[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgsHqOyebcygsKmaYAr2auuGPIZZU2fxaz0eXEo32I0Y":3,"$fwUDOi3hT3dt2pU8BGY0W_iUOfKPY634uJ3QXtWM9qs4":255,"$fKdAb1L6jFquyEOyR3VYRkqRzXhojhOpfu6PWb1jCA-c":259},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":151,"fingerprints":238},"filesystem-unlocker","Filesystem Unlocker","1.0","duke_justice","https:\u002F\u002Fprofiles.wordpress.org\u002Fduke_justice\u002F","\u003Cp>I created this plugin because I am tired of having my WordPress sites being hacked. It is used to completely lock the filesystem with the help of a bash script. The said script is external from the website and ran via cron so you need cron access to make this work. Otherwise, this plugin is useless to you.\u003C\u002Fp>\n\u003Cp>This plugin has a known bug. See FAQs.\u003C\u002Fp>\n","Plugin to completely lockdown the wordpress filesystem so that no hacker can write to it.",10,1548,0,"2016-03-09T14:46:00.000Z","4.4.34","4.0.0","",[19,20,21,22,23],"file-system","filesystem","ftp","lock","security","http:\u002F\u002Fmarcarbour.ca","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffilesystem-unlocker.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-05-19T21:00:23.146Z",[37,60,85,104,129],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":58,"download_link":59,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wphhsecure","WPHH SECURE – AIO WordPress Security With File Locking & WP Hide Login","1.1.9","WPHackedHelp","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginsupportwphackedhelp\u002F","\u003Cp>Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility. Built for speed, security, and control.\u003C\u002Fp>\n\u003Ch3>Full Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WPHH SECURE\u003C\u002Fstrong> by \u003Ca href=\"https:\u002F\u002Fsecure.wphackedhelp.com\" rel=\"nofollow ugc\">WP Hacked Help\u003C\u002Fa> is a comprehensive WordPress security plugin that integrates advanced file protection and login URL obfuscation. It blocks brute-force attacks, unauthorized access, and file tampering by allowing you to easily lock or unlock your WordPress files and folders with a single click.\u003C\u002Fp>\n\u003Cp>The plugin comes with a user-friendly interface and real-time feedback, ensuring secure operations without any technical knowledge required. WPHH SECURE is built to work seamlessly with the native WordPress functions, ensuring compatibility and safety for all sites, including blogs, business sites, and WooCommerce stores.\u003C\u002Fp>\n\u003Cp>With automatic exclusions for sensitive folders and the ability to manage folder exceptions, WPHH SECURE ensures that critical areas like uploads, cache, and backups are not locked accidentally. It also features login URL hiding to prevent unauthorized access to your site’s backend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>One-Click Lock\u002FUnlock\u003C\u002Fstrong> – Lock or unlock all WordPress files and folders with a single click.\u003Cbr \u002F>\n✅ \u003Cstrong>Smart Dashboard\u003C\u002Fstrong> – Access real-time status updates and track lock activities in the dashboard.\u003Cbr \u002F>\n✅ \u003Cstrong>Role-Based Access\u003C\u002Fstrong> – Configure permissions to restrict access to the lock\u002Funlock feature based on user roles.\u003Cbr \u002F>\n✅ \u003Cstrong>Login URL Hiding\u003C\u002Fstrong> – Prevent brute-force login attempts by hiding or changing your default WordPress login URL.\u003Cbr \u002F>\n✅ \u003Cstrong>Safe File Handling\u003C\u002Fstrong> – Built on WP_Filesystem for secure file handling using AJAX for smooth background execution.\u003Cbr \u002F>\n✅ \u003Cstrong>Auto Exclusions\u003C\u002Fstrong> – Automatically exclude high-priority folders (e.g., uploads, cache, backups) from being locked.\u003Cbr \u002F>\n✅ \u003Cstrong>Visual Progress Feedback\u003C\u002Fstrong> – Watch real-time updates with progress bars and completion messages.\u003Cbr \u002F>\n✅ \u003Cstrong>Folder Exclusion Manager\u003C\u002Fstrong> – Easily add or remove folders from the exclusion list to keep them safe.\u003C\u002Fp>\n","Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility.",90,2079,100,7,"2026-01-21T13:20:00.000Z","6.9.4","5.0",[53,54,55,56,57],"brute-force-protection","file-locking","hide-login-url","wordpress-security","wp-filesystem","https:\u002F\u002Fsecure.wphackedhelp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwphhsecure.1.1.9.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":80,"download_link":81,"security_score":82,"vuln_count":83,"unpatched_count":13,"last_vuln_date":84,"fetched_at":28},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5197886,86,15,"2026-04-16T06:35:00.000Z","7.0","3.9",[76,77,78,79,23],"captcha","login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",98,2,"2026-02-23 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":47,"num_ratings":83,"last_updated":95,"tested_up_to":50,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":102,"download_link":103,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cloudsecure-wp-security","CloudSecure WP Security","1.4.7","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、WordPressの管理者ユーザーにメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、WordPressの管理者ユーザーにメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",100000,698583,"2026-04-13T03:08:00.000Z","5.3.15","7.1",[99,100,78,23,101],"anti-spam","brute-force","waf","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.7.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":50,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":28},"zero-spam","Zero Spam for WordPress","5.5.8","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1426861,82,143,"2026-03-16T18:51:00.000Z","6.9","8.2",[120,121,23,122,123],"firewall","protection","spam","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.5.8.zip",96,5,"2024-04-15 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":17,"tags":144,"homepage":149,"download_link":150,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340612,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[145,146,23,147,148],"lockdown","secure","vulnerability","website-security","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"attackSurface":152,"codeSignals":180,"taintFlows":202,"riskAssessment":228,"analyzedAt":237},{"hooks":153,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":13,"unprotectedCount":13},[154,160,164,167,171],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_head","filesystem_unlocker_custom_admin_head","filesystem-unlocker.php",29,{"type":155,"name":161,"callback":162,"file":158,"line":163},"admin_menu","filesystem_unlocker_plugin_admin_add_page",33,{"type":155,"name":161,"callback":165,"file":158,"line":166},"filesystem_unlocker_my_menu",35,{"type":155,"name":168,"callback":169,"file":158,"line":170},"admin_init","filesystem_unlocker_plugin_admin_init",79,{"type":155,"name":172,"callback":173,"priority":174,"file":158,"line":175},"admin_bar_menu","filesystem_unlocker_plugin_toolbar_link",999,169,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":195,"fileOperations":13,"externalRequests":13,"nonceChecks":32,"capabilityChecks":13,"bundledLibraries":201},[],{"prepared":13,"raw":127,"locations":183},[184,187,189,191,193],{"file":158,"line":185,"context":186},64,"$wpdb->get_var() with variable interpolation",{"file":158,"line":188,"context":186},71,{"file":158,"line":190,"context":186},73,{"file":158,"line":192,"context":186},74,{"file":158,"line":194,"context":186},77,{"escaped":13,"rawEcho":83,"locations":196},[197,199],{"file":158,"line":71,"context":198},"raw output",{"file":158,"line":200,"context":198},51,[],[203,220],{"entryPoint":204,"graph":205,"unsanitizedCount":13,"severity":219},"filesystem_unlocker_plugin_options_page (filesystem-unlocker.php:46)",{"nodes":206,"edges":216},[207,211],{"id":208,"type":209,"label":210,"file":158,"line":200},"n0","source","$_SERVER['REQUEST_URI']",{"id":212,"type":213,"label":214,"file":158,"line":200,"wp_function":215},"n1","sink","echo() [XSS]","echo",[217],{"from":208,"to":212,"sanitized":218},true,"low",{"entryPoint":221,"graph":222,"unsanitizedCount":13,"severity":219},"\u003Cfilesystem-unlocker> (filesystem-unlocker.php:0)",{"nodes":223,"edges":226},[224,225],{"id":208,"type":209,"label":210,"file":158,"line":200},{"id":212,"type":213,"label":214,"file":158,"line":200,"wp_function":215},[227],{"from":208,"to":212,"sanitized":218},{"summary":229,"deductions":230},"The \"filesystem-unlocker\" v1.0 plugin exhibits a generally good security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events that present an attack surface, and importantly, none of these are without authentication checks, which is a significant strength. The absence of dangerous functions and external HTTP requests further contributes to its secure design.  However, the code analysis reveals several critical weaknesses. All five SQL queries are executed without prepared statements, presenting a significant risk of SQL injection vulnerabilities. Additionally, the two identified output operations are not properly escaped, leading to potential cross-site scripting (XSS) vulnerabilities. While the plugin has a clean vulnerability history with no recorded CVEs, this does not negate the risks identified in the current code. The presence of a single nonce check is positive but insufficient given the other identified vulnerabilities.  In conclusion, while the plugin's attack surface is minimal and its history is clean, the lack of prepared statements for SQL queries and proper output escaping are severe flaws that require immediate attention. These are fundamental security practices that are missing and expose the site to significant risks.",[231,233,235],{"reason":232,"points":11},"All SQL queries lack prepared statements",{"reason":234,"points":48},"Outputs are not properly escaped",{"reason":236,"points":127},"No capability checks for entry points","2026-03-16T23:38:25.857Z",{"wat":239,"direct":245},{"assetPaths":240,"generatorPatterns":241,"scriptPaths":242,"versionParams":244},[],[],[243],"\u002Fwp-content\u002Fplugins\u002Ffilesystem-unlocker\u002Fimages\u002Ffsu.png",[],{"cssClasses":246,"htmlComments":247,"htmlAttributes":248,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":253},[],[],[249],"name=\"filesystem_unlocker_plugin_options[time_to_lock]\"",[],[252],"window.setTimeout",[254],"\u003Ch2>Filesystem Unlocker\u003C\u002Fh2>NOTICE : This page SHOULD refresh every 80 seconds.\u003Cbr>",{"error":218,"url":256,"statusCode":257,"statusMessage":258,"message":258},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffilesystem-unlocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":260},[261],{"version":6,"download_url":262,"svn_tag_url":263,"released_at":27,"has_diff":264,"diff_files_changed":265,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":266,"is_current":218},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffilesystem-unlocker.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffilesystem-unlocker\u002Ftags\u002F1.0\u002F",false,[],[]]