[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIRRFjFvmnR-lD_rVoJHQIHfMg0M3-GftE_c-hV_x4Z0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":139,"fingerprints":303},"cybershield-waf","Cybershield Firewall","0.1.6","SECURAS TECHNOLOGIES","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecuras\u002F","\u003Cp>Experience effective web security with CyberShield, the advanced Web Application Firewall (WAF) from Securas Technologies, designed to actively protect your digital assets from emerging threats and cyberattacks.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive Dashboard\u003C\u002Fstrong>: Easily navigate through the firewall features. CyberShield gathers all the data from your security features on one dashboard, enabling a quick check on your website’s security posture.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Statistics\u003C\u002Fstrong>: Measure and improve your cybersecurity performance with comprehensive statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP Configuration Audit\u003C\u002Fstrong>: Enhances your PHP settings including error reporting, file permissions, session management, and encryption to prevent common vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>At-risk Visitor Identification\u003C\u002Fstrong>: Prevent cyberattacks with our advanced detection and prevention system that identifies at-risk visitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SQL Injection Protection\u003C\u002Fstrong>: Our AI-powered detection scans and sanitizes every query that reaches your database to prevent SQL injection attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Detection\u003C\u002Fstrong>: Conserve bandwidth and resources by filtering out harmful or irrelevant bots, including scrapers, spammers, and crawlers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Auto-Ban\u003C\u002Fstrong>: Automatically ban IPs that exhibit suspicious activity, helping to keep your website secure with minimal downtime.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exposed Services Monitoring\u003C\u002Fstrong>: Identify and report any network services that are publicly accessible and may be vulnerable to exploitation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked Data Monitoring\u003C\u002Fstrong>: Continuously scan various sources to detect if your credentials have been compromised, ensuring rapid response to secure your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>More Features\u003C\u002Fstrong>: Explore additional capabilities on our \u003Ca href=\"https:\u002F\u002Fsecuras.fr\u002Fcybershield-security\u002F\" rel=\"nofollow ugc\">CyberShield Official Page\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Geolocation\u003C\u002Fstrong>: Identify the location of your visitors and block or allow access based on their location using https:\u002F\u002Fipinfo.io\u002F.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[0.1.6] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.5] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.4] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.3] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.2] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.1] – 2023-08-27\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.0] – 2023-08-27\u003C\u002Fh3>\n\u003Ch3>Added\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Service Check Module: Enhances monitoring and diagnostics.\u003C\u002Fli>\n\u003Cli>AI Threat Detection Module: Specializes in detecting SQL injection attacks.\u003C\u002Fli>\n\u003Cli>Support Ticketing System: Streamlined helpdesk for better user assistance.\u003C\u002Fli>\n\u003Cli>Multi-Language Support: Now available in French, English, and Arabic.\u003C\u002Fli>\n\u003Cli>Client PHPinfo Fetching Function: Gathers configuration information for support purposes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Thrid Party Libraries\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">IPInfo\u003C\u002Fa>: We use Ipinfo for IP geolocation services. By using this plugin, you agree to the following terms and conditions:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">IpInfo’s privacy policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms\" rel=\"nofollow ugc\">IpInfo’s terms of service\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Got more questions? \u003Ca href=\"mailto:contact@securas.fr\" title=\"Securas Contact\" rel=\"nofollow ugc\">Contact us!\u003C\u002Fa>\u003C\u002Fp>\n","CyberShield, Your First Line of Defense Against Web Attacks.",10,979,0,"2024-10-27T15:54:00.000Z","6.6.5","5.4","7.2",[19,20,21,22,23],"security","sql-injection","waf","web-application-firewall","xss","https:\u002F\u002Fcyber-shield.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcybershield-waf.0.1.6.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"securas",1,30,88,"2026-04-03T21:32:19.632Z",[37,58,83,102,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":49,"tags":52,"homepage":55,"download_link":56,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":57},"shieldfy","Shieldfy Security Firewall and Anti Virus","3.6.0","Shieldfy","https:\u002F\u002Fprofiles.wordpress.org\u002Feslamsalem\u002F","\u003Ch4>Start Protecting Your Website Block attacks targeting your website.\u003C\u002Fh4>\n\u003Cp>Shieldfy works as an external shields loads before your website and filter all requests , passing only trusted non harmful traffic and block other malicious traffic\u003C\u002Fp>\n\u003Cp>Shieldfy Engine can identify and block several attacks including and not limited to\u003Cbr \u002F>\nUnrestricted file uploads , XSS (cross site scripting) , SQLI (SQL Injection) , RCE (Remote Code Execution), LFI\u002FRFI (Local\u002FRemote File Inclution) and many other\u003C\u002Fp>\n\u003Ch4>IP Analysis and Risk Score.\u003C\u002Fh4>\n\u003Cp>Shieldfy identify the persona of your blog visitors via IP , UserAgent , if user connectos through TOR , VPN , Proxy and more Trying to detect if that user wants to do something bad or not.\u003C\u002Fp>\n\u003Ch4>Fast High level support\u003C\u002Fh4>\n\u003Cp>Shieldfy security team is always here for help , our support is here for you anytime 24\u002F7.\u003C\u002Fp>\n","Shieldfy is a cloud-based security shield for your website to protect it from web attacks and malwares.",40,7982,100,3,"","4.9.29","3.0.1",[53,54,19,20,23],"antimalware","antivirus","https:\u002F\u002Fshieldfy.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshieldfy.3.6.zip","2026-03-15T10:48:56.248Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":28},"sg-security","Security Optimizer – The All-In-One Protection Plugin","1.5.9","SiteGround","https:\u002F\u002Fprofiles.wordpress.org\u002Fsiteground\u002F","\u003Cp>\u003Cstrong>Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin – Security Optimizer.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable \u003Cstrong>2FA (Two-Factor Authentication)\u003C\u002Fstrong> for an extra layer of website security\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> to deter malicious login attempts and brute-force attacks\u003C\u002Fli>\n\u003Cli>Change your default login URL to \u003Cstrong>Custom Login URL\u003C\u002Fstrong> to avoid attacks\u003C\u002Fli>\n\u003Cli>Activate \u003Cstrong>Advanced XSS Protection\u003C\u002Fstrong> to fortify your website against malicious attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lock and Protect System Folders\u003C\u002Fstrong> to ensure no unauthorized or malicious scripts can be executed in your system folders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Themes & Plugins Editor\u003C\u002Fstrong> to safeguard your website from unauthorized access via the WordPress editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide WordPress Version\u003C\u002Fstrong> effortlessly, keeping it hidden from prying eyes\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>Activity Log\u003C\u002Fstrong> to monitor your site and quickly prevent malicious actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Hack Actions\u003C\u002Fstrong> to take immediate actions and prevent further damages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed by the website security experts at \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fwordpress-plugins\u002Fsiteground-security\" rel=\"nofollow ugc\">SiteGround\u003C\u002Fa> and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform.\u003C\u002Fp>\n\u003Ch4>AWARDS:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2022\u002F\" rel=\"nofollow ugc\">Monster Awards 2022\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2021\u002F\" rel=\"nofollow ugc\">Monster Awards 2021\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003C\u002Fp>\n\u003Ch4>Plugin Video\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFOheCz7sm9A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Plugin Tutorial\u003C\u002Fh4>\n\u003Cp>Unveil the vast array of features and unleash the full potential of our security plugin in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Ftutorials\u002Fwordpress\u002Fsg-security\u002F\" rel=\"nofollow ugc\">Security Optimizer Tutorial\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SITE PROTECTION FEATURES\u003C\u002Fh3>\n\u003Cp>Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website:\u003C\u002Fp>\n\u003Ch4>Lock and Protect System Folders\u003C\u002Fh4>\n\u003Cp>Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.\u003C\u002Fp>\n\u003Ch4>Hide WordPress Version\u003C\u002Fh4>\n\u003Cp>Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.\u003C\u002Fp>\n\u003Ch4>Disable Themes & Plugins Editor\u003C\u002Fh4>\n\u003Cp>Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.\u003C\u002Fp>\n\u003Ch4>Disable XML-RPC\u003C\u002Fh4>\n\u003Cp>Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.\u003C\u002Fp>\n\u003Ch4>Disable RSS and ATOM Feeds\u003C\u002Fh4>\n\u003Cp>Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.\u003C\u002Fp>\n\u003Ch4>Advanced XSS Protection\u003C\u002Fh4>\n\u003Cp>Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.\u003C\u002Fp>\n\u003Ch4>Delete Default Readme.html\u003C\u002Fh4>\n\u003Cp>Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.\u003C\u002Fp>\n\u003Ch3>Login Security\u003C\u002Fh3>\n\u003Ch4>Custom Login Url\u003C\u002Fh4>\n\u003Cp>Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.\u003C\u002Fp>\n\u003Ch4>Login Access\u003C\u002Fh4>\n\u003Cp>Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks.\u003C\u002Fp>\n\u003Ch4>2FA (Two-Factor Authentication)\u003C\u002Fh4>\n\u003Cp>Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.\u003C\u002Fp>\n\u003Ch4>Disable Common Usernames\u003C\u002Fh4>\n\u003Cp>Don’t fall victim to predictable security breaches! The use of common usernames, such as ‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives.\u003C\u002Fp>\n\u003Ch4>Limit Login Attempts\u003C\u002Fh4>\n\u003Cp>Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.\u003C\u002Fp>\n\u003Ch3>ACTIVITY MONITORING\u003C\u002Fh3>\n\u003Cp>Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions\u003C\u002Fp>\n\u003Ch4>Activity Log\u003C\u002Fh4>\n\u003Cp>The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.\u003C\u002Fp>\n\u003Ch4>Weekly Security Reports\u003C\u002Fh4>\n\u003Cp>Receive a weekly traffic summary for your website directly to your inbox. This \u003Cstrong>Weekly Security Report\u003C\u002Fstrong> compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.\u003C\u002Fp>\n\u003Ch3>POST-HACK ACTIONS\u003C\u002Fh3>\n\u003Cp>Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively:\u003C\u002Fp>\n\u003Ch4>Reinstall All Free Plugins\u003C\u002Fh4>\n\u003Cp>In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.\u003C\u002Fp>\n\u003Ch4>Log Out All Users\u003C\u002Fh4>\n\u003Cp>To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.\u003C\u002Fp>\n\u003Ch4>Force Password Reset\u003C\u002Fh4>\n\u003Cp>By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.7\u003C\u002Fli>\n\u003Cli>PHP 7.0\u003C\u002Fli>\n\u003Cli>Working .htaccess file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data Collection\u003C\u002Fh3>\n\u003Cp>Collection of technical data is optional and is \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fkb\u002Fwhat-information-wp-plugins-collect\" rel=\"nofollow ugc\">listed here\u003C\u002Fa>. This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin’s performance. You may find more information on data collection in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fviewtos\u002Fsiteground_plugins_privacy_notice\" rel=\"nofollow ugc\">Plugins Privacy Notice\u003C\u002Fa>.\u003C\u002Fp>\n","Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.",1000000,31890492,90,153,"2026-01-15T09:21:00.000Z","6.9.4","4.7","7.0",[75,76,77,19,22],"firewall","login","malware-scanner","https:\u002F\u002Fsiteground.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsg-security.1.5.9.zip",86,5,"2025-11-30 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":71,"requires_at_least":72,"requires_php":96,"tags":97,"homepage":100,"download_link":101,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,98,156,"2026-02-05T20:29:00.000Z","7.1",[98,75,99,19,22],"bots","secure","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":91,"downloaded":110,"rating":47,"num_ratings":111,"last_updated":112,"tested_up_to":71,"requires_at_least":113,"requires_php":96,"tags":114,"homepage":118,"download_link":119,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cloudsecure-wp-security","CloudSecure WP Security","1.4.5","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、管理者にメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、管理者にメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",604268,2,"2026-03-13T05:42:00.000Z","5.3.15",[115,116,117,19,21],"anti-spam","brute-force","login-lock","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.5.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":71,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":136,"download_link":137,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":138,"fetched_at":28},"security-malware-firewall","Login Security, FireWall, Malware removal by CleanTalk","2.174","CleanTalk Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleantalk\u002F","\u003Cp>Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.\u003C\u002Fp>\n\u003Ch3>SECURITY PLUGIN BY CLEANTALK (SPBCT)\u003C\u002Fh3>\n\u003Cp>We focus on eliminating the most common security threats for WordPress. At the same time, we strive to ensure that \u003Cstrong>site performance remains unaffected\u003C\u002Fstrong>. To achieve this, each release goes through automated and expert-driven testing pipelines. We also verify performance using Google PageSpeed Insights and GTMetrix. Typically, we release a new version twice a month to keep features up to date and protection strong.\u003C\u002Fp>\n\u003Ch4>SECURITY FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts and rate limits for logins.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom wp-login URL (wp-login.php)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login Default Login Page\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable or Stop User Enumeration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute force protection for WordPress accounts and passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Protection for WordPress login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security FireWall by IP, Networks or Countries\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time traffic monitor (Visitors per pages, IPs, Countires and hits counts per page)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware scanner with auto-cure function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Daily auto malware scan\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities scanner among installed plugins and themes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security weekly reports to email\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notifications of login events to your website\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FREE TRIAL THEN $9 PER YEAR\u003C\u002Fh4>\n\u003Cp>CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security.\u003C\u002Fp>\n\u003Cp>We believe the most honest approach is when every user pays a small fee for using the service, rather than relying on a freemium model where some users subsidize others. The fee is as low as price of a good cup of coffee! So, the security plugin does not have a PRO version-it is completely free and works in combination with our premium Cloud security service at cleantalk.org. Every user has full access to all features of both the service and the plugin. Also, please take a note about \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fdetailed-plugin-guidelines\u002F#6-software-as-a-service-is-permitted\" rel=\"nofollow ugc\">WordPress.org policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>BRUTE FORCE PROTECTION\u003C\u002Fh3>\n\u003Cp>Our default anti–brute-force policy works as follows,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For any failed login attempt to the WordPress admin area, the plugin introduces a brief delay of a few seconds.\u003C\u002Fli>\n\u003Cli>The plugin reviews the security audit log every hour. If any IP address records 10 or more login attempts in that period, it will be blocked for 24 hours.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ALL BRUTE FORCE PROTECTION FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Maximum failed attemtps to login before ban (default is 5).\u003C\u002Fstrong> A failed attempt happens when either the login or password is incorrect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time frame to count login attempts (default is 15 minutes).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ban to login time frame from 2 minutes to 24 hours (default is 1 hour).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-factor authentication (2FA) with abillity to apply policy to specific users roles.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of login on password reset error.\u003C\u002Fstrong> The option exclude the info about the login existing on password change error. Error message will be replaced with followed text: “If the user with the specified credentials exists, check your email for the password reset confirmation link. Then visit login page.”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Audit Log.\u003C\u002Fstrong> Keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA).\u003C\u002Fstrong> It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change the URL of the wp-login page.\u003C\u002Fstrong> This option helps you change the default wp-login URL (wp-login.php). Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked password check.\u003C\u002Fstrong> This feature enhances your website’s security by continuously monitoring users’ passwords for potential exposure in known data breaches and on the dark web. It works in the background and requires no action from users unless a leak is detected.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SECURITY FIREWALL\u003C\u002Fh3>\n\u003Cp>To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP\u002FHTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.\u003C\u002Fp>\n\u003Cp>Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.\u003C\u002Fp>\n\u003Ch4>LIST OF FIREWALL FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blocks or bypass visitors by IP, IP Network. Country blocking.\u003C\u002Fstrong> It also has option to avoid blocking hits from major search engines like Google, Bing, Yahoo, Baidu, Yandex and etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Traffic control.\u003C\u002Fstrong> CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts.\u003C\u002Fstrong> Limit Login Attempts – is a part of brute-force protection and security firewall.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application FireWall (WAF) for WordPress Security Plugin\u003C\u002Fstrong>. The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known\u002Funknown vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include,\n\u003Cul>\n\u003Cli>SQL Injection,\u003C\u002Fli>\n\u003Cli>Cross Site Scripting (XSS),\u003C\u002Fli>\n\u003Cli>uploading files from non-authorised users,\u003C\u002Fli>\n\u003Cli>PHP constructions\u002Fcode,\u003C\u002Fli>\n\u003Cli>the presence of malicious code in the downloaded files.\u003Cbr \u002F>\nIn addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information.\u003C\u002Fli>\n\u003Cli>You can see your Cleantalk Security Logs in your \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fmy\u002Flogs_firewall\" rel=\"nofollow ugc\">Dashboard\u003C\u002Fa> CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites.\u003C\u002Fli>\n\u003Cli>Learn more how to set up and test \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Fsecurity-waf\" title=\"About Web Application Firewall\" rel=\"nofollow ugc\">About Security Web Application Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications when administrators or users are logged in.\u003C\u002Fstrong> We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MALWARE SCANNER WITH AUTO-CURE FUNCTION\u003C\u002Fh3>\n\u003Cp>Scans WordPress files for hacker files or code for hacker code. Performs antivirus functions. Security Malware Scanner runs manually by users requests or automaticaly by WordPress cron. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.\u003C\u002Fp>\n\u003Cp>If you are unsure how to identify, remove, or clean malware using the plugin, you can book a \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fwordpress-malware-removal\" rel=\"nofollow ugc\">malware removal service\u003C\u002Fa> with our Security & Pentest team.\u003C\u002Fp>\n\u003Ch4>LIST OF MALWARE SCANNER, ANTIVIRUS FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware autoscanning.\u003C\u002Fstrong> Scans the website automatically at intervals ranging from once every 12 hours to once every 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cure malware.\u003C\u002Fstrong> It cures infected files automatically if the scanner knows cure methods for these specific cases. If the option is disabled then when the scanning process ends you will be presented with several actions you can do to the found files,\n\u003Cul>\n\u003Cli>\u003Cstrong>Cure.\u003C\u002Fstrong> Malicious code will be removed from the file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Replace.\u003C\u002Fstrong> The file will be replaced with the original file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delete.\u003C\u002Fstrong> The file will be put in quarantine. Do nothing.\u003Cbr \u002F>\nBefore any action is chosen, backups of the files will be created and if the cure is unsuccessful it’s possible to restore each file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware Heuristic Check\u003C\u002Fstrong>. This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware scanner to find SQL Injections.\u003C\u002Fstrong> The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Operating system cron tasks analysis.\u003C\u002Fstrong> This functional provides an overview of scheduled cron jobs on server that perform automated tasks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DB Trigger analysis.\u003C\u002Fstrong> Will search for known malicious signatures in database triggers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>List unknown files.\u003C\u002Fstrong> Shows the list of found unknown files in the malware scanner report. Unknown files do not have known virus signatures and do not have suspicious code. Meanwhile, unknown files do not belong to the public plugins and themes at wordpress.org.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File System Watcher.\u003C\u002Fstrong> File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Feedback System.\u003C\u002Fstrong> If you don’t have programming experience and don’t know, is there security issue or not, you send some files to CleanTalk Cloud and we check them for malware code. After checking we send you an email notification with results, is there viruses or not. Please, look at our guide How malware file analysis works \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Ffiles-analysis\" title=\"About Scanner Feedback System\" rel=\"nofollow ugc\">About Scanner Feedback System\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LIST OF THE MOST ACTIVE MALWARES BY FILENAMES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>radio.php\u003C\u002Fli>\n\u003Cli>admin-ajax.php\u003C\u002Fli>\n\u003Cli>.1235512.css\u003C\u002Fli>\n\u003Cli>8sjdakSJ3.php\u003C\u002Fli>\n\u003Cli>wso.php\u003C\u002Fli>\n\u003Cli>cmd.php\u003C\u002Fli>\n\u003Cli>shell.php\u003C\u002Fli>\n\u003Cli>reverse_shell.php\u003C\u002Fli>\n\u003Cli>admin.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is actual on July 15th, 2025. The latest data is the article \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002Fmajor-signs-of-malware-on-an-infected-wordpress-site\u002F\" rel=\"nofollow ugc\">Is my site infected?\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>VULNERABILITIES SCANNER AMONG INSTALLED PLUGINS AND THEMES\u003C\u002Fh3>\n\u003Cp>Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin\u002Ftheme, it sends an Email notification and shows data in the \u003Cem>Critical updates\u003C\u002Fem> tab.\u003C\u002Fp>\n\u003Cp>List of the most recent vulnerabilities found and published by CleanTalk Research team,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CVE-2025-5921 – SureForms – Unauthenticated XSS – POC, 200k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-3582 – Newsletter – Stored XSS to JS Backdoor Creation – POC, 300k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-2560 – Ninja Forms – Stored XSS to JS Backdoor Creation – POC, 700k+ installs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is effective on July 18th, 2025. Updates are avaible on \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fresearch.cleantalk.org\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>MISCELLANEOUS SECURITY OPTIONS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Send additional HTTP headers option.\u003C\u002Fstrong> There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:\n\u003Cul>\n\u003Cli>“X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.\u003C\u002Fli>\n\u003Cli>“X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.\u003C\u002Fli>\n\u003Cli>“Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.\u003C\u002Fli>\n\u003Cli>“Referrer-Policy” make the \u003Ccode>Referer\u003C\u002Fcode> http-header transferring more strictly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Collect and send PHP logs.\u003C\u002Fstrong> Collect and send PHP error logs to your CleanTalk Dashboard where you can list them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of authors logins.\u003C\u002Fstrong> Prevent visitors from collecting logins of the content authors from the website links (like example.com\u002F?author=1). Also this function known as Stop User Enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of user login on password reset.\u003C\u002Fstrong> The password reset error will not contain the data about selected username does not exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable REST API for non-authenticated users.\u003C\u002Fstrong> Turn this on to deny access to WordPress REST API for non-authenticated users. Denied requests will get a 401 HTTP Code (Unauthorized).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable the WordPress endpoint “users” REST API.\u003C\u002Fstrong> Disables access to \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers and \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F”id_user”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable File Editor.\u003C\u002Fstrong> By prohibiting file editing, you protect the site from malicious attacks that may try to change the code and gain access to the site or steal confidential information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TRANSLATE INTO YOUR LANGUAGE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thank you for helping translate the plugin!\u003C\u002Fli>\n\u003Cli>感谢您帮助翻译这个插件！ (Gǎnxiè nín bāngzhù fānyì zhège chājìan!)\u003C\u002Fli>\n\u003Cli>प्लगइन का अनुवाद करने में मदद के लिए धन्यवाद! (Plugin ka anuvaad karne mein madad ke liye dhanyavaad!)\u003C\u002Fli>\n\u003Cli>¡Gracias por ayudar a traducir el complemento!\u003C\u002Fli>\n\u003Cli>Merci d’avoir aidé à traduire le plugin !\u003C\u002Fli>\n\u003Cli>شكرًا لمساعدتك في ترجمة الإضافة! (Shukran limusaa’adatika fi tarjamat al-idafa!)\u003C\u002Fli>\n\u003Cli>প্লাগইন অনুবাদে সাহায্য করার জন্য ধন্যবাদ! (Plug-in onubade shahajjo korar jonno dhonnobad!)\u003C\u002Fli>\n\u003Cli>Спасибо за помощь в переводе плагина! (Spasibo za pomoshch v perevode plagina!)\u003C\u002Fli>\n\u003Cli>Obrigado por ajudar a traduzir o plugin! (Obrigada if female)\u003C\u002Fli>\n\u003Cli>پلگ ان کا ترجمہ کرنے میں مدد کرنے کا شکریہ! (Plug-in ka tarjuma karne mein madad karne ka shukriya!)\u003C\u002Fli>\n\u003Cli>Terima kasih telah membantu menerjemahkan plugin!\u003C\u002Fli>\n\u003Cli>Danke, dass du beim Übersetzen des Plugins geholfen hast!\u003C\u002Fli>\n\u003Cli>プラグインの翻訳を手伝ってくれてありがとうございます！ (Puraguin no hon’yaku o tetsudatte kurete arigatou gozaimasu!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.",30000,2575884,96,378,"2026-03-02T10:49:00.000Z","5.0",[75,76,135,19,21],"malware","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-malware-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-malware-firewall.2.174.zip","2025-12-08 16:28:49",{"attackSurface":140,"codeSignals":259,"taintFlows":290,"riskAssessment":291,"analyzedAt":302},{"hooks":141,"ajaxHandlers":171,"restRoutes":172,"shortcodes":256,"cronEvents":257,"entryPointCount":258,"unprotectedCount":13},[142,148,151,154,159,163,165,167],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","init","closure","cybershield-wp-plugin.php",49,{"type":143,"name":149,"callback":145,"file":146,"line":150},"admin_menu",77,{"type":143,"name":152,"callback":145,"file":146,"line":153},"rest_api_init",195,{"type":155,"name":156,"callback":157,"file":146,"line":158},"filter","rest_authentication_errors","cbsd_restrict_rest_api_to_auth_users",507,{"type":143,"name":160,"callback":145,"file":161,"line":162},"wp_head","Helpers\\cbsd_functions.php",118,{"type":143,"name":160,"callback":145,"file":161,"line":164},150,{"type":143,"name":160,"callback":145,"file":161,"line":166},182,{"type":143,"name":168,"callback":145,"file":169,"line":170},"wp","Types\\CBSD_App.php",149,[],[173,179,183,187,192,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252],{"namespace":174,"route":175,"methods":176,"callback":145,"permissionCallback":145,"file":146,"line":178},"cbsd_api\u002Fv1","\u002Fblacklist\u002Fblock",[177],"POST",196,{"namespace":174,"route":180,"methods":181,"callback":145,"permissionCallback":145,"file":146,"line":182},"\u002Fblacklist\u002Funblock",[177],209,{"namespace":174,"route":184,"methods":185,"callback":145,"permissionCallback":145,"file":146,"line":186},"\u002Fblacklist\u002Fedit",[177],222,{"namespace":174,"route":188,"methods":189,"callback":145,"permissionCallback":145,"file":146,"line":191},"\u002Fblacklist\u002Flist",[190],"GET",235,{"namespace":174,"route":193,"methods":194,"callback":145,"permissionCallback":145,"file":146,"line":195},"\u002Fwhitelist\u002Fadd",[177],249,{"namespace":174,"route":197,"methods":198,"callback":145,"permissionCallback":145,"file":146,"line":199},"\u002Fwhitelist\u002Fremove",[177],262,{"namespace":174,"route":201,"methods":202,"callback":145,"permissionCallback":145,"file":146,"line":203},"\u002Fwhitelist\u002Fedit",[177],275,{"namespace":174,"route":205,"methods":206,"callback":145,"permissionCallback":145,"file":146,"line":207},"\u002Fwhitelist\u002Flist",[190],288,{"namespace":174,"route":209,"methods":210,"callback":145,"permissionCallback":145,"file":146,"line":211},"\u002Fcustom_rules\u002Fadd",[177],302,{"namespace":174,"route":213,"methods":214,"callback":145,"permissionCallback":145,"file":146,"line":215},"\u002Fcustom_rules\u002Fremove",[177],315,{"namespace":174,"route":217,"methods":218,"callback":145,"permissionCallback":145,"file":146,"line":219},"\u002Fcustom_rules\u002Fedit",[177],328,{"namespace":174,"route":221,"methods":222,"callback":145,"permissionCallback":145,"file":146,"line":223},"\u002Fcustom_rules\u002Flist",[190],341,{"namespace":174,"route":225,"methods":226,"callback":145,"permissionCallback":145,"file":146,"line":227},"\u002Fsettings\u002Findex",[190],355,{"namespace":174,"route":229,"methods":230,"callback":145,"permissionCallback":145,"file":146,"line":231},"\u002Fsettings\u002Ftoggle",[177],369,{"namespace":174,"route":233,"methods":234,"callback":145,"permissionCallback":145,"file":146,"line":235},"\u002Fstats\u002Fline_chart_data",[190],383,{"namespace":174,"route":237,"methods":238,"callback":145,"permissionCallback":145,"file":146,"line":239},"\u002Fstats\u002Fthreats_by_page",[190],396,{"namespace":174,"route":241,"methods":242,"callback":145,"permissionCallback":145,"file":146,"line":243},"\u002Fstats\u002Fvbc",[190],409,{"namespace":174,"route":245,"methods":246,"callback":145,"permissionCallback":145,"file":146,"line":247},"\u002Fstats\u002Fcylbm",[190],422,{"namespace":174,"route":249,"methods":250,"callback":145,"permissionCallback":145,"file":146,"line":251},"\u002Fcountry_codes",[190],436,{"namespace":174,"route":253,"methods":254,"callback":145,"permissionCallback":145,"file":146,"line":255},"\u002Fcontact",[177],472,[],[],20,{"dangerousFunctions":260,"sqlUsage":261,"outputEscaping":286,"fileOperations":32,"externalRequests":48,"nonceChecks":13,"capabilityChecks":32,"bundledLibraries":289},[],{"prepared":262,"raw":263,"locations":264},22,7,[265,269,271,274,276,280,283],{"file":266,"line":267,"context":268},"Controllers\\CBSD_BlacklistController.php",25,"$wpdb->get_results() with variable interpolation",{"file":270,"line":267,"context":268},"Controllers\\CBSD_RulesController.php",{"file":272,"line":273,"context":268},"Controllers\\CBSD_WhitelistController.php",28,{"file":146,"line":275,"context":268},452,{"file":277,"line":278,"context":279},"includes\\Classes\\CBSD_Activator.php",23,"$wpdb->get_col() with variable interpolation",{"file":281,"line":282,"context":268},"Modules\\Blacklist\\init.php",31,{"file":284,"line":285,"context":268},"Modules\\Whitelist\\init.php",34,{"escaped":287,"rawEcho":13,"locations":288},39,[],[],[],{"summary":292,"deductions":293},"The \"cybershield-waf\" plugin, version 0.1.6, exhibits a generally strong security posture based on the provided static analysis. All identified entry points, including REST API routes and potential AJAX handlers, appear to be protected by appropriate permission checks. The plugin also demonstrates excellent practices in output escaping, with 100% of outputs being properly escaped, and a significant majority of its SQL queries utilizing prepared statements. The absence of known CVEs and a clean vulnerability history further contribute to a positive security assessment, suggesting a mature and well-maintained codebase.",[294,296,298,300],{"reason":295,"points":11},"No nonce checks on entry points",{"reason":297,"points":48},"One file operation detected",{"reason":299,"points":81},"Three external HTTP requests detected",{"reason":301,"points":81},"Only one capability check detected","2026-03-17T00:42:28.961Z",{"wat":304,"direct":312},{"assetPaths":305,"generatorPatterns":308,"scriptPaths":309,"versionParams":310},[306,307],"\u002Fwp-content\u002Fplugins\u002Fcybershield-waf\u002Fassets\u002Fadmin\u002Fjs\u002Fstart.js","\u002Fwp-content\u002Fplugins\u002Fcybershield-waf\u002Fassets\u002Fcss\u002Felement.css",[],[306],[311],"cybershield-waf\u002Fassets\u002Fcss\u002Felement.css?t=",{"cssClasses":313,"htmlComments":318,"htmlAttributes":319,"restEndpoints":321,"jsGlobals":323,"shortcodeOutput":327},[314,315,316,317],"main-menu","text-white-200","bg-wheat-600","p-4",[],[320],"data-router-view",[322],"\u002Fwp-json\u002Fcbsd_api\u002Fv1\u002Fblacklist\u002Fblock",[324,325,326],"CBSD-script-boot","WPURLS","CBSAdmin",[]]