[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy7959jIOp4L-3wJ0oZ7ePxCCY2DW2ZauqNyu0jsyxtQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":146,"fingerprints":233},"don-security","Don Security","1.0.2","Rodrigo Donini","https:\u002F\u002Fprofiles.wordpress.org\u002Frodrigodonini\u002F","\u003Cp>This plugin allows to set some security improvements to your WordPress site. Blocking attempts of scan from WPScan and other similar tools.\u003C\u002Fp>\n\u003Cp>A few methods you want prevent to scan:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable robots.txt  \u003C\u002Fli>\n\u003Cli>Disable detect User Agent   \u003C\u002Fli>\n\u003Cli>Disable XML-RPC \u003C\u002Fli>\n\u003Cli>Remove generator info   \u003C\u002Fli>\n\u003Cli>Prevent advanced fingerprinting \u003C\u002Fli>\n\u003Cli>Remove version number   \u003C\u002Fli>\n\u003Cli>Stop plugin enumeration \u003C\u002Fli>\n\u003Cli>Prevent username enumeration    \u003C\u002Fli>\n\u003Cli>Prevent wpconfig enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows to set some security improvements to your WordPress site. Blocking attempts of scan from WPScan and other similar tools.",30,1967,100,2,"2017-05-17T14:05:00.000Z","4.7.32","3.0.1","",[20,21,22,23],"don-secutrity","secutrity","wpscan","xml-rpc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdon-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdon-security.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"rodrigodonini",40,84,"2026-04-05T09:53:13.656Z",[37,60,81,105,127],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":58,"download_link":59,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4","5.0",[53,54,55,56,57],"disable-xml-rpc","disable-xmlrpc","pingback","stop-brute-force-attacks","xmlrpc","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":18,"download_link":80,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disable-xml-rpc-pingback","Disable XML-RPC Pingback","1.2.2","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>Stops abuse of your site’s XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.\u003C\u002Fp>\n\u003Cp>This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The original one.\u003C\u002Fli>\n\u003Cli>Simple and effective.\u003C\u002Fli>\n\u003Cli>No marketing buzz.\u003C\u002Fli>\n\u003Cli>Maintained and \u003Cstrong>updated when needed\u003C\u002Fstrong> since 2014.\u003C\u002Fli>\n\u003Cli>100% compliant with \u003Cstrong>WordPress coding standards\u003C\u002Fstrong> which makes it fail safe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>60,000+ active installations\u003C\u002Fstrong> can’t be wrong.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’re happy with the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-xml-rpc-pingback\u002Freviews\u002F?filter=5\" rel=\"ugc\">please don’t forget to give it a good rating\u003C\u002Fa>, it will motivate me to keep sharing and improving this plugin (and others).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Removes the following methods from XML-RPC interface.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.8.1 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n","Stops abuse of your site's XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.",60000,420220,78,14,"2025-11-24T11:09:00.000Z","6.8.5","4.8","5.6",[77,55,78,79,23],"ddos","rpc","xml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-pingback.1.2.2.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":50,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":27,"last_vuln_date":104,"fetched_at":29},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.3","7.4",[97,98,99,22],"fail2ban","security","user-enumeration","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",91,6,"2025-06-26 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":50,"requires_at_least":51,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":91,"vuln_count":14,"unpatched_count":27,"last_vuln_date":126,"fetched_at":29},"fluent-security","FluentAuth – The Ultimate Authorization & Security Plugin for WordPress","2.1.1","Shahjahan Jewel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechjewel\u002F","\u003Cp>Boost Your Website’s Security with Login\u002FSignup Security, Two-Factor Email Authentication, Login\u002FLogout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlighted Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Factor Authentication for Login\u003C\u002Fli>\n\u003Cli>Magic Login via Email\u003C\u002Fli>\n\u003Cli>Social Login \u002F Register\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003Cli>Dynamic Login Redirects\u003C\u002Fli>\n\u003Cli>Detailed Audit Logs\u003C\u002Fli>\n\u003Cli>Core Security Enhancement\u003C\u002Fli>\n\u003Cli>Security Email Notifications\u003C\u002Fli>\n\u003Cli>Super Fast Solution\u003C\u002Fli>\n\u003Cli>Restrict \u002Fwp-admin for low level user roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What’s new in version 2.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FP_vREW7s2B4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5t_8rvtrkk4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>🚀 Two-Factor Authentication for Login\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator \u002F Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Magic Login via Email\u003C\u002Fstrong>\u003Cbr \u002F>\nSimplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Social Login \u002F Register\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Limit Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Dynamic Login Redirects\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Detailed Audit Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Core Security Enhancement\u003C\u002Fstrong>\u003Cbr \u002F>\nXML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Security Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nAs a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Super Fast Solution\u003C\u002Fstrong>\u003Cbr \u002F>\nWe’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Restrict \u002Fwp-admin for low level user roles\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you want to restrict \u002Fwp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict \u002Fwp-admin access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Customize WordPress Signup Emails\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Custom Login\u002FSignup Shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Disable Admin Email Notifications on User Signup\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Scan WordPress Core File Changes\u003C\u002Fstrong>\u003Cbr \u002F>\nFluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.\u003C\u002Fp>\n\u003Ch3>Why FluentAuth?\u003C\u002Fh3>\n\u003Cp>To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.\u003C\u002Fp>\n\u003Cp>Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.\u003C\u002Fp>\n\u003Cp>To Solve these issues, we decided to build FluentAuth and made it free.\u003C\u002Fp>\n\u003Ch3>Replace Multiple Plugins with FluentAuth\u003C\u002Fh3>\n\u003Cp>FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Login Limit and ban brute force attacks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded\u003C\u002Fli>\n\u003Cli>WPS Limit Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Hide Admin Bar and Access Restriction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar Based on User Roles\u003C\u002Fli>\n\u003Cli>Auto Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar from Non-Admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Guides\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Getting Started with FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Flogin-redirects\u002F\" rel=\"nofollow ugc\">Login \u002F Logout Redirects\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fshortcodes\u002F\" rel=\"nofollow ugc\">Register\u002FLogin Shortcodes in FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgithub-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgoogle-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with Google\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins By The Same Team\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-cart\u002F\" rel=\"ugc\">FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-crm\u002F\" rel=\"ugc\">FluentCRM – Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms – Fastest WordPress Form Builder Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-tables\u002F\" rel=\"ugc\">Ninja Tables – Best WP DataTables Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-charts\u002F\" rel=\"ugc\">Ninja Charts – Best WP Charts Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-payment-form\u002F\" rel=\"ugc\">WPPayForm – Stripe Payments Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmautic-for-fluent-forms\u002F\" rel=\"ugc\">Mautic Integration For Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentforms-pdf\u002F\" rel=\"ugc\">Fluent Forms PDF – PDF Entries for Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\" rel=\"ugc\">FluentSMTP – WordPress Mail SMTP, SES, SendGrid, MailGun Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CONTRIBUTE\u003C\u002Fh3>\n\u003Cp>If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPManageNinja\u002Ffluent-security\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enhance the Security and User Experience of Your Site with Login\u002FSignup Security, Two-Factor Email Authentication, Social Logins and more...",10000,92766,80,28,"2025-12-03T12:25:00.000Z","7.3",[120,121,122,123,23],"login-limit","login-logs","login-redirects","social-logins","https:\u002F\u002Ffluentauth.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffluent-security.2.1.1.zip","2025-12-15 02:19:04",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":103,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":75,"tags":141,"homepage":144,"download_link":145,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"remove-xmlrpc-pingback-ping","Remove & Disable XML-RPC Pingback","1.6","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. \u003Cstrong>After activation the plugin automatically disables XML-RPC. There’s no need to configure anything.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By disabling the XML-RPC pingback you’ll:\u003Cbr \u002F>\n* lower your server CPU usage\u003Cbr \u002F>\n* prevent malicious scripts from using your site to run pingback denial of service attacks\u003Cbr \u002F>\n* prevent malicious scripts to run denial of service attacks on your site via pingback\u003C\u002Fp>\n\u003Cp>From sucuri.net:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwptavern.com\u002Fhow-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks\" rel=\"nofollow ugc\">How To Prevent WordPress From Participating In Pingback Denial of Service Attacks\u003C\u002Fa> – wptavern.com\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.sucuri.net\u002F2014\u002F03\u002Fmore-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html\" rel=\"nofollow ugc\">More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack\u003C\u002Fa> – sucuri.net\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fhackguard.com\u002Fxmlrpc-php-ping-backs-hackers-denial-service-attacks\" rel=\"nofollow ugc\">xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!\u003C\u002Fa> – hackguard.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Is Your Site Attacking Others?\u003C\u002Fh4>\n\u003Cp>Use \u003Ca href=\"http:\u002F\u002Flabs.sucuri.net\u002F?is-my-wordpress-ddosing\" rel=\"nofollow ugc\">Sucuri’s WordPress DDOS Scanner\u003C\u002Fa> to check if your site is DDOS’ing other websites\u003C\u002Fp>\n\u003Ch4>Why Not Just Disable XMLRPC Altogether?\u003C\u002Fh4>\n\u003Cp>Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.\u003C\u002Fp>\n","Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.",9000,94267,60,"2023-07-24T23:03:00.000Z","6.3.8","5.2",[142,143,55,23,57],"disable-ping","ping","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-xmlrpc-pingback-ping","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-xmlrpc-pingback-ping.1.6.zip",{"attackSurface":147,"codeSignals":189,"taintFlows":220,"riskAssessment":221,"analyzedAt":232},{"hooks":148,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":27,"unprotectedCount":27},[149,156,161,165,167,172,175,180,183],{"type":150,"name":151,"callback":152,"priority":153,"file":154,"line":155},"action","do_robots","hook_robots",1,"admin\\class-don-security-admin.php",90,{"type":157,"name":158,"callback":159,"file":154,"line":160},"filter","wp_xmlrpc_server_class","add_fake_xmlrpc",93,{"type":157,"name":162,"callback":163,"file":154,"line":164},"the_generator","remove_generator",97,{"type":150,"name":166,"callback":166,"file":154,"line":13},"init",{"type":150,"name":168,"callback":169,"file":170,"line":171},"admin_menu","add_page","admin\\partials\\don-security-admin-display.php",57,{"type":150,"name":173,"callback":174,"file":170,"line":137},"admin_init","register_page_options",{"type":150,"name":176,"callback":177,"file":178,"line":179},"plugins_loaded","anonymous","includes\\class-don-security.php",131,{"type":150,"name":181,"callback":177,"file":178,"line":182},"admin_enqueue_scripts",146,{"type":150,"name":181,"callback":177,"file":178,"line":184},147,[],[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":219},[],{"prepared":27,"raw":27,"locations":192},[],{"escaped":27,"rawEcho":194,"locations":195},11,[196,199,201,203,205,207,209,211,213,215,217],{"file":154,"line":197,"context":198},162,"raw output",{"file":170,"line":200,"context":198},83,{"file":170,"line":202,"context":198},140,{"file":170,"line":204,"context":198},144,{"file":170,"line":206,"context":198},148,{"file":170,"line":208,"context":198},152,{"file":170,"line":210,"context":198},156,{"file":170,"line":212,"context":198},160,{"file":170,"line":214,"context":198},164,{"file":170,"line":216,"context":198},168,{"file":170,"line":218,"context":198},172,[],[],{"summary":222,"deductions":223},"The plugin 'don-security' v1.0.2 exhibits a strong initial security posture based on the provided static analysis. It reports zero AJAX handlers, REST API routes, shortcodes, and cron events, indicating a minimal attack surface. Furthermore, the absence of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for all SQL queries are positive indicators.  The plugin also demonstrates no known vulnerabilities in its history.\n\nHowever, a significant concern arises from the \"Output escaping: 11 total outputs, 0% properly escaped\" finding. This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as any data rendered to the user without proper sanitization can be exploited. Additionally, the complete lack of nonce checks and capability checks on any potential entry points, while currently reported as zero, implies that if any were to be introduced or discovered, they would be unprotected. The absence of taint analysis flows might be due to the limited attack surface or the nature of the code, but the critical output escaping issue remains a prominent threat.\n\nIn conclusion, while the plugin has a clean vulnerability history and a seemingly small attack surface, the failure to properly escape output is a critical flaw that significantly elevates its risk profile. Developers should prioritize addressing this issue to mitigate XSS vulnerabilities. The lack of authentication checks is also a potential concern for future development.",[224,227,230],{"reason":225,"points":226},"Output escaping is not properly implemented",8,{"reason":228,"points":229},"No nonce checks implemented",5,{"reason":231,"points":229},"No capability checks implemented","2026-03-16T22:35:42.070Z",{"wat":234,"direct":243},{"assetPaths":235,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[236,237],"\u002Fwp-content\u002Fplugins\u002Fdon-security\u002Fadmin\u002Fcss\u002Fdon-security-admin.css","\u002Fwp-content\u002Fplugins\u002Fdon-security\u002Fadmin\u002Fjs\u002Fdon-security-admin.js",[],[237],[241,242],"don-security-admin.css?ver=","don-security-admin.js?ver=",{"cssClasses":244,"htmlComments":245,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":251},[],[246,247],"\u003C!-- \n","\u003C!-- ",[],[],[],[]]