[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fx5zZ3ZT9Emf0wbiT1X9wr5KU-ebk2fMvTOvnB9UsHZA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":46,"crawl_stats":35,"alternatives":53,"analysis":165,"fingerprints":706},"defend-wp-firewall","DefendWP Firewall","1.1.6","revmakx","https:\u002F\u002Fprofiles.wordpress.org\u002Frevmakx\u002F","\u003Ch3>Instant protection against disclosed vulnerabilities\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdefendwp.org\u002F\" rel=\"nofollow ugc\">DefendWP.org\u003C\u002Fa> is a WordPress plugin that protects your website from hackers exploiting vulnerable code on your website. Security research companies discover vulnerabilities and notify plugin developers to patch them. After some time, they disclose the vulnerability to the public, allowing you to update your plugins. However, this system has flaws. Once vulnerabilities are publicly disclosed, hackers rush to exploit the sites in which you haven’t yet applied the patch.\u003C\u002Fp>\n\u003Ch4>A Better Approach: Immediate Protection for All Users\u003C\u002Fh4>\n\u003Cp>To solve this, our plugin pushes firewall rules and patches as soon as vulnerabilities are disclosed, ensuring websites are protected without waiting for an official patch. This protection is silent and automatic, ensuring that you are not affected even if you don’t take any immediate action.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Immediate Patches Upon Disclosure: When vulnerabilities are disclosed, our plugin pushes patches or firewall rules that prevent exploitation.\u003C\u002Fli>\n\u003Cli>Silent Protection: We operate in the background, allowing plugin developers to roll out patches at their own pace without compromising user security.\u003C\u002Fli>\n\u003Cli>Free and Accessible: Security should not be a privilege. Our plugin is free and accessible and ensures that all WordPress users are protected from newly disclosed vulnerabilities.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Protecting Everyone, Not Just the Privileged Few\u003C\u002Fh3>\n\u003Cp>Security should not be reserved for those who can afford premium services. The spirit of WordPress is inclusivity, and this should extend to security as well. When vulnerabilities are disclosed, they pose a risk to every website, regardless of its owner’s resources. Every WordPress user should have access to immediate protection.\u003C\u002Fp>\n\u003Cp>Security researchers play a vital role in identifying vulnerabilities, but the current system leaves too many users exposed. Our approach aims to create a safer WordPress ecosystem for all, by closing the gap between vulnerability disclosure and patching.\u003C\u002Fp>\n\u003Cp>This isn’t about taking credit—it’s about prioritizing the safety of small business owners, bloggers, and entrepreneurs who rely on WordPress. By silently closing the vulnerability gap, we aim for a future where WordPress security is accessible to everyone.\u003C\u002Fp>\n\u003Cp>Let’s build a safer WordPress ecosystem together—one that protects all users, not just the privileged few.\u003C\u002Fp>\n\u003Ch4>For plugin authors: Report a Vulnerability\u003C\u002Fh4>\n\u003Cp>Do you have an active vulnerability in your plugin you want to safeguard users from? Report it \u003Ca href=\"https:\u002F\u002Fdefendwp.org\u002Fsubmit-a-vulnerability\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Need help with your website’s security? Just send us an email at \u003Ca href=\"mailto:help@defendwp.org\" rel=\"nofollow ugc\">help@defendwp.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin utilizes the \u003Ca href=\"https:\u002F\u002Fapi.ipify.org?format=json\" rel=\"nofollow ugc\">Ipify.org\u003C\u002Fa> to provide enhanced functionality. The API allows the plugin to retrieve the exact IP of the current user, which will be used to determine whether the user can access the WordPress site.\u003Ca href=\"https:\u002F\u002Fipify.org\" rel=\"nofollow ugc\">Privacy policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Vulnerabilities, IPs, Plugins and Themes data will be sent between \u003Ca href=\"https:\u002F\u002Fdefendwp.org\" rel=\"nofollow ugc\">DefendWP.org\u003C\u002Fa> and the WP site to instantly patch from vulnerabilities.\u003C\u002Fp>\n","Get instant protection against vulnerabilities disclosed by security companies.",3000,10055,0,"2025-06-16T07:14:00.000Z","6.8.5","6.2.0","8.1",[19,20,21,22],"malware","performance","security","vulnerability","https:\u002F\u002Fdefendwp.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefend-wp-firewall.1.1.6.zip",99,1,"2025-02-24 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":37,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-22280","defendwp-firewall-missing-authorization","DefendWP Firewall \u003C= 1.1.0 - Missing Authorization","The DefendWP Firewall plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the defend_wp_firewall_verify_ajax_requests() function in versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute all of the plugin's AJAX requests.",null,"\u003C=1.1.0","1.1.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-03-03 16:17:58",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F33d08b1a-3933-4131-b7b5-3530612d2157?source=api-prod",8,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},6,224210,92,704,73,"2026-04-03T18:40:53.528Z",[54,78,103,122,147],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":13,"last_vuln_date":77,"fetched_at":28},"jetpack","Jetpack – WP Security, Backup, Speed, & Growth","15.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Ch3>JETPACK – THE BEST WORDPRESS PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"VideoPress Video Player\" aria-label=\"VideoPress Video Player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fvideo.wordpress.com\u002Fembed\u002FbEKlywPj?hd=0&cover=1\" frameborder=\"0\" allowfullscreen allow=\"clipboard-write\">\u003C\u002Fiframe>\u003Cscript src='https:\u002F\u002Fv0.wordpress.com\u002Fjs\u002Fnext\u002Fvideopress-iframe.js?m=1770107250'>\u003C\u002Fscript>\u003C\u002Fp>\n\u003Cp>Jetpack is a WordPress plugin that helps you create better content, grow your subscribers, earn money from your website and keep it safe, fast, and secure. You can grow and keep track of your website traffic with Jetpack stats, and create better content with Jetpack AI. You can start a newsletter and grow your audience, turning fans into paying subscribers. Create beautiful content with Jetpack Creator and keep your site fast with Jetpack Boost.\u003C\u002Fp>\n\u003Ch4>HOW TO GET STARTED WITH JETPACK\u003C\u002Fh4>\n\u003Cp>Installation is free, quick, and easy. \u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Finstall?from=wporg\" rel=\"nofollow ugc\">Set up Jetpack\u003C\u002Fa> in minutes. Take advantage of more robust features like WordPress site security and design and growth tools by \u003Ca href=\"http:\u002F\u002Fjetpack.com\u002Fpricing\" rel=\"nofollow ugc\">upgrading to a paid plan\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>NEED EXPERT SUPPORT?\u003C\u002Fh4>\n\u003Cp>We have a global team of Happiness Engineers ready to provide incredible support. Ask your questions in the support forum or \u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fcontact-support\" rel=\"nofollow ugc\">contact support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>WHY USE JETPACK ON YOUR SITE\u003C\u002Fh3>\n\u003Ch4>Safer. Faster. More traffic.\u003C\u002Fh4>\n\u003Cp>WordPress security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.\u003C\u002Fp>\n\u003Ch4>24\u002F7 AUTO SITE SECURITY\u003C\u002Fh4>\n\u003Cp>We guard your site so you can run your site or business. Jetpack Security provides easy-to-use, comprehensive WordPress site security including auto real-time backups and easy restores, malware scans, and spam protection. Essential features like brute force protection and basic downtime \u002F uptime monitoring are free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Back up your site automatically in real time and restore to any point with one click. Cloud storage starts at 10GB, which is more than enough for most sites, with additional storage options available if needed. Great for eCommerce stores especially Woo.\u003C\u002Fli>\n\u003Cli>Manage migration to a new host, migrate theme files and plugins to a new database, easily duplicate websites, create full database backups, clone websites, repair broken websites by restoring older backups or easily set up a test site by creating a duplicate of your existing WP website.\u003C\u002Fli>\n\u003Cli>See every site change and who made it with the activity log, great for coordination, debug, maintenance, or troubleshooting.\u003C\u002Fli>\n\u003Cli>Examine incoming traffic to your WordPress site with our WAF (Web Application Firewall) and decide to allow or block it based on various rules.\u003C\u002Fli>\n\u003Cli>Add an important layer of protection to your site with our WAF (Web Application Firewall), particularly when attackers actively exploit unpatched vulnerabilities.\u003C\u002Fli>\n\u003Cli>Automatically perform malware scans and security scans for other code threats. One click fix to restore your site for malware.\u003C\u002Fli>\n\u003Cli>Block spam comments and form responses with anti spam features powered by Akismet.\u003C\u002Fli>\n\u003Cli>Brute force attack protection to protect your WordPress login page from attacks.\u003C\u002Fli>\n\u003Cli>Monitor your site uptime \u002F downtime and get an instant alert of any change by email.\u003C\u002Fli>\n\u003Cli>Secure WordPress.com powered login used by millions of sites with optional 2FA (two factor authentication) for extra protection.\u003C\u002Fli>\n\u003Cli>Auto update individual plugins for easy site maintenance and management.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can purchase all of Jetpack’s security features in our \u003Ca href=\"https:\u002F\u002Fcloud.jetpack.com\u002Fpricing#jetpack_security_t1_yearly\" rel=\"nofollow ugc\">Security bundle\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Fcloud.jetpack.com\u002Fpricing#jetpack_backup_t1_yearly\" rel=\"nofollow ugc\">VaultPress Backup\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fcloud.jetpack.com\u002Fpricing#jetpack_scan\" rel=\"nofollow ugc\">Scan\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fcloud.jetpack.com\u002Fpricing#jetpack_anti_spam\" rel=\"nofollow ugc\">Akismet Anti-spam\u003C\u002Fa> can each be purchased individually.\u003C\u002Fp>\n\u003Ch4>PEAK SPEED AND PERFORMANCE\u003C\u002Fh4>\n\u003Cp>Get blazing fast site speed with Jetpack. Jetpack’s free CDN (content delivery network) auto optimizes your images. Watch your page load times decrease — we’ll optimize your images and serve them from our own powerful global network, and speed up your site on mobile devices to reduce bandwidth usage and save money!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Image CDN for images and core static files, like CSS and JavaScript, served from our servers, not yours, which saves you money and bandwidth.\u003C\u002Fli>\n\u003Cli>Unlimited, high speed, ad free video hosting keeps the focus on your content, not on ads or recommendations that lead people off site.\u003C\u002Fli>\n\u003Cli>Custom site search is incredibly powerful and customizable. Helps your visitors instantly find the right content so they read and buy more. Works great with WooCommerce \u002F eCommerce sites to help filter products so customers get what they want on your site faster.\u003C\u002Fli>\n\u003Cli>Recommended to use with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-boost\u002F\" rel=\"ugc\">Jetpack Boost\u003C\u002Fa> for ultimate WordPress site speed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>POWERFUL TOOLS FOR GROWTH\u003C\u002Fh4>\n\u003Cp>Create and customize your WordPress site, optimize it for visitors and revenue, and enjoy watching your stats tick up. Build it, share it, and watch it grow.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto publish blog posts and products to social media by simply using our tools to connect to Facebook, Bluesky, Threads, Tumblr, Mastodon, LinkedIn, and Nextdoor.\u003C\u002Fli>\n\u003Cli>Easily share Instagram posts on your pages and blog posts.\u003C\u002Fli>\n\u003Cli>Collect a payment or donation, sell a product, service, or membership with simple integrations with PayPal and Stripe.\u003C\u002Fli>\n\u003Cli>Grow traffic with SEO tools for Google, Bing, Facebook, and WordPress.com. XML sitemap created automatically.\u003C\u002Fli>\n\u003Cli>Advertise on your site to generate revenue. The ad network automatically does the work for you to find high-quality ads that are placed on your site.\u003C\u002Fli>\n\u003Cli>Manage Jetpack features from anywhere with the official WordPress mobile app, available for Apple iOS (iPhone or iPad) and Google Android.\u003C\u002Fli>\n\u003Cli>Looking for Customer Relationship Management? Check out the \u003Ca href=\"https:\u002F\u002Fjetpackcrm.com\" rel=\"nofollow ugc\">Jetpack CRM plugin\u003C\u002Fa> which works alongside Jetpack to give you a simple and practical way to build relationships with your customers and leads.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>POWERFUL STATS TO GROW YOUR SITE\u003C\u002Fh4>\n\u003Cp>With Jetpack Stats, you don’t need to be a data scientist to see how your site is performing.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced site stats and analytics to help you understand your audience.\u003C\u002Fli>\n\u003Cli>Discover your top performing posts & pages.\u003C\u002Fli>\n\u003Cli>See who is creating the most popular content on your team with our author metrics.\u003C\u002Fli>\n\u003Cli>Easily keep track of your content creation habits & trends over the years.\u003C\u002Fli>\n\u003Cli>View weekly and yearly trends with 7-day Highlights and Year in Review.\u003C\u002Fli>\n\u003Cli>See what popular social networks your content is being shared to the most.\u003C\u002Fli>\n\u003Cli>Explore real-time data on visitors, likes, and comments.\u003C\u002Fli>\n\u003Cli>Get detailed insights on the referrers that bring traffic to your site.\u003C\u002Fli>\n\u003Cli>Discover what countries your visitors are coming from.\u003C\u002Fli>\n\u003Cli>Measure link clicks, video plays, and file downloads within your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WRITE SMARTER, NOT HARDER.\u003C\u002Fh4>\n\u003Cp>Experience the ease of crafting professional content with intuitive and powerful AI. Jetpack AI Assistant effortlessly integrates with your WordPress editor, offering an intuitive interface to interact with AI.\u003Cbr \u002F>\nThis powerful block lets you generate diverse content at your command, significantly reducing the time and effort required in content creation.\u003C\u002Fp>\n\u003Cp>Simply provide a prompt, and watch as Jetpack AI Assistant crafts compelling blog posts, detailed pages, structured lists, and comprehensive tables – all tailored to your needs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Harness AI power directly from your editor.\u003C\u002Fli>\n\u003Cli>Unlock high-quality, tailored content at your command.\u003C\u002Fli>\n\u003Cli>Maintain professional standards with ease.\u003C\u002Fli>\n\u003Cli>AI-powered translations across numerous languages at your fingertips, breaking down language barriers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PROMOTE YOUR CONTENT EASILY WITH JETPACK BLAZE\u003C\u002Fh4>\n\u003Cp>Find new fans by promoting your posts and pages across millions of sites in the WordPress.com and Tumblr ad network.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create your ad. Choose your audience. Set your budget. It’s that easy.\u003C\u002Fli>\n\u003Cli>Amplify your reach for just a few dollars.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>EASY DESIGN TOOLS\u003C\u002Fh4>\n\u003Cp>Quickly customize your site to make it stand out — no coding needed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Themes — Simple WordPress themes to get started on your site.\u003C\u002Fli>\n\u003Cli>Related posts — Keep visitors on your site by automatically showing them related content they will be interested in.\u003C\u002Fli>\n\u003Cli>Gallery and Slideshow tools — Image galleries, carousel slider, and slideshows for WP sites and stores.\u003C\u002Fli>\n\u003Cli>Subscriptions — Make it easy for visitors to sign up to receive notifications of your latest posts and comments.\u003C\u002Fli>\n\u003Cli>Contact form — Easily build unlimited contact forms for free without any coding. Receive email notifications for each response. Integrate with mail solutions like Creative Mail to reach your customers and leads quickly. Connect to Jetpack Anti spam (powered by Akismet) to filter submissions.\u003C\u002Fli>\n\u003Cli>oEmbed Support — easily embed images, posts, and links from Facebook and Instagram.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>INTEGRATIONS\u003C\u002Fh4>\n\u003Cp>Jetpack is updated monthly to ensure seamless integration with top WordPress plugins and other tech products.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Built for WooCommerce: Jetpack and WooCommerce are both made by Automattic. Backup, Scan, Anti-spam, integrate perfectly for Woo \u002F eComm stores.\u003C\u002Fli>\n\u003Cli>Jetpack is fully compatible with v2.0 of the official AMP plugin for WordPress.\u003C\u002Fli>\n\u003Cli>Better understand your customers and marketing with Google Analytics (GA) integration.\u003C\u002Fli>\n\u003Cli>Social media platforms: Instagram, Facebook, Tumblr, LinkedIn, Threads, Bluesky, Nextdoor.\u003C\u002Fli>\n\u003Cli>Simple Blocks to customize your site: Pinterest, Whatsapp, Podcast player, GIFs, maps, tiled gallery, slideshow.\u003C\u002Fli>\n\u003Cli>Payment processors: easily collect payments or donations and sell products through Stripe and PayPal.\u003C\u002Fli>\n\u003Cli>Site speed and performance plugins: Works great with WP Super Cache by Automattic and Cloudflare.\u003C\u002Fli>\n\u003Cli>Contact form: Anti-spam (Powered by Akismet) blocks spam comments for Jetpack forms, Contact Form 7, Ninja Forms, Gravity Forms, Formidable Forms, and more.\u003C\u002Fli>\n\u003Cli>Other tech integrations: Instagram, Creative Mail, Mailchimp, Calendly, Whatsapp, Pinterest, Revue, and more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>EXPLORE MORE OF JETPACK\u003C\u002Fh4>\n\u003Cp>If you like Jetpack, consider checking out our other products and bundles\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-complete\" rel=\"nofollow ugc\">Jetpack Complete\u003C\u002Fa> – The Complete bundle with real‑time security, top performance, and everything you need to grow your business.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-security\" rel=\"nofollow ugc\">Jetpack Security\u003C\u002Fa> – Our Security bundle provides easy‑to‑use, comprehensive WordPress site security, including real‑time backups, a web application firewall, malware scanning, and spam protection.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-backup\" rel=\"nofollow ugc\">Jetpack Backup\u003C\u002Fa> – Save every change and get back online quickly with one‑click restores from Jetpack VaultPress Backup.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-scan\" rel=\"nofollow ugc\">Jetpack Scan\u003C\u002Fa> – Protect your site from bad actors around‑the‑clock ‑ with our web application firewall (WAF) and automated malware scanning with one‑click fixes.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-search\" rel=\"nofollow ugc\">Jetpack Search\u003C\u002Fa> – Instantly deliver the most relevant results to your visitors with Jetpack Search. No coding required, no ads, and no tracking.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-boost\" rel=\"nofollow ugc\">Jetpack Boost\u003C\u002Fa> – Increase your website speed.  Enjoy the same performance advantages as the world’s leading websites, no developer required.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-video\" rel=\"nofollow ugc\">Jetpack VideoPress\u003C\u002Fa> – Display stunning‑quality video with none of the hassle. Drag and drop videos through the WordPress editor and keep the focus on your content, not the ads.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-ai\" rel=\"nofollow ugc\">Jetpack AI\u003C\u002Fa> – Turn your ideas into ready‑to‑publish content at lightspeed.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-stats\" rel=\"nofollow ugc\">Jetpack Stats\u003C\u002Fa> – Keep track of your website visits, popular posts, newsletter subscribers and more.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-social\" rel=\"nofollow ugc\">Jetpack Social\u003C\u002Fa> – Automatically share your website content to your favorite social media platforms, from one place.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-crm\" rel=\"nofollow ugc\">Jetpack CRM\u003C\u002Fa> – Jetpack CRM has all of the tools you need to grow your business. It’s also modular, so you can customize it to suit your needs.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-creator\" rel=\"nofollow ugc\">Jetpack Creator\u003C\u002Fa> – Craft stunning content, boost your subscriber base, and monetize your online presence.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-newsletter\" rel=\"nofollow ugc\">Jetpack  Newsletter\u003C\u002Fa> – Transform your blog posts into newsletters to easily reach your subscribers. Offer paid subscriptions and earn from your content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>KEEP SPAM OFF YOUR WEBSITE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-spam\" rel=\"nofollow ugc\">Akismet Anti-spam\u003C\u002Fa> – Automatically clear spam from comments and forms. Save time, get more responses, give your visitors a better experience – all without lifting a finger.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PROMOTE YOUR CONTENT FOR MORE VIEWS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fredirect?source=org-blaze\" rel=\"nofollow ugc\">Blaze\u003C\u002Fa> – Find new fans by promoting your posts and pages across millions of sites in the WordPress.com and Tumblr ad network.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MANAGE MORE THAN ONE SITE?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002Fmanage\u002F\" rel=\"nofollow ugc\">Jetpack Manage\u003C\u002Fa> – All the tools you need to manage multiple WordPress sites. Monitor site security, performance, and traffic, and get alerted if a site needs attention.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FLY HIGHER WITH INDIVIDUAL PLUGINS\u003C\u002Fh4>\n\u003Cp>Ever wish you could have just one feature of Jetpack in its own plugin? Now you can. Check out our individual plugins and install only what you need.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-backup\u002F\" rel=\"ugc\">Jetpack VaultPress Backup\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-boost\u002F\" rel=\"ugc\">Jetpack Boost\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzero-bs-crm\u002F\" rel=\"ugc\">Jetpack CRM\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-protect\u002F\" rel=\"ugc\">Jetpack Protect\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-search\u002F\" rel=\"ugc\">Jetpack Search\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-social\u002F\" rel=\"ugc\">Jetpack Social\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-videopress\u002F\" rel=\"ugc\">Jetpack VideoPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fakismet\u002F\" rel=\"ugc\">Akismet Anti-Spam\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.",3000000,484284779,76,2380,"2026-03-03T09:54:00.000Z","6.9.4","6.8","7.2",[71,19,20,72,21],"backup","scan","https:\u002F\u002Fjetpack.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetpack.15.6.zip",87,24,"2024-12-04 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":67,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":13,"last_vuln_date":102,"fetched_at":28},"wp-malware-removal","Malcure Malware Shield — Removal, Repair, Monitor","19.8","Malcure Web Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fmalcure\u002F","\u003Cp>Is your website acting strangely? Seeing ‘Deceptive Site Ahead’ warnings, Japanese spam, SEO spam, or random redirects? Time to fix and monitor your site with \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Malcure Malware Shield: The Powerful Antivirus\u003C\u002Fh3>\n\u003Cp>Just as your computer requires antivirus, your website demands specialized \u003Cstrong>antivirus-grade protection\u003C\u002Fstrong>. Malcure Malware Shield delivers comprehensive, \u003Cstrong>antivirus-style\u003C\u002Fstrong> detection with advanced signatures to identify viruses, trojans, backdoors, adware, and ransomware. Unlike basic security plugins, it operates with the precision of an antivirus engine, scanning every layer of your site—from core files to the database—to ensure your website remains virus-free and secure.\u003C\u002Fp>\n\u003Ch3>Malware Removal, Hack Repair & SEO Spam Cleanup\u003C\u002Fh3>\n\u003Cp>Malware attacks are evolving. Standard scanners often miss hidden backdoors and database infections. If your current security plugin says “All Clear” but your site is still broken, you need \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong> is the intelligent, lightweight security solution. We believe security should be simple on the surface but deep under the hood. No complex settings. No bloat. Just activate and scan.\u003C\u002Fp>\n\u003Cp>Lightweight, API-driven scanning runs only on demand or on scheduled scans — no persistent background processes.\u003C\u002Fp>\n\u003Cp>Unlike scanners that delay new malware definitions for days, Malcure delivers real-time threat intelligence to every user so you’re protected against the latest threats as soon as they emerge.\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cp>Quotes are verbatim from WordPress.org support reviews, except for bracketed edits (for example, competitor names removed).\u003C\u002Fp>\n\u003Ch4>Best by far, better than [competitor name removed] and other giants\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“You can see it is a bunch of geeks that created this, with skill and visual creativity at that. I spent hours trying to find a plugin like this. So many options and such bad results until now. Great job guys. You deserve it. Simple and effective. (Disclaimer to other potential readers: there are many types of hacks\u002Fmalware out there, every scenario is different, but start with the Malcure scan and see how it goes. 9\u002F10 you won’t be disappointed, my guess)” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-by-far-better-than-wordfence-and-other-giants\u002F\" rel=\"ugc\">@dalingzaf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>The ONLY plugin that scans files…\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I am a web developer and have tried many malware removal plugins, including popular ones [competitor names removed]. However, none of them detected some unusual files that were actually malware causing regular attacks. Some of these files were in JPG format.” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-plugin-that-scans-files-in-real-time-2\u002F\" rel=\"ugc\">@devzeeshanx\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Best Malware Removal Plugin in just few minutes\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Most security plugins that are free only scan the code, but Malcure Malware Removal Plugin scans the wordpress database and the code files in few minutes. Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers. Thank You Team Malcure” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-malware-removal-plugin-in-just-few-minutes\u002F\" rel=\"ugc\">@s3630\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>It’s not just a “teaser”\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“This plugin really found the malware, and removed it. Really for free. Thanks guys, I’m going to donate now!” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fits-not-just-a-teaser\u002F\" rel=\"ugc\">@halucska\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Malware Removal & Hack Repair\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Checksum Verification:\u003C\u002Fstrong> We verify core, plugin, and theme file integrity against the official repository checksums served by our SaaS API endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Scan:\u003C\u002Fstrong> If checksums fail, Malcure runs a full scan against malware detection signatures detecting estimated 50,000+ variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inspect & Repair:\u003C\u002Fstrong> Inspect infected database records and files. Assists in cleaning compromised files and database entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Specialist:\u003C\u002Fstrong> Detects and removes the notorious “Japanese Keyword Hack” and pharma spam from your files and database, helping restore your Google rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Virus Scanner & Threat Detection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Database Scan:\u003C\u002Fstrong> Scans database tables for malicious injections and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors and obfuscated code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Detection:\u003C\u002Fstrong> Checks your core, plugins, and themes for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DeepScan™ Technology:\u003C\u002Fstrong> Scans backups, archives, images, and hidden files where malware hides.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultra-High Precision:\u003C\u002Fstrong> Uses intelligent checksum verification (comparing your files to official core\u002Fplugin\u002Ftheme checksums) to dramatically reduce false alarms compared to heuristic-only scanners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Intelligent Health Monitor\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Always-On Guard:\u003C\u002Fstrong> Continuous monitoring via \u003Cstrong>Scheduled Scans\u003C\u002Fstrong> (daily\u002Fweekly\u002Fmonthly) configurable cadence.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Alerts:\u003C\u002Fstrong> Every time a scheduled scan completes, you get an instant email report telling you if your site is clean or infected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event Log:\u003C\u002Fstrong> Track the events leading up to a malware incident for faster root-cause analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Powered by Malcure API: Real-Time Threat Intelligence\u003C\u002Fh3>\n\u003Cp>Hackers don’t sleep, and neither do we. Malcure Malware Shield connects to our real-time API to fetch the latest threat definitions.\u003C\u002Fp>\n\u003Cp>This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Data Transmission:\u003C\u002Fstrong> To perform scans, the plugin sends file checksums and your site’s domain to Malcure servers. No sensitive user data is transmitted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms & Privacy:\u003C\u002Fstrong> Use of the API is subject to our \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=1720&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=3&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Day Alerts:\u003C\u002Fstrong> Our API serves new threat-intelligence in real-time, ensuring the site is scanned against the latest vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Checksums:\u003C\u002Fstrong> We verify your core files, themes, and plugins against the official repository checksums using our API, ensuring absolute integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> The scanner only uses minimum resources to keep your server fast and responsive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Keep Malcure Malware Shield Installed?\u003C\u002Fh3>\n\u003Ch4>Reinfection Risk & Continuous Monitoring\u003C\u002Fh4>\n\u003Cp>Malware cleanup is not a one-and-done task. New vulnerabilities and reinfections can appear without warning, so continuous monitoring and scheduled scans help catch issues early—before SEO damage, blacklists, or downtime. You get email notification with the results to rest assured that the site is clean or when immediate action is required.\u003C\u002Fp>\n\u003Cp>Cleaning your site is just step one. Malcure is your anti-malware health monitor.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Continuous Monitoring:\u003C\u002Fstrong> Scheduled scans watch your site for changes so you don’t have to.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Event Log:\u003C\u002Fstrong> See exactly what’s happening on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Early Warning:\u003C\u002Fstrong> Catch new infections before Google blacklists you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Prevention:\u003C\u002Fstrong> Scheduled scans and integrity checks catch reinfections before they spread.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Bloat:\u003C\u002Fstrong> Designed to run on-demand or as per schedule without slowing down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Who This Plugin Is For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site owners\u003C\u002Fstrong> who want clear, actionable results (what was flagged and where).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & developers\u003C\u002Fstrong> who need fast triage across multiple sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce \u002F membership \u002F lead-gen sites\u003C\u002Fstrong> where downtime, SEO brand-reputation damage are expensive.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants a scanner that cuts through the noise to focus on \u003Cem>signal\u003C\u002Fem>—real threats with practical remediation paths.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works (Scan \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Review \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clean \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Monitor)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Scan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Malcure Scanner\u003C\u002Fstrong> in your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Run a scan to check your files and database for vulnerabilities, malware, backdoors, suspicious code, and integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Malcure reports findings with clear locations (file paths \u002F database records) so you can verify what changed and why it was flagged.\u003C\u002Fli>\n\u003Cli>Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean & Recover\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The free edition helps you identify issues, inspect data and understand what needs fixing.\u003C\u002Fli>\n\u003Cli>The Advanced Edition adds Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Monitor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up scheduled scans to keep your site continuously monitored.\u003C\u002Fli>\n\u003Cli>Get email alerts for new infections or integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Is It Free?\u003C\u002Fh4>\n\u003Cp>We believe in 100% transparency.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Professional-grade Detection (Knowledge). You see every infected file and database row (exact file path & line number), so you can clean it yourself for free.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Real-time Threat Intelligence & Monitoring.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro Upgrade:\u003C\u002Fstrong> Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You are never forced to pay to \u003Cem>find\u003C\u002Fem> a hack.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEbSbxiTOc8k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Core Features (Free Forever)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deep Malware Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and your entire database for vulnerabilities, viruses, trojans, backdoors, and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">malicious redirects\u003C\u002Fa>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Files:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors, shells including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database:\u003C\u002Fstrong> Scans database tables for malicious injections, recurring malware and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Detection:\u003C\u002Fstrong> Specifically checks page titles and database records for “Japanese Keyword Hack”, “Pharma Hack” and other SEO spam symptoms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> Checks your installed plugins and themes against our real-time database of known security vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Checksum Verification:\u003C\u002Fstrong> Automatically verifies your core files, themes, and plugins against the official checksums. If a file has been tampered with, we know instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uncompromising Detection:\u003C\u002Fstrong> Detects variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack Surface Hardening & Firewall:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Path Traversal:\u003C\u002Fstrong> Stops attackers from accessing sensitive system files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block PHP Uploads:\u003C\u002Fstrong> Prevents malicious scripts from being uploaded to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop User Enumeration:\u003C\u002Fstrong> Blocks bots from fishing for your username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Protection:\u003C\u002Fstrong> Prevents user data leakage via the WP REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1622&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Security Hardening\u003C\u002Fa>:\u003C\u002Fstrong> Learn more about securing your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Watchdog (Background Monitor):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set it and forget it:\u003C\u002Fstrong> Malcure runs silently in the background using scheduled scans (configurable cadence) + integrity baseline to monitor changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stay Ahead:\u003C\u002Fstrong> Automatically catch new infections before they spread or damage your SEO rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Incident Response Toolkit:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Nuke User Sessions:\u003C\u002Fstrong> Instantly force-logout every user on the site to kick out intruders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Salt Shuffler:\u003C\u002Fstrong> One-click rotation of \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">security keys (salts)\u003C\u002Fa> to invalidate all browser cookies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forensic Flight Recorder (Event Log):\u003C\u002Fstrong> Track every security event. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>how\u003C\u002Fem> a breach might have occurred with our 100-day event log.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Search Console Integration:\u003C\u002Fstrong> Connect directly to Google to fetch security warnings and blacklist status in real-time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time API Updates:\u003C\u002Fstrong> Connects to the Malcure Cloud to fetch the latest threats and vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Advanced Edition\u003C\u002Fh4>\n\u003Cp>For mission-critical websites that demand comprehensive protection and recovery tools.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>1-Click Surgical Repair:\u003C\u002Fstrong> Inspect, Delete, or Repair infected files instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Whitelisting:\u003C\u002Fstrong> Stop false alarms. Supports files, folders, and \u003Cstrong>Database Records\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration:\u003C\u002Fstrong> Complete command-line control for automated scanning and reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Definition Updates:\u003C\u002Fstrong> Definitions update automatically in the background.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>On-Demand Background Scans:\u003C\u002Fstrong> Trigger deep scans immediately without keeping your browser open.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Scan Filters:\u003C\u002Fstrong> For when you are specifically looking for something in the files or database or want to include, exclude specific files & directories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Operations:\u003C\u002Fstrong> Critical file operations like deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Client-Servicing Features:\u003C\u002Fstrong> Like copying scan results to generate report for clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Background Scan:\u003C\u002Fstrong> For when you want to trigger a scan and forget it. The scan continues and emails you upon completion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support (Expertise):\u003C\u002Fstrong> When you want to consult or want to exploit advanced features or need help troubleshooting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Priority Support:\u003C\u002Fstrong> Direct access to our security analysts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Get Malcure Advanced Edition\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Additional Resources for Malware Removal\u003C\u002Fh4>\n\u003Cp>Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1540&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">A step by step guide to remove the malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=13946&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Japanese Keyword Hack: How to Remove SEO Spam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5728&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">What is the Pharma Hack & How to fix it\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14143&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix Google Ads Disapproved for Malicious Software\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14477&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent SQL Injection Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5265&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Live Malware Infection Removal & Analysis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=7207&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix “This Site May Harm Your Computer” Warning\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Comprehensive Guide to Removing JavaScript Redirect Malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5699&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix a Blank WP-Admin Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=9102&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure WP CLI Integration & Cheatsheet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14375&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent Brute Force Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Change Salt Keys\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Expert Malware Removal Service\u003C\u002Fh4>\n\u003Cp>In over your head? Our security analysts are on standby. We offer a complete \u003Cstrong>Malware Removal Service\u003C\u002Fstrong> that includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Removal Guarantee:\u003C\u002Fstrong> We guarantee to remove all malware from your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Same Day Service:\u003C\u002Fstrong> Fast turnaround time to get your business back online.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Inspection:\u003C\u002Fstrong> Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Removal:\u003C\u002Fstrong> We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening:\u003C\u002Fstrong> We identify the root cause and patch vulnerabilities to prevent future infections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>15-Day Cover:\u003C\u002Fstrong> Security analysts available 24\u002F7\u002F365 to ensure your site stays clean.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Book Expert Malware Removal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Some files are detected by Malcure Malware Shield as “suspicious”. What gives?\u003C\u002Fh4>\n\u003Cp>Malcure’s DeepScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could potentially do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.\u003C\u002Fp>\n\u003Ch4>I can’t get Malcure Malware Shield to work. It hangs \u002F doesn’t complete the scan \u002F breaks for some reason.\u003C\u002Fh4>\n\u003Cp>If you think that the plugin is broken, \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Malcure Malware Shield (or for that matter other plugins) may break on malware affected \u002F broken websites. \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure Advanced Edition\u003C\u002Fa> integrates with WP CLI and allows you to complete the scan from WP CLI even when the site is blocked by the webhost or when you are unable to login to the website.\u003C\u002Fp>\n\u003Ch4>My site is infected however Malcure Malware Shield doesn’t detect the infection.\u003C\u002Fh4>\n\u003Cp>Malware keeps evolving. If you come across malware that Malcure Malware Shield is not able to identify, you may \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The scan gets stuck midway. What should I do?\u003C\u002Fh4>\n\u003Cp>In case of such an event, please file a support request with us and we’ll be more than happy to troubleshoot the issue.\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I cleaned my site but it got infected again. What should I do?\u003C\u002Fh4>\n\u003Cp>Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection and monitor for recurrence. How was someone able to infect your website? Have you plugged in that security hole?\u003C\u002Fp>\n\u003Cp>Please read \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002Fblog\u002Fsecurity\u002Fwhy-do-wordpress-websites-get-hacked\u002F?utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Why Do Websites Get Hacked\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do?\u003C\u002Fh4>\n\u003Cp>First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You’ll need to force or refresh the scan. You can also file a request with us to \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">get your site off any blacklists\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I found a suspicious file, what now?\u003C\u002Fh4>\n\u003Cp>If Malcure flags it, it’s likely malicious. You can inspect the file content using our built-in inspector. If you’re unsure, consider our \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Expert Malware Removal Service\u003C\u002Fa>.\u003C\u002Fp>\n","Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.",10000,605372,88,69,"2026-02-13T05:45:00.000Z","3.7.4","5.6",[94,95,21,96,97],"antivirus","malware-scanner","virus","vulnerability-scanner","https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=plugin-header&utm_medium=web&utm_campaign=wpmr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-malware-removal.19.8.zip",96,3,"2025-09-03 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":49,"num_ratings":25,"last_updated":113,"tested_up_to":67,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":121,"fetched_at":28},"security-ninja","Security Ninja – WordPress Security Plugin & Firewall","5.272","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> that helps protect your site from common attacks and security mistakes — without turning your dashboard into a cockpit.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free includes a basic Web Application Firewall (WAF)\u003C\u002Fstrong> (based on the 8G ruleset) to block common malicious requests, plus 50+ security checks, a full vulnerability scanner, and a core integrity scanner to spot risky settings and unexpected file changes.\u003C\u002Fp>\n\u003Cp>Upgrade to Pro if you need deeper protection like advanced malware scanning\u002Fcleanup, stronger WAF controls (e.g. country blocking), and more automation\u002Falerting.\u003C\u002Fp>\n\u003Cp>This plugin can be downloaded for free without any paid subscription from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja\u002F\" rel=\"ugc\">the official WordPress repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Included for free\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Basic Firewall (8G-based)\u003C\u002Fstrong> – Blocks common malicious requests and bot noise before it becomes a problem.\u003Cbr \u002F>\n– \u003Cstrong>50+ Security Tests\u003C\u002Fstrong> – Fast audit of common WordPress security misconfigurations.\u003Cbr \u002F>\n– \u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Highlights known issues in plugins\u002Fthemes so you can patch faster.\u003Cbr \u002F>\n– \u003Cstrong>Core Scanner\u003C\u002Fstrong> – Detect modified or unexpected files in WordPress core folders.\u003Cbr \u002F>\n– \u003Cstrong>Basic Events Logger\u003C\u002Fstrong> – Logs \u003Cstrong>firewall events\u003C\u002Fstrong> and \u003Cstrong>login attempts (successful\u002Ffailed)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro adds\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Advanced Malware Scanner\u003C\u002Fstrong> – Detect and clean malicious code and suspicious files.\u003Cbr \u002F>\n– \u003Cstrong>Advanced Firewall\u002FWAF controls\u003C\u002Fstrong> – e.g. country blocking, stronger rules and automation.\u003Cbr \u002F>\n– \u003Cstrong>Secure Login & 2FA\u003C\u002Fstrong> – Add stronger authentication and login protections.\u003Cbr \u002F>\n– \u003Cstrong>Automation & reporting\u003C\u002Fstrong> – Scheduled scans, reports, and advanced tracking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress firewall plugin\u003C\u002Fstrong> and security toolkit designed to protect your website from hackers, malware, brute-force attacks, and known vulnerabilities — without slowing it down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Comprehensive WordPress Security Testing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs 50+ advanced security tests to identify vulnerabilities before hackers exploit them. This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute-force protection\u003C\u002Fstrong> – Blocks unauthorized login attempts to prevent forced entry.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File integrity monitoring\u003C\u002Fstrong> – Detects unauthorized changes to WordPress core files, themes, and plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database security checks\u003C\u002Fstrong> – Identifies weak database permissions and potential SQL injection threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role audits\u003C\u002Fstrong> – Ensures no unauthorized administrator accounts exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security misconfiguration scans\u003C\u002Fstrong> – Identifies and fixes weak settings that could compromise security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Enhanced Vulnerability Scanner\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stay Ahead of Threats\u003C\u002Fstrong> – Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Protection\u003C\u002Fstrong> – Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Peace of Mind\u003C\u002Fstrong> – Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most, growing your business and creating content, worry-free.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Core Scanner – Comprehensive Protection for Your WordPress Installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Core Scanner module adds a critical layer of security by ensuring your WordPress installation remains untampered and free of unauthorized files.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full Core File Integrity Check\u003C\u002Fstrong>: Every file in your core WordPress folders is scanned to ensure it hasn’t been modified or compromised.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detection of Unknown Files\u003C\u002Fstrong>: The scanner flags any extra or unknown files in your core WordPress directories, alerting you to potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in File Viewer\u003C\u002Fstrong>: Review flagged files directly within your WordPress dashboard using the integrated file viewer for a clear and easy inspection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restore Core Files\u003C\u002Fstrong>: If a core WordPress file has been altered, you can quickly restore it with a single click, ensuring your site is running the official version.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy File Management\u003C\u002Fstrong>: For unknown or suspicious files, you have the option to delete them right from the interface, keeping your WordPress installation clean and secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Malware Scanner – Detect & Remove Malware Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a high-performance malware scanner that automatically checks your WordPress core, plugins and themes for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malicious scripts and backdoors\u003C\u002Fstrong> – Identifies hidden malware and harmful injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trojan and virus detection\u003C\u002Fstrong> – Scans for suspicious PHP and JavaScript entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click malware removal\u003C\u002Fstrong> – Instantly quarantine and delete infected files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Firewall & Real-Time Threat Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic firewall for free\u003C\u002Fstrong> (8G-based) to block common malicious requests. Upgrade to Pro for more advanced WAF controls.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic protection (Free)\u003C\u002Fstrong> – Blocks common exploit patterns and bad requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced protection (Pro)\u003C\u002Fstrong> – Country blocking, stronger controls, and additional intelligence\u002Fautomation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force & bot mitigation\u003C\u002Fstrong> – Reduce noisy and abusive traffic hitting WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Login Security & Two-Factor Authentication (2FA) (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Your WordPress login page is a primary target for hackers. Security Ninja enhances login security with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Requires additional verification for safer logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force attack protection\u003C\u002Fstrong> – Limits failed login attempts to block unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rename login\u003C\u002Fstrong> – Getting a lot of requests to your login form? Hide it for spammers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>One-Click Security Fixes & WordPress Hardening (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Manually fixing security issues is time-consuming. Security Ninja provides one-click hardening to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Disable XML-RPC\u003C\u002Fstrong> – Blocks common DDoS attacks and brute-force exploits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict file editing\u003C\u002Fstrong> – Prevents unauthorized theme and plugin modifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide PHP error messages\u003C\u002Fstrong> – Stops hackers from exploiting sensitive error details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And many more fixes to harden your WordPress security!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Events Logger \u002F Activity Tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic events logger for free\u003C\u002Fstrong> so you can see what’s happening on your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free:\u003C\u002Fstrong> firewall events + login attempts (successful\u002Ffailed).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro:\u003C\u002Fstrong> deeper tracking, alerting, and reporting.\u003C\u002Fli>\n\u003Cli>Export security logs for audits and compliance reports.\u003C\u002Fli>\n\u003Cli>Includes webhook functionality so you can integrate with other services (e.g. Slack\u002FDiscord\u002Fwebhooks).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Automated Security Scans & Reports (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs scheduled security scans and sends reports directly to your inbox.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up daily, weekly, or monthly security scans.\u003C\u002Fli>\n\u003Cli>Receive email alerts about vulnerabilities and malware infections.\u003C\u002Fli>\n\u003Cli>Analyze detailed reports to keep your website secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Block Spam & Malicious Bots Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Hackers and spammers use bots to exploit WordPress websites. Security Ninja prevents:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fake registrations and spam comments\u003C\u002Fstrong> – Stops bots from even getting to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malicious bot attacks\u003C\u002Fstrong> – Blocks scripts attempting to hack your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unwanted traffic\u003C\u002Fstrong> – Reduces server load by preventing unnecessary bot access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja is Best WordPress Security Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is the best WordPress security plugin because it provides a comprehensive, lightweight, and easy-to-use solution to protect your website from hackers, malware, and vulnerabilities. With 50+ security tests, an advanced malware scanner, a firewall, and two-factor authentication (2FA), it ensures complete website protection without slowing down performance.\u003C\u002Fp>\n\u003Cp>Unlike bloated security plugins, Security Ninja is optimized for speed and efficiency. It offers one-click security fixes, automated scans, real-time threat detection, and login protection, making it ideal for beginners and advanced users alike. Trusted since 2011, it keeps thousands of websites secure while offering proactive protection against cyber threats.\u003C\u002Fp>\n\u003Ch3>Extensions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>MainWP – The MainWP Dashboard allows administrators to manage many WordPress websites from a central location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Install the \u003Cstrong>FREE \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\" rel=\"ugc\">Security Ninja for MainWP Extension\u003C\u002Fa>\u003C\u002Fstrong> to get an overview of all websites you have installed Security Ninja on!\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\u003C\u002Fp>\n\u003Ch3>Security Tests for your website\u003C\u002Fh3>\n\u003Cp>Security Ninja – Your WordPress Guardian\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immediate Vulnerability Alerts\u003C\u002Fstrong>: Get instant notifications about vulnerabilities to keep your website safe and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Comprehensive One-click Security Audit\u003C\u002Fstrong>: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>You’re in Command\u003C\u002Fstrong>: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Holistic Security Evaluation\u003C\u002Fstrong>: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Proactive Defense Strategies\u003C\u002Fstrong>: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Optimization Beyond Security\u003C\u002Fstrong>: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Knowledge\u003C\u002Fstrong>: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customized Security Insights\u003C\u002Fstrong>: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Future-Proof Your Site\u003C\u002Fstrong>: Stay ahead with tests that include the latest WordPress features and best practices for site security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent Unauthorized Access\u003C\u002Fstrong>: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Secure Configuration Checks\u003C\u002Fstrong>: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Security Ninja Pro\u003C\u002Fstrong> has extra features: Firewall, Filter Suspicious Queries, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>An all-in-one security solution for any site. With premium support and continuous updates Security Ninja \u003Cstrong>Pro\u003C\u002Fstrong> is a perfect tool to keep your site safe. \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=see-what-pro-offers\" rel=\"nofollow ugc\">See what the PRO version offers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Automatically block \u003Cstrong>600+ million bad IPs\u003C\u002Fstrong> with one click! \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=cloud-firewall\" rel=\"nofollow ugc\">Security Ninja Pro Firewall\u003C\u002Fa> will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Read more about Pro features on the \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=readmoreaboutpro\" rel=\"nofollow ugc\">Security Ninja website\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What others say about the plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmayor.com\u002Fsecurity-ninja-review-wordpress-security-plugin\u002F\" rel=\"nofollow ugc\">WP Mayor: “Easy-to-Use WordPress Security Plugin”\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwplift.com\u002Fsecurity-ninja-review\" rel=\"nofollow ugc\">WPLift\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpexplorer.com\u002Fwordpress-security-can-security-ninja-keep-your-site-safe\u002F\" rel=\"nofollow ugc\">WPExplorer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwploop.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">WP Loop\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.bitcatcha.com\u002Fblog\u002Fsecurity-ninja-plugin-review\u002F\" rel=\"nofollow ugc\">Bitcatcha.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.webhostingsecretrevealed.net\u002Fblog\u002Fwordpress-blog\u002F10-actionable-wordpress-security-tips\u002F\" rel=\"nofollow ugc\">WebHostingSecretRevealed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ravisinghblog.in\u002Fwp-security-ninja-review\u002F\" rel=\"nofollow ugc\">Ravi Singh\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftutorials7.com\u002Fsecurity-ninja-review.html\" rel=\"nofollow ugc\">Tutorials 7\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.onlinedecoded.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">onlinedecoded.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Tests\u003C\u002Fstrong>\u003Cbr \u002F>\n* The tests include:\u003Cbr \u002F>\n  * brute-force attack on user accounts to test password strength\u003Cbr \u002F>\n  * numerous installation parameters tests\u003Cbr \u002F>\n  * file permissions\u003Cbr \u002F>\n  * version hiding\u003Cbr \u002F>\n  * 0-day exploits tests\u003Cbr \u002F>\n  * debug and auto-update modes tests\u003Cbr \u002F>\n  * database configuration tests\u003Cbr \u002F>\n  * Apache and PHP related tests\u003Cbr \u002F>\n  * WP options tests\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Complete list of tests:\n\u003Cul>\n\u003Cli>Check if Application Passwords feature is enabled (new to WP 5.6)\u003C\u002Fli>\n\u003Cli>Check if WordPress core is up to date\u003C\u002Fli>\n\u003Cli>Check if automatic WordPress core updates are enabled\u003C\u002Fli>\n\u003Cli>Check if plugins are up to date\u003C\u002Fli>\n\u003Cli>Check if there are deactivated plugins\u003C\u002Fli>\n\u003Cli>Check if active plugins have been updated in the last 12 months\u003C\u002Fli>\n\u003Cli>Check if active plugins are compatible with your version of WP\u003C\u002Fli>\n\u003Cli>Check if themes are up to date\u003C\u002Fli>\n\u003Cli>Check if there are any deactivated themes\u003C\u002Fli>\n\u003Cli>Check if full WordPress version info is revealed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check if REST API links are displayed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check the PHP version is up to date\u003C\u002Fli>\n\u003Cli>Check the MySQL version\u003C\u002Fli>\n\u003Cli>Check if server response headers contain detailed PHP version info\u003C\u002Fli>\n\u003Cli>Check if expose_php PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if user with username “admin” and administrator privileges exists\u003C\u002Fli>\n\u003Cli>Check if “anyone can register” option is enabled\u003C\u002Fli>\n\u003Cli>Check user’s password strength with a brute-force attack\u003C\u002Fli>\n\u003Cli>Check for display of unnecessary information on failed login attempts\u003C\u002Fli>\n\u003Cli>Check if database table prefix is the default one\u003C\u002Fli>\n\u003Cli>Check if security keys and salts have proper values\u003C\u002Fli>\n\u003Cli>Check the age of security keys and salts\u003C\u002Fli>\n\u003Cli>Test the strength of WordPress database password\u003C\u002Fli>\n\u003Cli>Check if general debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if the debug.log file exists\u003C\u002Fli>\n\u003Cli>Check if database debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if JavaScript debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if display_errors PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if WordPress installation address is the same as the site address\u003C\u002Fli>\n\u003Cli>Check if wp-config.php file has the right permissions (chmod) set\u003C\u002Fli>\n\u003Cli>Check if register_globals PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if PHP safe mode is disabled\u003C\u002Fli>\n\u003Cli>Check if allow_url_include PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if plugins\u002Fthemes file editor is enabled\u003C\u002Fli>\n\u003Cli>Check if uploads folder is browsable by browsers\u003C\u002Fli>\n\u003Cli>Test if user with ID 1 and administrator role exists\u003C\u002Fli>\n\u003Cli>Check if Windows Live Writer link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if wp-config.php is present on the default location\u003C\u002Fli>\n\u003Cli>Check if MySQL server is connectable from outside with the WP user\u003C\u002Fli>\n\u003Cli>Check if EditURI link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if TimThumb script is used in the active theme\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #6271\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #7169\u003C\u002Fli>\n\u003Cli>Check if admin interface is delivered via SSL\u003C\u002Fli>\n\u003Cli>Check if MySQL account used by WordPress has too many permissions\u003C\u002Fli>\n\u003Cli>Test if a list of usernames can be fetched by looping through user IDs on http:\u002F\u002Fsiteurl.com\u002F?author={ID} (also called username enumeration)\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Frame-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Referrer-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Feature-Policy\u003C\u002Fli>\n\u003Cli>Check for unwanted files in your root folder you should remove\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>License info\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcarhartl\u002Fjquery-cookie\" rel=\"nofollow ugc\">jQuery Cookie Plugin, Copyright 2013 Klaus Hartl\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The vulnerability scanner uses data from the \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002F\" rel=\"nofollow ugc\">National Vulnerability Database – NVD\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This product includes IP2Location LITE data available from \u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Flite.ip2location.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcollizo4sky\u002Fpersist-admin-notices-dismissal\" rel=\"nofollow ugc\">Persist Admin notice Dismissals\u003C\u002Fa> by Collins Agbonghama @collizo4sky\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Firewall rules are based on 8G Firewall by Jeff Starr – https:\u002F\u002Fperishablepress.com\u002F8g-blacklist\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How can I report security bugs?\u003C\u002Fh4>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fsecurity-ninja\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","WordPress security plugin with free basic firewall\u002FWAF, vulnerability scanning, and 50+ core integrity checks.",7000,846284,"2026-03-04T22:31:00.000Z","4.7","7.4",[117,19,21,22,118],"firewall","waf","https:\u002F\u002Fwpsecurityninja.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-ninja.5.272.zip","2025-07-23 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":67,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":142,"download_link":143,"security_score":144,"vuln_count":145,"unpatched_count":13,"last_vuln_date":146,"fetched_at":28},"sitelock","SiteLock Security – WP Hardening, Login Security & Malware Scans","5.1.0","SiteLock","https:\u002F\u002Fprofiles.wordpress.org\u002Fsitelocksecurity\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>🌟 Completely redesigned in Version 5.0 — now even stronger with 2FA in 5.1 🌟\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The SiteLock WordPress plugin was recently rebuilt with three goals: make it faster, make it clearer and move the heavy work to the cloud. We built a cloudfirst architecture, modernized UI, expanded security controls and stripped out everything that didn’t need to be there. Our latest 5.1 release builds on that foundation with TwoFactor Authentication (2FA) to strengthen login security and give you tighter control over access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The big changes:\u003C\u002Fstrong>\u003Cbr \u002F>\n  – 🔒 Enhanced WordPress-specific hardening and login security controls\u003Cbr \u002F>\n  – ☁️ Cloud-powered scanning architecture for zero performance impact\u003Cbr \u002F>\n  – 🩺 New Site Health interface that shows you what matters in one view\u003Cbr \u002F>\n  – ⚡ Streamlined controls (fewer clicks to get protected)\u003Cbr \u002F>\n  – ✨ Modern codebase built for the WordPress you’re actually using today\u003Cbr \u002F>\n  – 🔢 Two-Factor Authentication (2FA) now available for stronger login protection\u003C\u002Fp>\n\u003Cp>If you used the old plugin: this is a different tool. If you’re new: you’re starting with the cleanest, fastest version of the plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Your website deserves protection that’s simple, fast and built for WordPress. SiteLock WordPress Security focuses on the everyday controls that matter most and helps you establish a secure baseline in minutes — WordPress-specific hardening, login protection with Two-Factor Authentication (2FA) and a clear Site Health dashboard that keeps you in control without slowing your site down. It’s lightweight, action-first protection that complements your host defenses: essential safeguards run inside WordPress while deeper checks happen securely in the SiteLock cloud. Skip heavy on-server scans and alert fatigue — run on-demand checks when you need extra assurance, so you can ship updates with confidence.\u003C\u002Fp>\n\u003Ch4>Security that grows with you\u003C\u002Fh4>\n\u003Cp>Our goal is straightforward: maintain a strong baseline with minimal overhead while giving you clear visibility and room to grow as your needs evolve.\u003Cbr \u002F>\nAnd because security is never static, this plugin keeps pace. Two-Factor Authentication (2FA) is now available to strengthen login security with an extra layer of protection.\u003C\u002Fp>\n\u003Ch4>Commercial plugin\u003C\u002Fh4>\n\u003Cp>This plugin is free but offers additional paid commercial upgrades or support.\u003C\u002Fp>\n\u003Ch3>What’s included\u003C\u002Fh3>\n\u003Ch4>WordPress Hardening: Cut common attack paths in just a few clicks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable directory listing\u003C\u002Fli>\n\u003Cli>Restrict PHP execution in upload folders\u003C\u002Fli>\n\u003Cli>Limit unsafe script types\u003C\u002Fli>\n\u003Cli>Force strong configuration defaults to close risky gaps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>All options are toggle-based and reversible — safe to enable, easy to test and lightweight on performance.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Login Security: Protect what matters most — your access\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>: Add a second layer of verification to protect admin access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force defense\u003C\u002Fstrong>: Blocks repeated failed logins and temporarily locks abusive IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password policy prompts\u003C\u002Fstrong>: Encourage stronger credentials without breaking workflows\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session timeouts\u003C\u002Fstrong>: Automatically end idle sessions to prevent account hijacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity awareness\u003C\u002Fstrong>: View recent logins and admin changes in the \u003Cstrong>Activity Log\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Site Health & Cloud Checks: Clarity without noise\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site Health Dashboard\u003C\u002Fstrong>: Surface key signals in one view — WordPress hardening status, last scan timestamp and actionable indicators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud Checks\u003C\u002Fstrong>: Connect your free SiteLock account to enable recurring off-server checks (Webpage Scan, SSL Verification, Email Reputation and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Now\u003C\u002Fstrong>: Run on-demand checks after updates or changes for instant assurance — no heavy, always-on local scanners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Track what’s happening across your WordPress admin. See admin\u002Flogin events at a glance making it easy to spot anomalies early and keep accountability clear\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose SiteLock WordPress Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight by design\u003C\u002Fstrong>: All high-impact protections, no unnecessary load\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real visibility\u003C\u002Fstrong>: Know your security posture in seconds with Site Health\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud-powered assurance\u003C\u002Fstrong>: Checks run off-server, protecting performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible setup\u003C\u002Fstrong>: Use standalone or connect a SiteLock account for added layers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strong login protection\u003C\u002Fstrong>: Two-Factor Authentication (2FA) alongside brute-force defense and session controls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted heritage\u003C\u002Fstrong>: From the global leader in SMB website security backed by continuous innovation and research\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Aligned to WordPress\u003C\u002Fstrong>: Designed to stay out of your way and keep performance priorities intact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Who It’s For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Small businesses & startups\u003C\u002Fli>\n\u003Cli>Portfolio & personal brand sites\u003C\u002Fli>\n\u003Cli>WooCommerce shops & small e-commerce\u003C\u002Fli>\n\u003Cli>Agencies & website maintenance services\u003C\u002Fli>\n\u003Cli>Freelance developers & web designers\u003C\u002Fli>\n\u003Cli>Bloggers, creators & publishers\u003C\u002Fli>\n\u003Cli>Community & membership sites\u003C\u002Fli>\n\u003Cli>Nonprofits & educational sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>If you manage a WordPress website, SiteLock gives you confidence and control whether you run one site or hundreds.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Can I Fix an Already-Infected Site with This Plugin?\u003C\u002Fh4>\n\u003Cp>The plugin focuses on prevention, posture and visibility — not full malware removal. It isn’t designed to fully clean up sites that were infected before it was active.\u003Cbr \u002F>\nIf your site is already compromised, act quickly, we recommend:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Restoring from a clean backup if available\u003C\u002Fli>\n\u003Cli>Remove malicious files manually or with professional help\u003C\u002Fli>\n\u003Cli>For urgent assistance, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fproducts\u002Ffix-hacked-site\u002F\" rel=\"nofollow ugc\">SiteLock 911 – Emergency Malware Removal\u003C\u002Fa> for rapid cleanup\u003C\u002Fli>\n\u003Cli>For ongoing defense, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">choosing a comprehensive SiteLock plan\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Don’t Know Where To Start? Try This\u003C\u002Fh4>\n\u003Cp>Here are common first moves teams take with SiteLock. Order isn’t enforced — choose what fits your site and workflow:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable WordPress hardening that matches your hosting and theme setup\u003C\u002Fli>\n\u003Cli>Turn on Login Security controls: brute-force lockouts, session timeouts, and password-hygiene prompts\u003C\u002Fli>\n\u003Cli>Connect a free SiteLock account, then use Scan Now to run an on-demand check after plugin\u002Ftheme updates\u003C\u002Fli>\n\u003Cli>Review the Activity Log after major changes to spot unexpected admin\u002Flogin events quickly\u003Cbr \u002F>\nMake one change at a time, validate and roll back any toggle that conflicts with your stack.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Need Help with Setup or Fixes?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F?topics=wordpress-plugin\" rel=\"nofollow ugc\">Help Center – WordPress\u003C\u002Fa> for plugin specific help\u003C\u002Fli>\n\u003Cli>For broader topics explore the \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F\" rel=\"nofollow ugc\">SiteLock Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Protecting our customers and systems is a top priority, and we take security very seriously. If you believe you’ve found a security vulnerability in the SiteLock WordPress plugin, please let us know at vuln-reporting@sitelock.com before sharing any details publicly.\u003C\u002Fp>\n","Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.",1000,48458,68,14,"2026-02-26T21:50:00.000Z","3.8","8.0",[138,139,140,97,141],"login-security","malware-scan","site-health","wordpress-security","https:\u002F\u002Fwww.sitelock.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsitelock.5.1.0.zip",98,2,"2026-01-25 00:00:00",{"slug":148,"name":149,"version":150,"author":151,"author_profile":152,"description":153,"short_description":154,"active_installs":155,"downloaded":156,"rating":157,"num_ratings":26,"last_updated":158,"tested_up_to":67,"requires_at_least":159,"requires_php":115,"tags":160,"homepage":163,"download_link":164,"security_score":157,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"security-ninja-for-mainwp","Security Ninja For MainWP","2.0.18","Lars Koudal","https:\u002F\u002Fprofiles.wordpress.org\u002Flkoudal\u002F","\u003Cp>Security Ninja helps you identify vulnerabilities and harden the security of your WordPress websites. Paired with MainWP, you can now manage and monitor all your connected sites from one central location.\u003C\u002Fp>\n\u003Cp>This MainWP extension brings Security Ninja into your MainWP dashboard so you can manage and monitor all connected sites from one place.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free version:\u003C\u002Fstrong> Run Security Ninja’s Security Tests and Core Scanner remotely on one or more child sites. View results for all connected sites: vulnerabilities (plugins and themes), Security Tests table, Core Scanner summary, and Malware Scanner summary (last run and count when scans are available on the child site). The Security Ninja column in the MainWP Sites table shows test score and vulnerability count. The extension main page includes an All Events tab (with a Pro upsell message for free users) and a Settings tab.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro version:\u003C\u002Fstrong> Everything in Free, plus: remote Malware Scanner (included when you use “Run all security scans” or dedicated malware scan actions, on Pro child sites); unified events log with filters and search; full malware scan file list on the per-site tab; White Label bulk action to manage child site settings; Update database tables (bulk and per-site); Pro Reports tokens for Security Ninja data. Event logs and full malware details require Security Ninja Pro on child sites.\u003C\u002Fp>\n\u003Cp>Note:\u003Cbr \u002F>\nTo view event logs and scan data, your child sites must have Security Ninja Pro installed. You can still monitor free sites from the MainWP dashboard, but features like event logging only work if those sites also have premium features enabled. The “Update database tables” action requires Security Ninja 5.271 or newer on the child site.\u003C\u002Fp>\n\u003Cp>This extension helps you save time, stay in control, and manage security across all your sites—whether you’re handling a handful or hundreds.\u003C\u002Fp>\n\u003Cp>MainWP is an invaluable tool for those who manage multiple WordPress websites.\u003C\u002Fp>\n\u003Cp>To combine the two, you need to install this extension on your master MainWP website.\u003C\u002Fp>\n\u003Ch3>Links and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002Fmainwp\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=SecNin&utm_content=plugin+repo\" rel=\"nofollow ugc\">Security Ninja for MainWP Extension Page\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002Fdocs\u002Fmainwp\u002Fget-started-mainwp\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=SecNin&utm_content=plugin+repo\" rel=\"nofollow ugc\">Get Started with MainWP and Security Ninja\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Install the Security Ninja MainWP extension from within the MainWP dashboard\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to your MainWP dashboard\u003C\u002Fli>\n\u003Cli>Navigate to WP > Plugins\u003C\u002Fli>\n\u003Cli>Search for ‘Security Ninja MainWP’\u003C\u002Fli>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the Security Ninja MainWP extension manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin\u003C\u002Fli>\n\u003Cli>Login to your MainWP dashboard\u003C\u002Fli>\n\u003Cli>Navigate to WP > Plugins\u003C\u002Fli>\n\u003Cli>Click Add New and then Upload Plugin\u003C\u002Fli>\n\u003Cli>Browse to the file, select it and click Install Now\u003C\u002Fli>\n\u003Cli>Click Activate Plugin once prompted.\u003C\u002Fli>\n\u003C\u002Fol>\n","See Security Ninja vulnerabilities and security test results in your MainWP dashboard.",500,17830,100,"2026-03-05T21:47:00.000Z","5.4",[161,19,21,162,22],"mainwp","security-scan","https:\u002F\u002Fwpsecurityninja.com\u002Fmainwp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-ninja-for-mainwp.2.0.18.zip",{"attackSurface":166,"codeSignals":464,"taintFlows":473,"riskAssessment":696,"analyzedAt":705},{"hooks":167,"ajaxHandlers":402,"restRoutes":456,"shortcodes":457,"cronEvents":458,"entryPointCount":250,"unprotectedCount":250},[168,173,177,180,184,187,191,194,198,204,207,211,214,217,220,223,226,229,232,237,239,242,247,251,255,259,262,266,269,273,278,282,285,289,292,293,295,299,300,302,304,306,309,313,316,319,322,324,326,328,329,330,332,335,338,341,343,345,348,351,353,355,358,360,362,364,366,368,370,372,374,378,379,381,383,386,389,393,398],{"type":169,"name":170,"callback":171,"file":172,"line":89},"action","admin_enqueue_scripts","enqueue_scripts","admin\\class-defend-wp-firewall-admin.php",{"type":169,"name":174,"callback":175,"file":172,"line":176},"network_admin_menu","register_menu",72,{"type":169,"name":178,"callback":175,"file":172,"line":179},"admin_menu",74,{"type":169,"name":181,"callback":182,"priority":86,"file":172,"line":183},"defend_wp_firewall_setttings_updated_before_send_response","clear_cache_on_setting_save",80,{"type":169,"name":185,"callback":185,"file":172,"line":186},"admin_notices",81,{"type":169,"name":188,"callback":189,"file":172,"line":190},"defend_wp_firewall_before_setting_start","check_redirect_login",83,{"type":169,"name":192,"callback":189,"file":172,"line":193},"defend_wp_before_login_page_start",84,{"type":169,"name":195,"callback":196,"file":172,"line":197},"admin_init","setting_page_redirect_on_activation",85,{"type":199,"name":200,"callback":201,"priority":202,"file":172,"line":203},"filter","iwp_mmb_stats_filter","inject_defendwp_data",10,86,{"type":169,"name":185,"callback":205,"file":206,"line":76},"admin_notice__error","admin\\class-defend-wp-firewall-service.php",{"type":169,"name":208,"callback":209,"file":206,"line":210},"activate_plugin","send_ptc_details",25,{"type":169,"name":212,"callback":209,"file":206,"line":213},"deactivate_plugin",26,{"type":169,"name":215,"callback":209,"file":206,"line":216},"upgrader_process_complete",27,{"type":169,"name":218,"callback":209,"file":206,"line":219},"pre_uninstall_plugin",28,{"type":169,"name":221,"callback":209,"file":206,"line":222},"delete_plugin",29,{"type":169,"name":224,"callback":209,"file":206,"line":225},"delete_theme",30,{"type":169,"name":227,"callback":209,"file":206,"line":228},"after_switch_theme",31,{"type":169,"name":230,"callback":230,"priority":202,"file":206,"line":231},"defend_wp_login_success",36,{"type":169,"name":233,"callback":234,"priority":235,"file":206,"line":236},"setup_theme","process_iwp_request",200,37,{"type":169,"name":170,"callback":171,"file":206,"line":238},38,{"type":169,"name":240,"callback":171,"file":206,"line":241},"wp_enqueue_scripts",39,{"type":199,"name":243,"callback":244,"priority":202,"file":245,"line":246},"dfwp_settings_options","dfwp_settings_options_firewall","admin\\class-defend-wp-firewall-settings.php",20,{"type":199,"name":243,"callback":248,"priority":249,"file":245,"line":250},"dfwp_settings_options_ips_action",15,21,{"type":199,"name":243,"callback":252,"priority":253,"file":245,"line":254},"dfwp_settings_options_requests_whitelist",16,22,{"type":199,"name":243,"callback":256,"priority":257,"file":245,"line":258},"dfwp_settings_notification",17,23,{"type":199,"name":243,"callback":260,"priority":261,"file":245,"line":76},"dfwp_settings_advanced",18,{"type":169,"name":263,"callback":264,"file":265,"line":253},"defend_wp_firewall_daily_auto_update","auto_update","admin\\class-defend-wp-firewall-update.php",{"type":169,"name":267,"callback":268,"file":265,"line":257},"defend_wp_firewall_setttings_updated","update_setting",{"type":169,"name":270,"callback":270,"file":271,"line":272},"wpfc_delete_cache","admin\\class-purge-plugins-cache.php",328,{"type":199,"name":274,"callback":275,"file":276,"line":277},"safe_style_css","closure","admin\\views\\defend-wp-firewall-settings-display.php",19,{"type":169,"name":279,"callback":280,"priority":202,"file":281,"line":133},"defend_wp_firewall_add_filter","add_filter","hooks\\add-action-filters-functions.php",{"type":169,"name":283,"callback":284,"priority":202,"file":281,"line":249},"defend_wp_firewall_add_action","add_action",{"type":169,"name":286,"callback":286,"file":287,"line":288},"init","hooks\\blocklist-functions.php",13,{"type":169,"name":170,"callback":290,"priority":291,"file":287,"line":257},"common_enqueue_scripts",100000,{"type":169,"name":240,"callback":290,"priority":291,"file":287,"line":261},{"type":169,"name":294,"callback":290,"priority":291,"file":287,"line":277},"login_enqueue_scripts",{"type":199,"name":296,"callback":297,"file":298,"line":249},"xmlrpc_enabled","block_xml_rpc","hooks\\firewall-functions.php",{"type":169,"name":286,"callback":286,"priority":26,"file":298,"line":253},{"type":169,"name":301,"callback":301,"priority":26,"file":298,"line":257},"plugins_loaded",{"type":169,"name":303,"callback":303,"priority":202,"file":298,"line":261},"defend_wp_firewall_request_after_run_all_rules",{"type":199,"name":305,"callback":305,"priority":202,"file":298,"line":277},"defend_wp_firewall_matched_rule",{"type":169,"name":267,"callback":267,"priority":307,"file":308,"line":249},11,"hooks\\htaccess-functions.php",{"type":169,"name":310,"callback":311,"priority":307,"file":312,"line":249},"defend_wp_firewall_set_rules","set_flag","hooks\\index-write-functions.php",{"type":169,"name":286,"callback":314,"priority":315,"file":312,"line":253},"process_flag",12,{"type":169,"name":317,"callback":318,"priority":202,"file":312,"line":257},"defend_wp_firewall_index_write","process_index_rules",{"type":199,"name":320,"callback":320,"priority":202,"file":321,"line":133},"secure_auth_cookie","hooks\\login-functions.php",{"type":169,"name":286,"callback":323,"priority":202,"file":321,"line":249},"wp_logout",{"type":169,"name":325,"callback":325,"file":321,"line":253},"defend_wp_firewall_matched_rule_action",{"type":169,"name":240,"callback":240,"priority":307,"file":327,"line":249},"hooks\\nonce-functions.php",{"type":169,"name":170,"callback":240,"priority":307,"file":327,"line":253},{"type":169,"name":294,"callback":240,"priority":307,"file":327,"line":257},{"type":169,"name":331,"callback":240,"priority":307,"file":327,"line":261},"elementor\u002Fcommon\u002Fafter_register_scripts",{"type":169,"name":333,"callback":333,"priority":202,"file":334,"line":249},"defend_wp_firewall_deactivate_plugin","hooks\\plugins-manager-functions.php",{"type":169,"name":336,"callback":337,"priority":202,"file":334,"line":253},"defend_wp_firewall_after_firewall_run","check_and_deactivate",{"type":199,"name":339,"callback":339,"priority":202,"file":340,"line":249},"pre_delete_post","hooks\\post-manager-functions.php",{"type":169,"name":325,"callback":342,"priority":202,"file":340,"line":253},"defend_wp_matched_rules",{"type":199,"name":344,"callback":344,"priority":202,"file":340,"line":257},"get_post_metadata",{"type":169,"name":346,"callback":347,"priority":202,"file":340,"line":261},"defend_wp_firewall_wp_post_restrictions","wp_post_restrictions",{"type":169,"name":349,"callback":349,"priority":202,"file":350,"line":249},"defend_wp_firewall_remove_action","hooks\\remove-action-filter.php",{"type":169,"name":352,"callback":352,"priority":202,"file":350,"line":253},"defend_wp_firewall_remove_filter",{"type":169,"name":286,"callback":354,"file":350,"line":261},"process_remove_action_filter_rules",{"type":169,"name":356,"callback":356,"priority":202,"file":357,"line":249},"defend_wp_firewall_run","hooks\\run-functions.php",{"type":169,"name":286,"callback":359,"file":357,"line":257},"process_always_run_functions",{"type":169,"name":325,"callback":361,"priority":202,"file":357,"line":277},"register_run_functions",{"type":169,"name":336,"callback":363,"priority":202,"file":357,"line":246},"run_functions",{"type":199,"name":305,"callback":305,"priority":202,"file":365,"line":249},"hooks\\shortcode-functions.php",{"type":199,"name":367,"callback":367,"priority":202,"file":365,"line":253},"pre_do_shortcode_tag",{"type":169,"name":369,"callback":369,"priority":202,"file":365,"line":257},"defend_wp_firewall_shortcode_rules",{"type":169,"name":325,"callback":342,"priority":202,"file":371,"line":249},"hooks\\user-manager-functions.php",{"type":169,"name":373,"callback":373,"priority":202,"file":371,"line":253},"delete_user",{"type":169,"name":286,"callback":375,"file":376,"line":377},"check_all_requirements","includes\\class-defend-wp-firewall-activation-controller.php",9,{"type":169,"name":185,"callback":185,"file":376,"line":202},{"type":199,"name":380,"callback":380,"file":376,"line":307},"dfwp_setting_redirect_on_activation",{"type":169,"name":286,"callback":286,"priority":202,"file":382,"line":253},"includes\\class-defend-wp-firewall-anonymous.php",{"type":169,"name":384,"callback":385,"priority":202,"file":382,"line":257},"defend_wp_firewall_after_saving_log","collect_send_data",{"type":169,"name":387,"callback":388,"file":382,"line":277},"defend_wp_firewall_cron_hook","defend_wp_firewall_cron",{"type":169,"name":301,"callback":390,"file":391,"line":392},"load_plugin_textdomain","includes\\class-defend-wp-firewall.php",135,{"type":199,"name":394,"callback":395,"priority":157,"file":396,"line":397},"posts_orderby","defend_wp_firewall_plugin_the_events_calendar_6_6_4_filter","includes\\defend-wp-firewall-custom-functions.php",71,{"type":169,"name":286,"callback":399,"priority":26,"file":400,"line":401},"defend_wp_fiewall_stop_heartbeat","includes\\defend-wp-firewall-generic-functions.php",338,[403,407,410,413,416,419,422,425,430,432,434,436,438,440,441,444,446,448,450,452,454],{"action":404,"nopriv":405,"callback":404,"hasNonce":405,"hasCapCheck":405,"file":172,"line":406},"load_more_logs_dwp",false,77,{"action":408,"nopriv":405,"callback":408,"hasNonce":405,"hasCapCheck":405,"file":172,"line":409},"clear_all_logs_dwp",78,{"action":411,"nopriv":405,"callback":411,"hasNonce":405,"hasCapCheck":405,"file":172,"line":412},"dfwp_dismiss_cache_admin_notice",82,{"action":414,"nopriv":405,"callback":414,"hasNonce":405,"hasCapCheck":405,"file":206,"line":415},"dfwp_firewall_init_setup",32,{"action":417,"nopriv":405,"callback":417,"hasNonce":405,"hasCapCheck":405,"file":206,"line":418},"dfwp_firewall_join_email",33,{"action":420,"nopriv":405,"callback":420,"hasNonce":405,"hasCapCheck":405,"file":206,"line":421},"dfwp_firewall_sync_firewall",34,{"action":423,"nopriv":405,"callback":423,"hasNonce":405,"hasCapCheck":405,"file":206,"line":424},"dfwp_firewall_revoke_connect_firewall",35,{"action":426,"nopriv":427,"callback":428,"hasNonce":405,"hasCapCheck":405,"file":206,"line":429},"firewall_sync_ptc",true,"check_send_ptc_update",40,{"action":426,"nopriv":405,"callback":428,"hasNonce":405,"hasCapCheck":405,"file":206,"line":431},41,{"action":433,"nopriv":405,"callback":433,"hasNonce":405,"hasCapCheck":405,"file":245,"line":213},"save_settings_dwp",{"action":435,"nopriv":405,"callback":435,"hasNonce":405,"hasCapCheck":405,"file":287,"line":133},"block_ip_from_settings_dfwp",{"action":437,"nopriv":405,"callback":437,"hasNonce":405,"hasCapCheck":405,"file":287,"line":249},"remove_single_blocklist_dfwp",{"action":439,"nopriv":405,"callback":439,"hasNonce":405,"hasCapCheck":405,"file":287,"line":250},"save_ipify_ip_dfwp",{"action":439,"nopriv":427,"callback":439,"hasNonce":405,"hasCapCheck":405,"file":287,"line":254},{"action":442,"nopriv":405,"callback":442,"hasNonce":405,"hasCapCheck":405,"file":443,"line":307},"whitelist_ip_from_log_dfwp","hooks\\whitelist-functions.php",{"action":445,"nopriv":405,"callback":445,"hasNonce":405,"hasCapCheck":405,"file":443,"line":315},"whitelist_post_req_from_log_dfwp",{"action":447,"nopriv":405,"callback":447,"hasNonce":405,"hasCapCheck":405,"file":443,"line":288},"whitelist_get_req_from_log_dfwp",{"action":449,"nopriv":405,"callback":449,"hasNonce":405,"hasCapCheck":405,"file":443,"line":249},"whitelist_ip_from_settings_dfwp",{"action":451,"nopriv":405,"callback":451,"hasNonce":405,"hasCapCheck":405,"file":443,"line":253},"whitelist_pr_from_settings_dfwp",{"action":453,"nopriv":405,"callback":453,"hasNonce":405,"hasCapCheck":405,"file":443,"line":257},"whitelist_gr_from_settings_dfwp",{"action":455,"nopriv":405,"callback":455,"hasNonce":405,"hasCapCheck":405,"file":443,"line":261},"remove_single_whitelist_dfwp",[],[],[459,460,463],{"hook":263,"callback":263,"file":265,"line":418},{"hook":317,"callback":317,"file":461,"line":462},"functions\\index-write-functions.php",60,{"hook":387,"callback":387,"file":382,"line":225},{"dangerousFunctions":465,"sqlUsage":466,"outputEscaping":468,"fileOperations":277,"externalRequests":471,"nonceChecks":101,"capabilityChecks":45,"bundledLibraries":472},[],{"prepared":89,"raw":13,"locations":467},[],{"escaped":469,"rawEcho":13,"locations":470},168,[],4,[],[474,495,505,516,527,538,549,560,571,585,611,626,645,662,679],{"entryPoint":475,"graph":476,"unsanitizedCount":26,"severity":38},"save_settings_dwp (admin\\class-defend-wp-firewall-settings.php:78)",{"nodes":477,"edges":492},[478,482,486],{"id":479,"type":480,"label":481,"file":245,"line":412},"n0","source","$_POST",{"id":483,"type":484,"label":485,"file":245,"line":412},"n1","transform","→ defend_wp_firewall_log()",{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},"n2","sink","file_put_contents() [File Write]","defend-wp-firewall-debug.php","file_put_contents",[493,494],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":496,"graph":497,"unsanitizedCount":26,"severity":38},"\u003Cclass-defend-wp-firewall-settings> (admin\\class-defend-wp-firewall-settings.php:0)",{"nodes":498,"edges":502},[499,500,501],{"id":479,"type":480,"label":481,"file":245,"line":412},{"id":483,"type":484,"label":485,"file":245,"line":412},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[503,504],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":506,"graph":507,"unsanitizedCount":26,"severity":38},"remove_single_blocklist_dfwp (hooks\\blocklist-functions.php:98)",{"nodes":508,"edges":513},[509,511,512],{"id":479,"type":480,"label":481,"file":287,"line":510},102,{"id":483,"type":484,"label":485,"file":287,"line":510},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[514,515],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":517,"graph":518,"unsanitizedCount":26,"severity":38},"block_ip_from_settings_dfwp (hooks\\blocklist-functions.php:141)",{"nodes":519,"edges":524},[520,522,523],{"id":479,"type":480,"label":481,"file":287,"line":521},144,{"id":483,"type":484,"label":485,"file":287,"line":521},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[525,526],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":528,"graph":529,"unsanitizedCount":145,"severity":38},"\u003Cblocklist-functions> (hooks\\blocklist-functions.php:0)",{"nodes":530,"edges":535},[531,533,534],{"id":479,"type":480,"label":532,"file":287,"line":510},"$_POST (x2)",{"id":483,"type":484,"label":485,"file":287,"line":510},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[536,537],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":539,"graph":540,"unsanitizedCount":26,"severity":38},"whitelist_ip_from_settings_dfwp (hooks\\whitelist-functions.php:75)",{"nodes":541,"edges":546},[542,544,545],{"id":479,"type":480,"label":481,"file":443,"line":543},79,{"id":483,"type":484,"label":485,"file":443,"line":543},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[547,548],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":550,"graph":551,"unsanitizedCount":26,"severity":38},"whitelist_pr_from_settings_dfwp (hooks\\whitelist-functions.php:122)",{"nodes":552,"edges":557},[553,555,556],{"id":479,"type":480,"label":481,"file":443,"line":554},126,{"id":483,"type":484,"label":485,"file":443,"line":554},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[558,559],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":561,"graph":562,"unsanitizedCount":26,"severity":38},"whitelist_gr_from_settings_dfwp (hooks\\whitelist-functions.php:177)",{"nodes":563,"edges":568},[564,566,567],{"id":479,"type":480,"label":481,"file":443,"line":565},181,{"id":483,"type":484,"label":485,"file":443,"line":565},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},[569,570],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"entryPoint":572,"graph":573,"unsanitizedCount":13,"severity":584},"\u003Cdefend-wp-firewall-logs-display> (admin\\views\\defend-wp-firewall-logs-display.php:0)",{"nodes":574,"edges":582},[575,578],{"id":479,"type":480,"label":576,"file":577,"line":213},"$_GET","admin\\views\\defend-wp-firewall-logs-display.php",{"id":483,"type":488,"label":579,"file":577,"line":580,"wp_function":581},"echo() [XSS]",70,"echo",[583],{"from":479,"to":483,"sanitized":427},"low",{"entryPoint":586,"graph":587,"unsanitizedCount":145,"severity":610},"load_more_logs_dwp (admin\\class-defend-wp-firewall-admin.php:207)",{"nodes":588,"edges":605},[589,591,592,593,596,599],{"id":479,"type":480,"label":481,"file":172,"line":590},212,{"id":483,"type":484,"label":485,"file":172,"line":590},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":481,"file":172,"line":595},"n3",232,{"id":597,"type":484,"label":598,"file":172,"line":595},"n4","→ get_all_logs_before_this_log_id()",{"id":600,"type":488,"label":601,"file":602,"line":603,"wp_function":604},"n5","get_results() [SQLi]","includes\\class-defend-wp-firewall-logs.php",125,"get_results",[606,607,608,609],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},"high",{"entryPoint":612,"graph":613,"unsanitizedCount":145,"severity":610},"\u003Cclass-defend-wp-firewall-admin> (admin\\class-defend-wp-firewall-admin.php:0)",{"nodes":614,"edges":621},[615,616,617,618,619,620],{"id":479,"type":480,"label":481,"file":172,"line":590},{"id":483,"type":484,"label":485,"file":172,"line":590},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":481,"file":172,"line":595},{"id":597,"type":484,"label":598,"file":172,"line":595},{"id":600,"type":488,"label":601,"file":602,"line":603,"wp_function":604},[622,623,624,625],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},{"entryPoint":627,"graph":628,"unsanitizedCount":145,"severity":610},"whitelist_ip_from_log_dfwp (hooks\\whitelist-functions.php:233)",{"nodes":629,"edges":640},[630,632,633,634,636,638],{"id":479,"type":480,"label":481,"file":443,"line":631},237,{"id":483,"type":484,"label":485,"file":443,"line":631},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":481,"file":443,"line":635},253,{"id":597,"type":484,"label":637,"file":443,"line":635},"→ get_log_by_id()",{"id":600,"type":488,"label":601,"file":602,"line":639,"wp_function":604},161,[641,642,643,644],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},{"entryPoint":646,"graph":647,"unsanitizedCount":145,"severity":610},"whitelist_post_req_from_log_dfwp (hooks\\whitelist-functions.php:283)",{"nodes":648,"edges":657},[649,651,652,653,655,656],{"id":479,"type":480,"label":481,"file":443,"line":650},287,{"id":483,"type":484,"label":485,"file":443,"line":650},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":481,"file":443,"line":654},303,{"id":597,"type":484,"label":637,"file":443,"line":654},{"id":600,"type":488,"label":601,"file":602,"line":639,"wp_function":604},[658,659,660,661],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},{"entryPoint":663,"graph":664,"unsanitizedCount":145,"severity":610},"whitelist_get_req_from_log_dfwp (hooks\\whitelist-functions.php:354)",{"nodes":665,"edges":674},[666,668,669,670,672,673],{"id":479,"type":480,"label":481,"file":443,"line":667},357,{"id":483,"type":484,"label":485,"file":443,"line":667},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":481,"file":443,"line":671},374,{"id":597,"type":484,"label":637,"file":443,"line":671},{"id":600,"type":488,"label":601,"file":602,"line":639,"wp_function":604},[675,676,677,678],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},{"entryPoint":680,"graph":681,"unsanitizedCount":377,"severity":610},"\u003Cwhitelist-functions> (hooks\\whitelist-functions.php:0)",{"nodes":682,"edges":691},[683,685,686,687,689,690],{"id":479,"type":480,"label":684,"file":443,"line":543},"$_POST (x6)",{"id":483,"type":484,"label":485,"file":443,"line":543},{"id":487,"type":488,"label":489,"file":490,"line":193,"wp_function":491},{"id":594,"type":480,"label":688,"file":443,"line":635},"$_POST (x3)",{"id":597,"type":484,"label":637,"file":443,"line":635},{"id":600,"type":488,"label":601,"file":602,"line":639,"wp_function":604},[692,693,694,695],{"from":479,"to":483,"sanitized":405},{"from":483,"to":487,"sanitized":405},{"from":594,"to":597,"sanitized":405},{"from":597,"to":600,"sanitized":405},{"summary":697,"deductions":698},"The \"defend-wp-firewall\" plugin v1.1.6 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping all output. The absence of dangerous functions and external HTTP requests also contributes to its security. However, significant concerns arise from the extensive attack surface presented by its AJAX handlers. All 21 AJAX handlers lack authentication checks, making them potential entry points for unauthorized actions. Furthermore, the taint analysis reveals 14 flows with unsanitized paths, with 6 classified as high severity, indicating a substantial risk of data manipulation or unintended code execution if these flows are exploited. The vulnerability history shows one past medium-severity CVE attributed to missing authorization, reinforcing the concern around inadequate access controls. While the plugin has a clean recent vulnerability record and no currently unpatched CVEs, the identified issues in static analysis, particularly the unprotected AJAX endpoints and unsanitized taint flows, warrant significant attention.",[699,701,703],{"reason":700,"points":202},"AJAX handlers without auth checks",{"reason":702,"points":315},"High severity taint flows with unsanitized paths",{"reason":704,"points":45},"Past medium CVE for missing authorization","2026-03-16T18:26:53.306Z",{"wat":707,"direct":716},{"assetPaths":708,"generatorPatterns":711,"scriptPaths":712,"versionParams":713},[709,710],"\u002Fwp-content\u002Fplugins\u002Fdefend-wp-firewall\u002Fadmin\u002Fcss\u002Fdefend-wp-firewall-admin.css","\u002Fwp-content\u002Fplugins\u002Fdefend-wp-firewall\u002Fadmin\u002Fjs\u002Fdefend-wp-firewall-admin.js",[],[710],[714,715],"defend-wp-firewall\u002Fadmin\u002Fcss\u002Fdefend-wp-firewall-admin.css?ver=","defend-wp-firewall\u002Fadmin\u002Fjs\u002Fdefend-wp-firewall-admin.js?ver=",{"cssClasses":717,"htmlComments":718,"htmlAttributes":719,"restEndpoints":720,"jsGlobals":721,"shortcodeOutput":723},[],[],[],[],[722],"defend_wp_firewall_admin_obj",[]]