[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fM0wZJTsZQnLrMHcWUCgXPUpBnZg49CdfwJC-h3NTjUk":3,"$f5syfCMb2SepQ4sdaJs6zWnz1tldW69RKL6B7P4Xbhqo":387,"$fZcPZ8ZOdo80m2Cg5VNbjd98EeqBVpKNz3J-q6EEPYjE":391},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":156,"fingerprints":372},"better-detection","Better Detection","1.7","bettersecurity","https:\u002F\u002Fprofiles.wordpress.org\u002Fbettersecurity\u002F","\u003Cp>This plugin will create and store hashes of content (eg. posts, pages, etc.) and monitor these moving forwards in order to detect when changes occur.  When changes are made outside of the normal working process, such as a direct database update, this will then be detected as the hash will get out of sync with the content.\u003C\u002Fp>\n","Improve the security of your website by detecting unexpected changes to content",10,2018,100,1,"2024-09-28T09:40:00.000Z","6.6.5","5.0","7.0",[20,21,22,23],"better","content","detection","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.zip",92,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},5,440,30,88,"2026-05-19T23:56:03.395Z",[39,64,88,112,135],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":24,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":27,"last_vuln_date":63,"fetched_at":29},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7412197,84,420,"2026-03-08T15:53:00.000Z","6.9.4","5.8.0","5.6.0",[56,57,58,23,59],"access-governance","api-security","restricted-content","user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":52,"requires_at_least":17,"requires_php":77,"tags":78,"homepage":84,"download_link":85,"security_score":74,"vuln_count":86,"unpatched_count":27,"last_vuln_date":87,"fetched_at":29},"cookies-and-content-security-policy","Cookies and Content Security Policy","2.38","Johan Jonk Stenström","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonkastonka\u002F","\u003Cp>\u003Cstrong>Be fully GDPR and CCPA compliant through Content Security Policy.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block cookies and unwanted external content by setting Content Security Policy. A modal will be shown on the front end to let the visitor choose what kind of resources to accept. It also adds a layer of security for your site since iframes, scripts and images from unknown domains are blocked.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multilingual\u003C\u002Fstrong> support through \u003Ca href=\"https:\u002F\u002Fwpml.org\u002F\" rel=\"nofollow ugc\">WPML\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fpolylang.pro\u002F\" rel=\"nofollow ugc\">Polylang\u003C\u002Fa> or probably any multilingual plugin out there since this plugin follows WordPress Coding Standards. See FAQ below on how to translate with WPML or Polylang.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Quickstart:\u003C\u002Fstrong> Choose common resources from a list that are automatically added to your Domains list. So, it’s even easier to set it up! Check, check, check and check!\u003Cbr \u002F>\nUpdated regularly.\u003C\u002Fp>\n\u003Ch3>Free stickers for translators!\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Since we want this plugin to be available in as many languages as possible, I will send you a handful of the new \u003Ca href=\"https:\u002F\u002Fplugins.followmedarling.se\u002F2022\u002F02\u002Fstickers-are-in-the-house\u002F\" rel=\"nofollow ugc\">super cool stickers\u003C\u002Fa> if you translate the plugin!\u003C\u002Fstrong>\u003Cbr \u002F>\nJust translate the plugin to your language, and when it is approved, \u003Ca href=\"https:\u002F\u002Fplugins.followmedarling.se\u002F2022\u002F02\u002Fstickers-are-in-the-house\u002F#respond\" rel=\"nofollow ugc\">comment this post\u003C\u002Fa> and I’ll send it to you, totally free!\u003Cbr \u002F>\nIf you have already translated the plugin and want stickers, of course that counts too! Just comment the post.\u003C\u002Fp>\n","Be fully GDPR and CCPA compliant through Content Security Policy. Blocks cookies and unwanted external content.",10000,478941,98,67,"2026-04-15T09:36:00.000Z","7.4",[79,80,81,82,83],"ccpa","content-security-policy","cookie-bar","cookies","gdpr","https:\u002F\u002Fplugins.followmedarling.se\u002Fcookies-and-content-security-policy\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookies-and-content-security-policy.2.38.zip",2,"2026-01-05 00:00:00",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":72,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":52,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":108,"download_link":109,"security_score":74,"vuln_count":110,"unpatched_count":27,"last_vuln_date":111,"fetched_at":29},"quttera-web-malware-scanner","Quttera ThreatSign – Web Malware Scanner for WordPress","4.0.0.12","quttera","https:\u002F\u002Fprofiles.wordpress.org\u002Fquttera\u002F","\u003Cp>Quttera ThreatSign protects your WordPress website with multi-layered security:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malware Detection:\u003C\u002Fstrong> Powered by Quttera’s AI-driven heuristic engine, the scanner detects malicious PHP, obfuscated JavaScript, hidden iframes, redirects, spam, SEO malware, and credit-card skimmers targeting checkout pages. The plugin performs on-demand scans directly from your WordPress admin and checks your domain against more than 40 global security authorities, including Google, McAfee, Norton, and Yandex. Detection capabilities are continuously enhanced using insights from Quttera’s worldwide threat intelligence network.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Brute Force Protection:\u003C\u002Fstrong> Prevents unauthorized login attempts with IP locking, configurable rate limiting, and environment-aware protection policies. Supports both shared hosting (aggressive locking) and dedicated servers (progressive delays). Includes emergency bypass mechanism for critical situations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bot Protection:\u003C\u002Fstrong> Layered defense against automated attacks using multi-stage risk evaluation, token-bucket rate limiting, and legitimate bot recognition (Googlebot, Bingbot, etc.). Protects REST API, XML-RPC, and WooCommerce endpoints with endpoint-specific risk scoring.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin User Monitoring:\u003C\u002Fstrong> Real-time detection and alerting for unauthorized admin additions, removals, and role changes with database audit trail and snapshots.\u003C\u002Fp>\n\u003Cp>For complete protection—including automated malware removal, scheduled scanning, WAF, and 24\u002F7 monitoring—you can upgrade to a ThreatSign Website Security plan.\u003C\u002Fp>\n\u003Ch4>Malware Detection Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-click on-demand scans from WP admin\u003C\u002Fli>\n\u003Cli>0-day (unknown threat) detection via heuristic & behavioral analysis\u003C\u002Fli>\n\u003Cli>Detection of malicious PHP (backdoors, shells, injections)\u003C\u002Fli>\n\u003Cli>Detection of obfuscated or polymorphic JavaScript\u003C\u002Fli>\n\u003Cli>Identification of malicious iframes, redirects & hidden links\u003C\u002Fli>\n\u003Cli>Detection of spam & SEO malware\u003C\u002Fli>\n\u003Cli>Checkout skimmer detection\u003C\u002Fli>\n\u003Cli>Inspection of WordPress core file integrity\u003C\u002Fli>\n\u003Cli>Detection of alien or unauthorized files in core directories\u003C\u002Fli>\n\u003Cli>External links and outbound reference analysis\u003C\u002Fli>\n\u003Cli>Blacklist checks across 40+ security authorities\u003C\u002Fli>\n\u003Cli>Cloud-based scanning to reduce server resource load\u003C\u002Fli>\n\u003Cli>Detailed investigation reports with severity levels\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Brute Force Protection Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-based locking with configurable thresholds\u003C\u002Fli>\n\u003Cli>Multi-stage failure detection with soft and hard locks\u003C\u002Fli>\n\u003Cli>Environment-aware policies for shared hosting and dedicated servers\u003C\u002Fli>\n\u003Cli>IP whitelist\u002Fblacklist with CIDR notation support\u003C\u002Fli>\n\u003Cli>Emergency bypass mechanism via constant or filter\u003C\u002Fli>\n\u003Cli>User account lockout alerts via email\u003C\u002Fli>\n\u003Cli>Combo-lock (IP + username) detection\u003C\u002Fli>\n\u003Cli>Rate limiting with progressive delays\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Bot Protection Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multi-stage risk evaluation with heuristic analysis\u003C\u002Fli>\n\u003Cli>Token-bucket rate limiting across multiple lanes (global, REST, XML-RPC, checkout, cart)\u003C\u002Fli>\n\u003Cli>Legitimate bot recognition (Googlebot, Bingbot with elevated rate limits)\u003C\u002Fli>\n\u003Cli>REST API enumeration and authentication protection\u003C\u002Fli>\n\u003Cli>WooCommerce endpoint protection (checkout & cart)\u003C\u002Fli>\n\u003Cli>Configurable operation modes (Observe, Balanced, Aggressive)\u003C\u002Fli>\n\u003Cli>Risk-based challenge mechanisms and exponential backoff\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Admin User Monitoring Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Real-time detection of admin user additions and removals\u003C\u002Fli>\n\u003Cli>Admin role change tracking\u003C\u002Fli>\n\u003Cli>Database snapshot comparison for audit trail\u003C\u002Fli>\n\u003Cli>WP-Cron scheduled checks (1-minute intervals)\u003C\u002Fli>\n\u003Cli>Immediate detection via WordPress hooks\u003C\u002Fli>\n\u003Cli>Email alerts for unauthorized changes\u003C\u002Fli>\n\u003Cli>Comprehensive alarm system integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you need malware removal assistance, contact us at support@quttera.com or sign up for any\u003Cbr \u002F>\nof our ThreatSign annual plans, which include cleanup & blacklist removal:\u003Cbr \u002F>\nhttps:\u002F\u002Fquttera.com\u002Fanti-malware-website-monitoring-signup\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fquttera.com\" rel=\"nofollow ugc\">Quttera\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin’s other home\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fquttera.com\u002Fwordpress-malware-scanner\" rel=\"nofollow ugc\">WordPress Malware Scanner\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress multi-level security scanner detecting malware, 0-day threats, brute-force attacks, bot attacks, and unauthorized admin changes.",4472334,78,47,"2026-04-16T00:02:00.000Z","3.3.2","7.2",[103,104,105,106,107],"card-skimmer","malware-removal","malware-scanner","threat-detection","wordpress-security","http:\u002F\u002Fquttera.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquttera-web-malware-scanner.4.0.0.12.zip",3,"2025-08-14 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":52,"requires_at_least":17,"requires_php":125,"tags":126,"homepage":131,"download_link":132,"security_score":61,"vuln_count":133,"unpatched_count":27,"last_vuln_date":134,"fetched_at":29},"website-file-changes-monitor","Melapress File Monitor","2.3.0","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>Get notified of file and permission changes on your WordPress sites and boost reliability & security\u003C\u002Fh3>\n\u003Cp>Melapress File Monitor is a WordPress file integrity monitoring plugin that keeps track of file and permission changes on your WordPress websites. It enables you to promptly identify code changes, file and directory permission changes, leftover files, malicious code, and malware injections – and take action.\u003C\u002Fp>\n\u003Cp>Install \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-file-monitor\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">Melapress File Monitor\u003C\u002Fa> on your website to:\u003Cbr \u002F>\n*   Detect malware, infected files or files altered by bad actors\u003Cbr \u002F>\n*   Keep track of the last code changes on your website for easier troubleshooting\u003Cbr \u002F>\n*   Identify changes in file and directory permissions\u003Cbr \u002F>\n*   Identify leftover & backup files that can lead to sensitive business & technical data exposure\u003Cbr \u002F>\n*   Spot malware injections early to avoid irreparable site damage\u003Cbr \u002F>\n*   Conduct essential WordPress forensic analysis after a cyberattack.\u003C\u002Fp>\n\u003Cp>The plugin allows you to monitor and log file and permission changes across your WordPress site. You can see changes directly in the WordPress dashboard for easy access. You can also configure the plugin to send you file and permission change alerts through email whenever it detects a change; keeping you informed wherever you are.\u003C\u002Fp>\n\u003Cp>It helps you easily spot leftover and backup files that could leave your website exposed, and detect malware and code changes, so you can remove the files and clean malware infections at the earliest possible.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cp>Melapress File Monitor is a very easy to use plugin with zero admin work.\u003C\u002Fp>\n\u003Ch4>No False Alarms – Just Genuine Alerts!\u003C\u002Fh4>\n\u003Cp>This plugin uses an exclusive smart technology that detects WordPress core updates, plugin & theme installs, uninstalls, and updates.\u003C\u002Fp>\n\u003Cp>When you update the WordPress core, install a new plugin, update a theme, or delete a plugin it won’t flood you with hundreds of alerts prompting a false alarm. You only get alerted of genuine file and permission changes that can have an effect on the functionality and security of your WordPress site!\u003C\u002Fp>\n\u003Ch4>Instant Email Notifications\u003C\u002Fh4>\n\u003Cp>After a scan, the plugin sends an email with the list of file and permission changes it identifies on your WordPress sites and multisite networks.\u003C\u002Fp>\n\u003Cp>The email includes all the details you require to track WordPress file changes, such as:\u003Cbr \u002F>\n* The filename and the path of the file\u003Cbr \u002F>\n* A count of how many files were added, modified or deleted\u003Cbr \u002F>\n* A highlight of the site admin changes that caused the file changes, such as the plugins or themes installs, uninstalls, and updates.\u003C\u002Fp>\n\u003Ch4>Scans ALL Your Files, Including Custom Code\u003C\u002Fh4>\n\u003Cp>Melapress File Monitor can scan any type of file and it is not limited to WordPress and PHP files. Apart from the WordPress core files, plugins and themes files, it will also scan any other custom code files that you might have on your WordPress site.\u003C\u002Fp>\n\u003Cp>It also compares the WordPress core files of your website to the list of files on the official WordPress repository, so it will also alert you if a WordPress core file has been tampered with, or changed. You can also choose to exclude specific files, directories, and extensions for complete control.\u003C\u002Fp>\n\u003Cp>To learn more on both the file integrity monitoring technologies the plugin uses refer to \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwebsite-file-changes-monitor-how-plugin-detects-file-changes\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">how the plugin detects file changes on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>WordPress Multisite Networks Support\u003C\u002Fh4>\n\u003Cp>The Melapress File Monitor plugin can also detect file changes on WordPress multisite networks. When installed on a network, the plugin configuration and alerts are only available to the super administrators, preventing possible disclosure of sensitive information that could jeopardize the security of the sites on the network.\u003C\u002Fp>\n\u003Ch4>Other Notable Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Optimized scanning technology that does not affect the performance of your site\u003C\u002Fli>\n\u003Cli>Fully configurable file scan frequency (hourly, daily, weekly, time of the day)\u003C\u002Fli>\n\u003Cli>Instant file integrity scans with just a click of a button\u003C\u002Fli>\n\u003Cli>Ability to exclude directories, files, and file types from the scan\u003C\u002Fli>\n\u003Cli>Configurable maximum file size to scan\u003C\u002Fli>\n\u003Cli>File changes data only available to administrators for better security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free Plugin Support\u003C\u002Fh3>\n\u003Cp>Support is available for free via:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadmin-notices-manager\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"ugc\">forums\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=anm\" rel=\"nofollow ugc\">email\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh3>\n\u003Cp>Melapress builds high-quality niche WordPress security & management plugins, including WP Activity Log, Melapress Login Security, and others.\u003C\u002Fp>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=anm\" rel=\"nofollow ugc\">Melapress website\u003C\u002Fa> for more information about the company and the plugins it develops.\u003C\u002Fp>\n\u003Ch3>Install the plugin from within WordPress\u003C\u002Fh3>\n\u003Cp>WordPress security is easy with Melapress File Monitor. Simply:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Navigate to Plugins > Add New, from your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for Melapress File Monitor\u003C\u002Fli>\n\u003Cli>Install & activate the plugin from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the plugin manually (via file upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Melapress File Monitor plugin through the Plugins page in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translate the plugin in your own language\u003C\u002Fh3>\n\u003Cp>If you want to help us translate this plugin in your own language please \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>. We will credit all translators.\u003C\u002Fp>\n","Get email alerts for file and permission changes on your WordPress sites. No false positives!",5000,129516,82,32,"2026-02-26T09:10:00.000Z","8.0",[127,128,129,130,23],"file-monitor","file-security","file-changes","malware-detection","http:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-file-changes-monitor.2.3.0.zip",4,"2025-07-03 00:00:00",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":145,"num_ratings":146,"last_updated":147,"tested_up_to":148,"requires_at_least":149,"requires_php":101,"tags":150,"homepage":24,"download_link":154,"security_score":155,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,34086,86,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6",[80,151,23,152,153],"csp","security-headers","xss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",85,{"attackSurface":157,"codeSignals":219,"taintFlows":315,"riskAssessment":358,"analyzedAt":371},{"hooks":158,"ajaxHandlers":207,"restRoutes":214,"shortcodes":215,"cronEvents":216,"entryPointCount":14,"unprotectedCount":27},[159,164,168,173,175,179,183,187,191,195,199,203],{"type":160,"name":161,"callback":162,"file":163,"line":13},"action","plugins_loaded","better_detection_loaded","better-detection.php",{"type":160,"name":165,"callback":166,"file":163,"line":167},"better_detection_hourly","better_detection_do_hourly",136,{"type":169,"name":170,"callback":171,"file":163,"line":172},"filter","wp_mail_content_type","better_detection_set_html_mail_content_type",264,{"type":169,"name":170,"callback":171,"file":163,"line":174},395,{"type":160,"name":176,"callback":177,"priority":11,"file":163,"line":178},"save_post","better_detection_save_post",462,{"type":169,"name":180,"callback":181,"file":163,"line":182},"post_updated_messages","better_detection_updated_messages",501,{"type":160,"name":184,"callback":185,"file":163,"line":186},"init","better_detection_auto_login",560,{"type":160,"name":188,"callback":189,"file":163,"line":190},"admin_enqueue_scripts","better_detection_admin_scripts",657,{"type":169,"name":192,"callback":193,"file":163,"line":194},"whitelist_options","closure",675,{"type":160,"name":196,"callback":197,"file":163,"line":198},"admin_menu","better_detection_menus",899,{"type":160,"name":200,"callback":201,"file":163,"line":202},"admin_init","better_detection_settings",900,{"type":160,"name":204,"callback":205,"file":163,"line":206},"wp_before_admin_bar_render","better_detection_admin_bar_render",925,[208],{"action":209,"nopriv":210,"callback":211,"hasNonce":212,"hasCapCheck":210,"file":163,"line":213},"better_detection",false,"better_detection_do_ajax",true,636,[],[],[217],{"hook":165,"callback":165,"file":163,"line":218},59,{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":230,"fileOperations":27,"externalRequests":86,"nonceChecks":14,"capabilityChecks":27,"bundledLibraries":314},[],{"prepared":33,"raw":110,"locations":222},[223,226,228],{"file":163,"line":224,"context":225},68,"$wpdb->get_var() with variable interpolation",{"file":163,"line":227,"context":225},714,{"file":163,"line":229,"context":225},914,{"escaped":133,"rawEcho":231,"locations":232},40,[233,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312],{"file":163,"line":234,"context":235},691,"raw output",{"file":163,"line":237,"context":235},695,{"file":163,"line":239,"context":235},697,{"file":163,"line":241,"context":235},700,{"file":163,"line":243,"context":235},703,{"file":163,"line":245,"context":235},704,{"file":163,"line":247,"context":235},707,{"file":163,"line":249,"context":235},708,{"file":163,"line":251,"context":235},719,{"file":163,"line":253,"context":235},720,{"file":163,"line":255,"context":235},721,{"file":163,"line":257,"context":235},722,{"file":163,"line":259,"context":235},723,{"file":163,"line":261,"context":235},724,{"file":163,"line":263,"context":235},725,{"file":163,"line":265,"context":235},726,{"file":163,"line":267,"context":235},751,{"file":163,"line":269,"context":235},752,{"file":163,"line":271,"context":235},753,{"file":163,"line":273,"context":235},754,{"file":163,"line":275,"context":235},755,{"file":163,"line":277,"context":235},756,{"file":163,"line":279,"context":235},757,{"file":163,"line":281,"context":235},759,{"file":163,"line":283,"context":235},760,{"file":163,"line":285,"context":235},767,{"file":163,"line":287,"context":235},768,{"file":163,"line":289,"context":235},769,{"file":163,"line":291,"context":235},770,{"file":163,"line":293,"context":235},771,{"file":163,"line":295,"context":235},772,{"file":163,"line":297,"context":235},773,{"file":163,"line":299,"context":235},774,{"file":163,"line":301,"context":235},780,{"file":163,"line":303,"context":235},863,{"file":163,"line":305,"context":235},872,{"file":163,"line":307,"context":235},873,{"file":163,"line":309,"context":235},883,{"file":163,"line":311,"context":235},887,{"file":163,"line":313,"context":235},890,[],[316,339],{"entryPoint":317,"graph":318,"unsanitizedCount":14,"severity":338},"better_detection_do_ajax (better-detection.php:566)",{"nodes":319,"edges":335},[320,325,329],{"id":321,"type":322,"label":323,"file":163,"line":324},"n0","source","$_POST",615,{"id":326,"type":327,"label":328,"file":163,"line":324},"n1","transform","→ better_detection_do_test()",{"id":330,"type":331,"label":332,"file":163,"line":333,"wp_function":334},"n2","sink","wp_remote_post() [SSRF]",427,"wp_remote_post",[336,337],{"from":321,"to":326,"sanitized":210},{"from":326,"to":330,"sanitized":210},"medium",{"entryPoint":340,"graph":341,"unsanitizedCount":14,"severity":338},"\u003Cbetter-detection> (better-detection.php:0)",{"nodes":342,"edges":354},[343,346,349,350,352],{"id":321,"type":322,"label":344,"file":163,"line":345},"$_GET",528,{"id":326,"type":331,"label":347,"file":163,"line":311,"wp_function":348},"echo() [XSS]","echo",{"id":330,"type":322,"label":323,"file":163,"line":324},{"id":351,"type":327,"label":328,"file":163,"line":324},"n3",{"id":353,"type":331,"label":332,"file":163,"line":333,"wp_function":334},"n4",[355,356,357],{"from":321,"to":326,"sanitized":212},{"from":330,"to":351,"sanitized":210},{"from":351,"to":353,"sanitized":210},{"summary":359,"deductions":360},"The \"better-detection\" v1.7 plugin exhibits a mixed security posture. On the positive side, it has no recorded historical vulnerabilities, which suggests a history of responsible development or a lack of past scrutiny. The static analysis also shows a relatively small attack surface with only one entry point identified, and this entry point does not appear to be immediately unprotected. Furthermore, the absence of dangerous functions, file operations, and bundled libraries is a good sign.\n\nHowever, several areas raise concerns. The low percentage of properly escaped output (9%) is a significant weakness, potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these unescaped outputs. The presence of two taint flows with unsanitized paths, even without a \"critical\" or \"high\" severity classification, warrants attention as they indicate potential pathways for malicious input to reach sensitive functions. The fact that 37% of SQL queries are not using prepared statements also increases the risk of SQL injection vulnerabilities. Finally, the absence of capability checks on the single AJAX handler, while a nonce check is present, leaves room for potential privilege escalation or unauthorized actions if the nonce check can be bypassed or is insufficient on its own.\n\nOverall, while the plugin has a clean vulnerability history and a limited attack surface, the identified code signals regarding output escaping, unsanitized taint flows, and SQL query practices present notable risks. The lack of capability checks on the AJAX handler is also a potential weak point. These factors suggest that while the plugin might not be overtly dangerous, it requires careful review and potential hardening to address the identified vulnerabilities.",[361,364,366,369],{"reason":362,"points":363},"Unescaped output (9%)",8,{"reason":365,"points":146},"Taint flows with unsanitized paths (2)",{"reason":367,"points":368},"SQL queries not using prepared statements (37%)",7,{"reason":370,"points":33},"No capability checks on AJAX handler","2026-03-16T23:35:28.621Z",{"wat":373,"direct":379},{"assetPaths":374,"generatorPatterns":376,"scriptPaths":377,"versionParams":378},[375],"\u002Fwp-content\u002Fplugins\u002Fbetter-detection\u002Fheader.png",[],[],[],{"cssClasses":380,"htmlComments":381,"htmlAttributes":382,"restEndpoints":383,"jsGlobals":384,"shortcodeOutput":386},[],[],[],[],[385],"better_detection_auto_login_",[],{"error":212,"url":388,"statusCode":389,"statusMessage":390,"message":390},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbetter-detection\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":368,"versions":392},[393,399,406,413,420,427,434],{"version":6,"download_url":394,"svn_tag_url":395,"released_at":28,"has_diff":210,"diff_files_changed":396,"diff_lines":28,"trac_diff_url":397,"vulnerabilities":398,"is_current":212},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.6&new_path=%2Fbetter-detection%2Ftags%2F1.7",[],{"version":400,"download_url":401,"svn_tag_url":402,"released_at":28,"has_diff":210,"diff_files_changed":403,"diff_lines":28,"trac_diff_url":404,"vulnerabilities":405,"is_current":210},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.5&new_path=%2Fbetter-detection%2Ftags%2F1.6",[],{"version":407,"download_url":408,"svn_tag_url":409,"released_at":28,"has_diff":210,"diff_files_changed":410,"diff_lines":28,"trac_diff_url":411,"vulnerabilities":412,"is_current":210},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.4&new_path=%2Fbetter-detection%2Ftags%2F1.5",[],{"version":414,"download_url":415,"svn_tag_url":416,"released_at":28,"has_diff":210,"diff_files_changed":417,"diff_lines":28,"trac_diff_url":418,"vulnerabilities":419,"is_current":210},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.3&new_path=%2Fbetter-detection%2Ftags%2F1.4",[],{"version":421,"download_url":422,"svn_tag_url":423,"released_at":28,"has_diff":210,"diff_files_changed":424,"diff_lines":28,"trac_diff_url":425,"vulnerabilities":426,"is_current":210},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.2&new_path=%2Fbetter-detection%2Ftags%2F1.3",[],{"version":428,"download_url":429,"svn_tag_url":430,"released_at":28,"has_diff":210,"diff_files_changed":431,"diff_lines":28,"trac_diff_url":432,"vulnerabilities":433,"is_current":210},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-detection%2Ftags%2F1.0&new_path=%2Fbetter-detection%2Ftags%2F1.2",[],{"version":435,"download_url":436,"svn_tag_url":437,"released_at":28,"has_diff":210,"diff_files_changed":438,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":439,"is_current":210},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-detection.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-detection\u002Ftags\u002F1.0\u002F",[],[]]