[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmvSxq6HZ14qxpyMdxDZSLYOeqWodToV-qx6-X1OzZ4s":3,"$f6WDEegRPHLMiH3lMvdHjfsBLmrmHcooyVfvu_ymbzyU":184,"$fRE7KU3f0Htow5BFG4z5WvBDL0jFpOZuU51tE8J1v-KI":189},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":35,"analysis":131,"fingerprints":170},"balada-fix","Balada Fix","1.1.0","vladanrs","https:\u002F\u002Fprofiles.wordpress.org\u002Fvladanrs\u002F","\u003Cp>Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s \u003Ccode>wp-json\u002Ftdw\u002Fsave_css\u003C\u002Fcode>) are often targeted by the “Balada Injector” and similar campaigns to inject malicious scripts.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add one or more REST path patterns in \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Balada Fix\u003C\u002Fstrong> (one per line).\u003C\u002Fli>\n\u003Cli>Only logged-in administrators with the \u003Ccode>edit_theme_options\u003C\u002Fcode> capability can access those paths.\u003C\u002Fli>\n\u003Cli>Unauthenticated or unauthorized requests receive a 403 Forbidden response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Default protected path: \u003Ccode>tdw\u002Fsave_css\u003C\u002Fcode> (tagDiv \u002F Newspaper theme vulnerability).\u003C\u002Fp>\n","Blocks unauthenticated access to vulnerable REST paths. Add paths in Settings → Balada Fix. Only admins can use them.",0,86,100,1,"2026-03-26T11:00:00.000Z","6.9.4","5.0","7.2",[20,21,22,23,24],"balada","injector","rest-api","security","wp-json","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbalada-fix.1.1.0.zip",null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,94,"2026-05-19T22:37:58.843Z",[36,56,75,93,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"smntcs-disable-rest-api-user-endpoints","SMNTCS Disable REST API User Endpoints","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>. This plugin disables the REST API user endpoints to obscure the user slugs.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Contributions are more than welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and open an issue or a pull request.\u003C\u002Fp>\n","Disable the REST API user endpoints due to obscure user slugs.",6000,29425,2,"2024-12-31T06:23:00.000Z","6.7.5","5.5","5.6",[52,22,23],"endpoints","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-disable-rest-api-user-endpoints.2.4.zip",92,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":46,"last_updated":66,"tested_up_to":16,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"rest-api-blocks","REST API blocks","2.0.0","Jonny Harris","https:\u002F\u002Fprofiles.wordpress.org\u002Fspacedmonkey\u002F","\u003Cp>A simple plugin to add block data in json format into the rest api. Once installed, there will be two new fields added to the rest api, \u003Ccode>has_blocks\u003C\u002Fcode> and \u003Ccode>blocks\u003C\u002Fcode>.\u003Cbr \u002F>\nFor example output.\u003Cbr \u002F>\n    \u003Ccode>\"has_blocks\": true,\u003Cbr \u002F>\n\"block_data\": [\u003Cbr \u002F>\n  {\u003Cbr \u002F>\n    \"blockName\": \"core\u002Fimage\",\u003Cbr \u002F>\n    \"attrs\": {\u003Cbr \u002F>\n      \"url\": \"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\",\u003Cbr \u002F>\n      \"alt\": \"Terminal de aeropuerto\",\u003Cbr \u002F>\n      \"caption\": \"fsfsdfdsfdssfd\",\u003Cbr \u002F>\n      \"href\": \"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\",\u003Cbr \u002F>\n      \"rel\": \"noreferrer noopener\",\u003Cbr \u002F>\n      \"linkClass\": \"jonny-123\",\u003Cbr \u002F>\n      \"linkTarget\": \"_blank\",\u003Cbr \u002F>\n      \"id\": 147355,\u003Cbr \u002F>\n      \"width\": 582,\u003Cbr \u002F>\n      \"height\": 327,\u003Cbr \u002F>\n      \"linkDestination\": \"attachment\"\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    \"innerBlocks\": [\u003Cbr \u002F>\n    ],\u003Cbr \u002F>\n    \"innerHTML\": \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\",\u003Cbr \u002F>\n    \"innerContent\": [\u003Cbr \u002F>\n      \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\"\u003Cbr \u002F>\n    ],\u003Cbr \u002F>\n    \"rendered\": \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\"\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n],\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Technical Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Requires PHP 5.6+.\u003C\u002Fli>\n\u003Cli>Requires WordPress 5.5+.\u003C\u002Fli>\n\u003Cli>Issues and Pull requests welcome on the GitHub repository: https:\u002F\u002Fgithub.com\u002Fspacedmonkey\u002Fwp-rest-blocks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Ccode>@wordpress\u002Fenv\u003C\u002Fcode> for local development and testing.\u003C\u002Fp>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Node.js 20+ and npm\u003C\u002Fli>\n\u003Cli>Docker Desktop (must be installed and running)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Clone the repository\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003Cbr \u002F>\ncomposer install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Start the WordPress environment:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run env:start\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This will start a local WordPress instance at \u003Ccode>http:\u002F\u002Flocalhost:8888\u003C\u002Fcode> (admin: \u003Ccode>http:\u002F\u002Flocalhost:8888\u002Fwp-admin\u003C\u002Fcode> with username \u003Ccode>admin\u003C\u002Fcode> and password \u003Ccode>password\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Docker must be running for this to work. The first time you run this, it will download WordPress and set up the database, which may take a few minutes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Available Commands\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>npm run env:start\u003C\u002Fcode> – Start the WordPress environment\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:stop\u003C\u002Fcode> – Stop the WordPress environment\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:reset\u003C\u002Fcode> – Reset the environment (clean database)\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:destroy\u003C\u002Fcode> – Destroy the environment completely\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run test:php\u003C\u002Fcode> – Run PHPUnit tests\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run test:php:multisite\u003C\u002Fcode> – Run PHPUnit tests in multisite mode\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run lint:php\u003C\u002Fcode> – Run PHP CodeSniffer\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run lint:php:fix\u003C\u002Fcode> – Fix PHP coding standards issues automatically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Running Tests\u003C\u002Fh3>\n\u003Cp>After starting the environment with \u003Ccode>npm run env:start\u003C\u002Fcode>, you can run the tests:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`bash\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>npm run test:php\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>For multisite tests:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`bash\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>npm run test:php:multisite\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>Accessing the Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Development site\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8888\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin dashboard\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8888\u002Fwp-admin (admin\u002Fpassword)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test site\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8889\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test admin\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8889\u002Fwp-admin (admin\u002Fpassword)\u003C\u002Fli>\n\u003C\u002Ful>\n","Add gutenberg blocks data into the post \u002F page REST API endpoints.",200,6817,"2026-01-03T16:16:00.000Z","5.9","7.4",[70,71,72,22,24],"api","blocks","gutenberg","https:\u002F\u002Fgithub.com\u002Fspacedmonkey\u002Fwp-rest-blocks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-blocks.2.0.0.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":64,"downloaded":83,"rating":13,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":25,"tags":88,"homepage":25,"download_link":91,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"sar-disable-rest-api","Disable REST API for Real","2.1.1","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>The WordPress REST API is a great resource, but if you don’t want to use it probably you will want to close this door to your WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other popular plugins that aims to disable the REST API but \u003Cstrong>only return an error, processed by the REST API\u003C\u002Fstrong>, when a request is received, by default, this plugin \u003Cstrong>removes all filters and actions related to WordPress REST API, and returns a 404 error for requests sent to the REST API URL endpoints, effectively blocking any use of the REST API\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Optionally you can set the \u003Cstrong>REST API setting in Settings -> General page\u003C\u002Fstrong> to “Logged In Only” for a less drastical action, to keep REST API access enabled but require the user to be logged in to accept the requests.\u003C\u002Fp>\n\u003Cp>If you’re happy with the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsar-disable-rest-api\u002Freviews\u002F?filter=5\" rel=\"ugc\">please don’t forget to give it a good rating\u003C\u002Fa>, it will motivate me to keep sharing and improving this plugin (and others).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SUPPORT:\u003C\u002Fstrong> If you have any support question, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamuelaguilera\u002Fsar-disable-rest-api\u002Fissues\" rel=\"nofollow ugc\">create an issue at the Github repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.7 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable WordPress core REST API \u003Cstrong>for real\u003C\u002Fstrong> by removing all filters and actions related to it and returning a 404 error for requests sent to REST API URL endpoints (e.g. https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwhatever ).\u003C\u002Fli>\n\u003Cli>Option to require user to be logged in to use the REST API instead of completely disable it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To disable the REST API completely simply install the plugin from the Plugins page and enable it.\u003C\u002Fp>\n\u003Cp>If you don’t want to disable the REST API but require user to be logged in instead, go to Settings -> General page and set the REST API to option to “Logged In Only”, and click Save Changes.\u003C\u002Fp>\n\u003Cp>You can change the option back to “Off” if you want to disable the REST API again.\u003C\u002Fp>\n\u003Cp>To return to WordPress default, simply deactivate the plugin.\u003C\u002Fp>\n","Really prevents the REST API from handling requests (default) or require user to be logged in.",5919,3,"2019-11-14T23:42:00.000Z","5.3.21","4.7",[70,89,90,22,24],"json","rest","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsar-disable-rest-api.2.1.1.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":64,"downloaded":101,"rating":102,"num_ratings":46,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":50,"tags":106,"homepage":111,"download_link":112,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"wpcontrol","WPControl – The Easiest Optimization Plugin for WordPress","1.0.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WPControl is the ultimate way to clean up your WordPress site.\u003C\u002Fp>\n\u003Cp>With over 20 built-in optimizations, WPControl allows you to easily enable and disable WordPress Core features, letting you remove those features that you don’t use from the dashboard you and your users see.\u003C\u002Fp>\n\u003Cp>Simply put, WPControl is the ultimate plugin that you need to control your website. With our single plugin, you can remove the need to have plugins for things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling emails\u003C\u002Fli>\n\u003Cli>Disabling comments\u003C\u002Fli>\n\u003Cli>Disabling the WordPress REST API\u003C\u002Fli>\n\u003Cli>and so much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All in a single, easy to use plugin that helps boost both the performance and security of your WordPress install.\u003C\u002Fp>\n\u003Cp>WPControl is designed for simplicity first, made by the same \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa> that makes your favorite WordPress tutorials.\u003C\u002Fp>\n\u003Cp>Our plugin is used by the plugin authors behind many of your favorite WordPress plugins including \u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> , \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa>  and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple, yet powerful. I love that I can easily disable all of the features of WordPress I’m not using in a single plugin. It makes new site setup a breeze!\u003Cbr \u002F>\n  \u003Cbr \u002F>\n  Chris Christoff\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>At WPControl, we found that there are many unused features of WordPress that make it a hassle sometimes or we just don’t need. There are tons of plugins already out there that will disable a specific feature. But taking the time and energy to optimize all of them was too much. We made just one plugin that has the features of many so you can have a one stop shop for disabling unused features of WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other methods of disabling features, WPControl allows you to disable many features with just a few clicks (no need to hire a developer).\u003C\u002Fp>\n\u003Ch4>Settings Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Comments\u003C\u002Fstrong> – You can disable comments site wide or on specific post types such as posts, pages, and media.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gutenberg\u003C\u002Fstrong> – Disables the Gutenberg block editor and reverts it the Classic Editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable “Try Gutenberg” Nag\u003C\u002Fstrong> – Removes the annoying admin notice that keeps nagging you to try Gutenberg\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Shortlinks\u003C\u002Fstrong> – The tag is auto generated by WordPress and is used to create shortlinks. If you are already using pretty permalinks, such as the PrettyLinks plugin. Then there is no need for this unnecessary tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable RSD Link\u003C\u002Fstrong> – RSD Links are used by blog clients and some 3rd parties that utilize XML-RPC requests. If you edit your site through your browser, then you do not need it. Most of the time, it is just unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove XFN Profile Link\u003C\u002Fstrong> – The XFN Profile Link is used to add semantic data to links to be used by browsers to assign relationships between profiles. Basically it tells browsers that the site contains links that use XFN Specification\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable wlwmanifest Link\u003C\u002Fstrong> – The wlwmanifest link is used by Windows Live Writer. If you don’t use Windows Live Writer then disable the link as it is unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Links to Previous and Next Post\u003C\u002Fstrong> – If your site is not a blog and is used as a CMS, then this feature will remove the previous and next post links in your WordPress theme.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable XML-RPC Pingback\u003C\u002Fstrong> – Removes XML-RPC method to prevent abuse of site’s pingback while you can use the rest of the XML-RPC Pingback method.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Blocks users WordPress from getting user Gravatar from their email to add privacy for the users or prevent inappropriate avatars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Rest API\u003C\u002Fstrong> – Disables the REST-API to prevent abuse of Rest\u002FJSON API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login Errors\u003C\u002Fstrong> – An attacker can find the authors login using a similar request as mysite.com\u002F?author=1.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove HTML comments\u003C\u002Fstrong> – Removes HTML comments in source code to add a layer of defense from attackers trying to find the version of plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove Meta Generator\u003C\u002Fstrong> – This meta tag allows attackers to see the version of WordPress, it serves no useful purpose.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Right Click\u003C\u002Fstrong> – You can disable the ability to right click on your site, or just specific things like posts, pages, media, front page, and even have the ability to show an alert to the user that right click is disabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Admin Notices\u003C\u002Fstrong> – You can disable all admin notices that appear in the admin settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable New User Emails\u003C\u002Fstrong> – Stops WordPress from sending new user notification emails to admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Search\u003C\u002Fstrong> – Disable the front-end search bar in WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Lazy Loading\u003C\u002Fstrong> – Removes the lazy loading functionality that was added in WordPress 5.3.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Admin Toolbar\u003C\u002Fstrong> – Hides the admin toolbar when the admin is on the front-end\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Dashboard Widgets\u003C\u002Fstrong> – Gives you the option to disable whichever default dashboard widgets you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After reading this feature list, you can probably imagine why WPControl is the best disable plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Give WPControl a try today!\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by Zain Balkhi of the \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa> – The original WordPress SEO plugin to help you rank higher in search results (trusted by over 2 million sites)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Most popular coming soon & maintenance mode plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F\" title=\"WP Mail SMTP\" rel=\"friend nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F\" title=\"RafflePress\" rel=\"friend nofollow ugc\">RafflePress\u003C\u002Fa> – Best WordPress giveaway and contest plugin to grow traffic and social followers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsmashballoon.com\u002F\" title=\"Smash Balloon\" rel=\"friend nofollow ugc\">Smash Balloon\u003C\u002Fa> – #1 social feeds plugin for WordPress – display social media content in WordPress without code\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpushengage.com\u002F\" title=\"PushEngage\" rel=\"friend nofollow ugc\">PushEngage\u003C\u002Fa> – Connect with visitors after they leave your website with the leading web push notification plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrustpulse.com\u002F\" title=\"TrustPulse\" rel=\"friend nofollow ugc\">TrustPulse\u003C\u002Fa> – Add real-time social proof notifications to boost your store conversions by up to 15%\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin would not be possible without the help and support of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site. You can learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">free WordPress Tutorials\u003C\u002Fa> like \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fhow-to-install-wordpress\u002F\" title=\"How to Install WordPress - Step by Step\" rel=\"friend nofollow ugc\">how to install WordPress\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" title=\"How to choose the best WordPress hosting\" rel=\"friend nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fglossary\u002F\" title=\"WordPress Glossary Terms for Beginners\" rel=\"friend nofollow ugc\">WordPress glossary\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>You can also learn about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to improve your website's security, performance, and user experience.",4358,90,"2022-04-18T21:12:00.000Z","5.9.13","3.8.0",[107,108,109,110,23],"disable-comments","disable-gutenberg","disable-rest-api","performance","https:\u002F\u002Fwww.wpcontrol.com\u002F?utm_source=liteplugin&utm_medium=pluginheader&utm_campaign=pluginurl&utm_content=7%2E0%2E0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcontrol.1.0.1.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":32,"downloaded":121,"rating":13,"num_ratings":14,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":25,"tags":125,"homepage":129,"download_link":130,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"disable-unnecessary-functionality","Disables unnecessary functionality","1.3.2","DreamerKlim","https:\u002F\u002Fprofiles.wordpress.org\u002Fdreamerklim\u002F","\u003Cp>Disable unnecessary functions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>REST API\u003C\u002Fli>\n\u003Cli>Emoji\u003C\u002Fli>\n\u003Cli>links to blog clients\u003C\u002Fli>\n\u003Cli>links to RSS feeds\u003C\u002Fli>\n\u003Cli>version of your WordPress\u003C\u002Fli>\n\u003Cli>automatic links in comments\u003C\u002Fli>\n\u003Cli>srcset and sizes for pictures\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What you will get after activation:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Improved SEO\u003C\u002Fli>\n\u003Cli>A little bit of speed\u003C\u002Fli>\n\u003Cli>Сlean source code\u003C\u002Fli>\n\u003C\u002Ful>\n","Just disables unnecessary functionality of WordPress, thus improving and speeding up your site ^_^",2099,"2017-11-19T09:19:00.000Z","4.9.29","3.7",[126,22,127,128,24],"emoji","rss","seo","https:\u002F\u002Fpupi-boy.ru\u002Fwordpress\u002Fwordpress-otklyuchaem-wp-json-emoji-xml-rpc-head.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-unnecessary-functionality.zip",{"attackSurface":132,"codeSignals":154,"taintFlows":162,"riskAssessment":163,"analyzedAt":169},{"hooks":133,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":11,"unprotectedCount":11},[134,140,144],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","admin_menu","balada_fix_add_menu","balada-fix.php",148,{"type":135,"name":141,"callback":142,"file":138,"line":143},"admin_init","balada_fix_admin_init",149,{"type":145,"name":146,"callback":147,"priority":148,"file":138,"line":149},"filter","rest_pre_dispatch","closure",10,154,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":46,"bundledLibraries":161},[],{"prepared":11,"raw":11,"locations":157},[],{"escaped":159,"rawEcho":11,"locations":160},11,[],[],[],{"summary":164,"deductions":165},"The \"balada-fix\" plugin v1.1.0 exhibits a strong security posture based on the provided static analysis. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code demonstrates good development practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and ensuring all output is properly escaped. There are no recorded file operations or external HTTP requests, further reducing potential vulnerabilities. The presence of capability checks, though limited, is a positive sign.\n\nThe taint analysis reported zero flows, indicating no immediate concerns regarding unsanitized data paths. The vulnerability history is also clean, with no known CVEs or past security issues. This lack of historical vulnerabilities suggests a commitment to security by the developers or a very low exposure profile.\n\nOverall, the plugin appears to be well-secured with no glaring vulnerabilities evident in the static analysis or historical data. The primary weakness identified is the complete absence of nonce checks, which, in the absence of any exposed entry points, presents a theoretical rather than immediate risk. However, if the plugin were to introduce any entry points in the future without proper nonce protection, this could become a significant concern.",[166],{"reason":167,"points":168},"Missing nonce checks on entry points",5,"2026-04-16T14:31:39.704Z",{"wat":171,"direct":176},{"assetPaths":172,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[],[],[],[],{"cssClasses":177,"htmlComments":178,"htmlAttributes":179,"restEndpoints":180,"jsGlobals":182,"shortcodeOutput":183},[],[],[],[181],"\u002Fwp-json\u002Ftdw\u002Fsave_css",[],[],{"error":185,"url":186,"statusCode":187,"statusMessage":188,"message":188},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbalada-fix\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":190},[191],{"version":6,"download_url":26,"svn_tag_url":192,"released_at":27,"has_diff":193,"diff_files_changed":194,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":195,"is_current":185},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbalada-fix\u002Ftags\u002F1.1.0\u002F",false,[],[]]