[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxituY17_B7roDFX4w_1xz8GmKrm9hN_wB1O90a4WG2g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":148,"fingerprints":291},"bang-syslog","Bang System Logging","1.2","Marcus Downing","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcusdowning\u002F","\u003Cp>Enable system logging for WordPress plugin and theme development. This can make it easier to know what your code is doing.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Log to the system log or to a file\u003C\u002Fli>\n\u003Cli>Easily append or embed any value in log messages\u003C\u002Fli>\n\u003Cli>Coloured logs indicating strings, numbers, arrays, objects, null values etc.\u003C\u002Fli>\n\u003Cli>Extract values from arrays of objects\u003C\u002Fli>\n\u003Cli>Optionally exclude AJAX, Javascripts, CSS and any other pattern of URLs.\u003C\u002Fli>\n\u003Cli>Intercept PHP errors and log strict warnings\u003C\u002Fli>\n\u003Cli>Measure memory usage between two points, or the time taken by various parts of your code\u003C\u002Fli>\n\u003Cli>Easy to switch off for production sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Cp>Using it is as simple as calling the \u003Ccode>'log'\u003C\u002Fcode> action in your templates or plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'Some log message'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will produce a line in your system log:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Jun  4 11:23:08 myserver php\u002Fmysite.com[1553]: b8e mysite.com\u002Fpath-to-page: Some log message\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>Jun  4 11:23:08\u003C\u002Fcode> – The date and time of the log message\u003C\u002Fli>\n\u003Cli>\u003Ccode>myserver\u003C\u002Fcode> – The name of this computer\u003C\u002Fli>\n\u003Cli>\u003Ccode>php\u003C\u002Fcode> – The program that produced the message\u003C\u002Fli>\n\u003Cli>\u003Ccode>mysite.com\u003C\u002Fcode> – The domain name of the site\u003C\u002Fli>\n\u003Cli>\u003Ccode>1553\u003C\u002Fcode> – The process ID of the running PHP process\u003C\u002Fli>\n\u003Cli>\u003Ccode>b8e\u003C\u002Fcode> – A random 3-digit code identifying each page request\u003C\u002Fli>\n\u003Cli>\u003Ccode>mysite.com\u002Fpath-to-page\u003C\u002Fcode> – The URL of the request\u003C\u002Fli>\n\u003Cli>\u003Ccode>Some log message\u003C\u002Fcode> – Your message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more detailed instructions, see the \u003Cstrong>How to use\u003C\u002Fstrong> tab.\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>To log a message, use the \u003Ccode>'log'\u003C\u002Fcode> action in your templates or plugins:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'Some log message'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will output the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Some log message\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Embedding values\u003C\u002Fh4>\n\u003Cp>If you include extra parameters, they’ll be added at the end of the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'A number and a string', 17, 'foo'); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will produce the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>A number and a string: 17, foo\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The value will be formatted correctly depending on its type: integers, strings, arrays, objects, booleans etc.\u003Cbr \u002F>\nYou don’t need to check if values are null or empty, they’ll still be output safely.\u003C\u002Fp>\n\u003Cp>If you put the code \u003Ccode>%s\u003C\u002Fcode> into your log message, then one of the arguments will be dropped into the message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'I have %s numbers', count($numbers), $numbers); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will produce the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>I have 4 numbers: [9, 16, 307, 1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Selecting fields\u003C\u002Fh4>\n\u003Cp>Logging a complete object – such as a WordPress post – can be very large, and sometimes it’s only one or two fields you need.\u003Cbr \u002F>\nIf you put a string starting with an exclamation point \u003Ccode>\"!\"\u003C\u002Fcode> followed by a list of field names, they will be selected from the following object.\u003Cbr \u002F>\nThe following will only show the \u003Ccode>ID\u003C\u002Fcode> and \u003Ccode>post_title\u003C\u002Fcode> fields of the post:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'Loaded the post', '!ID,post_title', $post); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will produce the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Loaded the post: {ID: 1932, post_title: Test page}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you do this with an array of objects, those fields will be selected from each of them. The following will output a list of post \u003Ccode>ID\u003C\u002Fcode>s:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action('log', 'Loaded %s posts', count($posts), '!ID', $posts); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will produce the log message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Loaded 3 posts: [1932, 1594, 1103]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Coloured logs\u003C\u002Fh4>\n\u003Cp>If you have coloured logging switched on, values will appear in different colours to indicate their type.\u003Cbr \u002F>\nThis can make for quicker scanning of log files.\u003Cbr \u002F>\nTo enable coloured logs, tick the \u003Cem>Coloured logs\u003C\u002Fem> checkbox on the settings page.\u003Cbr \u002F>\nThen use the \u003Ccode>log.sh\u003C\u002Fcode> script, included with this plugin, to decode and display the coloured log files.\u003C\u002Fp>\n","Enable system logging for WordPress plugin and theme development.",10,1694,0,"2013-08-30T14:08:00.000Z","3.5.2","3.0","",[19,20],"debug","syslog","http:\u002F\u002Fwww.bang-on.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbang-syslog.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"marcusdowning",12,440,86,30,84,"2026-04-04T18:34:21.287Z",[36,63,84,107,126],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":62},"wp-crontrol","WP Crontrol","1.21.0","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>WP Crontrol enables you to take control of the scheduled cron events on your WordPress website or WooCommerce store. From the admin screens you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all scheduled cron events along with their arguments, schedule, callback functions, and when they are next due.\u003C\u002Fli>\n\u003Cli>Edit, delete, pause, resume, and immediately run cron events.\u003C\u002Fli>\n\u003Cli>Add new cron events.\u003C\u002Fli>\n\u003Cli>Bulk delete cron events.\u003C\u002Fli>\n\u003Cli>Add and remove custom cron schedules.\u003C\u002Fli>\n\u003Cli>Export and download cron event lists as a CSV file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Crontrol is aware of timezones, will alert you to events that have no actions or that have missed their schedule, and will show you a helpful warning message if it detects any problems with your cron system.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to the \u003Ccode>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Events\u003C\u002Fcode> menu to manage cron events.\u003C\u002Fli>\n\u003Cli>Go to the \u003Ccode>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Schedules\u003C\u002Fcode> menu to manage cron schedules.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fdocs\u002Fhow-to-use\u002F\" rel=\"nofollow ugc\">Extensive documentation on how to use WP Crontrol and how to get help for error messages that it shows is available on the WP Crontrol website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>For site owners\u003C\u002Fh3>\n\u003Cp>Owners of WordPress websites and WooCommerce stores use WP Crontrol to ensure that scheduled cron events run correctly and efficiently. By providing complete control over cron events, WP Crontrol helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Improve reliability\u003C\u002Fstrong>: Address missed or failed cron events, ensuring your website or WooCommerce store continues to function as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhance security\u003C\u002Fstrong>: Monitor and control cron events to ensure automatic update checks are performed as they should.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplify management\u003C\u002Fstrong>: Add, edit, delete, and pause cron events from a user-friendly interface, without needing to write any code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gain insights\u003C\u002Fstrong>: Export cron event data for analysis or reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Scheduler compatibility\u003C\u002Fstrong>: Full support for the Action Scheduler system in WooCommerce, which is used to process recurring payments, subscriptions, and background orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clarity of times and timezones\u003C\u002Fstrong>: All times are shown with a clear and accurate indication of which timezone applies. No more guesswork!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For developers\u003C\u002Fh3>\n\u003Cp>Developers use WP Crontrol to streamline and debug their WordPress development process:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced debugging\u003C\u002Fstrong>: Identify and troubleshoot issues with scheduled tasks, ensuring your scheduled events and their callbacks run as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom schedules\u003C\u002Fstrong>: Create and manage custom cron schedules to fit the specific needs of your website, plugins, or themes, providing greater flexibility than just the core schedules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Efficient workflow\u003C\u002Fstrong>: Add, edit, and delete cron events directly from the WordPress admin interface, saving time and reducing the need for manual coding.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Insightful monitoring\u003C\u002Fstrong>: Get insight into the performance and behavior of your scheduled tasks, allowing for optimization and better resource management.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accurate debugging\u003C\u002Fstrong>: WP Crontrol goes to great lengths to ensure that running an event manually does so in a manner which exactly matches how WordPress core runs schdeuled events. This ensures that you can debug events accurately and with confidence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol is private by default and always will be. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","WP Crontrol enables you to take control of the cron events on your WordPress website.",300000,7578206,90,163,"2026-01-28T21:40:00.000Z","6.9.4","6.4","7.4",[53,54,19,55,56],"cron","crontrol","woocommerce","wp-cron","https:\u002F\u002Fwp-crontrol.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-crontrol.1.21.0.zip",96,3,"2025-08-21 00:00:00","2026-03-15T15:16:48.613Z",{"slug":64,"name":65,"version":66,"author":40,"author_profile":41,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":49,"requires_at_least":74,"requires_php":51,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":82,"unpatched_count":13,"last_vuln_date":83,"fetched_at":62},"query-monitor","Query Monitor – The developer tools panel for WordPress","3.20.2","\u003Cp>Query Monitor is the developer tools panel for WordPress and WooCommerce. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.\u003C\u002Fp>\n\u003Cp>It includes some advanced features such as debugging of Ajax calls, REST API calls, user capability checks, and full support for block themes and full site editing. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.\u003C\u002Fp>\n\u003Cp>Query Monitor focuses heavily on presenting its information in a useful manner, for example by showing aggregate database queries grouped by the plugins, themes, or functions that are responsible for them. It adds an admin toolbar menu showing an overview of the current page, with complete debugging information shown in panels once you select a menu item.\u003C\u002Fp>\n\u003Cp>Query Monitor supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Cp>For complete information, please see \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002F\" rel=\"nofollow ugc\">the Query Monitor website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here’s an overview of what’s shown for each page load:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database queries, including notifications for slow, duplicate, or erroneous queries. Allows filtering by query type (\u003Ccode>SELECT\u003C\u002Fcode>, \u003Ccode>UPDATE\u003C\u002Fcode>, \u003Ccode>DELETE\u003C\u002Fcode>, etc), responsible component (plugin, theme, WordPress core), and calling function, and provides separate aggregate views for each.\u003C\u002Fli>\n\u003Cli>The template filename, the complete template hierarchy, and names of all template parts that were loaded or not loaded (for block themes and classic themes).\u003C\u002Fli>\n\u003Cli>PHP errors presented nicely along with their responsible component and call stack, and a visible warning in the admin toolbar.\u003C\u002Fli>\n\u003Cli>Usage of “Doing it Wrong” or “Deprecated” functionality in the code on your site.\u003C\u002Fli>\n\u003Cli>Blocks and associated properties within post content and within full site editing (FSE).\u003C\u002Fli>\n\u003Cli>Matched rewrite rules, associated query strings, and query vars.\u003C\u002Fli>\n\u003Cli>Enqueued scripts and stylesheets, along with their dependencies, dependents, and alerts for broken dependencies.\u003C\u002Fli>\n\u003Cli>Language settings and loaded translation files (MO files and JSON files) for each text domain.\u003C\u002Fli>\n\u003Cli>HTTP API requests, with response code, responsible component, and time taken, with alerts for failed or erroneous requests.\u003C\u002Fli>\n\u003Cli>User capability checks, along with the result and any parameters passed to the capability check.\u003C\u002Fli>\n\u003Cli>Environment information, including detailed information about PHP, the database, WordPress, and the web server.\u003C\u002Fli>\n\u003Cli>The values of all WordPress conditional functions such as \u003Ccode>is_single()\u003C\u002Fcode>, \u003Ccode>is_home()\u003C\u002Fcode>, etc.\u003C\u002Fli>\n\u003Cli>Transients that were updated.\u003C\u002Fli>\n\u003Cli>Usage of \u003Ccode>switch_to_blog()\u003C\u002Fcode> and \u003Ccode>restore_current_blog()\u003C\u002Fcode> on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whenever a redirect occurs, Query Monitor adds an HTTP header containing the call stack, so you can use your favourite HTTP inspector or browser developer tools to trace what triggered the redirect.\u003C\u002Fli>\n\u003Cli>The response from any jQuery-initiated Ajax request on the page will contain various debugging information in its headers. PHP errors also get output to the browser’s developer console.\u003C\u002Fli>\n\u003Cli>The response from an authenticated WordPress REST API request will contain an overview of performance information and PHP errors in its headers, as long as the authenticated user has permission to view Query Monitor’s output. An \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Fusing-the-rest-api\u002Fglobal-parameters\u002F#_envelope\" rel=\"nofollow ugc\">an enveloped REST API request\u003C\u002Fa> will include even more debugging information in the \u003Ccode>qm\u003C\u002Fcode> property of the response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, Query Monitor’s output is only shown to Administrators on single-site installations, and Super Admins on Multisite installations.\u003C\u002Fp>\n\u003Cp>In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a non-Administrator). See the Settings panel for details.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor is private by default and always will be. It does not persistently store any of the data that it collects. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Query Monitor’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">Query Monitor’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","Query Monitor is the developer tools panel for WordPress and WooCommerce.",200000,19156533,98,463,"2025-12-11T22:16:00.000Z","6.1",[19,76,77,78,64],"debug-bar","development","performance","https:\u002F\u002Fquerymonitor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-monitor.3.20.2.zip",97,1,"2026-03-30 23:21:22",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":33,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":51,"tags":98,"homepage":103,"download_link":104,"security_score":105,"vuln_count":82,"unpatched_count":13,"last_vuln_date":106,"fetched_at":62},"wp-fail2ban","WP fail2ban – Advanced Security","5.4.1","invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">fail2ban\u003C\u002Fa> is one of the simplest and most effective security measures you can implement to protect your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cem>WP fail2ban\u003C\u002Fem> provides the link between WordPress and \u003Ccode>fail2ban\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1\nOct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>WPf2b\u003C\u002Fem> comes with three \u003Ccode>fail2ban\u003C\u002Fcode> filters: \u003Ccode>wordpress-hard.conf\u003C\u002Fcode>, \u003Ccode>wordpress-soft.conf\u003C\u002Fcode>, and \u003Ccode>wordpress-extra.conf\u003C\u002Fcode>. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nThe very first feature of \u003Cem>WPf2b\u003C\u002Fem>: logging failed login attempts so the IP can be banned. Just as useful today as it was then.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block User Enumeration\u003C\u002Fstrong>\u003Cbr \u002F>\nOne of the most common precursors to a password-guessing brute force attack is \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fblock-user-enumeration\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">user enumeration\u003C\u002Fa>. \u003Cem>WPf2b\u003C\u002Fem> can block it, stopping the attack before it starts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block username logins\u003C\u002Fstrong>\u003Cbr \u002F>\nSometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). \u003Cem>WPf2b\u003C\u002Fem> can require users to login with their email address instead of their username.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocking Users\u003C\u002Fstrong>\u003Cbr \u002F>\nAnther of the older \u003Cem>WPf2b\u003C\u002Fem> features: the login process can be aborted for specified usernames.\u003Cbr \u002F>\nSay a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Empty Username Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nSome bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Spam\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Attempted Comments\u003C\u002Fstrong>\u003Cbr \u002F>\nSome spam bots try to comment on everything, even things that aren’t there. \u003Cem>WPf2b\u003C\u002Fem> detects these and logs them as a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Pingbacks\u003C\u002Fstrong>\u003Cbr \u002F>\nPingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, \u003Cem>WPf2b\u003C\u002Fem> effectively rate-limits potential attackers by logging the IP address as a “soft” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block XML‑RPC Requests\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nThe only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; \u003Cem>WPf2b\u003C\u002Fem> Premium can block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Countries\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nSometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cloudflare and Proxy Servers\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will work with \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fcloudflare-and-proxy-servers\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa>, and the Premium version will automatically update the list of Cloudflare IP addresses.\u003Cbr \u002F>\nYou can also configure your own list of trusted proxies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>syslog Dashboard Widget\u003C\u002Fstrong>\u003Cbr \u002F>\nEver wondered what’s being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Health Check\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will (try to) check that your \u003Ccode>fail2ban\u003C\u002Fcode> configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of \u003Cem>WPf2b\u003C\u002Fem> not working as well as it can.\u003Cbr \u002F>\nWhen did you last run the Site Health tool?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ccode>mu-plugins\u003C\u002Fcode> Support\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> can easily be configured as a “must-use plugin” – see \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fconfiguration.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1#mu-plugins-support\" rel=\"nofollow ugc\">Configuration\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>API to Extend \u003Cem>WPf2b\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nIf your plugin can detect behaviour which should be blocked, why reinvent the wheel?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event Hooks\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nNeed to do something special when \u003Cem>WPf2b\u003C\u002Fem> detects a particular event? \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fdevelopers\u002Fevents.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">There’s a hook for that\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Web Application Firewall (WAF)\u003C\u002Fli>\n\u003Cli>Akismet support.\u003C\u002Fli>\n\u003Cli>Block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fli>\n\u003Cli>Block Countries.\u003C\u002Fli>\n\u003Cli>Auto-update Cloudflare IPs.\u003C\u002Fli>\n\u003Cli>Event log.\u003C\u002Fli>\n\u003Cli>Event hooks.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP fail2ban uses fail2ban to protect your WordPress site.",70000,1973124,71,"2025-04-29T15:21:00.000Z","6.8.5","4.2",[99,100,101,102,20],"brute-force","fail2ban","login","security","https:\u002F\u002Fwp-fail2ban.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban.5.4.1.zip",99,"2019-02-25 00:00:00",{"slug":76,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":17,"tags":121,"homepage":122,"download_link":123,"security_score":124,"vuln_count":82,"unpatched_count":13,"last_vuln_date":125,"fetched_at":62},"Debug Bar","1.1.8","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>Adds a debug menu to the admin bar that shows query, cache, and other helpful debugging information.\u003C\u002Fp>\n\u003Cp>A must for developers!\u003C\u002Fp>\n\u003Cp>When \u003Ccode>WP_DEBUG\u003C\u002Fcode> is enabled it also tracks PHP Warnings and Notices to make them easier to find.\u003C\u002Fp>\n\u003Cp>When \u003Ccode>SAVEQUERIES\u003C\u002Fcode> is enabled the mysql queries are tracked and displayed.\u003C\u002Fp>\n\u003Cp>To enable these options, add the following code to your \u003Ccode>wp-config.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WP_DEBUG', true );\ndefine( 'SAVEQUERIES', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Add a PHP\u002FMySQL console with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar-console\u002F\" rel=\"ugc\">Debug Bar Console plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There are numerous other add-ons available to get more insight into, for instance, the registered Post Types, Shortcodes, WP Cron, Language file loading, Actions and Filters and so on. Just \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fdebug+bar\u002F\" rel=\"ugc\">search the plugin directory for ‘Debug Bar’\u003C\u002Fa>.\u003C\u002Fp>\n","Adds a debug menu to the admin bar that shows query, cache, and other helpful debugging information.",20000,2087029,82,68,"2026-03-01T20:00:00.000Z","7.0","3.4",[19],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar.1.1.8.zip",100,"2013-05-15 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":124,"num_ratings":136,"last_updated":137,"tested_up_to":96,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":143,"download_link":144,"security_score":145,"vuln_count":146,"unpatched_count":13,"last_vuln_date":147,"fetched_at":62},"debug-log-manager","Debug Log Manager – Conveniently Monitor and Inspect Errors","2.4.3","Bowo","https:\u002F\u002Fprofiles.wordpress.org\u002Fqriouslad\u002F","\u003Cp>Debug Log Manager allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fdebugging-in-wordpress\u002F\" rel=\"ugc\">WP_DEBUG\u003C\u002Fa> with one click to log PHP, database and JavaScript errors\u003C\u002Fstrong> when you need to, and disable it when you’re done. No need to manually edit wp-config.php file. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create the debug.log file for you\u003C\u002Fstrong> in a non-default location with a custom file name for enhanced security. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Copy the content of the default \u002F existing debug.log file\u003C\u002Fstrong> into the custom debug.log file, and delete the default \u002F existing debug.log file. So there is continuation in logging and enhanced security going forward.\u003C\u002Fli>\n\u003Cli>Parse the debug.log file and \u003Cstrong>view distinct errors and when they last occurred\u003C\u002Fstrong>, which is better than looking at the raw log file (potentially) full of repetitive errors. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quickly find and filter more specific errors\u003C\u002Fstrong> for your debugging work.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Make error details easier to read\u003C\u002Fstrong> by identifying error source (core \u002F plugin \u002F theme) and separating file path and line number.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easily view files where PHP errors occurred\u003C\u002Fstrong>. This includes WordPress core, plugin and theme files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable auto-refresh\u003C\u002Fstrong> to automatically load new log entries. No need to manually reload the browser tab, or to \u003Ccode>tail -f\u003C\u002Fcode> the log file on the command line.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easily clear the debug.log file\u003C\u002Fstrong> to save disk space and more easily observe newly occurring errors on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show an indicator on the admin bar\u003C\u002Fstrong> when error logging is enabled.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add a dashboard widget\u003C\u002Fstrong> showing the latest errors logged.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Use \u003Ccode>error_log()\u003C\u002Fcode>\u003C\u002Fstrong> to output error info into your debug log. e.g. \u003Ccode>error_log( $error_message )\u003C\u002Fcode> for simple, string-based error message, or \u003Ccode>error_log( json_encode( $error ) )\u003C\u002Fcode> when inspecting a more complex error info, e.g. array or object.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A simpler and more compact version of Debug Log Manager is included as part of the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsystem-dashboard\u002F\" rel=\"ugc\">System Dashboard plugin\u003C\u002Fa>, should you prefer a single plugin that does more.\u003C\u002Fp>\n\u003Ch3>What Users Say\u003C\u002Fh3>\n\u003Cp>\u003Cem>“This is \u003Cstrong>a great plugin for dev\u003C\u002Fstrong> especially for people who tinker in the code.”\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-for-dev\u002F\" rel=\"ugc\">PK Son\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>“I have used a couple of other logger plugins and \u003Cstrong>this is by far the best one\u003C\u002Fstrong>.”\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fmust-have-plugin-485\u002F\" rel=\"ugc\">Brian Henry\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>“\u003Cstrong>Another massive time-saving tool.\u003C\u002Fstrong>“\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F2023\u002F06\u002Fplugins-troubleshoot-debug-wordpress\u002F\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Give Back\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Freview-dlm\" rel=\"nofollow ugc\">A nice review\u003C\u002Fa> would be great!\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Ffeedback-dlm\" rel=\"nofollow ugc\">Give feedback\u003C\u002Fa> and help improve future versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fdebug-log-manager\u002F\" rel=\"nofollow ugc\">Help translate\u003C\u002Fa> into your language.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Fgithub-dlm\" rel=\"nofollow ugc\">Github repo\u003C\u002Fa> to contribute code.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Fdotorg-sponsor-dlm\" rel=\"nofollow ugc\">Sponsor\u003C\u002Fa> my work.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Check These Out Too\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsystem-dashboard\u002F\" rel=\"ugc\">System Dashboard\u003C\u002Fa>: Central dashboard to monitor various WordPress components, processes and data, including the server.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvariable-inspector\u002F\" rel=\"ugc\">Variable Inspector\u003C\u002Fa>: Inspect PHP variables on a central dashboard in wp-admin for convenient debugging.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-site-enhancements\u002F\" rel=\"ugc\">Admin and Site Enhancements\u003C\u002Fa> helps you to easily enhance various admin workflows and site aspects while replacing multiple plugins doing it.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpnewsboard.com\u002F\" rel=\"nofollow ugc\">WordPress Newsboard\u003C\u002Fa>: The latest news, articles, podcasts and videos from 100+ WordPress-focused sources.\u003C\u002Fli>\n\u003C\u002Ful>\n","Log PHP, database and JavaScript errors via WP_DEBUG with one click. Conveniently create, view, filter and clear the debug.log file.",10000,116535,24,"2025-09-24T02:30:00.000Z","4.6","5.6",[19,141,142],"developer","errors","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-log-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-log-manager.2.4.3.zip",91,7,"2025-04-18 00:00:00",{"attackSurface":149,"codeSignals":191,"taintFlows":219,"riskAssessment":275,"analyzedAt":290},{"hooks":150,"ajaxHandlers":182,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":82,"unprotectedCount":82},[151,157,159,161,165,169,173,178],{"type":152,"name":153,"callback":154,"priority":82,"file":155,"line":156},"action","plugins_loaded","bang_syslog__init","bang-syslog-settings.php",9,{"type":152,"name":158,"callback":158,"priority":11,"file":155,"line":81},"bang_syslog",{"type":152,"name":160,"callback":158,"priority":11,"file":155,"line":71},"log",{"type":152,"name":162,"callback":163,"file":155,"line":164},"shutdown","bang_syslog__final",106,{"type":152,"name":166,"callback":167,"file":155,"line":168},"admin_print_styles","bang_syslog__admin_styles",109,{"type":152,"name":170,"callback":171,"file":155,"line":172},"admin_menu","bang_syslog__add_settings",121,{"type":174,"name":175,"callback":176,"priority":11,"file":177,"line":60},"filter","measure","bang_measure_start","bang-syslog-time.php",{"type":152,"name":179,"callback":180,"priority":11,"file":177,"line":181},"measure-end","bang_measure_end",4,[183],{"action":184,"nopriv":185,"callback":184,"hasNonce":185,"hasCapCheck":185,"file":186,"line":187},"bang_syslog_tail",false,"bang-syslog-tail.php",35,[],[],[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":82,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":218},[],{"prepared":13,"raw":13,"locations":194},[],{"escaped":196,"rawEcho":156,"locations":197},2,[198,201,203,205,207,209,211,214,216],{"file":155,"line":199,"context":200},159,"raw output",{"file":155,"line":202,"context":200},168,{"file":155,"line":204,"context":200},210,{"file":155,"line":206,"context":200},212,{"file":186,"line":208,"context":200},51,{"file":177,"line":210,"context":200},55,{"file":212,"line":213,"context":200},"show-log.php",19,{"file":212,"line":215,"context":200},22,{"file":212,"line":217,"context":200},28,[],[220,258],{"entryPoint":221,"graph":222,"unsanitizedCount":181,"severity":257},"bang_syslog__show_settings (bang-syslog-settings.php:127)",{"nodes":223,"edges":252},[224,229,234,238,240,244,246,250],{"id":225,"type":226,"label":227,"file":155,"line":228},"n0","source","$_POST['dest']",129,{"id":230,"type":231,"label":232,"file":155,"line":228,"wp_function":233},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":235,"type":226,"label":236,"file":155,"line":237},"n2","$_POST['channel']",130,{"id":239,"type":231,"label":232,"file":155,"line":237,"wp_function":233},"n3",{"id":241,"type":226,"label":242,"file":155,"line":243},"n4","$_POST['prefix']",131,{"id":245,"type":231,"label":232,"file":155,"line":243,"wp_function":233},"n5",{"id":247,"type":226,"label":248,"file":155,"line":249},"n6","$_POST['ignore_urls']",138,{"id":251,"type":231,"label":232,"file":155,"line":249,"wp_function":233},"n7",[253,254,255,256],{"from":225,"to":230,"sanitized":185},{"from":235,"to":239,"sanitized":185},{"from":241,"to":245,"sanitized":185},{"from":247,"to":251,"sanitized":185},"low",{"entryPoint":259,"graph":260,"unsanitizedCount":181,"severity":257},"\u003Cbang-syslog-settings> (bang-syslog-settings.php:0)",{"nodes":261,"edges":270},[262,263,264,265,266,267,268,269],{"id":225,"type":226,"label":227,"file":155,"line":228},{"id":230,"type":231,"label":232,"file":155,"line":228,"wp_function":233},{"id":235,"type":226,"label":236,"file":155,"line":237},{"id":239,"type":231,"label":232,"file":155,"line":237,"wp_function":233},{"id":241,"type":226,"label":242,"file":155,"line":243},{"id":245,"type":231,"label":232,"file":155,"line":243,"wp_function":233},{"id":247,"type":226,"label":248,"file":155,"line":249},{"id":251,"type":231,"label":232,"file":155,"line":249,"wp_function":233},[271,272,273,274],{"from":225,"to":230,"sanitized":185},{"from":235,"to":239,"sanitized":185},{"from":241,"to":245,"sanitized":185},{"from":247,"to":251,"sanitized":185},{"summary":276,"deductions":277},"The \"bang-syslog\" plugin v1.2 exhibits a concerning security posture due to a significant lack of proper authentication and output sanitization, despite some positive aspects in its code. The static analysis reveals one AJAX handler that lacks any authentication checks, creating a direct and unprotected entry point into the plugin's functionality. This is a critical vulnerability that could allow any unauthenticated user to trigger potentially harmful actions. Furthermore, the poor output escaping (only 18% properly escaped) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious code could be injected into the site through user-controlled input that is not properly sanitized before being displayed.\n\nThe taint analysis shows two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, still represent potential avenues for security issues if not addressed. The absence of nonce checks and capability checks further exacerbates the risk associated with the unprotected AJAX handler. The plugin's history of zero known CVEs is a positive indicator, suggesting that historically it hasn't been a target for widespread exploits, but this does not negate the immediate risks identified in the current version's code. In conclusion, while the plugin demonstrates good practices regarding SQL queries and a lack of dangerous functions, the unprotected AJAX handler and severe output escaping deficiencies present a substantial security risk that requires immediate attention.",[278,280,283,285,288],{"reason":279,"points":11},"Unprotected AJAX handler",{"reason":281,"points":282},"Poor output escaping",6,{"reason":284,"points":181},"Taint flow with unsanitized path (x2)",{"reason":286,"points":287},"No nonce checks",5,{"reason":289,"points":287},"No capability checks","2026-03-16T23:37:10.289Z",{"wat":292,"direct":299},{"assetPaths":293,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[294,295],"\u002Fwp-content\u002Fplugins\u002Fbang-syslog\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fbang-syslog\u002Fscripts\u002Fbang-tabs.js",[],[295],[],{"cssClasses":300,"htmlComments":301,"htmlAttributes":302,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":307},[4],[],[303],"id='bang-leftbar'",[],[306],"jQuery",[]]