[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAOHNdF6Il-aRK7210pSC_EOjvtdD6799M1HHhTy0TWI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":140,"fingerprints":543},"cloudsecure-wp-security","CloudSecure WP Security","1.4.5","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、管理者にメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、管理者にメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",100000,604268,100,2,"2026-03-13T05:42:00.000Z","6.9.4","5.3.15","7.1",[20,21,22,23,24],"anti-spam","brute-force","login-lock","security","waf","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.5.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,94,"2026-04-03T19:57:08.185Z",[37,56,74,95,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":16,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"botblocker-security","BotBlocker Security – Firewall & Bot Protection","1.6.14","Yevhen Leonidov","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobusstudio\u002F","\u003Ch4>WordPress Security Plugin & Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Every day, automated bots and hackers bombard websites with attacks.\u003C\u002Fstrong> Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24\u002F7 threat to your business. If you’re looking for \u003Cstrong>WordPress site protection\u003C\u002Fstrong>, you need a proactive defense that stops these attacks before they reach your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker Security is the all-in-one solution to keep your site safe from automated threats.\u003C\u002Fstrong> This powerful \u003Cstrong>WordPress security plugin and Web Application Firewall (WAF)\u003C\u002Fstrong> acts as a dedicated \u003Cstrong>anti-bot\u003C\u002Fstrong> firewall, blocking malicious traffic at the front gate without slowing down your site.\u003C\u002Fp>\n\u003Cp>BotBlocker’s setup and onboarding experience allows anyone to secure their \u003Cstrong>WordPress site\u003C\u002Fstrong> in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right \u003Cstrong>site protection\u003C\u002Fstrong> settings to protect your website.\u003C\u002Fp>\n\u003Ch4>🔥 WordPress Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>BotBlocker Security includes an endpoint \u003Cstrong>firewall\u002FWAF\u003C\u002Fstrong> that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker intercepts bad traffic at the earliest stage\u003C\u002Fstrong> – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Firewall Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time firewall rule updates via the BotBlocker Threat Defense Feed\u003C\u002Fli>\n\u003Cli>Real-time IP Blocklist blocks all requests from the most malicious IPs\u003C\u002Fli>\n\u003Cli>Early-init protection – blocks threats before WordPress loads\u003C\u002Fli>\n\u003Cli>Cloud-based threat intelligence – cross-checks every visitor against global threat databases\u003C\u002Fli>\n\u003Cli>No visitor data collected – only technical request parameters analyzed (GDPR\u002FCCPA-compliant)\u003C\u002Fli>\n\u003Cli>Brute force protection with login attempt limits and multi-layer verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📡 WordPress Security Scanner & Site Protection\u003C\u002Fh4>\n\u003Cp>Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive \u003Cstrong>site protection\u003C\u002Fstrong> across all entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>XML-RPC and API Protection\u003C\u002Fstrong> – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Prevention\u003C\u002Fstrong> – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Access Protection\u003C\u002Fstrong> – theme and plugin files securely protected from unauthorized access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Analysis\u003C\u002Fstrong> – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network & Protocol Control\u003C\u002Fstrong> – block obsolete HTTP\u002F1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Login Security & Bot Protection\u003C\u002Fh4>\n\u003Cp>All login attempts pass through multi-layer filtering and CAPTCHA verification:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-layer CAPTCHA Protection\u003C\u002Fstrong> – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2\u002Fv3\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Anti-bot Challenges\u003C\u002Fstrong> – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Ban System\u003C\u002Fstrong> – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access Simplification\u003C\u002Fstrong> – special mechanism to ease site administrator login while maintaining security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Control\u003C\u002Fstrong> – options including complete disabling\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication Support\u003C\u002Fstrong> – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠️ Security Tools\u003C\u002Fh4>\n\u003Cp>Comprehensive tools to block attackers and monitor your site in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Blocking Rules\u003C\u002Fstrong> – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-PTR-Host Mismatch Detection\u003C\u002Fstrong> – automatically detect and block fake crawlers (e.g., fake Googlebots)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist & Whitelist Management\u003C\u002Fstrong> – instantly allow or block any IP, ASN, range, or User-Agent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic Monitoring\u003C\u002Fstrong> – see all traffic in real-time: robots, humans, 404 errors, logins\u002Flogouts, file requests, and content consumption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server IP Identification\u003C\u002Fstrong> – prevent lockouts by automatically identifying and protecting server IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual Dashboard\u003C\u002Fstrong> – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs\u002Fcountries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Security Log\u003C\u002Fstrong> – every event logged with IP address, user agent, country, and blocking reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚡ Performance & Integration\u003C\u002Fh4>\n\u003Cp>BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – negligible overhead in normal conditions. Reduces database and server load during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Caching\u003C\u002Fstrong> – Redis and Memcached support for high-traffic environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Plugin Compatibility\u003C\u002Fstrong> – automatic \u003Ccode>DONOTCACHEPAGE\u003C\u002Fcode> + \u003Ccode>Cache-Control: no-store\u003C\u002Fcode> on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see \u003Ccode>docs\u002FCACHE-COMPATIBILITY.md\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Protection Compatibility\u003C\u002Fstrong> – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See \u003Ccode>docs\u002FDDOS-COMPATIBILITY.md\u003C\u002Fcode> for advanced configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Compatibility\u003C\u002Fstrong> – works with Cloudflare, CDN services, caching plugins, and optimizers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full IPv6 Support\u003C\u002Fstrong> – all security functions work with both IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Optimization\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem> – additional performance enhancements for high-traffic sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👤 Easy Setup & User-Friendly Interface\u003C\u002Fh4>\n\u003Cp>You don’t have to be a security expert to use BotBlocker:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Installation Wizard\u003C\u002Fstrong> – step-by-step setup guide for configuration in under 1 minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive Admin Panel\u003C\u002Fstrong> – organized settings with clear descriptions and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual\u003C\u002Fstrong> – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – built following WordPress best practices, tested with recent WP versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adjustable Logging\u003C\u002Fstrong> – configurable retention periods with time zone awareness and daylight saving support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security first – BotBlocker’s on guard!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Detection & Analysis\u003C\u002Fh4>\n\u003Cp>BotBlocker employs advanced multi-layer detection to identify and block threats:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detection Mechanisms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local and cloud signature databases with real-time updates\u003C\u002Fli>\n\u003Cli>IP reputation and blacklist checks with global threat intelligence\u003C\u002Fli>\n\u003Cli>DNS-based and PTR lookups to detect fake crawlers\u003C\u002Fli>\n\u003Cli>Heuristic and behavioral analysis for suspicious patterns\u003C\u002Fli>\n\u003Cli>Browser fingerprint and feature mismatch detection\u003C\u002Fli>\n\u003Cli>Header and protocol validation\u003C\u002Fli>\n\u003Cli>JavaScript challenge and capability verification\u003C\u002Fli>\n\u003Cli>Multi-layered CAPTCHA verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Comprehensive Request Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network & IP:\u003C\u002Fstrong> Full IPv4\u002FIPv6 support, blacklist\u002Fwhitelist, country\u002FGeoIP, ASN, hosting\u002FVPN detection, TOR detection, PTR\u002FDNSBL checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser & Client:\u003C\u002Fstrong> User-Agent validation, browser\u002FOS\u002Fdevice detection, fingerprint analysis, headless browser detection, JavaScript\u002Fcookie support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headers & Protocol:\u003C\u002Fstrong> Accept-Language, Referer validation, HTTP version control, Cloudflare\u002Fproxy detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Fingerprinting:\u003C\u002Fstrong> Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CAPTCHA Modes\u003C\u002Fh4>\n\u003Cp>Choose from various CAPTCHA types to protect your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Button\u003C\u002Fstrong> – one-click verification for quick validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong> – standard image\u002Fcheckbox challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> – invisible background scoring\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Color CAPTCHA\u003C\u002Fstrong> – select colored buttons challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Digits CAPTCHA\u003C\u002Fstrong> – floating math challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Images CAPTCHA\u003C\u002Fstrong> – animal image selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Shapes CAPTCHA\u003C\u002Fstrong> – floating shapes challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid Mode\u003C\u002Fstrong> – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Capabilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Early-init & MU plugin support\u003C\u002Fli>\n\u003Cli>Real-time cloud threat checks\u003C\u002Fli>\n\u003Cli>Dynamic and graphical anti-bot challenges\u003C\u002Fli>\n\u003Cli>Automatic logging with adjustable retention\u003C\u002Fli>\n\u003Cli>Session tracking and verification\u003C\u002Fli>\n\u003Cli>No visitor data collected — GDPR\u002FCCPA-compliant (see FAQ for admin notification details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BotBlocker Security does \u003Cstrong>not\u003C\u002Fstrong> collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.\u003C\u002Fp>\n\u003Ch3>Support and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product site: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Documentation: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact\u002Fsupport: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.\u003C\u002Fp>\n\u003Ch3>Credits & Authors\u003C\u002Fh3>\n\u003Cp>BotBlocker Security is developed and maintained by GLOBUS.studio.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Concept, architecture & code – Yevhen Leonidov: \u003Ca href=\"https:\u002F\u002Fleonidov.dev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fleonidov.dev\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Code, code review – Andrii Lukashevych\u003C\u002Fli>\n\u003Cli>Code, translations – Aleksandr Kinakh\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>BotBlocker Security – The first line of defense for your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.",2000,3799,6,"2026-03-10T18:22:00.000Z","5.0","7.4",[20,21,52,53,23],"captcha","firewall","https:\u002F\u002Fbotblocker.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotblocker-security.1.6.14.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":66,"last_updated":67,"tested_up_to":16,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cidram","CIDRAM","4.0.1","Maikuolan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaikuolan\u002F","\u003Cp>CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating from IP addresses regarded as being sources of undesirable traffic, including (but not limited to) traffic from non-human access endpoints, cloud services, spambots, scrapers, etc. It does this by calculating the possible CIDRs of the IP addresses supplied from inbound requests and then attempting to match these possible CIDRs against its signature files (these signature files contain lists of CIDRs of IP addresses regarded as being sources of undesirable traffic); If matches are found, the requests are blocked.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP >= 7.2.0\u003C\u002Fli>\n\u003Cli>PCRE\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Updating\u003C\u002Fh3>\n\u003Cp>Note: CIDRAM does not interact in any way with your database, and stores its own configuration settings, customisations, and related materials as flatfiles within its own directory. If you’ve not changed any of the default configuration settings and if you’re not using any customisations for this plugin, updating normally via the plugins dashboard, without need for any additional steps, should be sufficient and shouldn’t cause any problems. However, if you’ve modified the configuration settings for CIDRAM, or if you’ve made any customisations, I would recommend making backups of all of these prior to updating, due to that updating will overwrite all settings and customisations (after updating, you can then restore your customisations from your backups). Alternatively, if you update via the CIDRAM front-end updates page, all settings and customisations should be preserved.\u003C\u002Fp>\n","CIDRAM: A PHP-level CIDR\u002FIP-based firewall solution.",20,7357,12,"2026-01-19T16:26:00.000Z","4.8","7.2",[20,71,53,23,24],"cidr","https:\u002F\u002Fcidram.github.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcidram.4.0.1.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":88,"download_link":92,"security_score":84,"vuln_count":93,"unpatched_count":27,"last_vuln_date":94,"fetched_at":29},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0","",[90,21,53,91,23],"2fa","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":16,"requires_at_least":108,"requires_php":50,"tags":109,"homepage":114,"download_link":115,"security_score":116,"vuln_count":117,"unpatched_count":27,"last_vuln_date":118,"fetched_at":29},"better-wp-security","Solid Security – Password, Two Factor Authentication, and Brute Force Protection","9.4.6","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Ch4>Reduce your WordPress website’s risk to nearly zero with Solid Security\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fwporg-security-ithemes\" rel=\"nofollow ugc\">Formerly iThemes Security. Looking for iThemes? Learn more here.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24\u002F7\u002F365 threat.\u003C\u002Fp>\n\u003Cp>You need a proactive, strategic approach to WordPress website security that protects your site from brute force attacks, malware infections, and other cyber threats.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsolid-security-pro\" rel=\"nofollow ugc\">Solid Security\u003C\u002Fa> shields your site from cyberattacks and prevents security vulnerabilities. It automatically locks out bad users identified by our Brute Force Protection Network that is nearly 1 million sites strong and leverages your own blacklist. It secures and protects your most commonly attacked part of your WordPress website – user login authentication.\u003C\u002Fp>\n\u003Cp>With Patchstack integration (Pro) protects your site before you even have a chance to address vulnerabilities and before a plugin or theme vendor or developer can even issue a patch.\u003C\u002Fp>\n\u003Cp>That’s 24\u002F7\u002F365 always-on truly Solid Security.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Welcome to Solid Security, Part of the SolidWP Suite\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F863249227?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch4>🌐 Secure your Website in Minutes\u003C\u002Fh4>\n\u003Cp>The Solid Security setup and onboarding experience allows anyone to secure their WordPress website in under 10 minutes, regardless of technical acumen. Knowing that you have enabled all the right security settings for your website will leave you feeling like your site has never been more secure.\u003C\u002Fp>\n\u003Ch4>📚 Security Site Templates to Fit Your Type of Site\u003C\u002Fh4>\n\u003Cp>Enabling the correct security settings based on the type of website you are building or maintaining is essential for proper security. An eCommerce site requires a different level of security than a basic blog. Solid Security Site Templates make it quick and easy to apply the right security settings for your website.\u003C\u002Fp>\n\u003Cp>Choose from six different site templates to apply the type of security your site needs:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Ecommerce\u003C\u002Fstrong> – websites that sell products or services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network\u003C\u002Fstrong> – websites that connect people or communities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Non-Profit\u003C\u002Fstrong> – websites that promote your cause and collect donations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blog\u003C\u002Fstrong> – websites that share your thoughts or start a conversation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Portfolio\u003C\u002Fstrong> – websites that showcase your craft\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brochure\u003C\u002Fstrong> – simple websites that promote your business\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>⌚ Real-Time Website Security Dashboard\u003C\u002Fh4>\n\u003Cp>Every day, lots of activity is happening on your website that you can’t see. Many of these activities can be related to your site’s security, so monitoring these events is vital to keeping your site secure.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsolid-security-pro\" rel=\"nofollow ugc\">Solid Security Pro\u003C\u002Fa> plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The Solid Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro).\u003C\u002Fp>\n\u003Ch4>🗝️ WordPress Login Security\u003C\u002Fh4>\n\u003Cp>Setting up and maintaining proper WordPress configurations and managing user account access are essential aspects of hardening your site against threats and vulnerabilities. Basic and Pro include features that address both of these factors.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Two Factor Authentication (2FA)\u003C\u002Fstrong> – Make your WordPress login nearly impenetrable to attack by requiring users to enter a security code along with a password to login. The Solid Security plugin allows you to add two-factor authentication to your WordPress login with several authentication methods, including mobile apps like Authy and Google Authenticator, email, and backup codes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Password Requirements\u003C\u002Fstrong> – Create and enforce a password policy for your users in less than a minute.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA\u003C\u002Fstrong> (Pro) – Stop bad bots from engaging in abusive activities on your website, such as attempting to break into your website using compromised passwords, posting spam, or even scraping your content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Passwordless Logins\u003C\u002Fstrong> (Pro) – WordPress security made easy. Secure your user accounts with 2fa & strong passwords while allowing real users login with a click of a mouse.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Trusted Devices\u003C\u002Fstrong> (Pro) – Identify the devices you and other users use to block session hijacking attacks and limit Administrator privileges to Trusted Devices.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Automated Vulnerability Patching\u003C\u002Fstrong> (Pro) – Solid Security Pro includes Patchstack which patches vulnerabilities before you have a chance to and applies fixes even before a plugin developer or vendor has issued a patch.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fwporgpasswordless\" rel=\"nofollow ugc\">passwordless login is the future\u003C\u002Fa> and how Solid Security can help you implement it today.\u003C\u002Fp>\n\u003Ch4>👨‍👩‍👧‍👦 The Right Amount of Security for Every User Level\u003C\u002Fh4>\n\u003Cp>Different types of user levels require different levels of security. During the Solid Security setup process, you can identify your website’s key user groups. Once the different types of users are identified, you can apply the level of security that is just right for each user group.\u003C\u002Fp>\n\u003Cp>Here are a couple of examples of how User Groups are useful for securing your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>For Clients\u003C\u002Fstrong> – Let’s say you are configuring Solid Security on a client’s website. You will decide whether or not they are required to use two-factor authentication and if they should have access to the Solid Security settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>For Customers\u003C\u002Fstrong> – If you have an eCommerce website, you will decide whether or not you want to protect customer accounts with a password policy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privilege Escalation\u003C\u002Fstrong> (Pro) also adds a safe, secure way to grant temporary admin-level access to your website.\u003C\u002Fp>\n\u003Ch4>🤖 Block Bad Bots & Ban User Agents with Lockouts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ban Users\u003C\u002Fstrong> (Basic and Pro) – Permanently block repeat offenders from accessing your site.\u003Cbr \u002F>\nLocal Brute Force Protection – Automatically identify and stop the most common method of attack on WordPress sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Local Brute Force Protection\u003C\u002Fstrong> (Basic and Pro) – Automatically identify and stop the most common method of attack on WordPress sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Network Brute Force Protection\u003C\u002Fstrong> (Basic and Pro) – The network is the Solid Security community and is nearly one million websites strong. If someone tries to break into websites in the Solid Security community, Solid Security will block them across the network.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Magic Links\u003C\u002Fstrong> (Pro) – Security shouldn’t get in your way. Magic Links allow you to log in to your WordPress site while your username is locked out by the Solid Security Local Brute Force Protection feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔍 Monitor Your Site’s Security Health\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>File Change Detection\u003C\u002Fstrong> (Basic and Pro) – Solid Security logs changes made to your website that can help detect malicious activity on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Scanner (Basic and Pro)\u003C\u002Fstrong> – Schedule checks to run four times per day (Basic) or hourly (Pro) for known vulnerabilities of WordPress core file, plugins and themes. Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Patchstack integration (Pro)\u003C\u002Fstrong> – Automated virtual patching of some vulnerabilities before you even have a chance to address them yourself, and before a plugin or theme vendor or developer can even issue a patch.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Scanner\u003C\u002Fstrong> (Pro) – Unlock Version Management to automatically apply a patch to vulnerable software detected by the Site Scan when one is available.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Logging\u003C\u002Fstrong> (Pro) – Keep a record of user activity in your WordPress security logs, including login\u002Flogout, user registration, adding\u002Fremoving plugins, switching themes, changes to posts and pages, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Version Management\u003C\u002Fstrong> (Pro) – The Version Management feature in Solid Security Pro allows you to auto-update WordPress, plugins, and themes. Beyond that, Version Management also has options to harden your website when you are running outdated software and scan for old websites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🧠 Smarter, More Actionable Vulnerability Prioritization\u003C\u002Fh4>\n\u003Cp>Not all vulnerabilities pose the same level of risk, and the traditional Common Vulnerability Scoring System (CVSS) score doesn’t always reflect the realities of running a WordPress site.\u003C\u002Fp>\n\u003Cp>Solid Security now uses the Patchstack Priority score, which goes beyond CVSS to provide a real-world risk assessment tailored to WordPress. It factors in how likely a vulnerability is to be exploited and its actual impact on your site.\u003C\u002Fp>\n\u003Cp>With Patchstack Priority, you get a clearer picture of what really matters, helping you focus on the vulnerabilities that pose the greatest risk, and worry less about noise from low-impact issues.\u003C\u002Fp>\n\u003Ch4>🛠️ Website Security Utilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enforce SSL\u003C\u002Fstrong> – Force all connections to the website to be made over SSL\u002FTLS.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Database Backups\u003C\u002Fstrong> – Create backups of your WordPress database. (Not a complete backup.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Geolocation\u003C\u002Fstrong> (Pro) – Improve Trusted Devices by connecting to an external location or mapping API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Advanced Security Tools\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Identify Server IPs\u003C\u002Fstrong> – Prevent issues caused by inadvertently locking out your server IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change User ID 1\u003C\u002Fstrong> – Change the user ID for the first WordPress user, potentially preventing attacks that assume the user with ID1 exists and is an administrator.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change Database Prefix\u003C\u002Fstrong> – Change the database prefix that WordPress uses, potentially preventing attacks that assume the database prefix is “wp_”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Check File Permission\u003C\u002Fstrong> – See the file and directory permissions of key areas of your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Config Rules\u003C\u002Fstrong> – View or flush the server security rules generated by Solid Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>wp-config.php Rules\u003C\u002Fstrong> – View or flush the wp-config.php security rules generated by Solid Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change WordPress Salts\u003C\u002Fstrong> – Secure your site after a successful attack by changing the WordPress salts used to secure cookies and security tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> – change the login URL of your site, making it harder for bots to find your login page and attack it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛟 Need Help?\u003C\u002Fh4>\n\u003Cp>Free support may be available with the community’s help in the WordPress.org support forums. Our Solid Security support team provides top-notch technical support to all our Solid Security Basic users there.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-help-center\" rel=\"nofollow ugc\">Our Help Center will help you become an iThemes Security expert.\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get additional peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with Solid Security Pro.\u003C\u002Fp>\n\u003Ch4>Recover From a Hacked Site\u003C\u002Fh4>\n\u003Cp>Solid Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of a hack or security breach. Use Solid Security to create and email database backups on a customizable schedule.\u003C\u002Fp>\n\u003Cp>For complete site backups and the ability to restore or move WordPress to a new host or domain, check out \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-basic-solid-backups\" rel=\"nofollow ugc\">Solid Backups\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Solid Central Integration\u003C\u002Fh4>\n\u003Cp>Manage more than one WordPress site? Release lockouts and keep your themes, plugins, and WordPress core up to date from one dashboard with \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-basic-solid-central\" rel=\"nofollow ugc\">Solid Central\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>*Zippia. “30 Crucial Cybersecurity Statistics [2023]: Data, Trends And More” Zippia.com. Jun. 15, 2023, https:\u002F\u002Fwww.zippia.com\u002Fadvice\u002Fcybersecurity-statistics\u002F\u003C\u002Fp>\n\u003Cp>**https:\u002F\u002Fblog.checkpoint.com\u002F2023\u002F01\u002F05\u002F38-increase-in-2022-global-cyberattacks\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Released under the terms of the GNU General Public License.\u003C\u002Fp>\n","Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.",700000,37290141,92,3981,"2026-02-25T12:43:00.000Z","6.5",[110,111,112,23,113],"brute-force-protection","malware","password-protection","two-factor-authentication","https:\u002F\u002Fsolidwp.com\u002Fproducts\u002Fsecurity","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-wp-security.9.4.6.zip",93,19,"2024-06-20 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":16,"requires_at_least":132,"requires_php":88,"tags":133,"homepage":136,"download_link":137,"security_score":138,"vuln_count":14,"unpatched_count":32,"last_vuln_date":139,"fetched_at":29},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,86,15,"2025-12-04T04:47:00.000Z","3.9",[52,134,22,135,23],"login-alert","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,"2026-02-23 00:00:00",{"attackSurface":141,"codeSignals":308,"taintFlows":364,"riskAssessment":532,"analyzedAt":542},{"hooks":142,"ajaxHandlers":287,"restRoutes":305,"shortcodes":306,"cronEvents":307,"entryPointCount":93,"unprotectedCount":93},[143,149,154,158,161,164,167,170,172,175,179,181,184,187,190,193,196,199,202,205,208,211,213,215,218,220,222,225,227,230,233,237,240,243,247,250,253,256,259,263,266,269,273,276,280,284],{"type":144,"name":145,"callback":24,"priority":146,"file":147,"line":148},"action","plugins_loaded",10,"modules\\cloudsecure-wp.php",136,{"type":150,"name":151,"callback":152,"priority":146,"file":147,"line":153},"filter","wp_php_error_args","notification",140,{"type":144,"name":145,"callback":155,"priority":156,"file":147,"line":157},"init",11,144,{"type":144,"name":159,"callback":159,"priority":32,"file":147,"line":160},"wp_login",147,{"type":144,"name":159,"callback":162,"priority":14,"file":147,"line":163},"cleanup_expired_sessions",148,{"type":144,"name":165,"callback":165,"priority":146,"file":147,"line":166},"xmlrpc_call",149,{"type":144,"name":168,"callback":168,"priority":64,"file":147,"line":169},"wp_login_failed",150,{"type":144,"name":159,"callback":152,"priority":146,"file":147,"line":171},153,{"type":150,"name":173,"callback":173,"file":147,"line":174},"shake_error_codes",157,{"type":150,"name":176,"callback":176,"priority":177,"file":147,"line":178},"authenticate",99,158,{"type":144,"name":168,"callback":168,"priority":146,"file":147,"line":180},159,{"type":144,"name":145,"callback":182,"priority":146,"file":147,"line":183},"wp_register_404",165,{"type":150,"name":185,"callback":185,"priority":146,"file":147,"line":186},"login_init",166,{"type":150,"name":188,"callback":188,"priority":146,"file":147,"line":189},"site_url",167,{"type":150,"name":191,"callback":191,"priority":146,"file":147,"line":192},"network_site_url",168,{"type":150,"name":194,"callback":194,"priority":146,"file":147,"line":195},"register",169,{"type":150,"name":197,"callback":197,"priority":146,"file":147,"line":198},"wp_redirect",170,{"type":150,"name":200,"callback":200,"priority":177,"file":147,"line":201},"auth_redirect_scheme",171,{"type":144,"name":203,"callback":203,"priority":146,"file":147,"line":204},"admin_notices",174,{"type":150,"name":206,"callback":206,"priority":146,"file":147,"line":207},"login_errors",184,{"type":144,"name":159,"callback":209,"priority":32,"file":147,"line":210},"update",189,{"type":144,"name":203,"callback":203,"priority":146,"file":147,"line":212},192,{"type":144,"name":203,"callback":203,"priority":146,"file":147,"line":214},204,{"type":150,"name":216,"callback":216,"file":147,"line":217},"xmlrpc_methods",207,{"type":144,"name":203,"callback":203,"priority":146,"file":147,"line":219},213,{"type":144,"name":155,"callback":155,"file":147,"line":221},224,{"type":150,"name":223,"callback":223,"priority":146,"file":147,"line":224},"rest_pre_dispatch",228,{"type":150,"name":173,"callback":173,"file":147,"line":226},237,{"type":150,"name":228,"callback":228,"file":147,"line":229},"login_form",240,{"type":144,"name":231,"callback":231,"priority":146,"file":147,"line":232},"wp_authenticate_user",241,{"type":144,"name":234,"callback":235,"priority":32,"file":147,"line":236},"comment_form_logged_in_after","comment_form_default_fields",245,{"type":144,"name":238,"callback":235,"file":147,"line":239},"comment_form_after_fields",246,{"type":150,"name":241,"callback":241,"file":147,"line":242},"preprocess_comment",247,{"type":144,"name":244,"callback":245,"file":147,"line":246},"wp_footer","comment_captcha_reload_script",248,{"type":150,"name":248,"callback":248,"file":147,"line":249},"lostpassword_form",252,{"type":150,"name":251,"callback":251,"priority":146,"file":147,"line":252},"allow_password_reset",253,{"type":144,"name":254,"callback":254,"file":147,"line":255},"register_form",257,{"type":144,"name":257,"callback":257,"priority":146,"file":147,"line":258},"register_post",258,{"type":150,"name":260,"callback":261,"priority":27,"file":147,"line":262},"sanitize_user","restore_login_name",271,{"type":150,"name":176,"callback":264,"priority":27,"file":147,"line":265},"restore_login_session",272,{"type":150,"name":176,"callback":267,"priority":13,"file":147,"line":268},"two_factor_disable_login_check",273,{"type":150,"name":176,"callback":270,"priority":271,"file":147,"line":272},"authenticate_with_two_factor",101,274,{"type":144,"name":159,"callback":274,"priority":146,"file":147,"line":275},"redirect_if_not_two_factor_authentication_registered",275,{"type":150,"name":277,"callback":278,"file":147,"line":279},"manage_users_columns","add_2factor_state_2user_list",279,{"type":144,"name":281,"callback":282,"priority":146,"file":147,"line":283},"manage_users_custom_column","show_2factor_state_2user_list",280,{"type":144,"name":285,"callback":285,"file":147,"line":286},"admin_menu",291,[288,293,297,301],{"action":289,"nopriv":290,"callback":291,"hasNonce":290,"hasCapCheck":290,"file":147,"line":292},"cloudsecurewp_generate_key",false,"ajax_generate_key",264,{"action":294,"nopriv":290,"callback":295,"hasNonce":290,"hasCapCheck":290,"file":147,"line":296},"cloudsecurewp_generate_key_and_send_email","ajax_generate_key_and_send_email",265,{"action":298,"nopriv":290,"callback":299,"hasNonce":290,"hasCapCheck":290,"file":147,"line":300},"cloudsecurewp_verify_auth_code","ajax_verify_auth_code",266,{"action":302,"nopriv":290,"callback":303,"hasNonce":290,"hasCapCheck":290,"file":147,"line":304},"cloudsecurewp_generate_recovery_codes","ajax_generate_recovery_codes",267,[],[],[],{"dangerousFunctions":309,"sqlUsage":318,"outputEscaping":350,"fileOperations":346,"externalRequests":32,"nonceChecks":362,"capabilityChecks":93,"bundledLibraries":363},[310,315],{"fn":311,"file":312,"line":313,"context":314},"unserialize","modules\\waf-engine.php",944,"$post_content = unserialize( $result->post_content, [ 'allowed_classes' => false ] );",{"fn":311,"file":312,"line":316,"context":317},971,"$cptui_data = unserialize( $cptui_data, [ 'allowed_classes' => false ] );",{"prepared":319,"raw":320,"locations":321},80,14,[322,325,327,329,331,333,334,337,338,341,343,345,347,349],{"file":323,"line":169,"context":324},"modules\\disable-login.php","$wpdb->get_var() with variable interpolation",{"file":326,"line":252,"context":324},"modules\\login-log.php",{"file":328,"line":105,"context":324},"modules\\server-error-notification.php",{"file":328,"line":330,"context":324},227,{"file":332,"line":201,"context":324},"modules\\waf.php",{"file":332,"line":292,"context":324},{"file":335,"line":320,"context":336},"uninstall.php","$wpdb->get_results() with variable interpolation",{"file":335,"line":64,"context":336},{"file":335,"line":339,"context":340},25,"$wpdb->query() with variable interpolation",{"file":335,"line":342,"context":340},26,{"file":335,"line":344,"context":340},27,{"file":335,"line":346,"context":340},28,{"file":335,"line":348,"context":340},29,{"file":335,"line":33,"context":340},{"escaped":351,"rawEcho":352,"locations":353},485,3,[354,358,361],{"file":355,"line":356,"context":357},"modules\\admin\\two-factor-authentication.php",114,"raw output",{"file":359,"line":360,"context":357},"modules\\common.php",173,{"file":359,"line":204,"context":357},21,[],[365,390,400,413,421,437,445,455,463,476,489],{"entryPoint":366,"graph":367,"unsanitizedCount":32,"severity":389},"check_captcha (modules\\captcha.php:280)",{"nodes":368,"edges":386},[369,375,379],{"id":370,"type":371,"label":372,"file":373,"line":374},"n0","source","$_POST[?]","modules\\captcha.php",282,{"id":376,"type":377,"label":378,"file":373,"line":374},"n1","transform","→ check()",{"id":380,"type":381,"label":382,"file":383,"line":384,"wp_function":385},"n2","sink","file_get_contents() [SSRF\u002FLFI]","really-simple-captcha\\really-simple-captcha.php",236,"file_get_contents",[387,388],{"from":370,"to":376,"sanitized":290},{"from":376,"to":380,"sanitized":290},"medium",{"entryPoint":391,"graph":392,"unsanitizedCount":32,"severity":389},"\u003Ccaptcha> (modules\\captcha.php:0)",{"nodes":393,"edges":397},[394,395,396],{"id":370,"type":371,"label":372,"file":373,"line":374},{"id":376,"type":377,"label":378,"file":373,"line":374},{"id":380,"type":381,"label":382,"file":383,"line":384,"wp_function":385},[398,399],{"from":370,"to":376,"sanitized":290},{"from":376,"to":380,"sanitized":290},{"entryPoint":401,"graph":402,"unsanitizedCount":32,"severity":389},"login_init (modules\\rename-login-page.php:184)",{"nodes":403,"edges":411},[404,408],{"id":370,"type":371,"label":405,"file":406,"line":407},"$_SERVER","modules\\rename-login-page.php",185,{"id":376,"type":381,"label":409,"file":406,"line":410,"wp_function":197},"wp_redirect() [Open Redirect]",188,[412],{"from":370,"to":376,"sanitized":290},{"entryPoint":414,"graph":415,"unsanitizedCount":32,"severity":389},"\u003Crename-login-page> (modules\\rename-login-page.php:0)",{"nodes":416,"edges":419},[417,418],{"id":370,"type":371,"label":405,"file":406,"line":407},{"id":376,"type":381,"label":409,"file":406,"line":410,"wp_function":197},[420],{"from":370,"to":376,"sanitized":290},{"entryPoint":422,"graph":423,"unsanitizedCount":27,"severity":436},"prepare_view_data (modules\\admin\\server-error-notification.php:20)",{"nodes":424,"edges":433},[425,429],{"id":370,"type":371,"label":426,"file":427,"line":428},"$_POST","modules\\admin\\server-error-notification.php",48,{"id":376,"type":381,"label":430,"file":427,"line":431,"wp_function":432},"update_option() [Settings Manipulation]",49,"update_option",[434],{"from":370,"to":376,"sanitized":435},true,"low",{"entryPoint":438,"graph":439,"unsanitizedCount":27,"severity":436},"\u003Cserver-error-notification> (modules\\admin\\server-error-notification.php:0)",{"nodes":440,"edges":443},[441,442],{"id":370,"type":371,"label":426,"file":427,"line":428},{"id":376,"type":381,"label":430,"file":427,"line":431,"wp_function":432},[444],{"from":370,"to":376,"sanitized":435},{"entryPoint":446,"graph":447,"unsanitizedCount":27,"severity":436},"prepare_view_data (modules\\admin\\two-factor-authentication.php:20)",{"nodes":448,"edges":453},[449,451],{"id":370,"type":371,"label":426,"file":355,"line":450},43,{"id":376,"type":381,"label":430,"file":355,"line":452,"wp_function":432},44,[454],{"from":370,"to":376,"sanitized":435},{"entryPoint":456,"graph":457,"unsanitizedCount":27,"severity":436},"\u003Ctwo-factor-authentication> (modules\\admin\\two-factor-authentication.php:0)",{"nodes":458,"edges":461},[459,460],{"id":370,"type":371,"label":426,"file":355,"line":450},{"id":376,"type":381,"label":430,"file":355,"line":452,"wp_function":432},[462],{"from":370,"to":376,"sanitized":435},{"entryPoint":464,"graph":465,"unsanitizedCount":27,"severity":436},"login_form (modules\\two-factor-authentication.php:232)",{"nodes":466,"edges":474},[467,471],{"id":370,"type":371,"label":468,"file":469,"line":470},"$_REQUEST['redirect_to']","modules\\two-factor-authentication.php",243,{"id":376,"type":381,"label":472,"file":469,"line":470,"wp_function":473},"echo() [XSS]","echo",[475],{"from":370,"to":376,"sanitized":435},{"entryPoint":477,"graph":478,"unsanitizedCount":32,"severity":436},"authenticate_with_two_factor (modules\\two-factor-authentication.php:818)",{"nodes":479,"edges":486},[480,482,484],{"id":370,"type":371,"label":426,"file":469,"line":481},865,{"id":376,"type":377,"label":483,"file":469,"line":481},"→ set_option_data()",{"id":380,"type":381,"label":430,"file":469,"line":485,"wp_function":432},491,[487,488],{"from":370,"to":376,"sanitized":290},{"from":376,"to":380,"sanitized":290},{"entryPoint":490,"graph":491,"unsanitizedCount":93,"severity":531},"\u003Ctwo-factor-authentication> (modules\\two-factor-authentication.php:0)",{"nodes":492,"edges":523},[493,494,495,497,500,505,508,510,512,515,518],{"id":370,"type":371,"label":468,"file":469,"line":470},{"id":376,"type":381,"label":472,"file":469,"line":470,"wp_function":473},{"id":380,"type":371,"label":426,"file":469,"line":496},832,{"id":498,"type":377,"label":499,"file":469,"line":496},"n3","→ get_2fa_auth_info()",{"id":501,"type":381,"label":502,"file":469,"line":503,"wp_function":504},"n4","get_row() [SQLi]",1240,"get_row",{"id":506,"type":371,"label":507,"file":469,"line":481},"n5","$_POST (x2)",{"id":509,"type":377,"label":483,"file":469,"line":481},"n6",{"id":511,"type":381,"label":430,"file":469,"line":485,"wp_function":432},"n7",{"id":513,"type":371,"label":426,"file":469,"line":514},"n8",1138,{"id":516,"type":377,"label":517,"file":469,"line":514},"n9","→ delete_options()",{"id":519,"type":381,"label":520,"file":469,"line":521,"wp_function":522},"n10","query() [SQLi]",1082,"query",[524,525,526,527,528,529,530],{"from":370,"to":376,"sanitized":435},{"from":380,"to":498,"sanitized":290},{"from":498,"to":501,"sanitized":290},{"from":506,"to":509,"sanitized":290},{"from":509,"to":511,"sanitized":290},{"from":513,"to":516,"sanitized":290},{"from":516,"to":519,"sanitized":290},"high",{"summary":533,"deductions":534},"The cloudsecure-wp-security plugin v1.4.5 presents a mixed security posture. On the positive side, it demonstrates strong practices in output escaping, with nearly all outputs being properly handled. The vast majority of SQL queries also utilize prepared statements, and a reasonable number of nonce and capability checks are present.  However, there are significant areas of concern. The plugin exposes four AJAX handlers, all of which lack authentication checks, creating a substantial attack surface for unauthorized actions.  Furthermore, the presence of the `unserialize` function, even if only used twice, carries inherent risks if not carefully managed with input validation, especially when dealing with potentially untrusted data. The taint analysis also revealed one high-severity flow with unsanitized paths, indicating a potential for malicious input to be used in a dangerous way, despite the overall low number of analyzed flows. The plugin's vulnerability history is clean, which is a positive sign of generally good development, but it does not negate the immediate risks identified in the static and taint analysis.",[535,537,540],{"reason":536,"points":146},"AJAX handlers without authentication checks",{"reason":538,"points":539},"Use of unserialize function",8,{"reason":541,"points":66},"High severity taint flow with unsanitized paths","2026-03-16T17:07:16.278Z",{"wat":544,"direct":555},{"assetPaths":545,"generatorPatterns":549,"scriptPaths":550,"versionParams":551},[546,547,548],"\u002Fwp-content\u002Fplugins\u002Fcloudsecure-wp-security\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcloudsecure-wp-security\u002Fassets\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fcloudsecure-wp-security\u002Freally-simple-captcha\u002Freally-simple-captcha.js",[],[548],[552,553,554],"cloudsecure-wp-security\u002Fassets\u002Fcss\u002Fmain.css?ver=","cloudsecure-wp-security\u002Fassets\u002Fjs\u002Fmain.js?ver=","cloudsecure-wp-security\u002Freally-simple-captcha\u002Freally-simple-captcha.js?ver=",{"cssClasses":556,"htmlComments":560,"htmlAttributes":590,"restEndpoints":592,"jsGlobals":593,"shortcodeOutput":595},[557,558,559],"cs-wp-security-form-group","cs-wp-security-form-control","cs-wp-security-button",[561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,581,587,580,588,589],"Really Simple CAPTCHA.","Class names are changed to avoid duplication.","The class name has been changed from ReallySimpleCaptcha to CloudSecureWP_ReallySimpleCaptcha.","Characters available in images","Length of a word in an image","Array of fonts. Randomly picked up per character","Directory temporary keeping CAPTCHA images and corresponding text files","Array of CAPTCHA image size. Width and height","Background color of CAPTCHA image. RGB color 0-255","Foreground (character) color of CAPTCHA image. RGB color 0-255","Coordinates for a text in an image. I don't know the meaning. Just adjust.","Font size","Width of a character","Image type. 'png', 'gif' or 'jpeg'","Mode of temporary image files","Mode of temporary answer text files","Generate and return a random word.","Random word with $chars characters x $char_length length","Generate CAPTCHA image and corresponding answer file.","File prefix used for both files","Random word generated by generate_random_word()","The file name of the CAPTCHA image. Return false if temp directory is not available.","ドットノイズの追加","ラインノイズの追加","Generate answer file corresponding to CAPTCHA image.","File prefix used for answer file","Check a response against the code kept in the temporary file.","CAPTCHA response","Whether to remove temporary file",[591],"data-cs-wp-security-id",[],[594],"CloudSecureWP_ReallySimpleCaptcha",[]]