[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fM_M0WBCb0dDYXB07MwcSfT4AK0xSdM0uc2bKQ8gEYWw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":9,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":134,"fingerprints":220},"comment-url-control","Comment URL Control","0.5","Erunafailaro","https:\u002F\u002Fprofiles.wordpress.org\u002Ferunafailaro\u002F","","This plugin will allow you to remove an unwanted author-URI entered by a commenter with one single click of your mouse.",10,2832,0,"2008-01-02T17:19:00.000Z","2.3.2","2.3",[18,19,20,21],"comment","moderation","spam","trackback","http:\u002F\u002Fwww.weinschenker.name\u002Fcomment_url_control","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-url-control.0.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"erunafailaro",5,240,30,84,"2026-04-03T20:05:27.613Z",[36,59,81,99,116],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":9,"tags":51,"homepage":57,"download_link":58,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-referrer-spam-blacklist","WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google\u002FMatomo) Analytics)","1.3.0","Umbrovskis.com","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandinsh\u002F","\u003Cp>List of spammers in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-referrer-spam-blacklist\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No need for configuration! Plugin in background redirects referral spammer to blank page ( about:blank ). Redirect link can be altered via filter \u003Ccode>wp_referralblock_redirect_uri\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>NO auto update, as we see that as possible as security hole. We do not wan’t Your site to get hacked.\u003C\u002Fp>\n\u003Cp>Plugin is for sites that can’t edit their \u003Ccode>.htaccess\u003C\u002Fcode> or configure NGINX or Apache servers.\u003C\u002Fp>\n\u003Cp>Via \u003Ca href=\"http:\u002F\u002Fgo.mediabox.lv\u002F1LbSuKq\" rel=\"nofollow ugc\">my LinkedIN post\u003C\u002Fa>: Few months ago I started to collect referral spam pages in private file un bitbucket.org. Problem was that I did not know all spammers. Then, few weeks ago, I found that Matomo (Open source analytics) started their own “project”, and they did the same thing I did – collected referral spam sites to block them from Your website.\u003C\u002Fp>\n\u003Cp>On my own server I do that at server level, but some of my clients have hosting, where You can not edit server settings. This week I came up with another solution – WordPress plugin “WP referrer spam blacklist”. I will update list every week from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmatomo-org\u002Freferrer-spam-blacklist\" rel=\"nofollow ugc\">Matomo’s community-contributed list of spammers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If You have WordPress site and no knowledge about or access to server settings, I made that for You!\u003C\u002Fp>\n\u003Cp>From \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FReferer_spam\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Referrer spam (also known as log spam or referrer \nbombing) is a kind of spamdexing (spamming aimed \nat search engines). The technique involves making \nrepeated web site requests using a fake referer URL \nto the site the spammer wishes to advertise. Sites that \npublish their access logs, including referer statistics, \nwill then inadvertently link back to the spammer's site. \nThese links will be indexed by search engines \nas they crawl the access logs. \n\nThis benefits the spammer because the free link improves \nthe spammer site's search engine ranking owing \nto link-counting algorithms that search engines use.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Other plugins by author: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fitempropwp\u002F\" rel=\"ugc\">itemprop WP for SERP\u002FSEO Rich snippets\u003C\u002Fa> – Add schema.org itemprop code to the (custom) post content for search engines and bots for better SERP results\u003C\u002Fp>\n","WordPress plugin to fight with 2040+ referrer spammers (like semalt, buttons-for-website and many more).",700,19667,86,3,"2020-12-27T20:57:00.000Z","5.6.17","4.0",[52,53,54,55,56],"anti-spam","antispam","comment-moderation","comment-spam","referral-spam","https:\u002F\u002Fsimplemediacode.com\u002F?utm_source=WPplugin%3Awp-referrer-spam-blacklist&utm_medium=wordpressplugin&utm_campaign=FreeWordPressPlugins&utm_content=v-1.2.201801281","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-referrer-spam-blacklist.1.3.0.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"hide-trackbacks","Hide Trackbacks","1.1.7","Sander van Dragt","https:\u002F\u002Fprofiles.wordpress.org\u002Fpacifika\u002F","\u003Cp>Introducing \u003Cem>Hide Trackbacks\u003C\u002Fem> – keep the benefits of track- and pingbacks (know when someone writes about posts) while keeping the comments clean and uncluttered.\u003C\u002Fp>\n\u003Cp>After enabling the plugin, trackbacks and pingbacks are no longer shown on your posts and the comment count is updated correctly to reflect this. They remain accessible via the admin panel.\u003C\u002Fp>\n\u003Cp>Original code created by  \u003Ca href=\"http:\u002F\u002Fwww.honeytechblog.com\u002Fhow-to-remove-tracbacks-and-pings-from-wordpress-posts\u002F\" rel=\"nofollow ugc\">Honey Singh\u003C\u002Fa> (used with permission of the author).\u003C\u002Fp>\n","Prevents trackbacks and pingbacks from showing up as comments on posts.",400,17591,94,6,"2025-12-07T10:00:00.000Z","6.9.4","5.8","7.0",[76,77,20,21],"comments","pingback","http:\u002F\u002Fwp.me\u002Fp1vXha-4u","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-trackbacks.1.1.7.zip",100,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":30,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":9,"tags":95,"homepage":97,"download_link":98,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"auto-approve-comments","Auto Approve Comments","2.8","Federico Andrioli","https:\u002F\u002Fprofiles.wordpress.org\u002Ffedeandri\u002F","\u003Cp>Auto approve comments by Commenter (email, name, url), User and Role (Akismet and wpDiscuz compatible).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Open Comments -> Auto Approve Comments\u003C\u002Fli>\n\u003Cli>Go to Settings -> Discussion and check “Comment must be manually approved” \u003C\u002Fli>\n\u003Cli>Optionally install and activate Akismet (comments flagged as SPAM will never get auto approved) \u003C\u002Fli>\n\u003Cli>Configure your auto approval filters in “Commenters”, “Users” and “Roles”\u003C\u002Fli>\n\u003Cli>Save and you’re done\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>From now on all the comments that match at least one of the configurations in “Commenters”, “Users” or “Roles” will always be auto approved.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Commenters – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Commenter per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>tom@myface.com\ntom@myface.com,Tom\ntom@myface.com,www.myface.com\ntom@myface.com,www.myface.com,Tom\ntom@myface.com,Tom,www.myface.com\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Users – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Username per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>steveknobs76\njeffmezos012\nlarrymage98\nmarktuckerberg2004\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Roles – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Role per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>contributor\neditor\nyourcustomrole\nsubscriber\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Developers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Official Github repository:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Ffedeandri\u002Fauto-approve-comments\u003C\u002Fp>\n","Auto approve comments by Commenter (email, name, url), User and Role (Akismet and wpDiscuz compatible)",200,9999,64,"2021-06-15T12:24:00.000Z","5.8.13","3.8",[52,96,76,19],"auto-approve","https:\u002F\u002Fgithub.com\u002Ffedeandri\u002Fauto-approve-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-approve-comments.2.8.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":32,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":108,"tested_up_to":72,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"ai-comment-guard","AI Comment Guard","1.2.4","Tudor Constantin","https:\u002F\u002Fprofiles.wordpress.org\u002Ftud0r\u002F","\u003Cp>\u003Cstrong>AI Comment Guard\u003C\u002Fstrong> is a powerful WordPress plugin that uses artificial intelligence to automatically moderate comments on your website. Say goodbye to spam and inappropriate content with intelligent, customizable AI analysis.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🤖 \u003Cstrong>Multiple AI Provider Support\u003C\u002Fstrong>: Choose from OpenAI (GPT-4\u002FGPT-3.5), Anthropic (Claude), or OpenRouter\u003C\u002Fli>\n\u003Cli>⚡ \u003Cstrong>Automatic Comment Processing\u003C\u002Fstrong>: Instantly analyze and moderate comments as they’re submitted\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>Smart Classification\u003C\u002Fstrong>: Automatically approve, reject, hold, or mark comments as spam\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Confidence Thresholds\u003C\u002Fstrong>: Set custom confidence levels for different actions\u003C\u002Fli>\n\u003Cli>📝 \u003Cstrong>Customizable AI Prompts\u003C\u002Fstrong>: Tailor the AI’s behavior to your specific needs\u003C\u002Fli>\n\u003Cli>📈 \u003Cstrong>Comprehensive Logging\u003C\u002Fstrong>: Track all AI decisions with detailed logs and statistics\u003C\u002Fli>\n\u003Cli>🔒 \u003Cstrong>Secure API Integration\u003C\u002Fstrong>: Your API keys are stored securely\u003C\u002Fli>\n\u003Cli>🌍 \u003Cstrong>Internationalization Ready\u003C\u002Fstrong>: Fully translatable to any language\u003C\u002Fli>\n\u003Cli>⚙️ \u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with intuitive admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Configure Your AI Provider\u003C\u002Fstrong>: Add your API key from OpenAI, Anthropic, or OpenRouter\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set Your Preferences\u003C\u002Fstrong>: Customize thresholds and prompts to match your moderation style\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Let AI Do the Work\u003C\u002Fstrong>: Comments are automatically analyzed and actioned based on your settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review and Refine\u003C\u002Fstrong>: Monitor performance through detailed logs and adjust settings as needed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers\u003C\u002Fstrong> who want to maintain quality discussions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Business Websites\u003C\u002Fstrong> needing professional comment moderation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Traffic Sites\u003C\u002Fstrong> requiring automated spam protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Platforms\u003C\u002Fstrong> wanting consistent moderation standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>International Sites\u003C\u002Fstrong> needing multilingual comment analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy & Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>API keys are stored securely in your WordPress database\u003C\u002Fli>\n\u003Cli>No comment data is stored on third-party servers beyond AI processing\u003C\u002Fli>\n\u003Cli>GDPR compliant with optional logging that can be disabled\u003C\u002Fli>\n\u003Cli>All communications with AI providers use secure HTTPS connections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service in order to analyze and moderate comments using artificial intelligence.\u003Cbr \u002F>\nYou can choose one of the following providers in the plugin settings:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>OpenAI API\u003C\u002Fstrong> (https:\u002F\u002Fopenai.com\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to generate text analysis and classify comments.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content (text) and moderation instructions.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted on your site and OpenAI is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To OpenAI servers (https:\u002F\u002Fapi.openai.com\u002Fv1\u002Fchat\u002Fcompletions).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anthropic API\u003C\u002Fstrong> (https:\u002F\u002Fwww.anthropic.com\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to analyze and classify comments through the Claude model.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content and analysis context.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted and Anthropic is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To Anthropic servers (https:\u002F\u002Fapi.anthropic.com\u002Fv1\u002Fmessages).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fconsumer-terms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>OpenRouter API\u003C\u002Fstrong> (https:\u002F\u002Fopenrouter.ai\u002F)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Routes requests to multiple AI models for comment analysis.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The comment content and parameters required for processing.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Each time a comment is submitted and OpenRouter is selected as the provider.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Where data is sent:\u003C\u002Fstrong> To OpenRouter servers (https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\u002Fchat\u002Fcompletions).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Policies:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fterms\" rel=\"nofollow ugc\">Terms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fopenrouter.ai\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An API key from OpenAI, Anthropic, or OpenRouter\u003C\u002Fli>\n\u003Cli>SSL certificate recommended for secure API communications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support, feature requests, or bug reports, please visit:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Ftudor-eusebiu-constantin\u002F\" rel=\"nofollow ugc\">LinkedIn Profile\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftudor-constantin\u002Fai-comment-guard\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>We welcome contributions! If you’d like to contribute to the development of AI Comment Guard:\u003Cbr \u002F>\n* Report bugs or suggest features through the support forum\u003Cbr \u002F>\n* Submit pull requests on GitHub\u003Cbr \u002F>\n* Help translate the plugin to your language\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developed by Tudor Constantin\u003C\u002Fli>\n\u003Cli>Thanks to the WordPress community for feedback and support\u003C\u002Fli>\n\u003Cli>Icons and graphics from WordPress Dashicons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>AI Comment Guard is licensed under the GPL v2 or later.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n","Protect your WordPress site from spam with AI-powered comment moderation. Supports OpenAI, Anthropic, and OpenRouter providers.",471,"2025-12-09T17:13:00.000Z","5.0","7.2",[112,113,76,19,20],"ai","artificial-intelligence","https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Ftudor-eusebiu-constantin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-comment-guard.1.2.4.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":13,"num_ratings":13,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":121,"download_link":133,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"ghost-comment-manager","Ghost Comment Manager","0.1.5","devfluxr","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevfluxr\u002F","\u003Cp>Ghost Comment Manager is designed to reduce the time you spend moderating comments. Instead of re-approving the same people over and over, you mark a person as Trusted one time. From then on:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Their new comments publish immediately.\u003C\u002Fli>\n\u003Cli>A subtle “ghost” indicator is shown to moderators only so you can spot and confirm at your convenience.\u003C\u002Fli>\n\u003Cli>Visitors see a normal comment; nothing changes on the public site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Alongside this workflow improvement, the plugin includes a lightweight Shield that blocks common spam patterns without external services. A simple dashboard gives you live counts and a clear picture of what is happening.\u003C\u002Fp>\n\u003Cp>This plugin focuses on workflow, clarity, and speed. It plays nicely with Akismet or Antispam Bee if you already use them.\u003C\u002Fp>\n\u003Ch3>Why use this plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Save time: stop re-approving loyal commenters.\u003C\u002Fli>\n\u003Cli>Stay safe: every trusted comment is highlighted to moderators until confirmed.\u003C\u002Fli>\n\u003Cli>Cut spam: built-in Shield blocks common abusive behavior before it reaches your queue.\u003C\u002Fli>\n\u003Cli>See everything: a simple dashboard with trusted totals and block reasons.\u003C\u002Fli>\n\u003Cli>Keep control: bulk trust\u002Funtrust, user-profile control, and comment-screen filters.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>Core workflow\u003Cbr \u002F>\n– Trust \u002F Untrust a user from the Comments list.\u003Cbr \u002F>\n– Auto-trust after X approved comments (configurable).\u003Cbr \u002F>\n– Ghosted auto-publish for trusted users (mod-only highlight until confirmed).\u003Cbr \u002F>\n– One-click Confirm to remove the ghost indicator.\u003Cbr \u002F>\n– Role exclusions so specific roles (for example Editors) publish normally without ghosting.\u003Cbr \u002F>\n– Custom ghost indicator icon and background color.\u003C\u002Fp>\n\u003Cp>Shield Lite (no external API)\u003Cbr \u002F>\n– Honeypot field that bots tend to fill.\u003Cbr \u002F>\n– Minimum submit time to stop instant bot posts.\u003Cbr \u002F>\n– Rate limits per IP (per minute and per hour).\u003Cbr \u002F>\n– Maximum links per comment.\u003Cbr \u002F>\n– Keyword and regular expression blocklist.\u003Cbr \u002F>\n– Auto-close comments on old posts after X days.\u003Cbr \u002F>\n– Minimum and maximum comment length.\u003Cbr \u002F>\n– Duplicate comment protection within a time window.\u003C\u002Fp>\n\u003Cp>Moderation UX\u003Cbr \u002F>\n– Comment-screen filters:\u003Cbr \u002F>\n  – Pending (New Users): only untrusted comments awaiting approval.\u003Cbr \u002F>\n  – Ghost (Trusted): approved comments still awaiting moderator confirmation.\u003Cbr \u002F>\n– Bulk actions: Trust or Untrust the user associated with selected comments.\u003Cbr \u002F>\n– Trust from the User Profile screen (checkbox).\u003C\u002Fp>\n\u003Cp>UI and Dashboard\u003Cbr \u002F>\n– Colorful dashboard cards for trusted users, ghost-pending count, and totals.\u003Cbr \u002F>\n– Shield Lite “blocks by reason” table.\u003Cbr \u002F>\n– Clean and organized settings pages.\u003Cbr \u002F>\n– “Pro Features” preview tab (coming soon items).\u003C\u002Fp>\n\u003Cp>Integrations and compatibility\u003Cbr \u002F>\n– Respects Akismet \u002F Antispam Bee: if a comment is flagged as spam, this plugin does not ghost-mark or auto-approve it.\u003Cbr \u002F>\n– Works with block themes and classic themes.\u003Cbr \u002F>\n– Multisite compatible on a per-site basis.\u003C\u002Fp>\n\u003Ch3>How it works (non-technical)\u003C\u002Fh3>\n\u003Ch3>🧠 Approve vs Trust\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Approve\u003C\u002Fstrong> = you approve \u003Cstrong>one\u003C\u002Fstrong> comment only.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trust\u003C\u002Fstrong> = you approve the \u003Cstrong>person\u003C\u002Fstrong>.\u003Cbr \u002F>\nOnce a user is trusted, their future comments are \u003Cstrong>published instantly\u003C\u002Fstrong> (no moderation wait).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Example:\u003C\u002Fstrong> You approve Sarah’s first few comments. After that, she’s trusted — her next comments appear immediately.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>👻 Ghost indicator (moderator-only)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Trusted users’ comments publish instantly \u003Cstrong>but can be optionally “ghosted”\u003C\u002Fstrong> (hidden from public) depending on your settings.  \u003C\u002Fli>\n\u003Cli>If ghosting applies:\n\u003Cul>\n\u003Cli>\u003Cstrong>Public visitors\u003C\u002Fstrong> do \u003Cstrong>not\u003C\u002Fstrong> see ghosted comments yet.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Moderators\u003C\u002Fstrong> see them with a ghost icon 👻 or colored background.  \u003C\u002Fli>\n\u003Cli>When you click \u003Cstrong>“Confirm (remove ghost)”\u003C\u002Fstrong>, the comment becomes visible to everyone.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Example:\u003C\u002Fstrong>\u003Cbr \u002F>\nJohn is a trusted user. His comment posts immediately but shows a ghost icon only moderators see.\u003Cbr \u002F>\nYou review and click \u003Cstrong>Confirm\u003C\u002Fstrong> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> it’s now public and the ghost mark disappears.\u003C\u002Fp>\n\u003Cp>If the user’s role is excluded in settings (for example, “Subscriber”), their comments publish \u003Cstrong>publicly right away\u003C\u002Fstrong> with \u003Cstrong>no ghost step\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>⚙️ Auto-trust threshold\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>In \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Ghost Comment Manager \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General\u003C\u002Fstrong>, set \u003Cstrong>Auto-trust after X approvals\u003C\u002Fstrong>.\u003Cbr \u002F>\n\u003Cstrong>Example:\u003C\u002Fstrong> set it to \u003Cstrong>3\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When any commenter reaches \u003Cstrong>3 approved comments\u003C\u002Fstrong>, the plugin automatically trusts them.  \u003C\u002Fli>\n\u003Cli>Their future comments post instantly without waiting for moderation.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Changing this number later affects \u003Cstrong>new users only\u003C\u002Fstrong>; existing trusted users stay trusted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔐 Role exclusions (no ghosting)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Choose which roles should \u003Cstrong>never\u003C\u002Fstrong> be ghosted.\u003Cbr \u002F>\n\u003Cstrong>Example:\u003C\u002Fstrong> check \u003Cstrong>Administrator\u003C\u002Fstrong> and \u003Cstrong>Editor\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comments by these roles will always publish normally — no ghosting, no confirmation step.  \u003C\u002Fli>\n\u003Cli>This ensures your staff or editors aren’t delayed or hidden from public view.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Shield Lite (Spam \u002F Abuse Guard)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works quietly in the background to stop obvious spam before it reaches your moderation queue.  \u003C\u002Fli>\n\u003Cli>Uses:\n\u003Cul>\n\u003Cli>\u003Cstrong>Honeypot field\u003C\u002Fstrong> to trap bots  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum submit time\u003C\u002Fstrong> (prevents instant spam posts)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate limits\u003C\u002Fstrong>, \u003Cstrong>link limits\u003C\u002Fstrong>, and \u003Cstrong>keyword blocklist\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The default settings are safe and balanced.\u003Cbr \u002F>\nYou can fine-tune them anytime to match your community’s needs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Step-by-step setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Open Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General:\n\u003Cul>\n\u003Cli>Set “Auto-trust after X approvals” (0 disables auto-trust).\u003C\u002Fli>\n\u003Cli>Choose any roles to exclude from ghosting.\u003C\u002Fli>\n\u003Cli>Pick an icon and background color for the moderator-only ghost indicator.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Open Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite:\n\u003Cul>\n\u003Cli>Keep Honeypot on.\u003C\u002Fli>\n\u003Cli>Set Minimum submit time (3–5 seconds is typical).\u003C\u002Fli>\n\u003Cli>Set rate limits (for example 6 per minute and 60 per hour).\u003C\u002Fli>\n\u003Cli>Set the maximum number of links (for example 2).\u003C\u002Fli>\n\u003Cli>Add any keywords or regular expressions to block.\u003C\u002Fli>\n\u003Cli>Optionally auto-close comments on posts older than X days.\u003C\u002Fli>\n\u003Cli>Adjust minimum\u002Fmaximum length and duplicate time window to taste.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Start using it:\n\u003Cul>\n\u003Cli>In Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Comments, click “Trust User” on a real commenter.\u003C\u002Fli>\n\u003Cli>Their next comments auto-publish with a moderator-only ghost indicator.\u003C\u002Fli>\n\u003Cli>Click Confirm to remove the indicator when you’re ready.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Using each feature\u003C\u002Fh3>\n\u003Cp>Trust \u002F Untrust from Comments\u003Cbr \u002F>\n– Where: Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Comments (hover a row).\u003Cbr \u002F>\n– Action: click “Trust User” or “Untrust User”.\u003Cbr \u002F>\n– Result: future comments from that user auto-publish (if trusted) and are ghost-flagged for moderators.\u003C\u002Fp>\n\u003Cp>Auto-trust after X approvals\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General.\u003Cbr \u002F>\n– Action: set a number of approved comments required (0 disables).\u003Cbr \u002F>\n– Result: users become trusted automatically when they reach the threshold.\u003C\u002Fp>\n\u003Cp>Confirm (remove ghost)\u003Cbr \u002F>\n– Where: Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Comments on the trusted comment row.\u003Cbr \u002F>\n– Action: click “Confirm (remove ghost)”.\u003Cbr \u002F>\n– Result: the moderator-only highlight disappears; the comment remains published.\u003C\u002Fp>\n\u003Cp>Role exclusions\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General.\u003Cbr \u002F>\n– Action: check roles that should not be ghosted.\u003Cbr \u002F>\n– Result: users with those roles publish normally without a ghost indicator.\u003C\u002Fp>\n\u003Cp>Ghost indicator style\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> General.\u003Cbr \u002F>\n– Action: set icon and color.\u003Cbr \u002F>\n– Result: the moderator-only highlight uses your chosen style.\u003C\u002Fp>\n\u003Cp>Shield Lite: Honeypot\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: keep “Honeypot” enabled.\u003Cbr \u002F>\n– Result: bots that fill the hidden field are blocked immediately.\u003C\u002Fp>\n\u003Cp>Shield Lite: Minimum submit time\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: set a minimum number of seconds (0 disables).\u003Cbr \u002F>\n– Result: submissions that happen too quickly are blocked.\u003C\u002Fp>\n\u003Cp>Shield Lite: Rate limits\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: set per-minute and per-hour limits (0 disables).\u003Cbr \u002F>\n– Result: repeated posting from the same IP is throttled.\u003C\u002Fp>\n\u003Cp>Shield Lite: Maximum links\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: set the link limit (0 means no limit).\u003Cbr \u002F>\n– Result: comments with too many links are blocked.\u003C\u002Fp>\n\u003Cp>Shield Lite: Keyword \u002F regex blocklist\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: enter one rule per line; plain words match case-insensitive; regular expressions in \u002Fpattern\u002F or \u002Fpattern\u002Fi form are supported.\u003Cbr \u002F>\n– Result: comments matching a rule are blocked.\u003C\u002Fp>\n\u003Cp>Shield Lite: Auto-close old posts\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: set days after which comments are closed (0 disables).\u003Cbr \u002F>\n– Result: new comments are blocked on very old posts.\u003C\u002Fp>\n\u003Cp>Shield Lite: Min \u002F Max length and Duplicate window\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Shield Lite.\u003Cbr \u002F>\n– Action: set minimum and maximum characters, and a duplicate-detection window in seconds (0 disables).\u003Cbr \u002F>\n– Result: very short, very long, or repeated comments are blocked.\u003C\u002Fp>\n\u003Cp>Filters on the Comments screen\u003Cbr \u002F>\n– Where: Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Comments.\u003Cbr \u002F>\n– Action: use the “GCM View” dropdown or the additional status links.\u003Cbr \u002F>\n– Result: see either Pending (New Users) or Ghost (Trusted) items instantly.\u003C\u002Fp>\n\u003Cp>Bulk actions: Trust \u002F Untrust\u003Cbr \u002F>\n– Where: Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Comments.\u003Cbr \u002F>\n– Action: select multiple comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> choose “Trust user of selected comments” or “Untrust user of selected comments” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Apply.\u003Cbr \u002F>\n– Result: users associated with those comments are updated in bulk.\u003C\u002Fp>\n\u003Cp>Trust from the User Profile\u003Cbr \u002F>\n– Where: Users \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> All Users \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Edit user.\u003Cbr \u002F>\n– Action: check “Trusted Commenter” and update the profile.\u003Cbr \u002F>\n– Result: that user is trusted without needing to find a specific comment.\u003C\u002Fp>\n\u003Cp>Dashboard\u003Cbr \u002F>\n– Where: Ghost Comments \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Dashboard.\u003Cbr \u002F>\n– Shows: trusted user total, ghost-pending count, totals for auto-trusted, ghosts marked, ghosts confirmed, and a table of Shield Lite blocks by reason.\u003C\u002Fp>\n\u003Ch3>Compatibility, performance, privacy\u003C\u002Fh3>\n\u003Cp>Compatibility\u003Cbr \u002F>\n– Works with WordPress 6.0 and newer, classic and block themes.\u003Cbr \u002F>\n– Plays well with Akismet and Antispam Bee; if a comment is flagged as spam, it will not be ghost-marked or auto-approved by this plugin.\u003Cbr \u002F>\n– Multisite: activate per site or network-wide; settings are per site.\u003C\u002Fp>\n\u003Cp>Performance\u003Cbr \u002F>\n– Lightweight by design. No front-end JavaScript for visitors. Shield Lite uses simple server checks and transients.\u003C\u002Fp>\n\u003Cp>Privacy\u003Cbr \u002F>\n– Stores minimal user meta to remember trusted status and counters for the dashboard.\u003Cbr \u002F>\n– No data is sent to external services by this plugin.\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cp>I trusted a user but their comment did not auto-publish\u003Cbr \u002F>\n– Confirm the user is logged in with the same account you trusted.\u003Cbr \u002F>\n– Check if another plugin is forcing all comments to be held for moderation.\u003Cbr \u002F>\n– If Akismet flagged the comment as spam, it will not auto-publish.\u003C\u002Fp>\n\u003Cp>Ghost highlight is not visible to moderators\u003Cbr \u002F>\n– Ensure you are logged in with a role that can moderate comments.\u003Cbr \u002F>\n– Confirm the comment belongs to a trusted user and has not already been confirmed.\u003Cbr \u002F>\n– Check the indicator color in settings; choose a more visible color if needed.\u003C\u002Fp>\n\u003Cp>Auto-trust threshold is set but users are not becoming trusted\u003Cbr \u002F>\n– The threshold only counts approved comments after you enabled it.\u003Cbr \u002F>\n– Set the threshold to a smaller number to test quickly.\u003C\u002Fp>\n\u003Cp>Too many legitimate comments are blocked\u003Cbr \u002F>\n– Lower the minimum submit time.\u003Cbr \u002F>\n– Increase rate limits or set them to 0 to disable.\u003Cbr \u002F>\n– Raise the maximum links or remove specific keywords\u002Fregexes from the blocklist.\u003Cbr \u002F>\n– Reduce duplicate window time.\u003C\u002Fp>\n\u003Ch3>Roadmap \u002F Pro\u003C\u002Fh3>\n\u003Cp>Coming soon in Pro:\u003Cbr \u002F>\n– Trust levels with scoring and optional expiry\u003Cbr \u002F>\n– Keyword rules with scoring and spam-gate thresholds\u003Cbr \u002F>\n– Team assignments and internal notes\u003Cbr \u002F>\n– Analytics with CSV export\u003Cbr \u002F>\n– Advanced role and post-type overrides\u003C\u002Fp>\n","Trust once → comments auto-publish with a moderator-only “ghost” flag. Includes a light spam shield, filters, bulk actions, and a clear dashboard.",20,197,"2025-10-16T12:48:00.000Z","6.8.5","6.0","7.4",[76,131,19,20,132],"ghost","trust","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fghost-comment-manager.0.1.5.zip",{"attackSurface":135,"codeSignals":147,"taintFlows":176,"riskAssessment":205,"analyzedAt":219},{"hooks":136,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":13,"unprotectedCount":13},[137],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","curlc_register_with_options","comment_url_control.php",31,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":155,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":150,"bundledLibraries":175},[],{"prepared":47,"raw":150,"locations":151},1,[152],{"file":141,"line":153,"context":154},40,"$wpdb->get_var() with variable interpolation",{"escaped":13,"rawEcho":156,"locations":157},9,[158,161,163,165,166,168,170,172,173],{"file":141,"line":159,"context":160},88,"raw output",{"file":141,"line":162,"context":160},97,{"file":141,"line":164,"context":160},160,{"file":141,"line":164,"context":160},{"file":141,"line":167,"context":160},162,{"file":141,"line":169,"context":160},178,{"file":141,"line":171,"context":160},196,{"file":141,"line":125,"context":160},{"file":141,"line":174,"context":160},198,[],[177],{"entryPoint":178,"graph":179,"unsanitizedCount":47,"severity":204},"\u003Ccomment_url_post> (comment_url_post.php:0)",{"nodes":180,"edges":200},[181,187,192,196],{"id":182,"type":183,"label":184,"file":185,"line":186},"n0","source","$_POST (x2)","comment_url_post.php",18,{"id":188,"type":189,"label":190,"file":185,"line":142,"wp_function":191},"n1","sink","query() [SQLi]","query",{"id":193,"type":183,"label":194,"file":185,"line":195},"n2","$_POST",19,{"id":197,"type":189,"label":198,"file":185,"line":153,"wp_function":199},"n3","wp_redirect() [Open Redirect]","wp_redirect",[201,203],{"from":182,"to":188,"sanitized":202},false,{"from":193,"to":197,"sanitized":202},"high",{"summary":206,"deductions":207},"The \"comment-url-control\" plugin v0.5 presents a mixed security picture. On the positive side, the plugin has no known past vulnerabilities and a very small attack surface with no apparent public-facing entry points like AJAX handlers, REST API routes, or shortcodes. The code analysis also shows a low number of SQL queries and no dangerous functions or file operations, suggesting a generally safe coding approach in these areas. However, a significant concern arises from the taint analysis, which identified one flow with unsanitized paths of high severity. This indicates a potential for malicious input to be processed in an unsafe manner, despite the absence of direct exploit vectors. Furthermore, the complete lack of output escaping for all identified outputs is a critical weakness, leaving the plugin susceptible to cross-site scripting (XSS) attacks. The presence of only one capability check and no nonce checks across the entire plugin also points to a general lack of robust input validation and authorization mechanisms.",[208,211,214,217],{"reason":209,"points":210},"High severity taint flow with unsanitized path",12,{"reason":212,"points":213},"100% of outputs unescaped",8,{"reason":215,"points":216},"No nonce checks",7,{"reason":218,"points":30},"Only 1 capability check","2026-03-17T01:13:01.414Z",{"wat":221,"direct":227},{"assetPaths":222,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[223],"\u002Fwp-content\u002Fplugins\u002Fcomment-url-control\u002F",[],[],[],{"cssClasses":228,"htmlComments":229,"htmlAttributes":230,"restEndpoints":235,"jsGlobals":236,"shortcodeOutput":237},[],[],[231,232,233,234],"id=\"curlc-use-nofollow\"","name=\"curlc-use-nofollow\"","id=\"curlc-default-url\"","name=\"curlc-default-url\"",[],[],[]]