[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzAG1Ua-ybpVZXFsHWsGmZym98H0UW0DJoKCHivjiH4k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":135,"fingerprints":421},"cidram","CIDRAM","4.0.1","Maikuolan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaikuolan\u002F","\u003Cp>CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating from IP addresses regarded as being sources of undesirable traffic, including (but not limited to) traffic from non-human access endpoints, cloud services, spambots, scrapers, etc. It does this by calculating the possible CIDRs of the IP addresses supplied from inbound requests and then attempting to match these possible CIDRs against its signature files (these signature files contain lists of CIDRs of IP addresses regarded as being sources of undesirable traffic); If matches are found, the requests are blocked.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP >= 7.2.0\u003C\u002Fli>\n\u003Cli>PCRE\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Updating\u003C\u002Fh3>\n\u003Cp>Note: CIDRAM does not interact in any way with your database, and stores its own configuration settings, customisations, and related materials as flatfiles within its own directory. If you’ve not changed any of the default configuration settings and if you’re not using any customisations for this plugin, updating normally via the plugins dashboard, without need for any additional steps, should be sufficient and shouldn’t cause any problems. However, if you’ve modified the configuration settings for CIDRAM, or if you’ve made any customisations, I would recommend making backups of all of these prior to updating, due to that updating will overwrite all settings and customisations (after updating, you can then restore your customisations from your backups). Alternatively, if you update via the CIDRAM front-end updates page, all settings and customisations should be preserved.\u003C\u002Fp>\n","CIDRAM: A PHP-level CIDR\u002FIP-based firewall solution.",20,7357,100,12,"2026-01-19T16:26:00.000Z","6.9.4","4.8","7.2",[20,21,22,23,24],"anti-spam","cidr","firewall","security","waf","https:\u002F\u002Fcidram.github.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcidram.4.0.1.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"maikuolan",1,30,94,"2026-04-03T23:11:38.873Z",[38,57,79,99,119],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":48,"last_updated":49,"tested_up_to":16,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cloudsecure-wp-security","CloudSecure WP Security","1.4.5","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、管理者にメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、管理者にメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",100000,604268,2,"2026-03-13T05:42:00.000Z","5.3.15","7.1",[20,53,54,23,24],"brute-force","login-lock","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.5.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":16,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":27,"last_vuln_date":78,"fetched_at":29},"security-malware-firewall","Login Security, FireWall, Malware removal by CleanTalk","2.174","CleanTalk Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleantalk\u002F","\u003Cp>Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.\u003C\u002Fp>\n\u003Ch3>SECURITY PLUGIN BY CLEANTALK (SPBCT)\u003C\u002Fh3>\n\u003Cp>We focus on eliminating the most common security threats for WordPress. At the same time, we strive to ensure that \u003Cstrong>site performance remains unaffected\u003C\u002Fstrong>. To achieve this, each release goes through automated and expert-driven testing pipelines. We also verify performance using Google PageSpeed Insights and GTMetrix. Typically, we release a new version twice a month to keep features up to date and protection strong.\u003C\u002Fp>\n\u003Ch4>SECURITY FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts and rate limits for logins.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom wp-login URL (wp-login.php)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login Default Login Page\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable or Stop User Enumeration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute force protection for WordPress accounts and passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Protection for WordPress login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security FireWall by IP, Networks or Countries\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time traffic monitor (Visitors per pages, IPs, Countires and hits counts per page)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware scanner with auto-cure function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Daily auto malware scan\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities scanner among installed plugins and themes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security weekly reports to email\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notifications of login events to your website\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FREE TRIAL THEN $9 PER YEAR\u003C\u002Fh4>\n\u003Cp>CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security.\u003C\u002Fp>\n\u003Cp>We believe the most honest approach is when every user pays a small fee for using the service, rather than relying on a freemium model where some users subsidize others. The fee is as low as price of a good cup of coffee! So, the security plugin does not have a PRO version-it is completely free and works in combination with our premium Cloud security service at cleantalk.org. Every user has full access to all features of both the service and the plugin. Also, please take a note about \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fdetailed-plugin-guidelines\u002F#6-software-as-a-service-is-permitted\" rel=\"nofollow ugc\">WordPress.org policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>BRUTE FORCE PROTECTION\u003C\u002Fh3>\n\u003Cp>Our default anti–brute-force policy works as follows,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For any failed login attempt to the WordPress admin area, the plugin introduces a brief delay of a few seconds.\u003C\u002Fli>\n\u003Cli>The plugin reviews the security audit log every hour. If any IP address records 10 or more login attempts in that period, it will be blocked for 24 hours.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ALL BRUTE FORCE PROTECTION FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Maximum failed attemtps to login before ban (default is 5).\u003C\u002Fstrong> A failed attempt happens when either the login or password is incorrect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time frame to count login attempts (default is 15 minutes).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ban to login time frame from 2 minutes to 24 hours (default is 1 hour).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-factor authentication (2FA) with abillity to apply policy to specific users roles.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of login on password reset error.\u003C\u002Fstrong> The option exclude the info about the login existing on password change error. Error message will be replaced with followed text: “If the user with the specified credentials exists, check your email for the password reset confirmation link. Then visit login page.”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Audit Log.\u003C\u002Fstrong> Keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA).\u003C\u002Fstrong> It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change the URL of the wp-login page.\u003C\u002Fstrong> This option helps you change the default wp-login URL (wp-login.php). Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked password check.\u003C\u002Fstrong> This feature enhances your website’s security by continuously monitoring users’ passwords for potential exposure in known data breaches and on the dark web. It works in the background and requires no action from users unless a leak is detected.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SECURITY FIREWALL\u003C\u002Fh3>\n\u003Cp>To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP\u002FHTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.\u003C\u002Fp>\n\u003Cp>Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.\u003C\u002Fp>\n\u003Ch4>LIST OF FIREWALL FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blocks or bypass visitors by IP, IP Network. Country blocking.\u003C\u002Fstrong> It also has option to avoid blocking hits from major search engines like Google, Bing, Yahoo, Baidu, Yandex and etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Traffic control.\u003C\u002Fstrong> CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts.\u003C\u002Fstrong> Limit Login Attempts – is a part of brute-force protection and security firewall.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application FireWall (WAF) for WordPress Security Plugin\u003C\u002Fstrong>. The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known\u002Funknown vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include,\n\u003Cul>\n\u003Cli>SQL Injection,\u003C\u002Fli>\n\u003Cli>Cross Site Scripting (XSS),\u003C\u002Fli>\n\u003Cli>uploading files from non-authorised users,\u003C\u002Fli>\n\u003Cli>PHP constructions\u002Fcode,\u003C\u002Fli>\n\u003Cli>the presence of malicious code in the downloaded files.\u003Cbr \u002F>\nIn addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information.\u003C\u002Fli>\n\u003Cli>You can see your Cleantalk Security Logs in your \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fmy\u002Flogs_firewall\" rel=\"nofollow ugc\">Dashboard\u003C\u002Fa> CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites.\u003C\u002Fli>\n\u003Cli>Learn more how to set up and test \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Fsecurity-waf\" title=\"About Web Application Firewall\" rel=\"nofollow ugc\">About Security Web Application Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications when administrators or users are logged in.\u003C\u002Fstrong> We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MALWARE SCANNER WITH AUTO-CURE FUNCTION\u003C\u002Fh3>\n\u003Cp>Scans WordPress files for hacker files or code for hacker code. Performs antivirus functions. Security Malware Scanner runs manually by users requests or automaticaly by WordPress cron. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.\u003C\u002Fp>\n\u003Cp>If you are unsure how to identify, remove, or clean malware using the plugin, you can book a \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fwordpress-malware-removal\" rel=\"nofollow ugc\">malware removal service\u003C\u002Fa> with our Security & Pentest team.\u003C\u002Fp>\n\u003Ch4>LIST OF MALWARE SCANNER, ANTIVIRUS FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware autoscanning.\u003C\u002Fstrong> Scans the website automatically at intervals ranging from once every 12 hours to once every 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cure malware.\u003C\u002Fstrong> It cures infected files automatically if the scanner knows cure methods for these specific cases. If the option is disabled then when the scanning process ends you will be presented with several actions you can do to the found files,\n\u003Cul>\n\u003Cli>\u003Cstrong>Cure.\u003C\u002Fstrong> Malicious code will be removed from the file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Replace.\u003C\u002Fstrong> The file will be replaced with the original file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delete.\u003C\u002Fstrong> The file will be put in quarantine. Do nothing.\u003Cbr \u002F>\nBefore any action is chosen, backups of the files will be created and if the cure is unsuccessful it’s possible to restore each file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware Heuristic Check\u003C\u002Fstrong>. This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware scanner to find SQL Injections.\u003C\u002Fstrong> The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Operating system cron tasks analysis.\u003C\u002Fstrong> This functional provides an overview of scheduled cron jobs on server that perform automated tasks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DB Trigger analysis.\u003C\u002Fstrong> Will search for known malicious signatures in database triggers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>List unknown files.\u003C\u002Fstrong> Shows the list of found unknown files in the malware scanner report. Unknown files do not have known virus signatures and do not have suspicious code. Meanwhile, unknown files do not belong to the public plugins and themes at wordpress.org.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File System Watcher.\u003C\u002Fstrong> File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Feedback System.\u003C\u002Fstrong> If you don’t have programming experience and don’t know, is there security issue or not, you send some files to CleanTalk Cloud and we check them for malware code. After checking we send you an email notification with results, is there viruses or not. Please, look at our guide How malware file analysis works \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Ffiles-analysis\" title=\"About Scanner Feedback System\" rel=\"nofollow ugc\">About Scanner Feedback System\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LIST OF THE MOST ACTIVE MALWARES BY FILENAMES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>radio.php\u003C\u002Fli>\n\u003Cli>admin-ajax.php\u003C\u002Fli>\n\u003Cli>.1235512.css\u003C\u002Fli>\n\u003Cli>8sjdakSJ3.php\u003C\u002Fli>\n\u003Cli>wso.php\u003C\u002Fli>\n\u003Cli>cmd.php\u003C\u002Fli>\n\u003Cli>shell.php\u003C\u002Fli>\n\u003Cli>reverse_shell.php\u003C\u002Fli>\n\u003Cli>admin.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is actual on July 15th, 2025. The latest data is the article \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002Fmajor-signs-of-malware-on-an-infected-wordpress-site\u002F\" rel=\"nofollow ugc\">Is my site infected?\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>VULNERABILITIES SCANNER AMONG INSTALLED PLUGINS AND THEMES\u003C\u002Fh3>\n\u003Cp>Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin\u002Ftheme, it sends an Email notification and shows data in the \u003Cem>Critical updates\u003C\u002Fem> tab.\u003C\u002Fp>\n\u003Cp>List of the most recent vulnerabilities found and published by CleanTalk Research team,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CVE-2025-5921 – SureForms – Unauthenticated XSS – POC, 200k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-3582 – Newsletter – Stored XSS to JS Backdoor Creation – POC, 300k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-2560 – Ninja Forms – Stored XSS to JS Backdoor Creation – POC, 700k+ installs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is effective on July 18th, 2025. Updates are avaible on \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fresearch.cleantalk.org\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>MISCELLANEOUS SECURITY OPTIONS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Send additional HTTP headers option.\u003C\u002Fstrong> There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:\n\u003Cul>\n\u003Cli>“X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.\u003C\u002Fli>\n\u003Cli>“X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.\u003C\u002Fli>\n\u003Cli>“Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.\u003C\u002Fli>\n\u003Cli>“Referrer-Policy” make the \u003Ccode>Referer\u003C\u002Fcode> http-header transferring more strictly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Collect and send PHP logs.\u003C\u002Fstrong> Collect and send PHP error logs to your CleanTalk Dashboard where you can list them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of authors logins.\u003C\u002Fstrong> Prevent visitors from collecting logins of the content authors from the website links (like example.com\u002F?author=1). Also this function known as Stop User Enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of user login on password reset.\u003C\u002Fstrong> The password reset error will not contain the data about selected username does not exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable REST API for non-authenticated users.\u003C\u002Fstrong> Turn this on to deny access to WordPress REST API for non-authenticated users. Denied requests will get a 401 HTTP Code (Unauthorized).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable the WordPress endpoint “users” REST API.\u003C\u002Fstrong> Disables access to \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers and \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F”id_user”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable File Editor.\u003C\u002Fstrong> By prohibiting file editing, you protect the site from malicious attacks that may try to change the code and gain access to the site or steal confidential information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TRANSLATE INTO YOUR LANGUAGE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thank you for helping translate the plugin!\u003C\u002Fli>\n\u003Cli>感谢您帮助翻译这个插件！ (Gǎnxiè nín bāngzhù fānyì zhège chājìan!)\u003C\u002Fli>\n\u003Cli>प्लगइन का अनुवाद करने में मदद के लिए धन्यवाद! (Plugin ka anuvaad karne mein madad ke liye dhanyavaad!)\u003C\u002Fli>\n\u003Cli>¡Gracias por ayudar a traducir el complemento!\u003C\u002Fli>\n\u003Cli>Merci d’avoir aidé à traduire le plugin !\u003C\u002Fli>\n\u003Cli>شكرًا لمساعدتك في ترجمة الإضافة! (Shukran limusaa’adatika fi tarjamat al-idafa!)\u003C\u002Fli>\n\u003Cli>প্লাগইন অনুবাদে সাহায্য করার জন্য ধন্যবাদ! (Plug-in onubade shahajjo korar jonno dhonnobad!)\u003C\u002Fli>\n\u003Cli>Спасибо за помощь в переводе плагина! (Spasibo za pomoshch v perevode plagina!)\u003C\u002Fli>\n\u003Cli>Obrigado por ajudar a traduzir o plugin! (Obrigada if female)\u003C\u002Fli>\n\u003Cli>پلگ ان کا ترجمہ کرنے میں مدد کرنے کا شکریہ! (Plug-in ka tarjuma karne mein madad karne ka shukriya!)\u003C\u002Fli>\n\u003Cli>Terima kasih telah membantu menerjemahkan plugin!\u003C\u002Fli>\n\u003Cli>Danke, dass du beim Übersetzen des Plugins geholfen hast!\u003C\u002Fli>\n\u003Cli>プラグインの翻訳を手伝ってくれてありがとうございます！ (Puraguin no hon’yaku o tetsudatte kurete arigatou gozaimasu!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.",30000,2575884,96,378,"2026-03-02T10:49:00.000Z","5.0",[22,72,73,23,24],"login","malware","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-malware-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-malware-firewall.2.174.zip",86,5,"2025-12-08 16:28:49",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"forget-spam-comment","Forget Spam Comment","1.1.9","Gulshan Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthegulshankumar\u002F","\u003Cp>The fastest and GDPR compliant Anti-Spam plugin to prevent bot spam in the \u003Cstrong>Default Commenting System\u003C\u002Fstrong> of WordPress.\u003C\u002Fp>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please clear page cache after plugin activation.\u003C\u002Fli>\n\u003Cli>Only for default commenting system. Not for AMP.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Captcha-Free solution.\u003C\u002Fli>\n\u003Cli>Requires no settings.\u003C\u002Fli>\n\u003Cli>Automatic. No need of false-positive comment moderation.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003Cli>Fastest ever. A tiny inline JavaScript in just ~200 bytes does all magic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>To prevent spam comments plugin blocks the default action path (wp-comments-post.php) for bots and make it accessible over unique hash query string when a visitor scroll to leave a comment. This way it prevents automated spam comment done by bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demonstration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuwIfk08GSwk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\nWatch on \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=uwIfk08GSwk\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Let’s support each other 🙏\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Please Upvote Forget Spam Comment plugin at \u003Ca href=\"https:\u002F\u002Fwww.producthunt.com\u002Fproducts\u002Fforget-spam-comment#forget-spam-comment\" rel=\"nofollow ugc\">Product Hunt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>You can \u003Ca href=\"https:\u002F\u002Fwww.gulshankumar.net\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact me\u003C\u002Fa> to report any issues. I’d be happy to assist.\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to stop spam comments in the default commenting system of WordPress",9000,75412,46,"2025-06-07T14:20:00.000Z","6.8.5","4.5","5.6",[20,22,95,23,96],"gdpr","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforget-spam-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforget-spam-comment.1.1.9.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":16,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":116,"download_link":117,"security_score":110,"vuln_count":33,"unpatched_count":27,"last_vuln_date":118,"fetched_at":29},"security-ninja","Security Ninja – WordPress Security Plugin & Firewall","5.272","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> that helps protect your site from common attacks and security mistakes — without turning your dashboard into a cockpit.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free includes a basic Web Application Firewall (WAF)\u003C\u002Fstrong> (based on the 8G ruleset) to block common malicious requests, plus 50+ security checks, a full vulnerability scanner, and a core integrity scanner to spot risky settings and unexpected file changes.\u003C\u002Fp>\n\u003Cp>Upgrade to Pro if you need deeper protection like advanced malware scanning\u002Fcleanup, stronger WAF controls (e.g. country blocking), and more automation\u002Falerting.\u003C\u002Fp>\n\u003Cp>This plugin can be downloaded for free without any paid subscription from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja\u002F\" rel=\"ugc\">the official WordPress repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Included for free\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Basic Firewall (8G-based)\u003C\u002Fstrong> – Blocks common malicious requests and bot noise before it becomes a problem.\u003Cbr \u002F>\n– \u003Cstrong>50+ Security Tests\u003C\u002Fstrong> – Fast audit of common WordPress security misconfigurations.\u003Cbr \u002F>\n– \u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Highlights known issues in plugins\u002Fthemes so you can patch faster.\u003Cbr \u002F>\n– \u003Cstrong>Core Scanner\u003C\u002Fstrong> – Detect modified or unexpected files in WordPress core folders.\u003Cbr \u002F>\n– \u003Cstrong>Basic Events Logger\u003C\u002Fstrong> – Logs \u003Cstrong>firewall events\u003C\u002Fstrong> and \u003Cstrong>login attempts (successful\u002Ffailed)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro adds\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Advanced Malware Scanner\u003C\u002Fstrong> – Detect and clean malicious code and suspicious files.\u003Cbr \u002F>\n– \u003Cstrong>Advanced Firewall\u002FWAF controls\u003C\u002Fstrong> – e.g. country blocking, stronger rules and automation.\u003Cbr \u002F>\n– \u003Cstrong>Secure Login & 2FA\u003C\u002Fstrong> – Add stronger authentication and login protections.\u003Cbr \u002F>\n– \u003Cstrong>Automation & reporting\u003C\u002Fstrong> – Scheduled scans, reports, and advanced tracking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress firewall plugin\u003C\u002Fstrong> and security toolkit designed to protect your website from hackers, malware, brute-force attacks, and known vulnerabilities — without slowing it down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Comprehensive WordPress Security Testing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs 50+ advanced security tests to identify vulnerabilities before hackers exploit them. This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute-force protection\u003C\u002Fstrong> – Blocks unauthorized login attempts to prevent forced entry.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File integrity monitoring\u003C\u002Fstrong> – Detects unauthorized changes to WordPress core files, themes, and plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database security checks\u003C\u002Fstrong> – Identifies weak database permissions and potential SQL injection threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role audits\u003C\u002Fstrong> – Ensures no unauthorized administrator accounts exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security misconfiguration scans\u003C\u002Fstrong> – Identifies and fixes weak settings that could compromise security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Enhanced Vulnerability Scanner\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stay Ahead of Threats\u003C\u002Fstrong> – Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Protection\u003C\u002Fstrong> – Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Peace of Mind\u003C\u002Fstrong> – Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most, growing your business and creating content, worry-free.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Core Scanner – Comprehensive Protection for Your WordPress Installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Core Scanner module adds a critical layer of security by ensuring your WordPress installation remains untampered and free of unauthorized files.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full Core File Integrity Check\u003C\u002Fstrong>: Every file in your core WordPress folders is scanned to ensure it hasn’t been modified or compromised.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detection of Unknown Files\u003C\u002Fstrong>: The scanner flags any extra or unknown files in your core WordPress directories, alerting you to potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in File Viewer\u003C\u002Fstrong>: Review flagged files directly within your WordPress dashboard using the integrated file viewer for a clear and easy inspection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restore Core Files\u003C\u002Fstrong>: If a core WordPress file has been altered, you can quickly restore it with a single click, ensuring your site is running the official version.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy File Management\u003C\u002Fstrong>: For unknown or suspicious files, you have the option to delete them right from the interface, keeping your WordPress installation clean and secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Malware Scanner – Detect & Remove Malware Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a high-performance malware scanner that automatically checks your WordPress core, plugins and themes for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malicious scripts and backdoors\u003C\u002Fstrong> – Identifies hidden malware and harmful injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trojan and virus detection\u003C\u002Fstrong> – Scans for suspicious PHP and JavaScript entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click malware removal\u003C\u002Fstrong> – Instantly quarantine and delete infected files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Firewall & Real-Time Threat Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic firewall for free\u003C\u002Fstrong> (8G-based) to block common malicious requests. Upgrade to Pro for more advanced WAF controls.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic protection (Free)\u003C\u002Fstrong> – Blocks common exploit patterns and bad requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced protection (Pro)\u003C\u002Fstrong> – Country blocking, stronger controls, and additional intelligence\u002Fautomation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force & bot mitigation\u003C\u002Fstrong> – Reduce noisy and abusive traffic hitting WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Login Security & Two-Factor Authentication (2FA) (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Your WordPress login page is a primary target for hackers. Security Ninja enhances login security with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Requires additional verification for safer logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force attack protection\u003C\u002Fstrong> – Limits failed login attempts to block unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rename login\u003C\u002Fstrong> – Getting a lot of requests to your login form? Hide it for spammers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>One-Click Security Fixes & WordPress Hardening (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Manually fixing security issues is time-consuming. Security Ninja provides one-click hardening to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Disable XML-RPC\u003C\u002Fstrong> – Blocks common DDoS attacks and brute-force exploits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict file editing\u003C\u002Fstrong> – Prevents unauthorized theme and plugin modifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide PHP error messages\u003C\u002Fstrong> – Stops hackers from exploiting sensitive error details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And many more fixes to harden your WordPress security!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Events Logger \u002F Activity Tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic events logger for free\u003C\u002Fstrong> so you can see what’s happening on your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free:\u003C\u002Fstrong> firewall events + login attempts (successful\u002Ffailed).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro:\u003C\u002Fstrong> deeper tracking, alerting, and reporting.\u003C\u002Fli>\n\u003Cli>Export security logs for audits and compliance reports.\u003C\u002Fli>\n\u003Cli>Includes webhook functionality so you can integrate with other services (e.g. Slack\u002FDiscord\u002Fwebhooks).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Automated Security Scans & Reports (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs scheduled security scans and sends reports directly to your inbox.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up daily, weekly, or monthly security scans.\u003C\u002Fli>\n\u003Cli>Receive email alerts about vulnerabilities and malware infections.\u003C\u002Fli>\n\u003Cli>Analyze detailed reports to keep your website secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Block Spam & Malicious Bots Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Hackers and spammers use bots to exploit WordPress websites. Security Ninja prevents:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fake registrations and spam comments\u003C\u002Fstrong> – Stops bots from even getting to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malicious bot attacks\u003C\u002Fstrong> – Blocks scripts attempting to hack your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unwanted traffic\u003C\u002Fstrong> – Reduces server load by preventing unnecessary bot access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja is Best WordPress Security Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is the best WordPress security plugin because it provides a comprehensive, lightweight, and easy-to-use solution to protect your website from hackers, malware, and vulnerabilities. With 50+ security tests, an advanced malware scanner, a firewall, and two-factor authentication (2FA), it ensures complete website protection without slowing down performance.\u003C\u002Fp>\n\u003Cp>Unlike bloated security plugins, Security Ninja is optimized for speed and efficiency. It offers one-click security fixes, automated scans, real-time threat detection, and login protection, making it ideal for beginners and advanced users alike. Trusted since 2011, it keeps thousands of websites secure while offering proactive protection against cyber threats.\u003C\u002Fp>\n\u003Ch3>Extensions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>MainWP – The MainWP Dashboard allows administrators to manage many WordPress websites from a central location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Install the \u003Cstrong>FREE \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\" rel=\"ugc\">Security Ninja for MainWP Extension\u003C\u002Fa>\u003C\u002Fstrong> to get an overview of all websites you have installed Security Ninja on!\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\u003C\u002Fp>\n\u003Ch3>Security Tests for your website\u003C\u002Fh3>\n\u003Cp>Security Ninja – Your WordPress Guardian\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immediate Vulnerability Alerts\u003C\u002Fstrong>: Get instant notifications about vulnerabilities to keep your website safe and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Comprehensive One-click Security Audit\u003C\u002Fstrong>: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>You’re in Command\u003C\u002Fstrong>: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Holistic Security Evaluation\u003C\u002Fstrong>: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Proactive Defense Strategies\u003C\u002Fstrong>: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Optimization Beyond Security\u003C\u002Fstrong>: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Knowledge\u003C\u002Fstrong>: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customized Security Insights\u003C\u002Fstrong>: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Future-Proof Your Site\u003C\u002Fstrong>: Stay ahead with tests that include the latest WordPress features and best practices for site security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent Unauthorized Access\u003C\u002Fstrong>: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Secure Configuration Checks\u003C\u002Fstrong>: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Security Ninja Pro\u003C\u002Fstrong> has extra features: Firewall, Filter Suspicious Queries, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>An all-in-one security solution for any site. With premium support and continuous updates Security Ninja \u003Cstrong>Pro\u003C\u002Fstrong> is a perfect tool to keep your site safe. \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=see-what-pro-offers\" rel=\"nofollow ugc\">See what the PRO version offers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Automatically block \u003Cstrong>600+ million bad IPs\u003C\u002Fstrong> with one click! \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=cloud-firewall\" rel=\"nofollow ugc\">Security Ninja Pro Firewall\u003C\u002Fa> will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Read more about Pro features on the \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=readmoreaboutpro\" rel=\"nofollow ugc\">Security Ninja website\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What others say about the plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmayor.com\u002Fsecurity-ninja-review-wordpress-security-plugin\u002F\" rel=\"nofollow ugc\">WP Mayor: “Easy-to-Use WordPress Security Plugin”\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwplift.com\u002Fsecurity-ninja-review\" rel=\"nofollow ugc\">WPLift\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpexplorer.com\u002Fwordpress-security-can-security-ninja-keep-your-site-safe\u002F\" rel=\"nofollow ugc\">WPExplorer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwploop.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">WP Loop\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.bitcatcha.com\u002Fblog\u002Fsecurity-ninja-plugin-review\u002F\" rel=\"nofollow ugc\">Bitcatcha.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.webhostingsecretrevealed.net\u002Fblog\u002Fwordpress-blog\u002F10-actionable-wordpress-security-tips\u002F\" rel=\"nofollow ugc\">WebHostingSecretRevealed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ravisinghblog.in\u002Fwp-security-ninja-review\u002F\" rel=\"nofollow ugc\">Ravi Singh\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftutorials7.com\u002Fsecurity-ninja-review.html\" rel=\"nofollow ugc\">Tutorials 7\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.onlinedecoded.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">onlinedecoded.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Tests\u003C\u002Fstrong>\u003Cbr \u002F>\n* The tests include:\u003Cbr \u002F>\n  * brute-force attack on user accounts to test password strength\u003Cbr \u002F>\n  * numerous installation parameters tests\u003Cbr \u002F>\n  * file permissions\u003Cbr \u002F>\n  * version hiding\u003Cbr \u002F>\n  * 0-day exploits tests\u003Cbr \u002F>\n  * debug and auto-update modes tests\u003Cbr \u002F>\n  * database configuration tests\u003Cbr \u002F>\n  * Apache and PHP related tests\u003Cbr \u002F>\n  * WP options tests\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Complete list of tests:\n\u003Cul>\n\u003Cli>Check if Application Passwords feature is enabled (new to WP 5.6)\u003C\u002Fli>\n\u003Cli>Check if WordPress core is up to date\u003C\u002Fli>\n\u003Cli>Check if automatic WordPress core updates are enabled\u003C\u002Fli>\n\u003Cli>Check if plugins are up to date\u003C\u002Fli>\n\u003Cli>Check if there are deactivated plugins\u003C\u002Fli>\n\u003Cli>Check if active plugins have been updated in the last 12 months\u003C\u002Fli>\n\u003Cli>Check if active plugins are compatible with your version of WP\u003C\u002Fli>\n\u003Cli>Check if themes are up to date\u003C\u002Fli>\n\u003Cli>Check if there are any deactivated themes\u003C\u002Fli>\n\u003Cli>Check if full WordPress version info is revealed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check if REST API links are displayed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check the PHP version is up to date\u003C\u002Fli>\n\u003Cli>Check the MySQL version\u003C\u002Fli>\n\u003Cli>Check if server response headers contain detailed PHP version info\u003C\u002Fli>\n\u003Cli>Check if expose_php PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if user with username “admin” and administrator privileges exists\u003C\u002Fli>\n\u003Cli>Check if “anyone can register” option is enabled\u003C\u002Fli>\n\u003Cli>Check user’s password strength with a brute-force attack\u003C\u002Fli>\n\u003Cli>Check for display of unnecessary information on failed login attempts\u003C\u002Fli>\n\u003Cli>Check if database table prefix is the default one\u003C\u002Fli>\n\u003Cli>Check if security keys and salts have proper values\u003C\u002Fli>\n\u003Cli>Check the age of security keys and salts\u003C\u002Fli>\n\u003Cli>Test the strength of WordPress database password\u003C\u002Fli>\n\u003Cli>Check if general debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if the debug.log file exists\u003C\u002Fli>\n\u003Cli>Check if database debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if JavaScript debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if display_errors PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if WordPress installation address is the same as the site address\u003C\u002Fli>\n\u003Cli>Check if wp-config.php file has the right permissions (chmod) set\u003C\u002Fli>\n\u003Cli>Check if register_globals PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if PHP safe mode is disabled\u003C\u002Fli>\n\u003Cli>Check if allow_url_include PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if plugins\u002Fthemes file editor is enabled\u003C\u002Fli>\n\u003Cli>Check if uploads folder is browsable by browsers\u003C\u002Fli>\n\u003Cli>Test if user with ID 1 and administrator role exists\u003C\u002Fli>\n\u003Cli>Check if Windows Live Writer link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if wp-config.php is present on the default location\u003C\u002Fli>\n\u003Cli>Check if MySQL server is connectable from outside with the WP user\u003C\u002Fli>\n\u003Cli>Check if EditURI link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if TimThumb script is used in the active theme\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #6271\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #7169\u003C\u002Fli>\n\u003Cli>Check if admin interface is delivered via SSL\u003C\u002Fli>\n\u003Cli>Check if MySQL account used by WordPress has too many permissions\u003C\u002Fli>\n\u003Cli>Test if a list of usernames can be fetched by looping through user IDs on http:\u002F\u002Fsiteurl.com\u002F?author={ID} (also called username enumeration)\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Frame-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Referrer-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Feature-Policy\u003C\u002Fli>\n\u003Cli>Check for unwanted files in your root folder you should remove\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>License info\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcarhartl\u002Fjquery-cookie\" rel=\"nofollow ugc\">jQuery Cookie Plugin, Copyright 2013 Klaus Hartl\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The vulnerability scanner uses data from the \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002F\" rel=\"nofollow ugc\">National Vulnerability Database – NVD\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This product includes IP2Location LITE data available from \u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Flite.ip2location.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcollizo4sky\u002Fpersist-admin-notices-dismissal\" rel=\"nofollow ugc\">Persist Admin notice Dismissals\u003C\u002Fa> by Collins Agbonghama @collizo4sky\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Firewall rules are based on 8G Firewall by Jeff Starr – https:\u002F\u002Fperishablepress.com\u002F8g-blacklist\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How can I report security bugs?\u003C\u002Fh4>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fsecurity-ninja\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","WordPress security plugin with free basic firewall\u002FWAF, vulnerability scanning, and 50+ core integrity checks.",7000,846284,92,99,"2026-03-04T22:31:00.000Z","4.7","7.4",[22,73,23,115,24],"vulnerability","https:\u002F\u002Fwpsecurityninja.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-ninja.5.272.zip","2025-07-23 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":13,"num_ratings":129,"last_updated":130,"tested_up_to":16,"requires_at_least":70,"requires_php":113,"tags":131,"homepage":133,"download_link":134,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"botblocker-security","BotBlocker Security – Firewall & Bot Protection","1.6.14","Yevhen Leonidov","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobusstudio\u002F","\u003Ch4>WordPress Security Plugin & Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Every day, automated bots and hackers bombard websites with attacks.\u003C\u002Fstrong> Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24\u002F7 threat to your business. If you’re looking for \u003Cstrong>WordPress site protection\u003C\u002Fstrong>, you need a proactive defense that stops these attacks before they reach your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker Security is the all-in-one solution to keep your site safe from automated threats.\u003C\u002Fstrong> This powerful \u003Cstrong>WordPress security plugin and Web Application Firewall (WAF)\u003C\u002Fstrong> acts as a dedicated \u003Cstrong>anti-bot\u003C\u002Fstrong> firewall, blocking malicious traffic at the front gate without slowing down your site.\u003C\u002Fp>\n\u003Cp>BotBlocker’s setup and onboarding experience allows anyone to secure their \u003Cstrong>WordPress site\u003C\u002Fstrong> in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right \u003Cstrong>site protection\u003C\u002Fstrong> settings to protect your website.\u003C\u002Fp>\n\u003Ch4>🔥 WordPress Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>BotBlocker Security includes an endpoint \u003Cstrong>firewall\u002FWAF\u003C\u002Fstrong> that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker intercepts bad traffic at the earliest stage\u003C\u002Fstrong> – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Firewall Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time firewall rule updates via the BotBlocker Threat Defense Feed\u003C\u002Fli>\n\u003Cli>Real-time IP Blocklist blocks all requests from the most malicious IPs\u003C\u002Fli>\n\u003Cli>Early-init protection – blocks threats before WordPress loads\u003C\u002Fli>\n\u003Cli>Cloud-based threat intelligence – cross-checks every visitor against global threat databases\u003C\u002Fli>\n\u003Cli>No visitor data collected – only technical request parameters analyzed (GDPR\u002FCCPA-compliant)\u003C\u002Fli>\n\u003Cli>Brute force protection with login attempt limits and multi-layer verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📡 WordPress Security Scanner & Site Protection\u003C\u002Fh4>\n\u003Cp>Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive \u003Cstrong>site protection\u003C\u002Fstrong> across all entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>XML-RPC and API Protection\u003C\u002Fstrong> – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Prevention\u003C\u002Fstrong> – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Access Protection\u003C\u002Fstrong> – theme and plugin files securely protected from unauthorized access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Analysis\u003C\u002Fstrong> – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network & Protocol Control\u003C\u002Fstrong> – block obsolete HTTP\u002F1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Login Security & Bot Protection\u003C\u002Fh4>\n\u003Cp>All login attempts pass through multi-layer filtering and CAPTCHA verification:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-layer CAPTCHA Protection\u003C\u002Fstrong> – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2\u002Fv3\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Anti-bot Challenges\u003C\u002Fstrong> – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Ban System\u003C\u002Fstrong> – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access Simplification\u003C\u002Fstrong> – special mechanism to ease site administrator login while maintaining security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Control\u003C\u002Fstrong> – options including complete disabling\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication Support\u003C\u002Fstrong> – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠️ Security Tools\u003C\u002Fh4>\n\u003Cp>Comprehensive tools to block attackers and monitor your site in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Blocking Rules\u003C\u002Fstrong> – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-PTR-Host Mismatch Detection\u003C\u002Fstrong> – automatically detect and block fake crawlers (e.g., fake Googlebots)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist & Whitelist Management\u003C\u002Fstrong> – instantly allow or block any IP, ASN, range, or User-Agent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic Monitoring\u003C\u002Fstrong> – see all traffic in real-time: robots, humans, 404 errors, logins\u002Flogouts, file requests, and content consumption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server IP Identification\u003C\u002Fstrong> – prevent lockouts by automatically identifying and protecting server IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual Dashboard\u003C\u002Fstrong> – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs\u002Fcountries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Security Log\u003C\u002Fstrong> – every event logged with IP address, user agent, country, and blocking reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚡ Performance & Integration\u003C\u002Fh4>\n\u003Cp>BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – negligible overhead in normal conditions. Reduces database and server load during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Caching\u003C\u002Fstrong> – Redis and Memcached support for high-traffic environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Plugin Compatibility\u003C\u002Fstrong> – automatic \u003Ccode>DONOTCACHEPAGE\u003C\u002Fcode> + \u003Ccode>Cache-Control: no-store\u003C\u002Fcode> on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see \u003Ccode>docs\u002FCACHE-COMPATIBILITY.md\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Protection Compatibility\u003C\u002Fstrong> – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See \u003Ccode>docs\u002FDDOS-COMPATIBILITY.md\u003C\u002Fcode> for advanced configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Compatibility\u003C\u002Fstrong> – works with Cloudflare, CDN services, caching plugins, and optimizers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full IPv6 Support\u003C\u002Fstrong> – all security functions work with both IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Optimization\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem> – additional performance enhancements for high-traffic sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👤 Easy Setup & User-Friendly Interface\u003C\u002Fh4>\n\u003Cp>You don’t have to be a security expert to use BotBlocker:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Installation Wizard\u003C\u002Fstrong> – step-by-step setup guide for configuration in under 1 minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive Admin Panel\u003C\u002Fstrong> – organized settings with clear descriptions and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual\u003C\u002Fstrong> – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – built following WordPress best practices, tested with recent WP versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adjustable Logging\u003C\u002Fstrong> – configurable retention periods with time zone awareness and daylight saving support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security first – BotBlocker’s on guard!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Detection & Analysis\u003C\u002Fh4>\n\u003Cp>BotBlocker employs advanced multi-layer detection to identify and block threats:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detection Mechanisms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local and cloud signature databases with real-time updates\u003C\u002Fli>\n\u003Cli>IP reputation and blacklist checks with global threat intelligence\u003C\u002Fli>\n\u003Cli>DNS-based and PTR lookups to detect fake crawlers\u003C\u002Fli>\n\u003Cli>Heuristic and behavioral analysis for suspicious patterns\u003C\u002Fli>\n\u003Cli>Browser fingerprint and feature mismatch detection\u003C\u002Fli>\n\u003Cli>Header and protocol validation\u003C\u002Fli>\n\u003Cli>JavaScript challenge and capability verification\u003C\u002Fli>\n\u003Cli>Multi-layered CAPTCHA verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Comprehensive Request Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network & IP:\u003C\u002Fstrong> Full IPv4\u002FIPv6 support, blacklist\u002Fwhitelist, country\u002FGeoIP, ASN, hosting\u002FVPN detection, TOR detection, PTR\u002FDNSBL checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser & Client:\u003C\u002Fstrong> User-Agent validation, browser\u002FOS\u002Fdevice detection, fingerprint analysis, headless browser detection, JavaScript\u002Fcookie support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headers & Protocol:\u003C\u002Fstrong> Accept-Language, Referer validation, HTTP version control, Cloudflare\u002Fproxy detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Fingerprinting:\u003C\u002Fstrong> Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CAPTCHA Modes\u003C\u002Fh4>\n\u003Cp>Choose from various CAPTCHA types to protect your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Button\u003C\u002Fstrong> – one-click verification for quick validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong> – standard image\u002Fcheckbox challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> – invisible background scoring\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Color CAPTCHA\u003C\u002Fstrong> – select colored buttons challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Digits CAPTCHA\u003C\u002Fstrong> – floating math challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Images CAPTCHA\u003C\u002Fstrong> – animal image selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Shapes CAPTCHA\u003C\u002Fstrong> – floating shapes challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid Mode\u003C\u002Fstrong> – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Capabilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Early-init & MU plugin support\u003C\u002Fli>\n\u003Cli>Real-time cloud threat checks\u003C\u002Fli>\n\u003Cli>Dynamic and graphical anti-bot challenges\u003C\u002Fli>\n\u003Cli>Automatic logging with adjustable retention\u003C\u002Fli>\n\u003Cli>Session tracking and verification\u003C\u002Fli>\n\u003Cli>No visitor data collected — GDPR\u002FCCPA-compliant (see FAQ for admin notification details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BotBlocker Security does \u003Cstrong>not\u003C\u002Fstrong> collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.\u003C\u002Fp>\n\u003Ch3>Support and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product site: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Documentation: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact\u002Fsupport: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.\u003C\u002Fp>\n\u003Ch3>Credits & Authors\u003C\u002Fh3>\n\u003Cp>BotBlocker Security is developed and maintained by GLOBUS.studio.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Concept, architecture & code – Yevhen Leonidov: \u003Ca href=\"https:\u002F\u002Fleonidov.dev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fleonidov.dev\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Code, code review – Andrii Lukashevych\u003C\u002Fli>\n\u003Cli>Code, translations – Aleksandr Kinakh\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>BotBlocker Security – The first line of defense for your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.",2000,3799,6,"2026-03-10T18:22:00.000Z",[20,53,132,22,23],"captcha","https:\u002F\u002Fbotblocker.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotblocker-security.1.6.14.zip",{"attackSurface":136,"codeSignals":151,"taintFlows":352,"riskAssessment":401,"analyzedAt":420},{"hooks":137,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":27,"unprotectedCount":27},[138,144],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","init","closure","cidram.php",71,{"type":139,"name":145,"callback":141,"file":142,"line":146},"admin_menu",78,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":165,"outputEscaping":168,"fileOperations":350,"externalRequests":33,"nonceChecks":27,"capabilityChecks":33,"bundledLibraries":351},[153,158,162],{"fn":154,"file":155,"line":156,"context":157},"unserialize","vault\\events\\default.php",142,"$Data = unserialize($Data) ?: [];",{"fn":154,"file":159,"line":160,"context":161},"vault\\Maikuolan\\Common\\Cache.php",366,"$Data = (is_string($Data) && $Data !== '') ? unserialize($Data) : [];",{"fn":154,"file":159,"line":163,"context":164},1121,"$Arr = unserialize($Entry);",{"prepared":166,"raw":27,"locations":167},22,[],{"escaped":33,"rawEcho":146,"locations":169},[170,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,253,255,257,259,262,265,267,270,273,275,278,281,284,286,288,290,293,296,299,302,304,306,308,310,313,316,319,322,324,327,329,332,335,338,341,343,346,348],{"file":171,"line":172,"context":173},"vault\\CIDRAM\\CIDRAM\\CLI.php",47,"raw output",{"file":171,"line":175,"context":173},93,{"file":171,"line":177,"context":173},164,{"file":171,"line":179,"context":173},166,{"file":171,"line":181,"context":173},171,{"file":171,"line":183,"context":173},175,{"file":171,"line":185,"context":173},183,{"file":171,"line":187,"context":173},185,{"file":171,"line":189,"context":173},190,{"file":171,"line":191,"context":173},195,{"file":171,"line":193,"context":173},215,{"file":171,"line":195,"context":173},222,{"file":171,"line":197,"context":173},224,{"file":171,"line":199,"context":173},232,{"file":171,"line":201,"context":173},240,{"file":171,"line":203,"context":173},246,{"file":171,"line":205,"context":173},261,{"file":171,"line":207,"context":173},263,{"file":171,"line":209,"context":173},329,{"file":171,"line":211,"context":173},341,{"file":171,"line":213,"context":173},343,{"file":171,"line":215,"context":173},367,{"file":171,"line":217,"context":173},381,{"file":171,"line":219,"context":173},391,{"file":171,"line":221,"context":173},408,{"file":171,"line":223,"context":173},414,{"file":171,"line":225,"context":173},415,{"file":171,"line":227,"context":173},426,{"file":171,"line":229,"context":173},434,{"file":171,"line":231,"context":173},436,{"file":171,"line":233,"context":173},441,{"file":171,"line":235,"context":173},446,{"file":171,"line":237,"context":173},457,{"file":171,"line":239,"context":173},471,{"file":171,"line":241,"context":173},488,{"file":171,"line":243,"context":173},558,{"file":171,"line":245,"context":173},561,{"file":171,"line":247,"context":173},573,{"file":171,"line":249,"context":173},582,{"file":251,"line":252,"context":173},"vault\\CIDRAM\\CIDRAM\\FrontEnd.php",792,{"file":251,"line":254,"context":173},881,{"file":251,"line":256,"context":173},890,{"file":251,"line":258,"context":173},915,{"file":260,"line":261,"context":173},"vault\\CIDRAM\\CIDRAM\\FrontEndMethods.php",1703,{"file":263,"line":264,"context":173},"vault\\CIDRAM\\CIDRAM\\RangeTables.php",670,{"file":263,"line":266,"context":173},750,{"file":268,"line":269,"context":173},"vault\\pages\\abuseipdb.php",193,{"file":271,"line":272,"context":173},"vault\\pages\\accounts.php",170,{"file":271,"line":274,"context":173},176,{"file":276,"line":277,"context":173},"vault\\pages\\aggregator.php",95,{"file":279,"line":280,"context":173},"vault\\pages\\aux-edit.php",208,{"file":282,"line":283,"context":173},"vault\\pages\\aux-view.php",258,{"file":282,"line":285,"context":173},270,{"file":287,"line":76,"context":173},"vault\\pages\\backup.php",{"file":287,"line":289,"context":173},483,{"file":291,"line":292,"context":173},"vault\\pages\\cache-data.php",83,{"file":294,"line":295,"context":173},"vault\\pages\\calculator.php",64,{"file":297,"line":298,"context":173},"vault\\pages\\config.php",790,{"file":300,"line":301,"context":173},"vault\\pages\\file-manager.php",160,{"file":300,"line":303,"context":173},172,{"file":300,"line":305,"context":173},259,{"file":300,"line":307,"context":173},291,{"file":300,"line":309,"context":173},307,{"file":311,"line":312,"context":173},"vault\\pages\\fixer.php",202,{"file":314,"line":315,"context":173},"vault\\pages\\intersector.php",90,{"file":317,"line":318,"context":173},"vault\\pages\\ip-testing.php",338,{"file":320,"line":321,"context":173},"vault\\pages\\ip-tracking.php",245,{"file":320,"line":323,"context":173},251,{"file":325,"line":326,"context":173},"vault\\pages\\logs.php",43,{"file":325,"line":328,"context":173},453,{"file":330,"line":331,"context":173},"vault\\pages\\range.php",67,{"file":333,"line":334,"context":173},"vault\\pages\\rl.php",146,{"file":336,"line":337,"context":173},"vault\\pages\\sections.php",59,{"file":339,"line":340,"context":173},"vault\\pages\\statistics.php",186,{"file":342,"line":109,"context":173},"vault\\pages\\subtractor.php",{"file":344,"line":345,"context":173},"vault\\pages\\updates.php",583,{"file":344,"line":347,"context":173},593,{"file":344,"line":349,"context":173},603,110,[],[353,378,390],{"entryPoint":354,"graph":355,"unsanitizedCount":33,"severity":377},"\u003Cfixer> (vault\\pages\\fixer.php:0)",{"nodes":356,"edges":373},[357,362,366],{"id":358,"type":359,"label":360,"file":311,"line":361},"n0","source","$_POST['sigFile']",72,{"id":363,"type":364,"label":365,"file":311,"line":361},"n1","transform","→ readFile()",{"id":367,"type":368,"label":369,"file":370,"line":371,"wp_function":372},"n2","sink","fopen() [File Access]","vault\\Maikuolan\\Common\\DelayedIO.php",106,"fopen",[374,376],{"from":358,"to":363,"sanitized":375},false,{"from":363,"to":367,"sanitized":375},"medium",{"entryPoint":379,"graph":380,"unsanitizedCount":33,"severity":389},"\u003Caux-view> (vault\\pages\\aux-view.php:0)",{"nodes":381,"edges":387},[382,384],{"id":358,"type":359,"label":383,"file":282,"line":285},"$_POST['auxD']",{"id":363,"type":368,"label":385,"file":282,"line":285,"wp_function":386},"echo() [XSS]","echo",[388],{"from":358,"to":363,"sanitized":375},"low",{"entryPoint":391,"graph":392,"unsanitizedCount":33,"severity":400},"\u003Cdefault> (vault\\events\\default.php:0)",{"nodes":393,"edges":398},[394,396],{"id":358,"type":359,"label":395,"file":155,"line":331},"$_SERVER",{"id":363,"type":368,"label":397,"file":155,"line":156,"wp_function":154},"unserialize() [Object Injection]",[399],{"from":358,"to":363,"sanitized":375},"high",{"summary":402,"deductions":403},"The 'cidram' plugin v4.0.1 presents a mixed security posture.  While the plugin boasts a zero attack surface and a clean vulnerability history with no known CVEs, its static analysis reveals significant underlying concerns.  The presence of the 'unserialize' function is a critical red flag, especially when coupled with a concerning output escaping rate of only 1%.  Furthermore, taint analysis indicates three flows with unsanitized paths, one of which is of high severity. This suggests that user-supplied data, if processed by these unsanitized flows and subsequently passed through 'unserialize' or improperly escaped output mechanisms, could lead to serious security vulnerabilities such as remote code execution or data leakage.\n\nThe lack of any nonce checks, capability checks beyond a single instance, and a very low output escaping rate are substantial weaknesses. These elements, combined with the identified tainted data flows, significantly increase the risk of exploitation.  While the plugin has a positive historical record, the current static analysis findings highlight potential risks that need immediate attention.  The plugin's strengths lie in its lack of external attack vectors and its clean CVE history, but the internal code quality regarding data sanitization and output handling is a major concern.",[404,407,409,412,415,418],{"reason":405,"points":406},"Dangerous function 'unserialize' used",15,{"reason":408,"points":14},"High severity taint flow found",{"reason":410,"points":411},"Taint flows with unsanitized paths (3)",10,{"reason":413,"points":414},"Low output escaping rate (1%)",8,{"reason":416,"points":417},"No nonce checks",7,{"reason":419,"points":77},"Minimal capability checks (1)","2026-03-16T22:45:53.101Z",{"wat":422,"direct":431},{"assetPaths":423,"generatorPatterns":426,"scriptPaths":427,"versionParams":428},[424,425],"\u002Fwp-content\u002Fplugins\u002Fcidram\u002Fasset\u002Fadmin.min.css","\u002Fwp-content\u002Fplugins\u002Fcidram\u002Fasset\u002Fadmin.min.js",[],[425],[429,430],"cidram\u002Fasset\u002Fadmin.min.css?ver=","cidram\u002Fasset\u002Fadmin.min.js?ver=",{"cssClasses":432,"htmlComments":434,"htmlAttributes":438,"restEndpoints":440,"jsGlobals":441,"shortcodeOutput":442},[433],"cidram-admin-page",[435,436,437],"CIDRAM COPYRIGHT 2016 and beyond by Caleb Mazalevskis (Maikuolan).","License: GNU\u002FGPLv2","This file: Methods for updating CIDRAM components (last modified: 2025.09.28).",[439],"data-cidram-nonce",[],[],[]]