[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjqSSNxEkUTtLa81zua_TIOWGpGFAflh9zqxq8pY6BuY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":334},"cellarweb-privacy-and-security-options","CellarWeb Privacy and Security Options","4.17","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Secure your WP site with common security settings that you can selectively enable. Includes several security and anti-hacking features, plus some customization of your login screen. Disables certain functions\u002Fprocesses that are potential security issues. Can block some comment spam (although our Block Comment Spam plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-comment-spam-bots\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-comment-spam-bots\u002F\u003C\u002Fa> is more effective). Can ncrease memory allocations. Shows your current htaccess file contents with suggestions for improvements, so you can monitor any changes.\u003C\u002Fp>\n\u003Cp>NEW FEATURES:\u003Cbr \u002F>\n – Optionally adds directives to the WordPress virtual robots.txt file to block site scanning by AI bots. This blocks the use of your site content by those AI agents, such as ChatGPT, OpenAI, Bard, and others. It does not affect search engine scanning or any SEO, nor does it affect the user experience of your site.\u003Cbr \u002F>\n– Now shows any hidden plugins (which might be malicious), plus lists all plugins with versions and status (active, inactive).\u003C\u002Fp>\n\u003Cp>We use this on all of our managed WordPress sites, as a convenient way to secure the sites without using a bunch of different plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin can be downloaded for free without any paid subscription from the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcellarweb-privacy-and-security-options\u002F\" rel=\"ugc\">official WordPress repository\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>BEGIN – Added by ChatBot Blocker by CellarWeb plugin (Version 1.03)\u003C\u002Fh3>\n\u003Cpre>\u003Ccode> # Blocks ChatGPT bot scanning\n User-agent: GPTBot\n Disallow: \u002F\n # Blocks Bard bot scanning\n User-agent: Bard\n Disallow: \u002F\n # Blocks Bing bot scanning\n User-agent: bingbot-chat\u002F2.0\n Disallow: \u002F\n # Blocks Common Crawl bot scanning\n User-agent: CCBot\n Disallow: \u002F\n # Blocks omgili bot scanning\n User-agent: Omgili\n Disallow: \u002F\n # Blocks omgilibot bot scanning\n User-agent: Omgili Bot\n Disallow: \u002F\n # Blocks Diffbot bot scanning\n User-agent: Diffbot\n Disallow: \u002F\n # Blocks MJ12bot bot scanning\n User-agent: MJ12bot\n Disallow: \u002F\n # Blocks anthropic-ai bot scanning\n User-agent: anthropic-ai\n Disallow: \u002F\n # Blocks ClaudeBot bot scanning\n User-agent: ClaudeBot\n Disallow: \u002F\n # Blocks FacebookBot bot scanning\n User-agent: FacebookBot\n Disallow: \u002F\n # Blocks Google-Extended bot scanning\n User-agent: Google-Extended\n Disallow: \u002F\n # Blocks SentiBot bot scanning\n User-agent: SentiBot\n Disallow: \u002F\n # Blocks sentibot bot scanning\n User-agent: sentibot\n Disallow: \u002F\u003Ch3>END - Added by ChatBot Blocker by CellarWeb plugin (Version 1.03)\u003C\u002Fh3>\n`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See additional chatbot agents added in the changelog below.\u003C\u002Fp>\n\u003Ch4>htaccess Security Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Shows the current htaccess file for review. (Hackers like to change it, so it’s good to take a peek at it now and again.)\u003C\u002Fli>\n\u003Cli>Some suggestions for additional htaccess commands are shown.\u003C\u002Fli>\n\u003Cli>No changes are made to the htaccess file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Wow! That’s a lot of settings!\u003C\u002Fh4>\n\u003Cp>Yep. But they are ones that we commonly use in all of our managed WP sites, so putting them into one plugin was easier than doing it manually on every site.\u003C\u002Fp>\n\u003Ch4>What if I want an additional setting?\u003C\u002Fh4>\n\u003Cp>Just add a message in the plugin’s support area. We’ll consider it.\u003C\u002Fp>\n\u003Ch4>Do you have other security-related plugins?\u003C\u002Fh4>\n\u003Cp>Yep! One of our favorites will block all comment spam – and another that blocks bots from contact forms. It’s very effective. We put it on one site that was getting a lot of comment spam, and now there is none. Not one. And we don’t get any contact form spam on sites that use the technique.\u003C\u002Fp>\n\u003Cp>It’s called “Block Comment Spam Bots”, and can be found in the WP plugin repository. And there’s a link to it (and other plugins we’ve done) on this plugin’s Settings\u002FInformation page. The Contact Form bot-blocker is called “FormSpammerTrap”, and is available at \u003Ca href=\"https:\u002F\u002Fwww.FormSpammerTrap.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.FormSpammerTrap.com\u003C\u002Fa> .\u003C\u002Fp>\n\u003Cp>Check out all our plugins at \u003Ca href=\"https:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F\u003C\u002Fa> .\u003C\u002Fp>\n","Security and privacy settings for your site, all in one place.",20,2857,0,"2024-08-30T20:28:00.000Z","6.6.5","4.9.6","7.2",[19],"site-security-privacy-safety-hardening","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcellarweb-privacy-and-security-options.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T16:50:35.472Z",[],{"attackSurface":36,"codeSignals":186,"taintFlows":293,"riskAssessment":320,"analyzedAt":333},{"hooks":37,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":184,"entryPointCount":185,"unprotectedCount":13},[38,44,49,52,55,59,62,67,72,76,80,84,89,92,94,98,102,107,111,115,119,123,127,130,133,137,141,145,148,151,155,158,160,162,165,169,173],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_init","CWPS_disable_plugin","cellarweb-privacy-and-security.php",53,{"type":39,"name":45,"callback":46,"priority":47,"file":42,"line":48},"admin_notices","CWPS_show_notice_disabled_plugin",10,54,{"type":39,"name":50,"callback":41,"file":42,"line":51},"network_admin_init",55,{"type":39,"name":53,"callback":46,"priority":47,"file":42,"line":54},"network_admin_notices",56,{"type":39,"name":56,"callback":57,"file":42,"line":58},"admin_menu","CWPS_add_admin_menu",135,{"type":39,"name":40,"callback":60,"file":42,"line":61},"CWPS_settings_init",136,{"type":63,"name":64,"callback":65,"file":42,"line":66},"filter","admin_footer_text","CWPS_remove_footer_admin",165,{"type":63,"name":68,"callback":69,"priority":70,"file":42,"line":71},"robots_txt","CWPS_robots_option_content",99,514,{"type":39,"name":73,"callback":74,"file":42,"line":75},"wp_enqueue_scripts","CWPS_load_css",716,{"type":39,"name":77,"callback":78,"file":42,"line":79},"login_enqueue_scripts","CWPS_custom_login_logo",748,{"type":39,"name":81,"callback":82,"file":42,"line":83},"login_footer","closure",757,{"type":63,"name":85,"callback":86,"priority":87,"file":42,"line":88},"xmlrpc_enabled","__return_false",999,775,{"type":39,"name":45,"callback":90,"priority":47,"file":42,"line":91},"CWPS_warning_notice_no_favicon",785,{"type":39,"name":77,"callback":78,"file":42,"line":93},794,{"type":63,"name":95,"callback":96,"file":42,"line":97},"admin_email_check_interval","CWPS_return_false",796,{"type":39,"name":99,"callback":100,"file":42,"line":101},"init","CWPS_check_user_admin_exist",805,{"type":39,"name":103,"callback":104,"priority":105,"file":42,"line":106},"admin_bar_menu","CWPS_change_howdy",11,812,{"type":39,"name":108,"callback":109,"file":42,"line":110},"wp_before_admin_bar_render","CWPS_remove_wp_logo",815,{"type":39,"name":112,"callback":113,"file":42,"line":114},"wp_footer","CWPS_add_copyright_footer",818,{"type":63,"name":116,"callback":117,"file":42,"line":118},"widget_text","do_shortcode",824,{"type":39,"name":120,"callback":121,"file":42,"line":122},"wp_head","CWPS_blog_favicon",827,{"type":39,"name":124,"callback":125,"priority":105,"file":42,"line":126},"added_option","CWPS_disable_error_reporting",837,{"type":39,"name":124,"callback":128,"priority":105,"file":42,"line":129},"CWPS_disable_error_cancel",839,{"type":63,"name":131,"callback":82,"file":42,"line":132},"login_errors",850,{"type":63,"name":134,"callback":135,"priority":47,"file":42,"line":136},"wp_nav_menu_items","CWPS_login_menu_item",869,{"type":39,"name":138,"callback":139,"file":42,"line":140},"wp_logout","CWPS_after_logout",874,{"type":63,"name":142,"callback":143,"file":42,"line":144},"login_redirect","CWPS_login_to_home_page",875,{"type":63,"name":68,"callback":146,"priority":70,"file":42,"line":147},"CWPS_robots_build_content",881,{"type":39,"name":45,"callback":149,"priority":47,"file":42,"line":150},"CWPS_user_admin_notice",907,{"type":63,"name":152,"callback":153,"file":42,"line":154},"wpcf7_form_tag","CWPS_cf7_add_referer",968,{"type":39,"name":45,"callback":156,"priority":47,"file":42,"line":157},"CWPS_no_error_file_added",1042,{"type":39,"name":45,"callback":159,"priority":47,"file":42,"line":157},"CWPS_no_error_file_failed",{"type":39,"name":45,"callback":159,"priority":47,"file":42,"line":161},1043,{"type":39,"name":45,"callback":163,"priority":47,"file":42,"line":164},"CWPS_no_error_file_removed",1052,{"type":39,"name":166,"callback":167,"file":42,"line":168},"template_redirect","CWPS_redirect_if_author_query",1130,{"type":63,"name":170,"callback":171,"priority":31,"file":42,"line":172},"authenticate","CWPS_check_attempted_login",1280,{"type":39,"name":174,"callback":175,"priority":47,"file":42,"line":176},"wp_login_failed","CWPS_login_failed",1300,[],[],[180],{"tag":181,"callback":182,"file":42,"line":183},"current_year","CWPS_current_year",821,[],1,{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":190,"fileOperations":185,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":292},[],{"prepared":13,"raw":13,"locations":189},[],{"escaped":191,"rawEcho":54,"locations":192},8,[193,196,198,200,202,204,206,208,210,212,214,216,217,219,220,222,223,225,226,228,229,231,232,233,235,236,238,239,241,242,244,245,247,248,250,251,253,255,257,259,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290],{"file":42,"line":194,"context":195},122,"raw output",{"file":42,"line":197,"context":195},446,{"file":42,"line":199,"context":195},448,{"file":42,"line":201,"context":195},450,{"file":42,"line":203,"context":195},452,{"file":42,"line":205,"context":195},454,{"file":42,"line":207,"context":195},456,{"file":42,"line":209,"context":195},458,{"file":42,"line":211,"context":195},460,{"file":42,"line":213,"context":195},464,{"file":42,"line":215,"context":195},470,{"file":42,"line":215,"context":195},{"file":42,"line":218,"context":195},472,{"file":42,"line":218,"context":195},{"file":42,"line":221,"context":195},474,{"file":42,"line":221,"context":195},{"file":42,"line":224,"context":195},476,{"file":42,"line":224,"context":195},{"file":42,"line":227,"context":195},479,{"file":42,"line":227,"context":195},{"file":42,"line":230,"context":195},481,{"file":42,"line":230,"context":195},{"file":42,"line":230,"context":195},{"file":42,"line":234,"context":195},484,{"file":42,"line":234,"context":195},{"file":42,"line":237,"context":195},487,{"file":42,"line":237,"context":195},{"file":42,"line":240,"context":195},489,{"file":42,"line":240,"context":195},{"file":42,"line":243,"context":195},491,{"file":42,"line":243,"context":195},{"file":42,"line":246,"context":195},493,{"file":42,"line":246,"context":195},{"file":42,"line":249,"context":195},495,{"file":42,"line":249,"context":195},{"file":42,"line":252,"context":195},499,{"file":42,"line":254,"context":195},501,{"file":42,"line":256,"context":195},504,{"file":42,"line":258,"context":195},509,{"file":42,"line":258,"context":195},{"file":42,"line":261,"context":195},520,{"file":42,"line":263,"context":195},531,{"file":42,"line":265,"context":195},547,{"file":42,"line":267,"context":195},675,{"file":42,"line":269,"context":195},733,{"file":42,"line":271,"context":195},734,{"file":42,"line":273,"context":195},897,{"file":42,"line":275,"context":195},982,{"file":42,"line":277,"context":195},985,{"file":42,"line":279,"context":195},1101,{"file":42,"line":281,"context":195},1177,{"file":42,"line":283,"context":195},1201,{"file":42,"line":285,"context":195},1254,{"file":42,"line":287,"context":195},1420,{"file":42,"line":289,"context":195},1422,{"file":42,"line":291,"context":195},1430,[],[294,311],{"entryPoint":295,"graph":296,"unsanitizedCount":185,"severity":310},"CWPS_render_fields (cellarweb-privacy-and-security.php:440)",{"nodes":297,"edges":307},[298,302],{"id":299,"type":300,"label":301,"file":42,"line":265},"n0","source","$_SERVER['HTTP_HOST']",{"id":303,"type":304,"label":305,"file":42,"line":265,"wp_function":306},"n1","sink","echo() [XSS]","echo",[308],{"from":299,"to":303,"sanitized":309},false,"medium",{"entryPoint":312,"graph":313,"unsanitizedCount":185,"severity":319},"\u003Ccellarweb-privacy-and-security> (cellarweb-privacy-and-security.php:0)",{"nodes":314,"edges":317},[315,316],{"id":299,"type":300,"label":301,"file":42,"line":265},{"id":303,"type":304,"label":305,"file":42,"line":265,"wp_function":306},[318],{"from":299,"to":303,"sanitized":309},"low",{"summary":321,"deductions":322},"The static analysis of \"cellarweb-privacy-and-security-options\" v4.17 reveals a plugin with a very small attack surface, consisting of a single shortcode and no AJAX handlers or REST API routes. This is a positive indicator for security. The code also demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively. However, a significant concern arises from the output escaping, where only 13% of outputs are properly escaped, leaving a large portion vulnerable to Cross-Site Scripting (XSS) attacks. The taint analysis, while limited in scope (2 flows analyzed), did identify two flows with unsanitized paths, indicating potential for vulnerabilities, though no critical or high severity issues were flagged. The lack of vulnerability history is a strong positive sign, suggesting the plugin has been stable and secure over time. Despite the limited attack surface and strong SQL practices, the poor output escaping and unsanitized path flows present a notable risk, particularly for XSS vulnerabilities.",[323,326,328,331],{"reason":324,"points":325},"Poor output escaping",15,{"reason":327,"points":191},"Unsanitized paths in taint flows",{"reason":329,"points":330},"No capability checks",5,{"reason":332,"points":330},"No nonce checks","2026-03-16T23:01:49.315Z",{"wat":335,"direct":342},{"assetPaths":336,"generatorPatterns":338,"scriptPaths":339,"versionParams":340},[337],"\u002Fwp-content\u002Fplugins\u002Fcellarweb-privacy-and-security-options\u002Fcss\u002Fsettings.css",[],[],[341],"cellarweb-privacy-and-security-options\u002Fcss\u002Fsettings.css?ver=",{"cssClasses":343,"htmlComments":345,"htmlAttributes":348,"restEndpoints":352,"jsGlobals":354,"shortcodeOutput":359},[344],"CWPS_namespace",[346,347],"\u003C!-- Privacy and Security from CellarWeb.com -->","\u003C!-- Thank you for using CellarWeb.com Privacy and Security -->",[349,350,351],"data-cwps-nonce","data-cwps-nonce-check","data-cwps-opt-out-message",[353],"\u002Fwp-json\u002Fcwps\u002Fv1\u002Fblock-ai-chatbot",[355,356,357,358],"CWPS_AJAX_URL","CWPS_admin_ajax_url","CWPS_REST_URL","CWPS_nonce",[360],"[cwps_opt_out]"]