[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5hsdoHSzPr3IfCR5wzNgjchkashah5J_hjlL7-WWE-U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":144,"fingerprints":246},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,98,156,"2026-02-05T20:29:00.000Z","6.9.4","4.7","7.1",[20,21,22,23,24],"bots","firewall","secure","security","web-application-firewall","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":13,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"specialk",30,1241610,328,78,"2026-04-05T16:34:41.345Z",[40,61,83,106,125],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":27,"num_ratings":50,"last_updated":51,"tested_up_to":16,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cloudfilt-codes","CloudFilt Bot & Spam Protection","1.0.20","CloudFilt","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudfilt\u002F","\u003Cp>Prevent and block bot traffic, web scraping, Tor traffic, spam submissions (comments and contact forms), online fraud, business logic abuse, and denial-of-service (DDoS) attacks.\u003Cbr \u002F>\nThis plugin inserts the CloudFilt tracking and security codes into your website, enabling the protection services available at https:\u002F\u002Fcloudfilt.com\u002F\u003Cbr \u002F>\nYou can read the full documentation at: https:\u002F\u002Fdocs.cloudfilt.com\u002F\u003C\u002Fp>\n\u003Cp>Terms and Conditions: https:\u002F\u002Fcloudfilt.com\u002Fdocs\u002Fpt_cloudfilt_07302025.pdf\u003C\u002Fp>\n\u003Cp>Tags: web security, bot blocking, web application firewall, antispam, stop bad bots\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Authentification form\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using your public and private key to connect your WordPress website to your CloudFilt account and enable CloudFilt features.\u003C\u002Fli>\n\u003Cli>Check if your website is still connected to your CloudFilt account.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enabled CloudFilt features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevents and stop bots traffic, Web Scraping, Tor traffic, Spam Submissions, Web Fraud, Business logic and Denial of service (DDoS).\u003C\u002Fli>\n\u003Cli>Injects JS into pages to track and detect potentially dangerous users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to your CloudFilt account and go to https:\u002F\u002Fapp.cloudfilt.com\u002Fwebsites.\u003C\u002Fli>\n\u003Cli>Select the website and go to Settings > Integration & Plugins.\u003C\u002Fli>\n\u003Cli>In the “WordPress” tab, retrieve the public key and the private key.\u003C\u002Fli>\n\u003Cli>Login to the administration page of your WordPress and select the “CloudFilt” plugin from the menu.\u003C\u002Fli>\n\u003Cli>In the form, paste the keys you retrieved from your CloudFilt account.\u003C\u002Fli>\n\u003Cli>Once it is done, you can go back to https:\u002F\u002Fapp.cloudfilt.com and access to your website’s security statistics. Bots can’t be anymore go on your website and users are tracked.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>To learn more, see the screenshots section.\u003C\u002Fp>\n","Prevent and stop bots traffic. This plugin inserts in your website the CloudFilt codes for the security tracking available on https:\u002F\u002Fcloudfilt.com\u002F.",600,18891,3,"2026-02-17T10:43:00.000Z","4.0","",[55,56,57,24,58],"antispam","block-bots","stop-bad-bots","web-security","https:\u002F\u002Fcloudfilt.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudfilt-codes.1.0.20.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":16,"requires_at_least":17,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":28,"last_vuln_date":82,"fetched_at":30},"sg-security","Security Optimizer – The All-In-One Protection Plugin","1.5.9","SiteGround","https:\u002F\u002Fprofiles.wordpress.org\u002Fsiteground\u002F","\u003Cp>\u003Cstrong>Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin – Security Optimizer.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable \u003Cstrong>2FA (Two-Factor Authentication)\u003C\u002Fstrong> for an extra layer of website security\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> to deter malicious login attempts and brute-force attacks\u003C\u002Fli>\n\u003Cli>Change your default login URL to \u003Cstrong>Custom Login URL\u003C\u002Fstrong> to avoid attacks\u003C\u002Fli>\n\u003Cli>Activate \u003Cstrong>Advanced XSS Protection\u003C\u002Fstrong> to fortify your website against malicious attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lock and Protect System Folders\u003C\u002Fstrong> to ensure no unauthorized or malicious scripts can be executed in your system folders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Themes & Plugins Editor\u003C\u002Fstrong> to safeguard your website from unauthorized access via the WordPress editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide WordPress Version\u003C\u002Fstrong> effortlessly, keeping it hidden from prying eyes\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>Activity Log\u003C\u002Fstrong> to monitor your site and quickly prevent malicious actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Hack Actions\u003C\u002Fstrong> to take immediate actions and prevent further damages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed by the website security experts at \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fwordpress-plugins\u002Fsiteground-security\" rel=\"nofollow ugc\">SiteGround\u003C\u002Fa> and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform.\u003C\u002Fp>\n\u003Ch4>AWARDS:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2022\u002F\" rel=\"nofollow ugc\">Monster Awards 2022\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2021\u002F\" rel=\"nofollow ugc\">Monster Awards 2021\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003C\u002Fp>\n\u003Ch4>Plugin Video\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFOheCz7sm9A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Plugin Tutorial\u003C\u002Fh4>\n\u003Cp>Unveil the vast array of features and unleash the full potential of our security plugin in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Ftutorials\u002Fwordpress\u002Fsg-security\u002F\" rel=\"nofollow ugc\">Security Optimizer Tutorial\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SITE PROTECTION FEATURES\u003C\u002Fh3>\n\u003Cp>Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website:\u003C\u002Fp>\n\u003Ch4>Lock and Protect System Folders\u003C\u002Fh4>\n\u003Cp>Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.\u003C\u002Fp>\n\u003Ch4>Hide WordPress Version\u003C\u002Fh4>\n\u003Cp>Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.\u003C\u002Fp>\n\u003Ch4>Disable Themes & Plugins Editor\u003C\u002Fh4>\n\u003Cp>Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.\u003C\u002Fp>\n\u003Ch4>Disable XML-RPC\u003C\u002Fh4>\n\u003Cp>Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.\u003C\u002Fp>\n\u003Ch4>Disable RSS and ATOM Feeds\u003C\u002Fh4>\n\u003Cp>Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.\u003C\u002Fp>\n\u003Ch4>Advanced XSS Protection\u003C\u002Fh4>\n\u003Cp>Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.\u003C\u002Fp>\n\u003Ch4>Delete Default Readme.html\u003C\u002Fh4>\n\u003Cp>Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.\u003C\u002Fp>\n\u003Ch3>Login Security\u003C\u002Fh3>\n\u003Ch4>Custom Login Url\u003C\u002Fh4>\n\u003Cp>Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.\u003C\u002Fp>\n\u003Ch4>Login Access\u003C\u002Fh4>\n\u003Cp>Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks.\u003C\u002Fp>\n\u003Ch4>2FA (Two-Factor Authentication)\u003C\u002Fh4>\n\u003Cp>Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.\u003C\u002Fp>\n\u003Ch4>Disable Common Usernames\u003C\u002Fh4>\n\u003Cp>Don’t fall victim to predictable security breaches! The use of common usernames, such as ‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives.\u003C\u002Fp>\n\u003Ch4>Limit Login Attempts\u003C\u002Fh4>\n\u003Cp>Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.\u003C\u002Fp>\n\u003Ch3>ACTIVITY MONITORING\u003C\u002Fh3>\n\u003Cp>Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions\u003C\u002Fp>\n\u003Ch4>Activity Log\u003C\u002Fh4>\n\u003Cp>The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.\u003C\u002Fp>\n\u003Ch4>Weekly Security Reports\u003C\u002Fh4>\n\u003Cp>Receive a weekly traffic summary for your website directly to your inbox. This \u003Cstrong>Weekly Security Report\u003C\u002Fstrong> compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.\u003C\u002Fp>\n\u003Ch3>POST-HACK ACTIONS\u003C\u002Fh3>\n\u003Cp>Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively:\u003C\u002Fp>\n\u003Ch4>Reinstall All Free Plugins\u003C\u002Fh4>\n\u003Cp>In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.\u003C\u002Fp>\n\u003Ch4>Log Out All Users\u003C\u002Fh4>\n\u003Cp>To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.\u003C\u002Fp>\n\u003Ch4>Force Password Reset\u003C\u002Fh4>\n\u003Cp>By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.7\u003C\u002Fli>\n\u003Cli>PHP 7.0\u003C\u002Fli>\n\u003Cli>Working .htaccess file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data Collection\u003C\u002Fh3>\n\u003Cp>Collection of technical data is optional and is \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fkb\u002Fwhat-information-wp-plugins-collect\" rel=\"nofollow ugc\">listed here\u003C\u002Fa>. This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin’s performance. You may find more information on data collection in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fviewtos\u002Fsiteground_plugins_privacy_notice\" rel=\"nofollow ugc\">Plugins Privacy Notice\u003C\u002Fa>.\u003C\u002Fp>\n","Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.",1000000,31890492,90,153,"2026-01-15T09:21:00.000Z","7.0",[21,76,77,23,24],"login","malware-scanner","https:\u002F\u002Fsiteground.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsg-security.1.5.9.zip",86,5,"2025-11-30 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":74,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":101,"download_link":102,"security_score":103,"vuln_count":104,"unpatched_count":28,"last_vuln_date":105,"fetched_at":30},"wp-simple-firewall","Shield: Blocks Bots, Protects Users, and Prevents Security Breaches","21.2.6","Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaultgoodchild\u002F","\u003Cp>Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.\u003C\u002Fp>\n\u003Ch3>Key Security Features At A Glance\u003C\u002Fh3>\n\u003Ch3>[PRO-Only] Zero-Configuration, Fast & Reliable WordPress Backups Included\u003C\u002Fh3>\n\u003Cp>We’ve made WordPress backups faster than ever with our integrated WordPress Disaster Recovery Backups solution – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldbackups\" rel=\"nofollow ugc\">ShieldBACKUPS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No more risky Cloud Storage\u002FOAuth credentials exposed on your sites; Backups that work without relying on a temperamental WordPress cron.\u003C\u002Fp>\n\u003Cp>ShieldBACKUPS keeps your data off-site, encrypted, and far away from hackers.\u003C\u002Fp>\n\u003Ch3>\u003Cem>silent\u003C\u002Fem>CAPTCHA Bad Bot Protection\u003C\u002Fh3>\n\u003Cp>Bad bots are your #1 security threat. They account for nearly all WordPress security probes, attacks, injections, malware, and vulnerability exploitation.\u003C\u002Fp>\n\u003Cp>Google reCAPTCHA and CloudFlare Turnstile are considered the best way to detect bots, but these along with all other CAPTCHAs interrupt the user experience.\u003C\u002Fp>\n\u003Cp>Shield’s exclusive \u003Cem>silent\u003C\u002Fem>CAPTCHA detects bad bots and blocks them from taking any abusive actions on your site, such as brute-force user login attacks and WP Comments SPAM.\u003C\u002Fp>\n\u003Cp>Furthermore, privacy directives from legislation such as Europe’s GDPR restrict what data you may share of your visitors. All \u003Cem>silent\u003C\u002Fem>CAPTCHA data is kept on your WordPress site and ensures full compliance with GDPR regulations.\u003C\u002Fp>\n\u003Ch3>Comprehensive Activity Log\u003C\u002Fh3>\n\u003Cp>Shield’s has best-in-class logging that documents every WP action on your site.\u003C\u002Fp>\n\u003Cp>Unlike existing logging solutions, Shield detects changes to your WordPress sites that happen directly on your database. e.g. by hackers that have infiltrated your defenses via an exposed vulnerability.\u003C\u002Fp>\n\u003Cp>No other WordPress security plugin does this.\u003C\u002Fp>\n\u003Ch3>Limit Login Attempts and Block User Registration SPAM\u003C\u002Fh3>\n\u003Cp>\u003Cem>silent\u003C\u002Fem>CAPTCHA technology is invisible to your visitors and protects your WordPress login, registration and lost password forms from brute force attacks, and eliminates user registration SPAM from bots.\u003C\u002Fp>\n\u003Ch3>User Session Theft Protection\u003C\u002Fh3>\n\u003Cp>Shield can lock user session to browsers, or IP addresses. Combine with 2FA (below), you can protect your users from session theft and account theft.\u003C\u002Fp>\n\u003Ch3>Two-Factor Authentication (2FA) for all users\u003C\u002Fh3>\n\u003Cp>Two-Factor Authentication is a crucial part of WordPress user security. It protects against account theft, takeover, and sharing. Shield supports email-based login code, Google\u002FMicrosoft\u002FLastpass Authenticator, Yubikey One-Time Passwords and Passkeys (pro).\u003C\u002Fp>\n\u003Ch3>Exclusive Security Admin Protection\u003C\u002Fh3>\n\u003Cp>Not only does Shield Security protect your WordPress site, it also provides security against tampering of key WordPress options and the Shield Security plugin itself. With Shield’s exclusive Security Admin feature, you can lockdown the security plugin from other admins to prevent accidental or malicious changes that will impact your security.\u003C\u002Fp>\n\u003Ch3>CrowdSec Partnership\u003C\u002Fh3>\n\u003Cp>Shield is the only WordPress security plugin with strategic partnerships that bring powerful protection to your WordPress sites. With our CrowdSec integration, your WordPress sites benefit from crowd-sourced IP Block Lists so your site can block malicious bots before they can do any damage whatsoever.\u003C\u002Fp>\n\u003Ch3>All The Features You’ll Absolutely Love\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>[ShieldPRO] ShieldBACKUPS – Disaster-proof your WordPress site with fast, reliable, easy WordPress backups!\u003C\u002Fli>\n\u003Cli>Exclusive \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fju\" rel=\"nofollow ugc\">silentCAPTCHA Security\u003C\u002Fa> – WordPress-specific bot-detection alternative to Google reCAPTCHA and CloudFlare Turnstile.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic Bot & IP Blocking\u003C\u002Fa> – reputation-based security intelligence to block repeat offenders automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Bad Bot Blocking with \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fl5\" rel=\"nofollow ugc\">our exclusive CrowdSec Security integration\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Easy To Understand Security Dashboard that highlights quick wins and areas to rapidly improve site security\u003C\u002Fli>\n\u003Cli>[ShieldPRO] \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Flf\" rel=\"nofollow ugc\">Artificial Intelligence based PHP Malware Detection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Security for your important user forms, by blocking Block Bots:\n\u003Cul>\n\u003Cli>Login Forms\u003C\u002Fli>\n\u003Cli>User Registration Forms\u003C\u002Fli>\n\u003Cli>Lost Password Reset Forms\u003C\u002Fli>\n\u003Cli>[ShieldPRO] WooCommerce & Easy Digital Downloads\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Contact Form SPAM Protection: Contact Form 7, NinjaForms, Elementor, WP Forms, and more!\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Memberpress, LearnPress, BuddyPress, WP Members, ProfileBuilder\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiw\" rel=\"nofollow ugc\">Brute Force Security Protection, Limit Login Attempts + Login Cooldown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Powerful Firewall Rules\u003C\u002Fli>\n\u003Cli>Restricted Security Admin Access\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fix\" rel=\"nofollow ugc\">Prevents Unauthorized Changes By Compromised Admins\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>(MFA) \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiy\" rel=\"nofollow ugc\">Two-Factor \u002F Multi-Factor Login Authentication\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Google Authenticator\u003C\u002Fli>\n\u003Cli>Yubikey\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Passkeys\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Backup Login Codes\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Multiple Yubikey per User\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Remember Me (reduces 2FA requests for users)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiz\" rel=\"nofollow ugc\">Block XML-RPC\u003C\u002Fa> (\u003Cem>including\u003C\u002Fem> Pingbacks and Trackbacks)\u003C\u002Fli>\n\u003Cli>Security firewall for the REST API – block anonymous requests\u003C\u002Fli>\n\u003Cli>Powerful IP Addresses-based Security:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic IP Address Blocking Using Points-Based System\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Block or Bypass individual IPs\u003C\u002Fli>\n\u003Cli>Block or Bypass IP Subnets\u003C\u002Fli>\n\u003Cli>Full IP Security Analysis in 1 place to review activity on your sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Comprehensive WordPress File Scanner for Intrusions and Hacks\n\u003Cul>\n\u003Cli>Detect File Changes – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj1\" rel=\"nofollow ugc\">Scan & Repair WordPress Core Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj2\" rel=\"nofollow ugc\">Detect Unknown\u002FSuspicious PHP Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Detect Abandoned Plugins.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Malware Scanner – detects known and unknown malware.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Plugin and Theme Scanning – identify file changes in your plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Detect Plugins\u002FThemes With Known Security Vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj3\" rel=\"nofollow ugc\">Create a \u003Cstrong>Private Secure Login URL\u003C\u002Fstrong> by hiding wp-login.php\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Comment SPAM Blocking – Block \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjf\" rel=\"nofollow ugc\">Comment SPAM from Bots and Humans\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Never Block Google\u003C\u002Fstrong>: Smart Security Automatically Detects Known Good Bots: GoogleBot, Bing and other Official Search Engines including:\n\u003Cul>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Bing,\u003C\u002Fli>\n\u003Cli>DuckDuckGo\u003C\u002Fli>\n\u003Cli>Yahoo!\u003C\u002Fli>\n\u003Cli>Baidu\u003C\u002Fli>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>Yandex\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Automatically Detects 3rd Party Services and Prevents Blocking Of:\n\u003Cul>\n\u003Cli>ManageWP \u002F iControlWP \u002F MainWP\u003C\u002Fli>\n\u003Cli>Pingdom, NodePing, Statuscake, UptimeRobot, GTMetrix\u003C\u002Fli>\n\u003Cli>Stripe, PayPal IPN\u003C\u002Fli>\n\u003Cli>CloudFlare, SEMRush\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full Security Activity Log – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj5\" rel=\"nofollow ugc\">Monitor \u003Cstrong>All\u003C\u002Fstrong> Site Activity, including\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Activity log for all user login & registration attempts\u003C\u002Fli>\n\u003Cli>Plugin and Theme installation activity logs, including activation & deactivation etc.\u003C\u002Fli>\n\u003Cli>User creation activity log, including detection of administrator promotions\u003C\u002Fli>\n\u003Cli>Activity log for Page\u002FPost create, update, delete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advanced User Sessions Control\n\u003Cul>\n\u003Cli>Restrict Multiple User Login\u003C\u002Fli>\n\u003Cli>Restrict Users Session To IP\u003C\u002Fli>\n\u003Cli>Password Security – Block Pwned Passwords\u003C\u002Fli>\n\u003Cli>User Enumeration Blocking – Firewall blocks requests to \u003Ccode>?author=x\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Security for old and idle user account with manual and automatic User Suspend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full\u002FAutomatic Support for All IP Address Sources including Proxy Support\u003C\u002Fli>\n\u003Cli>HTTP Request\u002FTraffic Logging – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj7\" rel=\"nofollow ugc\">Full Traffic Logging and Request Monitoring\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Traffic Rate Limiting Security – prevent server overload from DoS Attacks\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj6\" rel=\"nofollow ugc\">HTTP Security Headers & Content Security Policies (CSP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldfeatures\" rel=\"nofollow ugc\">Full Shield Security Features List\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Shield is the only security plugin for WordPress that prioritises protection and intrusion prevention before repair. With Shield Security, your site will immediately to block visitors as they probe your site looking for vulnerabilities, and before they can do damage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other standalone WordPress security plugin\u003C\u002Fstrong> (including \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldvswordfence\" rel=\"nofollow ugc\">Wordfence\u003C\u002Fa>, WP Cerber, Ninja Firewall, All-In-One Security) approaches security in this way. The 1st step in any good security system is Intrusion Detection\u002FPrevention, the 2nd step is repair. Shield Security does both.\u003C\u002Fp>\n\u003Ch4>Get the highest rated 5* Security Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Per download, Shield Security \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjl\" rel=\"nofollow ugc\">has the highest 5* rating\u003C\u002Fa> in the WordPress plugin repository.\u003C\u002Fp>\n\u003Ch3>Leave Behind the Security Marketing Hype and Scare Mongering\u003C\u002Fh3>\n\u003Cp>Our solution isn’t designed to scare you and make you feel unsafe.\u003C\u002Fp>\n\u003Ch3>2 Key WordPress Security Strategies\u003C\u002Fh3>\n\u003Cp>Shield Security uses 2 simple key strategies to protect your WordPress sites:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Intrusion Prevention System – Detect Bots\u002FMalicious IPs that will try to hack and invade your WordPress sites.\u003C\u002Fli>\n\u003Cli>Block & Recover – Block Bad Bots and Repair Hacks\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Key Security Strategy #1: Hacking Prevention\u003C\u002Fh4>\n\u003Cp>Bad Bots are the primary cause for nearly all our security troubles – they’re relentless, automatic and powerful.\u003C\u002Fp>\n\u003Cp>Shield Security is highly focused on their detection and eradication from your WordPress sites.\u003C\u002Fp>\n\u003Cp>Blocking malicious bots before they do damage through malware and exploitation of vulnerabilities is the #1 security strategy to protect and enhance security on a WordPress site.\u003C\u002Fp>\n\u003Cp>Shield detects these malicious visitors, then blocks their access to your site completely. This involves analysing different security bot-signals and combining them to identify a visitor as malicious.\u003C\u002Fp>\n\u003Cp>These security signals include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>site probes that generate 404 errors\u003C\u002Fli>\n\u003Cli>failed logins\u003C\u002Fli>\n\u003Cli>logins with invalid usernames\u003C\u002Fli>\n\u003Cli>xml-rpc access\u003C\u002Fli>\n\u003Cli>fake search engine web crawlers\u003C\u002Fli>\n\u003Cli>invalid user agents\u003C\u002Fli>\n\u003Cli>excessive website requests and resource abuse\u003C\u002Fli>\n\u003Cli>and many more signals our security team have identified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Early identification and blocking of malicious bots reduces your WordPress site’s vulnerability to any sort of attack.\u003C\u002Fp>\n\u003Ch4>Key Strategy #2: Hacking Recovery\u003C\u002Fh4>\n\u003Cp>Even with the best security efforts, a site can get hacked. This usually involves file modification: either a hack file is added, or a file is changed.\u003C\u002Fp>\n\u003Cp>There are 3 key WordPress assets whose files can be hacked:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress Core\u003C\u002Fli>\n\u003Cli>WordPress Plugins\u003C\u002Fli>\n\u003Cli>WordPress Themes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Almost every security plugin can now do #1 – it’s easy because WordPress.org provides \u003Cem>checksums\u003C\u002Fem> for core files.\u003C\u002Fp>\n\u003Cp>But, there are no hashes available for plugins and themes, particularly premium plugins, so they can’t do it.\u003C\u002Fp>\n\u003Cp>Shield is \u003Cstrong>the only WordPress security plugin\u003C\u002Fstrong> that offers accurate detection of file modifications for all plugins and themes because we \u003Cstrong>build our own file fingerprints\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Shield can compare the file contents of every plugin & theme in the WordPress.org repository, looking for changed or new files\u003C\u002Fp>\n\u003Cp>And, if you’re a ShieldPRO client, you can protect premium plugins\u002Fthemes too, including Yoast SEO and Advanced Custom Fields Pro.\u003C\u002Fp>\n\u003Cp>Where possible, Shield will repair any unrecognised\u002Fmodified files it detects.\u003C\u002Fp>\n\u003Ch4>Non-stop Security Notifications Are Not Okay.\u003C\u002Fh4>\n\u003Cp>Your security plugin must be smarter, and take responsibility for decisions, so you don’t have to.\u003C\u002Fp>\n\u003Cp>Shield handles many problems for you, making intelligent decisions without noisy email notifications.\u003C\u002Fp>\n\u003Ch3>Dedicated Premium Support When You Go PRO\u003C\u002Fh3>\n\u003Cp>The Shield Security team prioritises email technical support over the WordPress.org forums.\u003Cbr \u002F>\nIndividual, dedicated technical support is only available to customers who have \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">purchased Shield Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Discover all the advantages of switching your WordPress security Pro at \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">our Shield Security store\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Partnerships & Integrations\u003C\u002Fh3>\n\u003Cp>We believe that \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fol\" rel=\"nofollow ugc\">silentCAPTCHA\u003C\u002Fa> is one of the simplest and most powerful solutions available today for all WordPress site owners to block and eliminate automated bot spam.\u003C\u002Fp>\n\u003Cp>That’s why we’ve started a collaboration campaign with other WordPress plugin developers to adapt their plugins to natively support Shield’s silentCAPTCHA solution, alongside Google reCAPTCHA & Cloudflare Turnstile.\u003C\u002Fp>\n\u003Cp>When you use one of the products from any of our partners, you will be able to activate Shield’s silentCAPTCHA bot spam protection so that your forms are protected from automated spam. You won’t need any site\u002FAPI keys, custom integrations, or JavaScript that can breaks your forms. It all works automatically for you when you enable the feature.\u003C\u002Fp>\n\u003Cp>As of this release, we have partnered with the following WordPress form providers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-form-builder\u002F\" rel=\"ugc\">Easy Form Builder\u003C\u002Fa> v4+\u003C\u002Fli>\n\u003C\u002Ful>\n","Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.",40000,12640449,96,1032,"2026-03-05T10:26:00.000Z","5.7","7.4",[99,100,20,21,23],"2fa","activity-log","https:\u002F\u002Fclk.shldscrty.com\u002F2f","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-firewall.21.2.6.zip",83,11,"2026-02-18 16:19:04",{"slug":107,"name":108,"version":18,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":93,"num_ratings":115,"last_updated":116,"tested_up_to":16,"requires_at_least":117,"requires_php":74,"tags":118,"homepage":120,"download_link":121,"security_score":122,"vuln_count":123,"unpatched_count":28,"last_vuln_date":124,"fetched_at":30},"bulletproof-security","BulletProof Security","AITpro","https:\u002F\u002Fprofiles.wordpress.org\u002Faitpro\u002F","\u003Cp>WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BulletProof Security is a proactive security plugin that automatically fixes 100+ known issues\u002Fconflicts with other plugins\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fsetup-wizard-autofix\u002F\" title=\"BPS Setup Wizard AutoFix\" rel=\"nofollow ugc\">BPS Setup Wizard AutoFix\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Installation and Setup Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRZ1ARaEE0_I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring\u003C\u002Fli>\n\u003Cli>JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Pro Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Quarantine Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Real-time File Monitor (IDPS)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>DB Monitor Intrusion Detection System (IDS)\u003C\u002Fli>\n\u003Cli>DB Diff Tool: data comparison tool\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Status & Info: extensive database status & info\u003C\u002Fli>\n\u003Cli>Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updated in Real-time\u003C\u002Fli>\n\u003Cli>JTC Anti-Spam|Anti-Hacker\u003C\u002Fli>\n\u003Cli>Uploads Folder Anti-Exploit Guard (UAEG)\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Custom php.ini Website Security\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring w\u002FDashboard Alerting|Status Display & additional options\u002Ffeatures\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>File|Folder Lock: File Locking | Detect & Lock Folders that were not created by you\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>PHP Error Logging\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Pro-Tools: 16 mini-plugins\u003C\u002Fli>\n\u003Cli>Heads Up Dashboard Status Display\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ait-pro.com\u002Fbps-features\u002F\" title=\"BulletProof Security Features\" rel=\"nofollow ugc\">View All BulletProof Security Pro Feature Details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Recommended Video Tutorials\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#custom-code\" title=\"BulletProof Security Custom Code Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Custom Code Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#security-log-firewall\" title=\"BulletProof Security Security Log Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Security Log Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Info\u003C\u002Fh3>\n\u003Cp>For details about BulletProof Security plugin features and frequently asked questions see the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fbulletproof-security-plugin-frequently-asked-questions\u002F\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">BulletProof Security Plugin Frequently Asked Questions\u003C\u002Fa> forum topic. Extensive Help Info can be found on the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fread-me-first-free\u002F#bps-free-general-troubleshooting\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">AIT-pro.com Forum\u003C\u002Fa> website and by clicking the Question Mark Help buttons on BulletProof Security plugin pages.\u003C\u002Fp>\n","WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...",30000,4509595,674,"2025-12-08T15:11:00.000Z","5.0",[21,119,77,22,23],"login-security","https:\u002F\u002Fforum.ait-pro.com\u002Fread-me-first\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulletproof-security.7.1.zip",89,12,"2026-01-06 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":27,"num_ratings":81,"last_updated":135,"tested_up_to":16,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":140,"download_link":141,"security_score":142,"vuln_count":50,"unpatched_count":28,"last_vuln_date":143,"fetched_at":30},"rsfirewall","RSFirewall!","1.1.46","RSJoomla!","https:\u002F\u002Fprofiles.wordpress.org\u002Frsjoomla\u002F","\u003Cp>The RSFirewall! WordPress plugin is the optimal solution for securing your website, helping you stay one step ahead of malicious users that wish to harm your website. The plugin is backed by a team of professionals with a long history in website security that are up to date with the latest known vulnerabilities and security updates.\u003C\u002Fp>\n\u003Cp>RSFIREWALL FREE VERSION FEATURES:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Free WordPress Firewall for your website\u003C\u002Fli>\n\u003Cli>Active protections against local file and remote file inclusion attacks\u003C\u002Fli>\n\u003Cli>SQL injection protections\u003C\u002Fli>\n\u003Cli>ReCAPTCHA for registration, login and commenting forms\u003C\u002Fli>\n\u003Cli>Filter uploaded files for possible malware and improper extensions\u003C\u002Fli>\n\u003Cli>Active monitoring WordPress core files integrity\u003C\u002Fli>\n\u003Cli>Active monitoring for your own files\u003C\u002Fli>\n\u003Cli>XML-RPC blocking\u003C\u002Fli>\n\u003Cli>REST API blocking with proper exceptions that you can define\u003C\u002Fli>\n\u003Cli>Protect the wp-admin\u002F slug with an extra password\u003C\u002Fli>\n\u003Cli>Change the wp-admin\u002F slug into a custom one\u003C\u002Fli>\n\u003Cli>Disallow direct access to PHP files in (wp-content, wp-content\u002Fuploads, wp-includes) with proper exceptions that you can define\u003C\u002Fli>\n\u003Cli>Receive email notifications on detected threats\u003C\u002Fli>\n\u003Cli>Automatically block repeated offenders IP addresses\u003C\u002Fli>\n\u003Cli>Perform a System check (WordPress and server configuration checks)\u003C\u002Fli>\n\u003Cli>Disable the creation of new Administrator accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>RSFIREWALL PAID VERSION FEATURES:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two Factor Authentication\u003C\u002Fli>\n\u003Cli>Country blocking\u003C\u002Fli>\n\u003Cli>Convert email addresses to images\u003C\u002Fli>\n\u003Cli>Protect forms from abusive IPs\u003C\u002Fli>\n\u003Cli>File integrity check\u003C\u002Fli>\n\u003Cli>Convert email addresses from plain text to images\u003C\u002Fli>\n\u003Cli>More control over the system check\u003C\u002Fli>\n\u003Cli>Whitelist blocked PHP files\u003C\u002Fli>\n\u003Cli>Protect admin users from changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3rd Party services\u003C\u002Fh3>\n\u003Cp>RSFirewall! will compare the MD5 hash of files with the original ones from the WordPress installation package. If differences are found (ie files have been modified) RSFirewall! upon request can download the original files from the GitHub synchronised repository of WordPress:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>All connections are made with \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_remote_get\" rel=\"nofollow ugc\">wp_remote_get\u003C\u002Fa> and the following information will be sent along with the request:\u003Cbr \u002F>\n– WordPress version\u003Cbr \u002F>\n– WordPress user agent along with your WordPress website address\u003Cbr \u002F>\n– Your server’s IP address\u003C\u002Fp>\n","Based on the success of the most popular firewall for Joomla!, RSFirewall! is now available to protect your WordPress website as well.",4000,29620,"2026-03-12T09:29:00.000Z","4.5.15","5.4",[21,77,23,139,24],"system-check","https:\u002F\u002Fwww.rsjoomla.com\u002Fwordpress-plugins\u002Fwordpress-security-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frsfirewall.zip",95,"2026-03-23 00:00:00",{"attackSurface":145,"codeSignals":201,"taintFlows":239,"riskAssessment":240,"analyzedAt":245},{"hooks":146,"ajaxHandlers":197,"restRoutes":198,"shortcodes":199,"cronEvents":200,"entryPointCount":28,"unprotectedCount":28},[147,153,158,162,166,170,174,178,182,186,189,192],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","init","bbq_languages","bbq-settings.php",10,{"type":154,"name":155,"callback":156,"priority":152,"file":151,"line":157},"filter","admin_footer_text","bbq_admin_footer_text",65,{"type":148,"name":159,"callback":160,"file":151,"line":161},"admin_init","bbq_register_settings",125,{"type":154,"name":163,"callback":164,"priority":152,"file":151,"line":165},"plugin_action_links","bbq_action_links",259,{"type":154,"name":167,"callback":168,"priority":152,"file":151,"line":169},"plugin_row_meta","bbq_meta_links",282,{"type":148,"name":171,"callback":172,"file":151,"line":173},"admin_menu","bbq_menu_page",292,{"type":148,"name":175,"callback":176,"file":151,"line":177},"admin_enqueue_scripts","bbq_enqueue_resources_admin",324,{"type":148,"name":179,"callback":180,"file":151,"line":181},"admin_print_scripts","bbq_print_js_admin",343,{"type":148,"name":183,"callback":184,"file":151,"line":185},"admin_notices","bbq_admin_notice",371,{"type":148,"name":159,"callback":187,"file":151,"line":188},"bbq_dismiss_notice_version_number",395,{"type":148,"name":159,"callback":190,"file":151,"line":191},"bbq_dismiss_notice_save_option",424,{"type":148,"name":193,"callback":194,"file":195,"line":196},"plugins_loaded","bbq_core","block-bad-queries.php",127,[],[],[],[],{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":28,"externalRequests":28,"nonceChecks":236,"capabilityChecks":237,"bundledLibraries":238},[],{"prepared":28,"raw":28,"locations":204},[],{"escaped":104,"rawEcho":206,"locations":207},14,[208,210,212,214,216,218,220,222,224,226,228,230,232,234],{"file":151,"line":103,"context":209},"raw output",{"file":151,"line":211,"context":209},137,{"file":151,"line":213,"context":209},138,{"file":151,"line":215,"context":209},139,{"file":151,"line":217,"context":209},145,{"file":151,"line":219,"context":209},147,{"file":151,"line":221,"context":209},148,{"file":151,"line":223,"context":209},149,{"file":151,"line":225,"context":209},183,{"file":151,"line":227,"context":209},195,{"file":151,"line":229,"context":209},205,{"file":151,"line":231,"context":209},215,{"file":151,"line":233,"context":209},225,{"file":151,"line":235,"context":209},360,1,2,[],[],{"summary":241,"deductions":242},"The \"block-bad-queries\" plugin exhibits a strong security posture based on the provided static analysis. The absence of any detected dangerous functions, file operations, or external HTTP requests is a significant positive indicator.  Furthermore, the complete reliance on prepared statements for all SQL queries and the presence of both nonce and capability checks suggest robust input validation and access control mechanisms are in place.\n\nWhile the plugin demonstrates good practices, a concern arises from the output escaping, where only 44% of outputs are properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if untrusted data is directly rendered in the frontend without proper sanitization, though the absence of critical taint flows mitigates this risk to some extent. The plugin's vulnerability history being entirely clean further reinforces its current secure state.\n\nIn conclusion, \"block-bad-queries\" appears to be a well-secured plugin with minimal apparent risks. The primary area for potential improvement lies in enhancing output escaping to achieve 100% proper sanitization, thus further hardening its defense against potential XSS attacks. The current lack of identified vulnerabilities and the secure coding practices observed make it a generally safe plugin.",[243],{"reason":244,"points":81},"Low percentage of properly escaped output","2026-03-16T17:05:54.461Z",{"wat":247,"direct":252},{"assetPaths":248,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[],[],[],[],{"cssClasses":253,"htmlComments":254,"htmlAttributes":255,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":258},[],[],[],[],[],[]]