\u002Fcode> or \u003Ccode>LIVE\u003C\u002Fcode>, the plugin will enable ‘Discourage search engines from indexing this site’ to prevent your development and staging servers from being indexed. This option is not stored in the database, so your production server will still look to the actual setting on the Reading page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_COLOR\u003C\u002Fstrong>: Determines the color of the admin bar. You can set this to any CSS color. If left undefined, will use the following defaults:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PRODUCTION \u002F LIVE: red\u003C\u002Fli>\n\u003Cli>STAGING \u002F TESTING: orange\u003C\u002Fli>\n\u003Cli>LOCAL \u002F DEV: green\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_ADMINBAR\u003C\u002Fstrong>: Show or hide the admin bar on the frontend. \u003Ccode>FALSE\u003C\u002Fcode> will force it to be hidden, \u003Ccode>TRUE\u003C\u002Fcode> will force it to display, \u003Ccode>ALWAYS\u003C\u002Fcode> will display the admin bar even when logged out. These settings will override the ‘Show toolbar’ setting in the ‘Users > Your Profile’ options panel and \u003Ccode>add_filter('show_admin_bar', '__return_false');\u003C\u002Fcode> in functions.php, but doesn’t attempt to overcome any CSS based hiding of the admin bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In wp-config.php:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F set server environment to 'LOCAL'\ndefine('WPLT_SERVER', 'local');\n\n\u002F\u002F set admin bar color to #800080\ndefine('WPLT_COLOR', 'purple');\n\n\u002F\u002F show the admin bar even when logged out\ndefine('WPLT_ADMINBAR', 'always');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Disable Plugins\u003C\u002Fh4>\n\u003Cp>Pass a serialized array in this constant to disable plugins. This does not store any data in the database, so plugins that are manually deactivated or activated through the admin panel will stay so.\u003C\u002Fp>\n\u003Cp>In order for this feature to function properly, WP Local Toolbox must be installed as an mu-plugin. You can read more about mu-plugins here: https:\u002F\u002Fcodex.wordpress.org\u002FMust_Use_Plugins. We’re investigating ways to avoid this requirement; if you have any ideas we’d love to hear it!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WPLT_DISABLED_PLUGINS\u003C\u002Fstrong>: A serialized array of plugins to disable.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In wp-config.php\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F deactivate a set of plugins\ndefine('WPLT_DISABLED_PLUGINS', serialize(\n    array(\n        'hello-dolly.php',\n        'w3-total-cache\u002Fw3-total-cache.php',\n        'updraftplus\u002Fupdraftplus.php',\n        'wordpress-https\u002Fwordpress-https.php'\n    )\n));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Post Update Notifications\u003C\u002Fh4>\n\u003Cp>Receive notifications when any page, post, or attachment is added or updated. Notifications can be received via email, or can be sent to a Slack channel via their Incoming WebHook API.\u003C\u002Fp>\n\u003Cp>This is helpful in production to see if a client has submitted a new post, or in development to see if data is being added to the staging environment so you don’t accidentally overwrite new posts when pushing databases around.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_NOTIFY\u003C\u002Fstrong>: Define this constant as the email address where you’d like to be notified of post updates. You can specify either an email address or a Slack Incoming WebHook URL. You can set up a Slack Incoming WebHook URL here: https:\u002F\u002Fmy.slack.com\u002Fservices\u002Fnew\u002Fincoming-webhook\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_NOTIFY_CHANNEL\u003C\u002Fstrong>: If WPLT_NOTIFY is set to a Slack Incoming WebHook URL, you can specify the channel that the notification will be posted to. If left unset, it will post to the default channel specified in Slack’s Incoming WebHooks settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WPLT_DISABLE_ATTACHMENT_NOTIFY\u003C\u002Fstrong>: If set, this will disable notifications for attachments.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In wp-config.php\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F send an email to someone@somewhere.com \n\u002F\u002F whenever any post or page is updated\ndefine('WPLT_NOTIFY','someone@somewhere.com')\n\n\u002F\u002F or, send a notification to a Slack channel\ndefine('WPLT_NOTIFY', 'https:\u002F\u002Fhooks.slack.com\u002Fservices\u002Fetc');\ndefine('WPLT_NOTIFY_CHANNEL','#channel');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Airplane Mode\u003C\u002Fh4>\n\u003Cp>Control loading of external files when developing locally. WP loads certain external files (fonts, gravatar, etc) and makes external HTTP calls. This isn’t usually an issue, unless you’re working in an evironment without a web connection. This plugin removes \u002F unhooks those actions to reduce load time and avoid errors due to missing files.\u003C\u002Fp>\n\u003Cp>On and Off: Can be toggled from the admin bar by clicking ‘Airplane Mode’. In the admin bar a ✗ or ✓ will indicate if Airplane Mode is enabled or disabled.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WPLT_AIRPLANE\u003C\u002Fstrong>: Set this to anything to enable the Airpane Mode toggle.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In wp-config.php\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F enable the Airplane Mode toggle\ndefine('WPLT_AIRPLANE', 'true');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Modification\u003C\u002Fh4>\n\u003Cp>You can add code that will be executed depending on server name by modifying the following in wp-local-toolbox.php.\u003C\u002Fp>\n\u003Cp>I’d love a pull request if you come up with something useful.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>if (strtoupper(WPLT_SERVER) != 'LIVE' && strtoupper(WPLT_SERVER) != 'PRODUCTION') {\n    \u002F\u002F Everything except PRODUCTION\u002FLIVE SERVER\n\n    \u002F\u002F Hide from robots\n    add_filter( 'pre_option_blog_public', '__return_zero' );\n\n} else {\n    \u002F\u002F PRODUCTION\u002FLIVE SERVER\n\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>As a special thank you, this plugin will remove the ridiculous \u003Ccode>Howdy,\u003C\u002Fcode> that is prepended to the username in the admin bar.\u003C\u002Fp>\n\u003Cp>You’re welcome.\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Plugin disabling from \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmarkjaquith\" rel=\"nofollow ugc\">Mark Jaquith\u003C\u002Fa>: https:\u002F\u002Fgist.github.com\u002Fmarkjaquith\u002F1044546\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using this fork from \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Frarst\" rel=\"nofollow ugc\">Andrey Savchenko\u003C\u002Fa>: https:\u002F\u002Fgist.github.com\u002FRarst\u002F4402927\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Airplane Mode from \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fnorcross\" rel=\"nofollow ugc\">Andrew Norcross\u003C\u002Fa>: https:\u002F\u002Fgithub.com\u002Fnorcross\u002Fairplane-mode\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Always showing the admin bar from \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Star\u003C\u002Fa>: http:\u002F\u002Fdigwp.com\u002F2011\u002F04\u002Fadmin-bar-tricks\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A healthy refactoring from \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fjb510\" rel=\"nofollow ugc\">Jon Brown\u003C\u002Fa> of \u003Ca href=\"http:\u002F\u002F9seeds.com\u002F\" rel=\"nofollow ugc\">9seeds\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple plugin to help manage development over local, staging and production servers.",90,7046,"2015-06-25T04:51:00.000Z","4.2.39",[19,20,22,137,138],"notification","responsive","https:\u002F\u002Fgithub.com\u002Fjoeguilmette\u002Fwp-local-toolbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-local-toolbox.1.2.3.zip",{"attackSurface":142,"codeSignals":176,"taintFlows":196,"riskAssessment":225,"analyzedAt":235},{"hooks":143,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":13,"unprotectedCount":13},[144,150,152,156,159,162,165,168],{"type":145,"name":146,"callback":147,"priority":81,"file":148,"line":149},"action","add_meta_boxes","fix_content","approval-workflow.php",29,{"type":145,"name":151,"callback":151,"file":148,"line":11},"admin_init",{"type":145,"name":153,"callback":154,"file":148,"line":155},"network_admin_menu","admin_menu_network",32,{"type":145,"name":157,"callback":157,"file":148,"line":158},"admin_menu",34,{"type":145,"name":160,"callback":160,"file":148,"line":161},"admin_notices",35,{"type":145,"name":163,"callback":163,"file":148,"line":164},"post_submitbox_misc_actions",36,{"type":145,"name":166,"callback":166,"priority":81,"file":148,"line":167},"save_post",37,{"type":145,"name":169,"callback":170,"priority":81,"file":148,"line":171},"wp_restore_post_revision","restore_post_revision",38,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":181,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":194,"bundledLibraries":195},[],{"prepared":179,"raw":13,"locations":180},4,[],{"escaped":13,"rawEcho":182,"locations":183},5,[184,187,189,191,192],{"file":148,"line":185,"context":186},72,"raw output",{"file":148,"line":188,"context":186},79,{"file":148,"line":190,"context":186},175,{"file":148,"line":190,"context":186},{"file":148,"line":193,"context":186},182,2,[],[197,215],{"entryPoint":198,"graph":199,"unsanitizedCount":194,"severity":214},"plugin_options (approval-workflow.php:153)",{"nodes":200,"edges":211},[201,206],{"id":202,"type":203,"label":204,"file":148,"line":205},"n0","source","$_SERVER (x2)",164,{"id":207,"type":208,"label":209,"file":148,"line":190,"wp_function":210},"n1","sink","echo() [XSS]","echo",[212],{"from":202,"to":207,"sanitized":213},false,"medium",{"entryPoint":216,"graph":217,"unsanitizedCount":13,"severity":224},"\u003Capproval-workflow> (approval-workflow.php:0)",{"nodes":218,"edges":221},[219,220],{"id":202,"type":203,"label":204,"file":148,"line":205},{"id":207,"type":208,"label":209,"file":148,"line":190,"wp_function":210},[222],{"from":202,"to":207,"sanitized":223},true,"low",{"summary":226,"deductions":227},"The security posture of the \"approval-workflow\" plugin version 1.3.2 appears to be generally strong with no recorded vulnerabilities. The static analysis reveals a very small attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks. The plugin also avoids dangerous functions, file operations, and external HTTP requests, which are common vectors for exploitation. Furthermore, all SQL queries are properly prepared, indicating a good defense against SQL injection.\n\nHowever, a significant concern arises from the output escaping. With 0% of outputs properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed to users that is not properly sanitized could be manipulated by an attacker to inject malicious scripts. The taint analysis also identified one flow with an unsanitized path, which, although not classified as critical or high severity in this analysis, warrants attention as it could potentially lead to unintended behavior or be chained with other vulnerabilities. The absence of nonce checks and the limited capability checks, while less concerning given the minimal attack surface, could become a risk if new entry points are introduced in future versions.\n\nOverall, the plugin demonstrates good practices in avoiding common injection vulnerabilities and limiting its attack surface. The lack of historical vulnerabilities further reinforces a perception of security. However, the complete lack of output escaping is a critical weakness that significantly undermines its security and needs immediate remediation to prevent XSS attacks. This, coupled with the unsanitized path flow, necessitates a cautious approach despite the other positive findings.",[228,231,233],{"reason":229,"points":230},"Outputs not properly escaped (XSS risk)",8,{"reason":232,"points":182},"Taint flow with unsanitized path",{"reason":234,"points":182},"No nonce checks","2026-03-16T22:26:52.976Z",{"wat":237,"direct":243},{"assetPaths":238,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[239],"\u002Fwp-content\u002Fplugins\u002Fapproval-workflow\u002Fimages\u002Farrow_join.png",[],[],[],{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[],[],[],[]]