[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_V1U59GMnkqF7Scu7bkbW_qzvFIl2VEDFhjg1q8qlZ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":123,"fingerprints":177},"cyber-smart-defence","Cyber Smart Defence","3.1.3","cybersmartempire","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybersmartempire\u002F","\u003Cp>Cyber Smart Defence is a lightweight WordPress security plugin designed to protect your website against unauthorized access, brute-force login attempts, and suspicious request patterns.\u003C\u002Fp>\n\u003Cp>The plugin runs quietly in the background and integrates directly with WordPress. It monitors login activity, blocks abusive behavior, and records security-related events for administrative review.\u003C\u002Fp>\n\u003Cp>No complex configuration is required. Once activated, protection is enabled automatically.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Login attempt monitoring\u003C\u002Fli>\n\u003Cli>Automatic temporary lockout after multiple failed login attempts\u003C\u002Fli>\n\u003Cli>IP-based threat detection\u003C\u002Fli>\n\u003Cli>Firewall protection against common malicious request patterns\u003C\u002Fli>\n\u003Cli>Secure threat logging for administrators\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service provided by Cyber Smart Empire to check IP reputation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP address of the visitor being checked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* Only when an IP reputation check is performed\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider\u003C\u002Fstrong>\u003Cbr \u002F>\n* Cyber Smart Empire\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service URL\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fterms\u002F\u003C\u002Fp>\n","Lightweight WordPress security firewall with login protection and threat monitoring.",0,138,"2025-12-24T16:40:00.000Z","6.9.4","5.5","7.2",[18,19,20,21,22],"brute-force","firewall","login-protection","security","website-security","https:\u002F\u002Fcybersmartempire.com\u002Fcyberdefence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyber-smart-defence.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-03T19:59:02.762Z",[35,51,66,81,101],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":11,"num_ratings":11,"last_updated":44,"tested_up_to":14,"requires_at_least":45,"requires_php":46,"tags":47,"homepage":49,"download_link":50,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"liveupx-security","Liveupx Security","1.5.2","Liveupx","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveupx\u002F","\u003Cp>Liveupx Security is a lightweight yet powerful WordPress security plugin that protects your website from hackers, brute force attacks, and malicious activity. Developed by \u003Ca href=\"https:\u002F\u002Fliveupx.com\" rel=\"nofollow ugc\">Liveupx.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection with automatic IP lockout\u003C\u002Fli>\n\u003Cli>Configurable failed login attempts and lockout duration\u003C\u002Fli>\n\u003Cli>Honeypot field to catch automated bots\u003C\u002Fli>\n\u003Cli>Simple math CAPTCHA for human verification\u003C\u002Fli>\n\u003Cli>Hide specific login error messages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block malicious query strings (SQL injection, XSS)\u003C\u002Fli>\n\u003Cli>Block known vulnerability scanners and bad bots\u003C\u002Fli>\n\u003Cli>Disable XML-RPC to prevent DDoS attacks\u003C\u002Fli>\n\u003Cli>Disable pingbacks\u003C\u002Fli>\n\u003Cli>Remove WordPress version from source code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User enumeration protection\u003C\u002Fli>\n\u003Cli>REST API user endpoint protection\u003C\u002Fli>\n\u003Cli>Strong password enforcement\u003C\u002Fli>\n\u003Cli>Block common admin usernames\u003C\u002Fli>\n\u003Cli>Disable theme\u002Fplugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>IP Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manual IP blocking with reason\u003C\u002Fli>\n\u003Cli>IP whitelisting for trusted addresses\u003C\u002Fli>\n\u003Cli>Automatic blocking after security violations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Activity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive security event logging\u003C\u002Fli>\n\u003Cli>Track login attempts and user activity\u003C\u002Fli>\n\u003Cli>Automatic cleanup of old log entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Server Protection (Apache)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>.htaccess security rules\u003C\u002Fli>\n\u003Cli>Protect wp-config.php\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Block common exploits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose Liveupx Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No External Services\u003C\u002Fstrong> – All protection happens on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – Simple settings with sensible defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Source\u003C\u002Fstrong> – 100% free with no premium upsells\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Focused\u003C\u002Fstrong> – No data sent to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cp>This plugin stores security-related data in your WordPress database including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Failed login attempts (IP address, username, timestamp)\u003C\u002Fli>\n\u003Cli>Login lockouts (IP address, duration, reason)\u003C\u002Fli>\n\u003Cli>Blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003Cli>Security activity log (events, user info, IP addresses)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally on your server and is never transmitted to external services.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For documentation and support, visit \u003Ca href=\"https:\u002F\u002Fliveupx.com\u002Fdocs\" rel=\"nofollow ugc\">liveupx.com\u002Fdocs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Liveupx Security is open source. Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fliveupx\u002Fliveupx-security\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Liveupx Security stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login Attempts\u003C\u002Fstrong>: IP addresses, usernames, and timestamps of failed login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockouts\u003C\u002Fstrong>: IP addresses and lockout details for brute force protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Security events including user actions, IP addresses, and timestamps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Lists\u003C\u002Fstrong>: Manually blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used solely for security purposes and is never shared with third parties. Data is automatically cleaned up based on configurable retention periods (default: 7 days for failed logins, 30 days for activity logs).\u003C\u002Fp>\n\u003Cp>You can clear all stored data at any time from the plugin settings. When the plugin is uninstalled, all data is permanently deleted from your database.\u003C\u002Fp>\n","Comprehensive WordPress security plugin with login protection, firewall, brute force prevention, IP blocking, and activity logging.",116,"2026-01-09T19:58:00.000Z","5.0","7.4",[18,19,20,48,21],"malware","https:\u002F\u002Fliveupx.com\u002Fliveupx-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliveupx-security.1.5.2.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":11,"num_ratings":11,"last_updated":60,"tested_up_to":14,"requires_at_least":61,"requires_php":46,"tags":62,"homepage":64,"download_link":65,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"srworks-armorlite","SRWorks ArmorPro Lite","1.0.0","SRWorks LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrworks\u002F","\u003Cp>\u003Cstrong>ArmorLite\u003C\u002Fstrong> is a free, lightweight WordPress security plugin built for performance. Firewall with 600+ built-in patterns, brute force protection, bot detection, security headers, and login monitoring. No bloat, no unnecessary database queries, no external API calls during normal operation.\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Firewall\u003C\u002Fstrong> — Pure PHP string-matching firewall with 600+ built-in patterns covering SQL injection, XSS, path traversal, shell access, and more. Five categories (Request URI, Query String, User Agent, Referrer, IP Address). Three matching modes: contains, ends-with, and path-only. Pattern manager with per-pattern toggle and hit counts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> — Session-based login tracking with automatic IP lockouts after configurable failed attempts. Login activity log with IP, location, status badges, and usernames tried. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Protection\u003C\u002Fstrong> — Automated bot detection for login, registration, and password reset forms using honeypot fields, timestamp validation, and JavaScript token verification. Blocks bots before they can attempt brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Headers\u003C\u002Fstrong> — Four managed headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection) with dual delivery via PHP and .htaccess. Header probe system avoids duplicates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelist\u003C\u002Fstrong> — Whitelist trusted IPs to bypass all security checks including brute force lockouts and firewall blocking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscation\u003C\u002Fstrong> — Author slug randomization to prevent user enumeration and email obfuscation to protect addresses from scrapers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard\u003C\u002Fstrong> — Real-time stats, blocks over time chart, protection status cards, and WordPress dashboard widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC & REST API Protection\u003C\u002Fstrong> — Disable XML-RPC and protect the REST API from user enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Log\u003C\u002Fstrong> — View blocked requests with IP, matched rule, request URI, and timestamps. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tools\u003C\u002Fstrong> — Health checks with database integrity verification, one-click table repair, and debug mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to ArmorPro\u003C\u002Fh4>\n\u003Cp>Need more protection? \u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">ArmorPro\u003C\u002Fa> adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Engine (blocks attacks before WordPress loads)\u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (TOTP) with backup codes\u003C\u002Fli>\n\u003Cli>Passkey Authentication (Face ID, Touch ID, Windows Hello)\u003C\u002Fli>\n\u003Cli>Custom Login URL (hide wp-login.php)\u003C\u002Fli>\n\u003Cli>IP Blacklist with auto-blacklist for repeat offenders\u003C\u002Fli>\n\u003Cli>Country Blocking with GeoIP\u003C\u002Fli>\n\u003Cli>HSTS, Content-Security-Policy, and Permissions-Policy headers\u003C\u002Fli>\n\u003Cli>Email Notifications and digest summaries\u003C\u002Fli>\n\u003Cli>Extended log retention (90 days)\u003C\u002Fli>\n\u003Cli>Custom firewall patterns\u003C\u002Fli>\n\u003Cli>Export\u002Fimport settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">Learn more about ArmorPro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external third-party services in the following situations:\u003C\u002Fp>\n\u003Ch4>Anonymous Usage Data (Optional)\u003C\u002Fh4>\n\u003Cp>This plugin can optionally share anonymous usage data to help improve ArmorLite. This is disabled by default and requires explicit opt-in from the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When it is called: Daily heartbeat (if opted in)\u003C\u002Fli>\n\u003Cli>Data sent: WordPress version, PHP version, active plugin features (no personal data)\u003C\u002Fli>\n\u003Cli>Service: https:\u002F\u002Fapi.srworks.co\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fsrworks.co\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personal data is collected or stored by this service.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>ArmorLite stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses of visitors who trigger security rules or attempt to log in\u003C\u002Fli>\n\u003Cli>Timestamps of security events\u003C\u002Fli>\n\u003Cli>Usernames used in login attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is stored to help you monitor and protect your website. You can clear all logs at any time from the Tools tab. When the plugin is uninstalled, all data is automatically deleted.\u003C\u002Fp>\n\u003Cp>No visitor data is sent to external services during normal operation. Anonymous usage data sharing is optional and disabled by default.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help with ArmorLite? Have a feature request or found a bug?\u003C\u002Fp>\n\u003Cp>Visit our support page: https:\u002F\u002Fsrworks.co\u002Fcontact\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Firewall patterns inspired by the work of Jeff Starr at Perishable Press (https:\u002F\u002Fperishablepress.com). Used under GPLv2.\u003C\u002Fp>\n\u003Cp>Charts powered by Chart.js (https:\u002F\u002Fwww.chartjs.org), MIT License.\u003C\u002Fp>\n\u003Cp>Tooltips powered by Tippy.js (https:\u002F\u002Fatomiks.github.io\u002Ftippyjs), MIT License.\u003C\u002Fp>\n","Free WordPress security with firewall, brute force protection, bot detection, security headers, IP whitelist, and login monitoring. No bloat.",129,"2026-03-05T19:07:00.000Z","5.3",[18,19,63,20,21],"headers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsrworks-armorlite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsrworks-armorlite.1.0.0.zip",{"slug":67,"name":68,"version":54,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":11,"downloaded":73,"rating":11,"num_ratings":11,"last_updated":74,"tested_up_to":14,"requires_at_least":75,"requires_php":46,"tags":76,"homepage":78,"download_link":79,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":80},"vigiguard-security","VigiGuard Security","Kashif Ahmed Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fkashifahmedkhan\u002F","\u003Cp>VigiGuard Security provides essential WordPress protection without complexity. One-click hardening, brute force protection, and file integrity monitoring – all with zero configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Fix\u003C\u002Fstrong> – Secure your site instantly with one button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> – Blocks repeated login attempts automatically  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Health Score\u003C\u002Fstrong> – Visual A-F grade showing your security status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Integrity Monitor\u003C\u002Fstrong> – Scans 3,000+ WordPress core files weekly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging\u003C\u002Fstrong> – Track all security events and login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong> – Disables XML-RPC, hides WP version, blocks user enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Small business owners who need security without the hassle\u003C\u002Fli>\n\u003Cli>Bloggers who want “set and forget” protection\u003C\u002Fli>\n\u003Cli>Freelancers managing multiple client sites\u003C\u002Fli>\n\u003Cli>Anyone who finds other security plugins too complicated\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple one-click WordPress security. Protect your site in 30 seconds.",132,"","5.8",[18,19,77,20,21],"hardening","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvigiguard-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigiguard-security.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":14,"requires_at_least":94,"requires_php":74,"tags":95,"homepage":74,"download_link":98,"security_score":91,"vuln_count":99,"unpatched_count":11,"last_vuln_date":100,"fetched_at":27},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0",[96,18,19,97,21],"2fa","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":91,"num_ratings":111,"last_updated":112,"tested_up_to":14,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":11,"last_vuln_date":122,"fetched_at":27},"gotmls","Anti-Malware Security and Brute-Force Firewall","4.23.88","Eli","https:\u002F\u002Fprofiles.wordpress.org\u002Fscheeeli\u002F","\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Download Definition Updates to protect against new threats.\u003C\u002Fli>\n\u003Cli>Run a Complete Scan to automatically remove known security threats, backdoor scripts, and database injections.\u003C\u002Fli>\n\u003Cli>Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins with known vulnerabilites.\u003C\u002Fli>\n\u003Cli>Upgrade vulnerable versions of timthumb scripts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Premium Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.\u003C\u002Fli>\n\u003Cli>Check the integrity of your WordPress Core files.\u003C\u002Fli>\n\u003Cli>Automatically download new Definition Updates when running a Complete Scan.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Register this plugin at \u003Ca href=\"http:\u002F\u002Fgotmls.net\u002F\" rel=\"nofollow ugc\">GOTMLS.NET\u003C\u002Fa> and get access to new definitions of “Known Threats” and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for “Potential Threats” and leaves it up to you to identify and remove the malicious ones.\u003C\u002Fp>\n\u003Cp>NOTICE: This plugin makes calls to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special thanks to:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clarus Dignus for design suggestions and graphic design work on the banner image.\u003C\u002Fli>\n\u003Cli>Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.\u003C\u002Fli>\n\u003Cli>Marcelo Guernieri for the Brazilian Portuguese translation.\u003C\u002Fli>\n\u003Cli>Umut Can Alparslan for the Turkish translation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmichacassola\u002F\" rel=\"nofollow ugc\">Micha Cassola\u003C\u002Fa> for the German translation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsitustarget\u002F\" rel=\"nofollow ugc\">Robi Erwin Setiawan\u003C\u002Fa> for the Indonesian translation.\u003C\u002Fli>\n\u003C\u002Ful>\n","This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.",100000,7622347,781,"2026-03-09T14:47:00.000Z","3.3","5.6",[116,18,19,117,21],"anti-malware","scanner","https:\u002F\u002Fgotmls.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgotmls.4.23.88.zip",83,9,"2025-10-28 15:41:58",{"attackSurface":124,"codeSignals":159,"taintFlows":168,"riskAssessment":169,"analyzedAt":176},{"hooks":125,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":11,"unprotectedCount":11},[126,132,136,140,144,146,151],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_enqueue_scripts","cybersmartdefence_admin_enqueue_assets","cyber-smart-defence.php",49,{"type":127,"name":133,"callback":134,"priority":11,"file":130,"line":135},"init","cybersmartdefence_run_firewall",54,{"type":127,"name":137,"callback":138,"file":130,"line":139},"admin_menu","cybersmartdefence_register_admin_menu",90,{"type":127,"name":141,"callback":142,"file":130,"line":143},"admin_notices","cybersmartdefence_admin_notices",111,{"type":127,"name":133,"callback":134,"priority":11,"file":145,"line":43},"includes\\firewall.php",{"type":127,"name":147,"callback":148,"file":149,"line":150},"wp_login_failed","cybersmartdefence_login_fail","includes\\login-protection.php",11,{"type":127,"name":152,"callback":153,"file":149,"line":154},"login_init","closure",78,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":164,"fileOperations":11,"externalRequests":30,"nonceChecks":11,"capabilityChecks":162,"bundledLibraries":167},[],{"prepared":162,"raw":11,"locations":163},2,[],{"escaped":165,"rawEcho":11,"locations":166},14,[],[],[],{"summary":170,"deductions":171},"The plugin 'cyber-smart-defence' v3.1.3 exhibits a strong security posture based on the provided static analysis.  The absence of any identified dangerous functions, raw SQL queries, file operations, and the consistent use of prepared statements and output escaping for all identified code paths are significant strengths.  The presence of capability checks suggests an awareness of authorization best practices.  Furthermore, the complete lack of known vulnerabilities (CVEs) in its history indicates a history of stable and secure development, or at least a lack of publicly discovered issues.\n\nHowever, the static analysis does reveal some potential areas for improvement. The absence of any identified Taint Analysis flows, while seemingly positive, could also indicate that the analysis was incomplete or that the plugin's functionality does not involve complex data flows that would trigger taint analysis. The single external HTTP request warrants scrutiny to ensure it is securely implemented and doesn't pose a risk of information disclosure or further vulnerabilities.  The complete lack of AJAX handlers, REST API routes, shortcodes, and cron events, while reducing the attack surface, might also suggest limited functionality or that such features are handled externally.  The absence of nonce checks on the zero AJAX handlers is a minor concern, as it's usually tied to functionality that isn't present. Overall, the plugin appears to be developed with security in mind, but a deeper dive into the external HTTP request and the reasoning behind the minimal attack surface would provide further confidence.",[172,174],{"reason":173,"points":162},"External HTTP requests present",{"reason":175,"points":162},"No taint analysis flows identified","2026-03-17T06:35:43.282Z",{"wat":178,"direct":187},{"assetPaths":179,"generatorPatterns":182,"scriptPaths":183,"versionParams":184},[180,181],"\u002Fwp-content\u002Fplugins\u002Fcyber-smart-defence\u002Fassets\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcyber-smart-defence\u002Fassets\u002Fadmin.js",[],[181],[185,186],"cyber-smart-defence\u002Fassets\u002Fadmin.css?ver=","cyber-smart-defence\u002Fassets\u002Fadmin.js?ver=",{"cssClasses":188,"htmlComments":189,"htmlAttributes":190,"restEndpoints":191,"jsGlobals":192,"shortcodeOutput":193},[],[],[],[],[],[194,195],"\u003Cdiv class=\"notice notice-success is-dismissible\">\n            \u003Cp>\u003Cstrong>🛡 Cyber Smart Defence is active.\u003C\u002Fstrong> Your website is protected in real time.\u003C\u002Fp>\n        \u003C\u002Fdiv>","\u003Cdiv class=\"notice notice-warning\">\n            \u003Cp>\u003Cstrong>⚠ Cyber Smart Defence is not fully activated.\u003C\u002Fstrong> Please check the plugin setup.\u003C\u002Fp>\n        \u003C\u002Fdiv>"]