[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2VL0UmKjItbvw2fMsYOG7rrtXZJzzCh8YJPsrsnx1pg":3,"$fGc3ukztMlXy2bF8K7Ic61MA5-i6ZLDJpXjG71BEyncw":226,"$f3nVij-k8_12cG1h4EKtCI5ENAd1sQ68BgMH465U_SlI":230},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":39,"analysis":131,"fingerprints":207},"bunkr-solution","Bunkr Solution","1.0.0","Bunkr","https:\u002F\u002Fprofiles.wordpress.org\u002Fyfel\u002F","\u003Cp>Bunkr Solution provides enterprise-grade bot protection for your WordPress site through sophisticated server-side analysis.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Real-time behavioral analysis\u003Cbr \u002F>\n* Advanced bot detection\u003Cbr \u002F>\n* Seamless user experience for legitimate visitors\u003Cbr \u002F>\n* Enterprise-grade protection\u003Cbr \u002F>\n* Easy integration with WordPress\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Bunkr API service to analyze website traffic and provide bot protection. Here’s what you need to know:\u003C\u002Fp>\n\u003Ch4>Service Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service\u003C\u002Fstrong>: Bunkr Bot Protection API (https:\u002F\u002Fwpde.bunkr-solution.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Real-time analysis of website requests to identify and block malicious bot traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Bunkr Solution (https:\u002F\u002Fbunkr-solution.com)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Transmission\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>: Every time a non-admin user visits your website (excluding AJAX requests)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n* Request metadata: URL, HTTP method, referrer, timestamp\u003Cbr \u002F>\n* Server headers: User-Agent, Accept headers, security headers (Sec-* headers)\u003Cbr \u002F>\n* Network information: IP address, domain name\u003Cbr \u002F>\n* Browser context: Mobile detection, HTTPS status\u003Cbr \u002F>\n* Cookie analysis: Count and types of cookies (WordPress, session, persistent)\u003Cbr \u002F>\n* Request identifier: Unique request identifier\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No sensitive data\u003C\u002Fstrong>: The plugin does not send form data, post content, user credentials, or personal information.\u003C\u002Fp>\n\u003Ch4>Legal Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fterms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User Consent\u003C\u002Fh4>\n\u003Cp>By installing and activating this plugin, you acknowledge that:\u003Cbr \u002F>\n1. Request data will be sent to Bunkr’s servers for analysis\u003Cbr \u002F>\n2. This data transmission is necessary for the plugin’s bot protection functionality\u003Cbr \u002F>\n3. You have reviewed Bunkr’s terms of service and privacy policy\u003Cbr \u002F>\n4. You are responsible for informing your website users about this data processing if required by applicable privacy laws\u003C\u002Fp>\n","Advanced bot protection for WordPress using real-time behavioral analysis. Blocks malicious traffic while allowing legitimate users seamless access.",0,597,"2025-10-10T13:14:00.000Z","6.8.5","5.0","7.4",[18,19,20,21,22],"anti-spam","bot-protection","click-fraud","firewall","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbunkr-solution.1.0.2.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":32,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"yfel","Jeremy Felt",6,1230,93,30,89,"2026-05-19T20:41:51.173Z",[40,60,78,98,114],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":25,"num_ratings":50,"last_updated":51,"tested_up_to":14,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"forget-spam-comment","Forget Spam Comment","1.1.9","Gulshan Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthegulshankumar\u002F","\u003Cp>The fastest and GDPR compliant Anti-Spam plugin to prevent bot spam in the \u003Cstrong>Default Commenting System\u003C\u002Fstrong> of WordPress.\u003C\u002Fp>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please clear page cache after plugin activation.\u003C\u002Fli>\n\u003Cli>Only for default commenting system. Not for AMP.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Captcha-Free solution.\u003C\u002Fli>\n\u003Cli>Requires no settings.\u003C\u002Fli>\n\u003Cli>Automatic. No need of false-positive comment moderation.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003Cli>Fastest ever. A tiny inline JavaScript in just ~200 bytes does all magic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>To prevent spam comments plugin blocks the default action path (wp-comments-post.php) for bots and make it accessible over unique hash query string when a visitor scroll to leave a comment. This way it prevents automated spam comment done by bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demonstration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuwIfk08GSwk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nWatch on \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=uwIfk08GSwk\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Let’s support each other 🙏\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please Upvote Forget Spam Comment plugin at \u003Ca href=\"https:\u002F\u002Fwww.producthunt.com\u002Fproducts\u002Fforget-spam-comment#forget-spam-comment\" rel=\"nofollow ugc\">Product Hunt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>You can \u003Ca href=\"https:\u002F\u002Fwww.gulshankumar.net\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa> to report any issues. I’d be happy to assist.\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to stop spam comments in the default commenting system of WordPress",9000,76061,46,"2025-06-07T14:20:00.000Z","4.5","5.6",[18,21,55,22,56],"gdpr","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforget-spam-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforget-spam-comment.1.1.9.zip","2026-04-16T10:56:18.058Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":25,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":15,"requires_php":16,"tags":73,"homepage":76,"download_link":77,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"botblocker-security","BotBlocker Security – Firewall & Bot Protection","1.6.17","Yevhen Leonidov","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobusstudio\u002F","\u003Ch4>WordPress Security Plugin & Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Every day, automated bots and hackers bombard websites with attacks.\u003C\u002Fstrong> Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24\u002F7 threat to your business. If you’re looking for \u003Cstrong>WordPress site protection\u003C\u002Fstrong>, you need a proactive defense that stops these attacks before they reach your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker Security is the all-in-one solution to keep your site safe from automated threats.\u003C\u002Fstrong> This powerful \u003Cstrong>WordPress security plugin and Web Application Firewall (WAF)\u003C\u002Fstrong> acts as a dedicated \u003Cstrong>anti-bot\u003C\u002Fstrong> firewall, blocking malicious traffic at the front gate without slowing down your site.\u003C\u002Fp>\n\u003Cp>BotBlocker’s setup and onboarding experience allows anyone to secure their \u003Cstrong>WordPress site\u003C\u002Fstrong> in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right \u003Cstrong>site protection\u003C\u002Fstrong> settings to protect your website.\u003C\u002Fp>\n\u003Ch4>🔥 WordPress Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>BotBlocker Security includes an endpoint \u003Cstrong>firewall\u002FWAF\u003C\u002Fstrong> that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker intercepts bad traffic at the earliest stage\u003C\u002Fstrong> – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Firewall Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time firewall rule updates via the BotBlocker Threat Defense Feed\u003C\u002Fli>\n\u003Cli>Real-time IP Blocklist blocks all requests from the most malicious IPs\u003C\u002Fli>\n\u003Cli>Early-init protection – blocks threats before WordPress loads\u003C\u002Fli>\n\u003Cli>Cloud-based threat intelligence – cross-checks every visitor against global threat databases\u003C\u002Fli>\n\u003Cli>No visitor data collected – only technical request parameters analyzed (GDPR\u002FCCPA-compliant)\u003C\u002Fli>\n\u003Cli>Brute force protection with login attempt limits and multi-layer verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📡 WordPress Security Scanner & Site Protection\u003C\u002Fh4>\n\u003Cp>Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive \u003Cstrong>site protection\u003C\u002Fstrong> across all entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>XML-RPC and API Protection\u003C\u002Fstrong> – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Prevention\u003C\u002Fstrong> – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Access Protection\u003C\u002Fstrong> – theme and plugin files securely protected from unauthorized access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Analysis\u003C\u002Fstrong> – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network & Protocol Control\u003C\u002Fstrong> – block obsolete HTTP\u002F1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Login Security & 2FA\u003C\u002Fh4>\n\u003Cp>All login attempts pass through multi-layer filtering and CAPTCHA verification:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication Support\u003C\u002Fstrong> – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-layer CAPTCHA Protection\u003C\u002Fstrong> – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2\u002Fv3, and more. Any internal CAPTCHA can be combined with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> – configurable login attempt limits. Failed attempts trigger temporary bans, with escalating penalties for repeated failures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Anti-bot Challenges\u003C\u002Fstrong> – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Ban System\u003C\u002Fstrong> – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access Simplification\u003C\u002Fstrong> – special mechanism to ease site administrator login while maintaining security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Control\u003C\u002Fstrong> – options including complete disabling\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠️ Security Tools\u003C\u002Fh4>\n\u003Cp>Comprehensive tools to block attackers and monitor your site in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Blocking Rules\u003C\u002Fstrong> – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-PTR-Host Mismatch Detection\u003C\u002Fstrong> – automatically detect and block fake crawlers (e.g., fake Googlebots)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist & Whitelist Management\u003C\u002Fstrong> – instantly allow or block any IP, ASN, range, or User-Agent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic Monitoring\u003C\u002Fstrong> – see all traffic in real-time: robots, humans, 404 errors, logins\u002Flogouts, file requests, and content consumption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server IP Identification\u003C\u002Fstrong> – prevent lockouts by automatically identifying and protecting server IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual Dashboard\u003C\u002Fstrong> – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs\u002Fcountries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Security Log\u003C\u002Fstrong> – every event logged with IP address, user agent, country, and blocking reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚡ Performance & Integration\u003C\u002Fh4>\n\u003Cp>BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – negligible overhead in normal conditions. Reduces database and server load during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Caching\u003C\u002Fstrong> – Redis and Memcached support for high-traffic environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Plugin Compatibility\u003C\u002Fstrong> – automatic \u003Ccode>DONOTCACHEPAGE\u003C\u002Fcode> + \u003Ccode>Cache-Control: no-store\u003C\u002Fcode> on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see \u003Ccode>docs\u002FCACHE-COMPATIBILITY.md\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Protection Compatibility\u003C\u002Fstrong> – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See \u003Ccode>docs\u002FDDOS-COMPATIBILITY.md\u003C\u002Fcode> for advanced configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Compatibility\u003C\u002Fstrong> – works with Cloudflare, CDN services, caching plugins, and optimizers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full IPv6 Support\u003C\u002Fstrong> – all security functions work with both IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Optimization\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem> – additional performance enhancements for high-traffic sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👤 Easy Setup & User-Friendly Interface\u003C\u002Fh4>\n\u003Cp>You don’t have to be a security expert to use BotBlocker:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Installation Wizard\u003C\u002Fstrong> – step-by-step setup guide for configuration in under 1 minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive Admin Panel\u003C\u002Fstrong> – organized settings with clear descriptions and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual\u003C\u002Fstrong> – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – built following WordPress best practices, tested with recent WP versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adjustable Logging\u003C\u002Fstrong> – configurable retention periods with time zone awareness and daylight saving support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security first – BotBlocker’s on guard!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>🔥 PRO Version\u003C\u002Fh4>\n\u003Cp>Upgrade to PRO for enhanced protection and performance features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time cloud threat intelligence checks against global databases\u003C\u002Fli>\n\u003Cli>Zero-day threat detection – behavioral analysis and heuristic rules catch unknown attack patterns before signatures are available\u003C\u002Fli>\n\u003Cli>Hide login URL and protect against targeted attacks\u003C\u002Fli>\n\u003Cli>Security Headers – automatic HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and Content-Security-Policy (CSP) configuration\u003C\u002Fli>\n\u003Cli>Early-init (Before WordPress loads) filtering for maximum performance and security\u003C\u002Fli>\n\u003Cli>WordPress Acceleration – frontend optimization\u003C\u002Fli>\n\u003Cli>Speed optimization features for high-traffic sites\u003C\u002Fli>\n\u003Cli>Server optimization features for high-traffic sites\u003C\u002Fli>\n\u003Cli>Priority support and updates\u003C\u002Fli>\n\u003Cli>Access to premium add-ons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Detection & Analysis\u003C\u002Fh4>\n\u003Cp>BotBlocker employs advanced multi-layer detection to identify and block threats:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detection Mechanisms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local and cloud signature databases with real-time updates\u003C\u002Fli>\n\u003Cli>IP reputation and blacklist checks with global threat intelligence\u003C\u002Fli>\n\u003Cli>DNS-based and PTR lookups to detect fake crawlers\u003C\u002Fli>\n\u003Cli>Heuristic and behavioral analysis for suspicious patterns\u003C\u002Fli>\n\u003Cli>Browser fingerprint and feature mismatch detection\u003C\u002Fli>\n\u003Cli>Header and protocol validation\u003C\u002Fli>\n\u003Cli>JavaScript challenge and capability verification\u003C\u002Fli>\n\u003Cli>Multi-layered CAPTCHA verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Comprehensive Request Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network & IP:\u003C\u002Fstrong> Full IPv4\u002FIPv6 support, blacklist\u002Fwhitelist, country\u002FGeoIP, ASN, hosting\u002FVPN detection, TOR detection, PTR\u002FDNSBL checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser & Client:\u003C\u002Fstrong> User-Agent validation, browser\u002FOS\u002Fdevice detection, fingerprint analysis, headless browser detection, JavaScript\u002Fcookie support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headers & Protocol:\u003C\u002Fstrong> Accept-Language, Referer validation, HTTP version control, Cloudflare\u002Fproxy detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Fingerprinting:\u003C\u002Fstrong> Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CAPTCHA Modes\u003C\u002Fh4>\n\u003Cp>Choose from various CAPTCHA types to protect your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Button\u003C\u002Fstrong> – one-click verification for quick validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong> – standard image\u002Fcheckbox challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> – invisible background scoring\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Color CAPTCHA\u003C\u002Fstrong> – select colored buttons challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Digits CAPTCHA\u003C\u002Fstrong> – floating math challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Images CAPTCHA\u003C\u002Fstrong> – animal image selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Shapes CAPTCHA\u003C\u002Fstrong> – floating shapes challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Hold Button\u003C\u002Fstrong> – press and hold to verify, no images or math required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Silent Auto-Verify\u003C\u002Fstrong> – no CAPTCHA shown. Real users pass automatically via JS fingerprint checks; bots see “Access denied”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid Mode\u003C\u002Fstrong> – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Capabilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Early-init & MU plugin support\u003C\u002Fli>\n\u003Cli>Real-time cloud threat checks\u003C\u002Fli>\n\u003Cli>Dynamic and graphical anti-bot challenges\u003C\u002Fli>\n\u003Cli>Automatic logging with adjustable retention\u003C\u002Fli>\n\u003Cli>Session tracking and verification\u003C\u002Fli>\n\u003Cli>No visitor data collected – GDPR\u002FCCPA-compliant (see FAQ for admin notification details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BotBlocker Security does \u003Cstrong>not\u003C\u002Fstrong> collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.\u003C\u002Fp>\n\u003Ch3>Support and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product site: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Documentation: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact\u002Fsupport: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.\u003C\u002Fp>\n\u003Ch3>Credits & Authors\u003C\u002Fh3>\n\u003Cp>BotBlocker Security is developed and maintained by GLOBUS.studio.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Concept, architecture & code – Yevhen Leonidov: \u003Ca href=\"https:\u002F\u002Fleonidov.dev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fleonidov.dev\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Code, code review – Andrii Lukashevych\u003C\u002Fli>\n\u003Cli>Code, translations – Aleksandr Kinakh\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>BotBlocker Security – The first line of defense for your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.",2000,5346,7,"2026-04-12T09:26:00.000Z","6.9.4",[18,74,75,21,22],"brute-force","captcha","https:\u002F\u002Fbotblocker.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotblocker-security.1.6.17.zip",{"slug":79,"name":80,"version":53,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":70,"last_updated":88,"tested_up_to":14,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":23,"download_link":94,"security_score":95,"vuln_count":96,"unpatched_count":11,"last_vuln_date":97,"fetched_at":59},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",200,14039,78,"2025-06-15T19:08:00.000Z","4.6","7.2",[18,21,92,93,22],"login-attempts","protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip",92,5,"2024-12-05 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":36,"downloaded":106,"rating":11,"num_ratings":11,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":90,"tags":110,"homepage":112,"download_link":113,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"botfaqtor-code","Botfaqtor Code","1.0.1","botfaqtor","https:\u002F\u002Fprofiles.wordpress.org\u002Fbotfaqtor\u002F","\u003Cp>Плагин позволяет легко интегрировать защиту от ботов на ваш WordPress сайт. Всё, что вам нужно сделать – это зарегистрироваться на сайте \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\" rel=\"nofollow ugc\">botfaqtor.ru\u003C\u002Fa>, получить ваш уникальный идентификатор и ввести его в настройках плагина.\u003C\u002Fp>\n\u003Ch3>Преимущества использования Botfaqtor:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Защита от спам-ботов и вредоносных ботов\u003C\u002Fli>\n\u003Cli>Простая установка и настройка\u003C\u002Fli>\n\u003Cli>Минимальное влияние на производительность сайта\u003C\u002Fli>\n\u003Cli>Отсутствие необходимости в дополнительных настройках\u003C\u002Fli>\n\u003Cli>Эффективное определение и блокировка автоматизированного трафика\u003C\u002Fli>\n\u003Cli>Защита от скликивания рекламы и накрутки показателей\u003C\u002Fli>\n\u003Cli>Снижение нагрузки на сервер от ботов\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Плагин добавляет специальный скрипт в head-секцию вашего сайта, который отслеживает и анализирует поведение посетителей, идентифицируя ботов и защищая ваш сайт от них.\u003C\u002Fp>\n\u003Ch3>Внешние запросы\u003C\u002Fh3>\n\u003Cp>Плагин отправляет данные о посетителях сайта в сервис Botfaqtor для анализа и выявления ботов. Это происходит только после активации плагина и ввода действительного идентификатора Botfaqtor.\u003C\u002Fp>\n\u003Cp>Сервис предоставляется компанией Botfaqtor:\u003Cbr \u002F>\n* Условия использования: \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\u002Fterms-of-service\" rel=\"nofollow ugc\">https:\u002F\u002Fbotfaqtor.ru\u002Fterms-of-service\u003C\u002Fa>\u003Cbr \u002F>\n* Политика конфиденциальности: \u003Ca href=\"https:\u002F\u002Fbotfaqtor.ru\u002Fprivacy-policy\" rel=\"nofollow ugc\">https:\u002F\u002Fbotfaqtor.ru\u002Fprivacy-policy\u003C\u002Fa>\u003C\u002Fp>\n","Интеграция сервиса Botfaqtor для защиты сайта от ботов.",540,"2025-04-23T10:59:00.000Z","6.7.5","5.2",[18,111,19,93,22],"bot-detection","https:\u002F\u002Fbotfaqtor.ru\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfaqtor-code.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":25,"num_ratings":124,"last_updated":125,"tested_up_to":14,"requires_at_least":15,"requires_php":23,"tags":126,"homepage":23,"download_link":129,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":130},"botfirewall","BotFirewall | Stop Spam Bots & Secure Login","2.3.5","SafeWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fhallemmit3\u002F","\u003Cp>\u003Cstrong>BotFirewall\u003C\u002Fstrong> is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks. Using advanced JavaScript verification and encrypted cookies, BotFirewall ensures robust security without disrupting the experience of real users.\u003C\u002Fp>\n\u003Ch3>Why Do You Need BotFirewall?\u003C\u002Fh3>\n\u003Cp>In today’s internet landscape, bots make up a significant portion of web traffic, and many of them are malicious. They can attack your site, send spam, scrape content, or attempt to hack login pages like \u003Ccode>wp-login.php\u003C\u002Fcode>. BotFirewall addresses these threats by providing \u003Cstrong>smart and flexible protection\u003C\u002Fstrong> that:\u003Cbr \u002F>\n– \u003Cstrong>Blocks bots\u003C\u002Fstrong> with seamless JavaScript verification that most bots cannot pass.\u003Cbr \u002F>\n– \u003Cstrong>Secures key pages\u003C\u002Fstrong> like \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access.\u003Cbr \u002F>\n– \u003Cstrong>Uses encrypted cookies\u003C\u002Fstrong> to ensure only verified users gain access.\u003Cbr \u002F>\n– \u003Cstrong>Offers customizable settings\u003C\u002Fstrong> through an intuitive interface in the WordPress admin panel.\u003C\u002Fp>\n\u003Ch3>Key Features of BotFirewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: Ensures visitors can execute JavaScript, effectively filtering out most bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted Cookies\u003C\u002Fstrong>: Cookies are tied to IP and User-Agent for enhanced security against spoofing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Page Protection\u003C\u002Fstrong>: Enable or disable protection for \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> pages via settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist and Blacklist\u003C\u002Fstrong>: Configure lists of allowed bots (e.g., Googlebot) and IPs, and block known malicious IPs, including subnet support (e.g., 192.168.0.0\u002F24).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude URLs\u003C\u002Fstrong>: Specify URLs to bypass bot protection entirely (e.g., for APIs or specific pages).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Statistics\u003C\u002Fstrong>: Monitor bot activity with detailed stats – filter by time periods (Last 24 hours, Last Week, Last Month).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Logging\u003C\u002Fstrong>: Logs blocks and successful verifications with URL details, keeping data for the last 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowed Bots Tab\u003C\u002Fstrong>: Easily select known bots to allow without verification, with quick filters for bot types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Activity\u003C\u002Fstrong>: View the latest 10 logged sessions with details like IP, URL, and status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>: Optimized for minimal impact on site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all data, including logs and settings, upon deactivation and deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Page\u003C\u002Fstrong>: Tailor the text (title, description, countdown), CSS styling, and logo of the verification page to match your site’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Support\u003C\u002Fstrong>: Get assistance directly through Live Chat in the Support tab for quick resolution of issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How Does BotFirewall Work?\u003C\u002Fh3>\n\u003Cp>BotFirewall employs a multi-layered protection system:\u003Cbr \u002F>\n1. \u003Cstrong>Cookie Check\u003C\u002Fstrong>: If a visitor has a valid cookie, they bypass additional checks.\u003Cbr \u002F>\n2. \u003Cstrong>Whitelist\u003C\u002Fstrong>: Known “good” bots (e.g., search engine crawlers) are automatically allowed.\u003Cbr \u002F>\n3. \u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: If no cookie is present, the visitor is redirected to a verification page where they must execute a JavaScript request. Bots unable to run JavaScript are blocked.\u003Cbr \u002F>\n4. \u003Cstrong>Login Page Protection\u003C\u002Fstrong>: Optionally protect \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> to prevent brute-force attacks.\u003Cbr \u002F>\n5. \u003Cstrong>Post-Verification Redirect\u003C\u002Fstrong>: After successful verification, the user is redirected to their original page, and a cookie is set for future visits.\u003C\u002Fp>\n\u003Ch3>Why BotFirewall is a Must-Have for Your Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Spam and DDoS Protection\u003C\u002Fstrong>: Effectively blocks bots that attempt to spam or overload your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Security\u003C\u002Fstrong>: Safeguards \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access and brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexibility\u003C\u002Fstrong>: Customize protection with whitelists, blacklists, cookie lifetime settings, and verification page styling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparency\u003C\u002Fstrong>: Detailed statistics and logs let you monitor bot activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ease of Use\u003C\u002Fstrong>: A user-friendly interface in the WordPress admin panel makes configuration a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Look\u003C\u002Fstrong>: Customize the verification page with your own text, styles, logo, and a modern font (Roboto) for a polished appearance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable Support\u003C\u002Fstrong>: Access our support team via Live Chat for help with any technical or security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BotFirewall is an \u003Cstrong>essential tool\u003C\u002Fstrong> for WordPress site owners who want to protect their content, users, and server from malicious bots. Install BotFirewall today and secure your site with confidence!\u003C\u002Fp>\n","BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks.",20,738,2,"2025-06-05T14:29:00.000Z",[127,19,21,128,22],"anti-bot","login-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfirewall.2.3.5.zip","2026-03-15T15:16:48.613Z",{"attackSurface":132,"codeSignals":164,"taintFlows":172,"riskAssessment":200,"analyzedAt":206},{"hooks":133,"ajaxHandlers":154,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":163,"unprotectedCount":163},[134,139,143,146,149],{"type":135,"name":136,"callback":136,"file":137,"line":138},"action","init","bunkr-solution.php",25,{"type":135,"name":140,"callback":141,"file":137,"line":142},"admin_menu","add_admin_menu",26,{"type":135,"name":144,"callback":144,"file":137,"line":145},"admin_init",27,{"type":135,"name":147,"callback":147,"file":137,"line":148},"admin_enqueue_scripts",28,{"type":135,"name":150,"callback":151,"priority":152,"file":137,"line":153},"wp_footer","output_script",99,161,[155],{"action":156,"nopriv":157,"callback":158,"hasNonce":157,"hasCapCheck":157,"file":137,"line":159},"Bunkr_test",false,"closure",455,[],[],[],1,{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":11,"externalRequests":124,"nonceChecks":124,"capabilityChecks":163,"bundledLibraries":171},[],{"prepared":11,"raw":11,"locations":167},[],{"escaped":169,"rawEcho":11,"locations":170},47,[],[],[173,192],{"entryPoint":174,"graph":175,"unsanitizedCount":11,"severity":191},"admin_page (bunkr-solution.php:394)",{"nodes":176,"edges":188},[177,182],{"id":178,"type":179,"label":180,"file":137,"line":181},"n0","source","$_POST",402,{"id":183,"type":184,"label":185,"file":137,"line":186,"wp_function":187},"n1","sink","echo() [XSS]",427,"echo",[189],{"from":178,"to":183,"sanitized":190},true,"low",{"entryPoint":193,"graph":194,"unsanitizedCount":11,"severity":191},"\u003Cbunkr-solution> (bunkr-solution.php:0)",{"nodes":195,"edges":198},[196,197],{"id":178,"type":179,"label":180,"file":137,"line":181},{"id":183,"type":184,"label":185,"file":137,"line":186,"wp_function":187},[199],{"from":178,"to":183,"sanitized":190},{"summary":201,"deductions":202},"The \"bunkr-solution\" v1.0.0 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices, with all SQL queries using prepared statements and all output being properly escaped.  The absence of dangerous functions, file operations, and known vulnerabilities in its history are positive indicators. The plugin also correctly implements nonce checks and capability checks for some of its functionalities.\n\nHowever, a significant concern arises from the presence of one unprotected AJAX handler. This represents a direct entry point into the plugin's functionality that is not protected by authentication or authorization checks, potentially allowing unauthorized users to trigger specific actions. While taint analysis found no unsanitized paths and the vulnerability history is clean, the unprotected AJAX handler remains a notable security risk that could be exploited if the functionality it exposes is sensitive or can be used for malicious purposes. The two external HTTP requests should also be monitored for potential vulnerabilities in the external services they connect to.\n\nIn conclusion, \"bunkr-solution\" v1.0.0 has several strengths, particularly in its handling of database queries and output escaping, and its clean vulnerability history. Nevertheless, the unprotected AJAX handler is a critical weakness that significantly lowers its overall security score and warrants immediate attention. Addressing this single unprotected entry point would greatly improve the plugin's security.",[203],{"reason":204,"points":205},"Unprotected AJAX handler",10,"2026-03-17T06:37:26.413Z",{"wat":208,"direct":217},{"assetPaths":209,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[210,211],"\u002Fwp-content\u002Fplugins\u002Fbunkr-solution\u002Fadmin\u002Fjs\u002Fbunkr-admin.js","\u002Fwp-content\u002Fplugins\u002Fbunkr-solution\u002Fadmin\u002Fcss\u002Fbunkr-admin.css",[],[210],[215,216],"bunkr-solution\u002Fadmin\u002Fjs\u002Fbunkr-admin.js?ver=","bunkr-solution\u002Fadmin\u002Fcss\u002Fbunkr-admin.css?ver=",{"cssClasses":218,"htmlComments":220,"htmlAttributes":221,"restEndpoints":222,"jsGlobals":223,"shortcodeOutput":225},[219],"bunkr-solution-settings",[],[],[],[224],"ssflt_eae6b7469f9df734e6279f20a2",[],{"error":190,"url":227,"statusCode":228,"statusMessage":229,"message":229},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbunkr-solution\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":231,"versions":232},3,[233,239,245],{"version":234,"download_url":24,"svn_tag_url":235,"released_at":26,"has_diff":157,"diff_files_changed":236,"diff_lines":26,"trac_diff_url":237,"vulnerabilities":238,"is_current":157},"1.0.2","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbunkr-solution\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbunkr-solution%2Ftags%2F1.0.1&new_path=%2Fbunkr-solution%2Ftags%2F1.0.2",[],{"version":101,"download_url":240,"svn_tag_url":241,"released_at":26,"has_diff":157,"diff_files_changed":242,"diff_lines":26,"trac_diff_url":243,"vulnerabilities":244,"is_current":157},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbunkr-solution.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbunkr-solution\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbunkr-solution%2Ftags%2F1.0.0&new_path=%2Fbunkr-solution%2Ftags%2F1.0.1",[],{"version":6,"download_url":246,"svn_tag_url":247,"released_at":26,"has_diff":157,"diff_files_changed":248,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":249,"is_current":190},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbunkr-solution.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbunkr-solution\u002Ftags\u002F1.0.0\u002F",[],[]]