[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRS-CA3MfWlB9WUc37TanEaXB9sugMq_ejzQvI__JzLs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":145,"fingerprints":796},"forcefield","ForceField","1.0.9","Tony Hayes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmajick\u002F","\u003Cp>Adds several layers of security to restrict access to common hacking attack vectors. By filtering requests in a more specific and intelligent way, ForceField allows permitted actions to continue unaltered, but blocks actions that are disallowed or not explicitly unauthorized.\u003C\u002Fp>\n\u003Cp>ForceField is not a “firewall” – nor a replacement for a comprehensive security plugin, but rather is intended to \u003Cem>complement and enhance your existing security measures\u003C\u002Fem>, by adding some unique and innovative protection features not easily found elsewhere. These include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>tokenizing and recording login\u002Fregistration behaviour\u003C\u002Fli>\n\u003Cli>protecting whitelisted administrator and user roles\u003C\u002Fli>\n\u003Cli>restricting WordPress API access and endpoints\u003C\u002Fli>\n\u003Cli>tracking bot behavior and blocking repeat transgressors\u003C\u002Fli>\n\u003Cli>periodically checking for known vulnerabilities\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Tokenized Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily reduce Brute Force Password attacks, SPAM Comments, Fake User Registrations and Sploggers! Adds a dynamic Javascript Token field to all common user action forms: Login, Registration (and optionally BuddyPress Registration), Blog Signup (Multisite only), Lost Password and Commenting. You can adjust the settings to apply to any or all of these, giving you more fine-grained control as needed.\u003C\u002Fp>\n\u003Cp>Since the majority of bots do not have the capacity or time to recognize and process javascript fields, their attempts at access via these actions are instantly blocked – with repeat offender getting IP banned from further attempts. This gives seamless and invisible protection (without needing an annoying ReCaptcha field.)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Role Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A last line of defense against hackers who have managed to “somehow” create their own administrator account or escalate their user priveleges! Automatically block, notify by email, revoke role and\u002For demote to subscriber any “administrator” account that logs in who is not in an \u003Cem>explicitly allowed list\u003C\u002Fem> of verified administrator usernames. Goodbye escalated privelege attack!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>API Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Adds several ways to restrict access to XML RPC and REST API features. While these \u003Cem>can\u003C\u002Fem> be disabled, there are several other options provided to severely limit bot and other unauthorized access while still being able to use these features as intended! Part of the aim of this plugin is to make these options available for everyone without needing to code them: Multiple request slowdown, disable XML RPC logins, logged in access only, restrict access to specified user roles, and require secure connection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Behavioural Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ForceField also records access to user actions missing referer headers, missing or bad tokens, and other bad behaviours in a custom table. Reaching transgression limits for any specific action results in an IP ban. Transgression occurrences are reduced via cooldown over time, with old records expired and later deleted (with intervals adjustable.) This process keeps protection high for fresh attacks while keeping the database free of old record bloat. Also gives the option to output a form to banned IPs so users can unblock themselves manually in case of false positives (and so you don’t lock yourself out of your site!)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Vulnerability Check\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Checks your installed core, plugins and themes for known vulnerabilities, according to the frequency you set for each. Then sends email alerts and provides an Admin Notice for any new vulnerabilities when they found, giving you a heads up on updates that require action. (Note: This feature is complete but currently being retested more extensively before being included in the plugin in an upcoming version. If you wish to test it out yourself beforehand, you can download the plugin from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmajick777\u002Fforcefield\u002F\" rel=\"nofollow ugc\">Github repository\u003C\u002Fa>.)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField Home\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fsupport\u002Fforcefield\u002F\" rel=\"nofollow ugc\">Support Forum\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField Home\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Like this plugin? Check out more of our free plugins here:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002F\" title=\"WordQuest Plugins\" rel=\"nofollow ugc\">WordQuest\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Looking for an awesome theme? Check out my child theme framework:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fbioship.space\" title=\"BioShip Child Theme Framework\" rel=\"nofollow ugc\">BioShip Child Theme Framework\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support or if you have an idea to improve this plugin:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fsupport\u002Fforcefield\u002F\" title=\"ForceField Support\" rel=\"nofollow ugc\">ForceField Support Quests\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>Help support improvements and log priority feature requests by a gift of appreciation:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fcontribute\u002F?plugin=forcefield\" rel=\"nofollow ugc\">Contribute to ForceField\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>To aid directly in development, please fork on Github and do a pull request:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmajick777\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField on Github\u003C\u002Fa>\u003C\u002Fp>\n","Strong and Flexible Access, User Action, API, Behavioural and Role Protection",10,1569,0,"2025-06-23T06:18:00.000Z","6.8.5","4.0.0","",[19,20,21,22,23],"admin-protect","api-access","bot-protect","login-protect","xml-rpc","https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforcefield.1.0.9.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"majick",5,250,87,30,85,"2026-04-03T23:19:01.354Z",[39,59,81,101,123],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":26,"num_ratings":49,"last_updated":50,"tested_up_to":15,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":17,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"botfirewall","BotFirewall | Stop Spam Bots & Secure Login","2.3.5","SafeWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fhallemmit3\u002F","\u003Cp>\u003Cstrong>BotFirewall\u003C\u002Fstrong> is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks. Using advanced JavaScript verification and encrypted cookies, BotFirewall ensures robust security without disrupting the experience of real users.\u003C\u002Fp>\n\u003Ch3>Why Do You Need BotFirewall?\u003C\u002Fh3>\n\u003Cp>In today’s internet landscape, bots make up a significant portion of web traffic, and many of them are malicious. They can attack your site, send spam, scrape content, or attempt to hack login pages like \u003Ccode>wp-login.php\u003C\u002Fcode>. BotFirewall addresses these threats by providing \u003Cstrong>smart and flexible protection\u003C\u002Fstrong> that:\u003Cbr \u002F>\n– \u003Cstrong>Blocks bots\u003C\u002Fstrong> with seamless JavaScript verification that most bots cannot pass.\u003Cbr \u002F>\n– \u003Cstrong>Secures key pages\u003C\u002Fstrong> like \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access.\u003Cbr \u002F>\n– \u003Cstrong>Uses encrypted cookies\u003C\u002Fstrong> to ensure only verified users gain access.\u003Cbr \u002F>\n– \u003Cstrong>Offers customizable settings\u003C\u002Fstrong> through an intuitive interface in the WordPress admin panel.\u003C\u002Fp>\n\u003Ch3>Key Features of BotFirewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: Ensures visitors can execute JavaScript, effectively filtering out most bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted Cookies\u003C\u002Fstrong>: Cookies are tied to IP and User-Agent for enhanced security against spoofing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Page Protection\u003C\u002Fstrong>: Enable or disable protection for \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> pages via settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist and Blacklist\u003C\u002Fstrong>: Configure lists of allowed bots (e.g., Googlebot) and IPs, and block known malicious IPs, including subnet support (e.g., 192.168.0.0\u002F24).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude URLs\u003C\u002Fstrong>: Specify URLs to bypass bot protection entirely (e.g., for APIs or specific pages).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Statistics\u003C\u002Fstrong>: Monitor bot activity with detailed stats – filter by time periods (Last 24 hours, Last Week, Last Month).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Logging\u003C\u002Fstrong>: Logs blocks and successful verifications with URL details, keeping data for the last 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowed Bots Tab\u003C\u002Fstrong>: Easily select known bots to allow without verification, with quick filters for bot types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Activity\u003C\u002Fstrong>: View the latest 10 logged sessions with details like IP, URL, and status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>: Optimized for minimal impact on site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all data, including logs and settings, upon deactivation and deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Page\u003C\u002Fstrong>: Tailor the text (title, description, countdown), CSS styling, and logo of the verification page to match your site’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Support\u003C\u002Fstrong>: Get assistance directly through Live Chat in the Support tab for quick resolution of issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How Does BotFirewall Work?\u003C\u002Fh3>\n\u003Cp>BotFirewall employs a multi-layered protection system:\u003Cbr \u002F>\n1. \u003Cstrong>Cookie Check\u003C\u002Fstrong>: If a visitor has a valid cookie, they bypass additional checks.\u003Cbr \u002F>\n2. \u003Cstrong>Whitelist\u003C\u002Fstrong>: Known “good” bots (e.g., search engine crawlers) are automatically allowed.\u003Cbr \u002F>\n3. \u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: If no cookie is present, the visitor is redirected to a verification page where they must execute a JavaScript request. Bots unable to run JavaScript are blocked.\u003Cbr \u002F>\n4. \u003Cstrong>Login Page Protection\u003C\u002Fstrong>: Optionally protect \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> to prevent brute-force attacks.\u003Cbr \u002F>\n5. \u003Cstrong>Post-Verification Redirect\u003C\u002Fstrong>: After successful verification, the user is redirected to their original page, and a cookie is set for future visits.\u003C\u002Fp>\n\u003Ch3>Why BotFirewall is a Must-Have for Your Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Spam and DDoS Protection\u003C\u002Fstrong>: Effectively blocks bots that attempt to spam or overload your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Security\u003C\u002Fstrong>: Safeguards \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access and brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexibility\u003C\u002Fstrong>: Customize protection with whitelists, blacklists, cookie lifetime settings, and verification page styling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparency\u003C\u002Fstrong>: Detailed statistics and logs let you monitor bot activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ease of Use\u003C\u002Fstrong>: A user-friendly interface in the WordPress admin panel makes configuration a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Look\u003C\u002Fstrong>: Customize the verification page with your own text, styles, logo, and a modern font (Roboto) for a polished appearance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable Support\u003C\u002Fstrong>: Access our support team via Live Chat for help with any technical or security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BotFirewall is an \u003Cstrong>essential tool\u003C\u002Fstrong> for WordPress site owners who want to protect their content, users, and server from malicious bots. Install BotFirewall today and secure your site with confidence!\u003C\u002Fp>\n","BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks.",20,738,2,"2025-06-05T14:29:00.000Z","5.0",[53,54,55,56,57],"anti-bot","bot-protection","firewall","login-protection","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfirewall.2.3.5.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":51,"requires_php":17,"tags":73,"homepage":79,"download_link":80,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4",[74,75,76,77,78],"disable-xml-rpc","disable-xmlrpc","pingback","stop-brute-force-attacks","xmlrpc","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":15,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":17,"download_link":100,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-xml-rpc-pingback","Disable XML-RPC Pingback","1.2.2","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>Stops abuse of your site’s XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.\u003C\u002Fp>\n\u003Cp>This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The original one.\u003C\u002Fli>\n\u003Cli>Simple and effective.\u003C\u002Fli>\n\u003Cli>No marketing buzz.\u003C\u002Fli>\n\u003Cli>Maintained and \u003Cstrong>updated when needed\u003C\u002Fstrong> since 2014.\u003C\u002Fli>\n\u003Cli>100% compliant with \u003Cstrong>WordPress coding standards\u003C\u002Fstrong> which makes it fail safe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>60,000+ active installations\u003C\u002Fstrong> can’t be wrong.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’re happy with the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-xml-rpc-pingback\u002Freviews\u002F?filter=5\" rel=\"ugc\">please don’t forget to give it a good rating\u003C\u002Fa>, it will motivate me to keep sharing and improving this plugin (and others).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Removes the following methods from XML-RPC interface.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.8.1 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n","Stops abuse of your site's XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.",60000,420220,78,14,"2025-11-24T11:09:00.000Z","4.8","5.6",[97,76,98,99,23],"ddos","rpc","xml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-pingback.1.2.2.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":95,"requires_php":95,"tags":115,"homepage":17,"download_link":120,"security_score":121,"vuln_count":49,"unpatched_count":13,"last_vuln_date":122,"fetched_at":28},"clickcease-click-fraud-protection","ClickCease Click Fraud Protection","3.2.13","eranfl","https:\u002F\u002Fprofiles.wordpress.org\u002Feranfl\u002F","\u003Cp>Bots and invalid traffic can reach your site through paid, organic, and direct traffic, resulting in a wasted ad budget and disrupted marketing funnels.\u003C\u002Fp>\n\u003Cp>Prevent bots, competitors, and malicious users from damaging your marketing performance with ClickCease, the industry-leading service that keeps your website and ads safe from fraud. Quick installation and real-time protection for all your website’s incoming traffic.\u003C\u002Fp>\n\u003Cp>ClickCease protects you from invalid traffic by monitoring and protecting your:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paid traffic (Google, Facebook, & Microsoft)\u003C\u002Fli>\n\u003Cli>Organic traffic\u003C\u002Fli>\n\u003Cli>Direct traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Put a stop to ad and click fraud on your website with our market-leading AI software. Allow yourself to fully focus on growing your business without having online fraud distract you.\u003C\u002Fp>\n\u003Cp>You will need an active ClickCease subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect your website and ad campaigns from bots, competitors, and click fraud with ClickCease's advanced fraud prevention and real-time monitoring.",10000,261207,66,7,"2025-07-21T15:27:00.000Z","6.6.5",[54,116,117,118,119],"click-fraud","clickcease","fraud-protection","website-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclickcease-click-fraud-protection.zip",99,"2024-05-06 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":109,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":72,"requires_at_least":51,"requires_php":135,"tags":136,"homepage":141,"download_link":142,"security_score":143,"vuln_count":49,"unpatched_count":13,"last_vuln_date":144,"fetched_at":28},"fluent-security","FluentAuth – The Ultimate Authorization & Security Plugin for WordPress","2.1.1","Shahjahan Jewel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechjewel\u002F","\u003Cp>Boost Your Website’s Security with Login\u002FSignup Security, Two-Factor Email Authentication, Login\u002FLogout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlighted Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Factor Authentication for Login\u003C\u002Fli>\n\u003Cli>Magic Login via Email\u003C\u002Fli>\n\u003Cli>Social Login \u002F Register\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003Cli>Dynamic Login Redirects\u003C\u002Fli>\n\u003Cli>Detailed Audit Logs\u003C\u002Fli>\n\u003Cli>Core Security Enhancement\u003C\u002Fli>\n\u003Cli>Security Email Notifications\u003C\u002Fli>\n\u003Cli>Super Fast Solution\u003C\u002Fli>\n\u003Cli>Restrict \u002Fwp-admin for low level user roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What’s new in version 2.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FP_vREW7s2B4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5t_8rvtrkk4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>🚀 Two-Factor Authentication for Login\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator \u002F Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Magic Login via Email\u003C\u002Fstrong>\u003Cbr \u002F>\nSimplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Social Login \u002F Register\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Limit Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Dynamic Login Redirects\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Detailed Audit Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Core Security Enhancement\u003C\u002Fstrong>\u003Cbr \u002F>\nXML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Security Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nAs a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Super Fast Solution\u003C\u002Fstrong>\u003Cbr \u002F>\nWe’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Restrict \u002Fwp-admin for low level user roles\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you want to restrict \u002Fwp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict \u002Fwp-admin access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Customize WordPress Signup Emails\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Custom Login\u002FSignup Shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Disable Admin Email Notifications on User Signup\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Scan WordPress Core File Changes\u003C\u002Fstrong>\u003Cbr \u002F>\nFluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.\u003C\u002Fp>\n\u003Ch3>Why FluentAuth?\u003C\u002Fh3>\n\u003Cp>To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.\u003C\u002Fp>\n\u003Cp>Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.\u003C\u002Fp>\n\u003Cp>To Solve these issues, we decided to build FluentAuth and made it free.\u003C\u002Fp>\n\u003Ch3>Replace Multiple Plugins with FluentAuth\u003C\u002Fh3>\n\u003Cp>FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Login Limit and ban brute force attacks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded\u003C\u002Fli>\n\u003Cli>WPS Limit Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Hide Admin Bar and Access Restriction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar Based on User Roles\u003C\u002Fli>\n\u003Cli>Auto Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar from Non-Admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Guides\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Getting Started with FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Flogin-redirects\u002F\" rel=\"nofollow ugc\">Login \u002F Logout Redirects\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fshortcodes\u002F\" rel=\"nofollow ugc\">Register\u002FLogin Shortcodes in FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgithub-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgoogle-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with Google\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins By The Same Team\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-cart\u002F\" rel=\"ugc\">FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-crm\u002F\" rel=\"ugc\">FluentCRM – Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms – Fastest WordPress Form Builder Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-tables\u002F\" rel=\"ugc\">Ninja Tables – Best WP DataTables Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-charts\u002F\" rel=\"ugc\">Ninja Charts – Best WP Charts Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-payment-form\u002F\" rel=\"ugc\">WPPayForm – Stripe Payments Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmautic-for-fluent-forms\u002F\" rel=\"ugc\">Mautic Integration For Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentforms-pdf\u002F\" rel=\"ugc\">Fluent Forms PDF – PDF Entries for Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\" rel=\"ugc\">FluentSMTP – WordPress Mail SMTP, SES, SendGrid, MailGun Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CONTRIBUTE\u003C\u002Fh3>\n\u003Cp>If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPManageNinja\u002Ffluent-security\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enhance the Security and User Experience of Your Site with Login\u002FSignup Security, Two-Factor Email Authentication, Social Logins and more...",92766,80,28,"2025-12-03T12:25:00.000Z","7.3",[137,138,139,140,23],"login-limit","login-logs","login-redirects","social-logins","https:\u002F\u002Ffluentauth.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffluent-security.2.1.1.zip",98,"2025-12-15 02:19:04",{"attackSurface":146,"codeSignals":476,"taintFlows":497,"riskAssessment":786,"analyzedAt":795},{"hooks":147,"ajaxHandlers":416,"restRoutes":468,"shortcodes":469,"cronEvents":470,"entryPointCount":474,"unprotectedCount":475},[148,154,158,162,166,171,175,179,183,187,192,195,198,202,206,210,215,219,221,224,228,232,235,239,243,247,251,255,258,261,264,267,271,275,279,284,288,292,296,301,304,308,311,315,319,322,326,330,334,337,341,345,350,353,357,361,365,368,371,374,378,383,386,390,393,396,399,402,406,410,412],{"type":149,"name":150,"callback":151,"file":152,"line":153},"filter","wp_is_application_passwords_available","forcefield_app_passwords_disable","forcefield-apis.php",36,{"type":149,"name":155,"callback":156,"file":152,"line":157},"xmlrpc_methods","forcefield_xmlrpc_disable",65,{"type":149,"name":159,"callback":160,"file":152,"line":161},"xmlrpc_enabled","forcefield_xmlrpc_disable_auth",79,{"type":149,"name":163,"callback":164,"file":152,"line":165},"xmlrpc_login_error","forcefield_xmlrpc_slowdown",92,{"type":167,"name":168,"callback":169,"file":152,"line":170},"action","plugins_loaded","forcefield_remove_rsd_link",124,{"type":149,"name":155,"callback":172,"priority":173,"file":152,"line":174},"forcefield_xmlrpc_methods",9,137,{"type":149,"name":176,"callback":177,"file":152,"line":178},"wp_headers","forcefield_remove_pingback_header",155,{"type":167,"name":180,"callback":181,"file":152,"line":182},"pre_ping","forcefield_disable_self_pings",167,{"type":149,"name":184,"callback":185,"file":152,"line":186},"xmlrpc_allow_anonymous_comments","forcefield_xmlrpc_anonymous_comments",187,{"type":149,"name":188,"callback":189,"priority":190,"file":152,"line":191},"rest_authentication_errors","forcefield_restapi_access",11,210,{"type":149,"name":188,"callback":193,"file":152,"line":194},"forcefield_restapi_slowdown",296,{"type":167,"name":168,"callback":196,"file":152,"line":197},"forcefield_remove_restapi_info",328,{"type":149,"name":199,"callback":200,"file":152,"line":201},"rest_jsonp_enabled","forcefield_jsonp_disable",341,{"type":149,"name":203,"callback":204,"priority":121,"file":152,"line":205},"rest_endpoints","forcefield_endpoint_restriction",366,{"type":149,"name":207,"callback":208,"file":152,"line":209},"rest_allow_anonymous_comments","forcefield_restapi_anonymous_comments",382,{"type":149,"name":211,"callback":212,"file":213,"line":214},"wp_mail_from_name","forcefield_email_from_name","forcefield-auth.php",118,{"type":167,"name":216,"callback":217,"priority":13,"file":213,"line":218},"init","forcefield_administrator_validation",183,{"type":149,"name":211,"callback":212,"file":213,"line":220},254,{"type":167,"name":222,"callback":223,"file":213,"line":209},"login_form","forcefield_login_field",{"type":167,"name":225,"callback":226,"file":213,"line":227},"register_form","forcefield_register_field",383,{"type":167,"name":229,"callback":230,"file":213,"line":231},"signup_extra_fields","forcefield_signup_field",384,{"type":167,"name":233,"callback":230,"file":213,"line":234},"signup_blogform",385,{"type":167,"name":236,"callback":237,"file":213,"line":238},"lostpassword_form","forcefield_lostpass_field",386,{"type":167,"name":240,"callback":241,"file":213,"line":242},"comment_form","forcefield_comment_field",387,{"type":149,"name":244,"callback":245,"priority":190,"file":213,"line":246},"the_password_form","forcefield_protected_form",404,{"type":167,"name":248,"callback":249,"file":213,"line":250},"bp_after_account_details_fields","forcefield_buddypress_field",416,{"type":149,"name":252,"callback":253,"priority":173,"file":213,"line":254},"authenticate","forcefield_xmlrpc_authentication",645,{"type":149,"name":163,"callback":256,"file":213,"line":257},"forcefield_xmlrpc_error_message_banned",680,{"type":149,"name":163,"callback":259,"file":213,"line":260},"forcefield_xmlrpc_error_message_blocked",689,{"type":149,"name":163,"callback":262,"file":213,"line":263},"forcefield_xmlrpc_require_ssl_message",715,{"type":149,"name":252,"callback":265,"priority":190,"file":213,"line":266},"forcefield_login_validate",757,{"type":149,"name":268,"callback":269,"file":213,"line":270},"secure_auth_redirect","__return_true",835,{"type":149,"name":272,"callback":273,"priority":173,"file":213,"line":274},"register_post","forcefield_registration_authenticate",988,{"type":149,"name":276,"callback":277,"file":213,"line":278},"wpmu_validate_user_signup","forcefield_signup_authenticate",1167,{"type":167,"name":280,"callback":281,"priority":282,"file":213,"line":283},"allow_password_reset","forcefield_lost_password_authenticate",21,1342,{"type":167,"name":285,"callback":286,"file":213,"line":287},"login_form_postpass","forcefield_protected_authenticate",1518,{"type":149,"name":289,"callback":290,"file":213,"line":291},"preprocess_comment","forcefield_preprocess_comment",1689,{"type":167,"name":293,"callback":294,"file":213,"line":295},"bp_signup_validate","forcefield_buddypress_registration_authenticate",1864,{"type":167,"name":168,"callback":297,"priority":298,"file":299,"line":300},"forcefield_blocklist_check",1,"forcefield-block.php",119,{"type":167,"name":168,"callback":302,"priority":173,"file":299,"line":303},"forcefield_blocklist_unblock_form_test",795,{"type":167,"name":168,"callback":305,"priority":306,"file":299,"line":307},"forcefield_blocklist_user_unblock",8,824,{"type":167,"name":216,"callback":309,"file":299,"line":310},"forcefield_blocklist_schedule_cleanup",986,{"type":149,"name":312,"callback":313,"priority":11,"file":314,"line":34},"forcefield_admin_menu_added","forcefield_add_admin_menu","forcefield.php",{"type":167,"name":316,"callback":317,"file":314,"line":318},"admin_footer","forcefield_wordquest_submenu_fix",116,{"type":167,"name":320,"callback":320,"priority":11,"file":314,"line":321},"forcefield_add_settings",139,{"type":167,"name":323,"callback":324,"priority":11,"file":314,"line":325},"forcefield_loader_helpers","forcefield_load_wordquest_helper",161,{"type":149,"name":327,"callback":328,"priority":13,"file":314,"line":329},"forcefield_options","forcefield_special_settings",671,{"type":167,"name":331,"callback":332,"file":314,"line":333},"admin_notices","forcefield_debug_htaccess_warning",777,{"type":167,"name":331,"callback":335,"file":314,"line":336},"forcefield_debug_directory_warning",781,{"type":149,"name":338,"callback":339,"file":314,"line":340},"login_errors","forcefield_login_error_message",1242,{"type":149,"name":342,"callback":343,"file":314,"line":344},"cron_schedules","forcefield_get_intervals",1280,{"type":167,"name":346,"callback":347,"file":348,"line":349},"admin_init","update_settings","loader.php",1330,{"type":167,"name":346,"callback":351,"file":348,"line":352},"reset_settings",1331,{"type":167,"name":354,"callback":355,"priority":298,"file":348,"line":356},"admin_menu","settings_menu",1334,{"type":149,"name":358,"callback":359,"priority":11,"file":348,"line":360},"plugin_action_links","plugin_links",1337,{"type":167,"name":362,"callback":363,"file":348,"line":364},"admin_enqueue_scripts","maybe_load_thickbox",1343,{"type":167,"name":362,"callback":366,"file":348,"line":367},"enqueue_resources",1345,{"type":167,"name":168,"callback":369,"priority":32,"file":348,"line":370},"load_freemius",1353,{"type":167,"name":346,"callback":372,"file":348,"line":373},"support_redirect",1585,{"type":149,"name":375,"callback":376,"file":348,"line":377},"connect_message","freemius_connect_message",1708,{"type":167,"name":379,"callback":380,"priority":381,"file":348,"line":382},"all_admin_notices","notice_boxer",999,1863,{"type":167,"name":168,"callback":384,"priority":13,"file":348,"line":385},"forcefield_load_prefixed_functions",3368,{"type":167,"name":346,"callback":387,"priority":298,"file":388,"line":389},"wqhelper_admin_loader","wordquest.php",93,{"type":167,"name":316,"callback":391,"file":388,"line":392},"wqhelper_admin_styles",363,{"type":167,"name":316,"callback":394,"file":388,"line":395},"wqhelper_admin_scripts",376,{"type":167,"name":331,"callback":397,"file":388,"line":398},"wqhelper_reminder_notice",605,{"type":167,"name":316,"callback":400,"file":388,"line":401},"wqhelper_dashboard_feed_javascript",1679,{"type":167,"name":403,"callback":404,"file":388,"line":405},"update-custom_wordquest_plugin_install","wqhelper_install_plugin",1739,{"type":167,"name":407,"callback":408,"file":388,"line":409},"wp_dashboard_setup","wqhelper_add_dashboard_feed_widget",3121,{"type":167,"name":316,"callback":400,"file":388,"line":411},3159,{"type":149,"name":413,"callback":414,"file":388,"line":415},"wp_feed_cache_transient_lifetime","wqhelper_ad_feed_interval",3655,[417,423,426,429,431,434,437,439,442,444,447,450,452,456,458,461,465],{"action":418,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":422},"forcefield_login",true,"forcefield_output_token",false,462,{"action":424,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":425},"forcefield_register",463,{"action":427,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":428},"forcefield_signup",464,{"action":427,"nopriv":421,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":430},465,{"action":432,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":433},"forcefield_lostpass",466,{"action":435,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":436},"forcefield_postpass",467,{"action":435,"nopriv":421,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":438},468,{"action":440,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":441},"forcefield_comment",469,{"action":440,"nopriv":421,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":443},470,{"action":445,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":446},"forcefield_buddypress",471,{"action":448,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":449},"forcefield_unblock",472,{"action":448,"nopriv":421,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":213,"line":451},473,{"action":453,"nopriv":421,"callback":454,"hasNonce":419,"hasCapCheck":419,"file":299,"line":455},"forcefield_unblock_ip","forcefield_blocklist_remove_record",621,{"action":457,"nopriv":421,"callback":457,"hasNonce":419,"hasCapCheck":419,"file":299,"line":260},"forcefield_blocklist_clear",{"action":459,"nopriv":421,"callback":459,"hasNonce":421,"hasCapCheck":421,"file":388,"line":460},"wqhelper_reminder_dismiss",394,{"action":462,"nopriv":421,"callback":463,"hasNonce":421,"hasCapCheck":421,"file":388,"line":464},"wqhelper_load_feed_cat","wqhelper_load_feed_category",406,{"action":466,"nopriv":421,"callback":466,"hasNonce":421,"hasCapCheck":421,"file":388,"line":467},"wqhelper_update_sidebar_boxes",419,[],[],[471],{"hook":472,"callback":472,"file":299,"line":473},"forcefield_blocklist_table_cleanup",990,17,15,{"dangerousFunctions":477,"sqlUsage":478,"outputEscaping":487,"fileOperations":112,"externalRequests":490,"nonceChecks":112,"capabilityChecks":491,"bundledLibraries":492},[],{"prepared":479,"raw":49,"locations":480},24,[481,484],{"file":299,"line":482,"context":483},236,"$wpdb->get_var() with variable interpolation",{"file":348,"line":485,"context":486},2805,"$wpdb->get_results() with variable interpolation",{"escaped":488,"rawEcho":13,"locations":489},1067,[],3,19,[493],{"name":494,"version":495,"knownCves":496},"Freemius","1.0",[],[498,529,554,565,575,585,596,616,626,636,653,674,684,722,734,777],{"entryPoint":499,"graph":500,"unsanitizedCount":490,"severity":528},"forcefield_output_token (forcefield-auth.php:479)",{"nodes":501,"edges":524},[502,507,513,517,521],{"id":503,"type":504,"label":505,"file":213,"line":506},"n0","source","$_REQUEST (x2)",483,{"id":508,"type":509,"label":510,"file":213,"line":511,"wp_function":512},"n1","sink","echo() [XSS]",517,"echo",{"id":514,"type":504,"label":515,"file":213,"line":516},"n2","$_REQUEST",504,{"id":518,"type":519,"label":520,"file":213,"line":516},"n3","transform","→ forcefield_create_token()",{"id":522,"type":509,"label":510,"file":213,"line":523,"wp_function":512},"n4",560,[525,526,527],{"from":503,"to":508,"sanitized":421},{"from":514,"to":518,"sanitized":421},{"from":518,"to":522,"sanitized":421},"medium",{"entryPoint":530,"graph":531,"unsanitizedCount":49,"severity":528},"\u003Cforcefield-auth> (forcefield-auth.php:0)",{"nodes":532,"edges":548},[533,535,536,537,538,539,542,545],{"id":503,"type":504,"label":534,"file":213,"line":506},"$_REQUEST (x4)",{"id":508,"type":509,"label":510,"file":213,"line":511,"wp_function":512},{"id":514,"type":504,"label":515,"file":213,"line":516},{"id":518,"type":519,"label":520,"file":213,"line":516},{"id":522,"type":509,"label":510,"file":213,"line":523,"wp_function":512},{"id":540,"type":504,"label":515,"file":213,"line":541},"n5",556,{"id":543,"type":519,"label":544,"file":213,"line":541},"n6","→ forcefield_check_token()",{"id":546,"type":509,"label":510,"file":213,"line":547,"wp_function":512},"n7",364,[549,550,551,552,553],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":421},{"from":518,"to":522,"sanitized":421},{"from":540,"to":543,"sanitized":421},{"from":543,"to":546,"sanitized":421},{"entryPoint":555,"graph":556,"unsanitizedCount":298,"severity":528},"forcefield_blocklist_unblock_form_output (forcefield-block.php:729)",{"nodes":557,"edges":563},[558,561],{"id":503,"type":504,"label":559,"file":299,"line":560},"$_SERVER",764,{"id":508,"type":509,"label":510,"file":299,"line":562,"wp_function":512},765,[564],{"from":503,"to":508,"sanitized":421},{"entryPoint":566,"graph":567,"unsanitizedCount":298,"severity":528},"forcefield_wordquest_submenu_fix (forcefield.php:127)",{"nodes":568,"edges":573},[569,571],{"id":503,"type":504,"label":515,"file":314,"line":570},131,{"id":508,"type":509,"label":510,"file":314,"line":572,"wp_function":512},132,[574],{"from":503,"to":508,"sanitized":421},{"entryPoint":576,"graph":577,"unsanitizedCount":298,"severity":528},"forcefield_get_remote_ip (forcefield.php:1020)",{"nodes":578,"edges":583},[579,581],{"id":503,"type":504,"label":559,"file":314,"line":580},1036,{"id":508,"type":509,"label":510,"file":314,"line":582,"wp_function":512},1042,[584],{"from":503,"to":508,"sanitized":421},{"entryPoint":586,"graph":587,"unsanitizedCount":49,"severity":528},"forcefield_get_server_ip (forcefield.php:1089)",{"nodes":588,"edges":594},[589,592],{"id":503,"type":504,"label":590,"file":314,"line":591},"$_SERVER (x2)",1101,{"id":508,"type":509,"label":510,"file":314,"line":593,"wp_function":512},1103,[595],{"from":503,"to":508,"sanitized":421},{"entryPoint":597,"graph":598,"unsanitizedCount":298,"severity":528},"update_settings (loader.php:520)",{"nodes":599,"edges":612},[600,603,605,608,610],{"id":503,"type":504,"label":601,"file":348,"line":602},"$_POST (x2)",854,{"id":508,"type":509,"label":510,"file":348,"line":604,"wp_function":512},867,{"id":514,"type":504,"label":606,"file":348,"line":607},"$_POST",924,{"id":518,"type":519,"label":609,"file":348,"line":607},"→ validate_setting()",{"id":522,"type":509,"label":510,"file":348,"line":611,"wp_function":512},1157,[613,614,615],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":421},{"from":518,"to":522,"sanitized":421},{"entryPoint":617,"graph":618,"unsanitizedCount":298,"severity":528},"debug_posted (loader.php:1036)",{"nodes":619,"edges":624},[620,622],{"id":503,"type":504,"label":606,"file":348,"line":621},1055,{"id":508,"type":509,"label":510,"file":348,"line":623,"wp_function":512},1057,[625],{"from":503,"to":508,"sanitized":421},{"entryPoint":627,"graph":628,"unsanitizedCount":298,"severity":528},"settings_table (loader.php:2261)",{"nodes":629,"edges":634},[630,632],{"id":503,"type":504,"label":515,"file":348,"line":631},2291,{"id":508,"type":509,"label":510,"file":348,"line":633,"wp_function":512},2364,[635],{"from":503,"to":508,"sanitized":421},{"entryPoint":637,"graph":638,"unsanitizedCount":298,"severity":528},"\u003Cloader> (loader.php:0)",{"nodes":639,"edges":648},[640,642,643,644,645,646,647],{"id":503,"type":504,"label":641,"file":348,"line":602},"$_POST (x4)",{"id":508,"type":509,"label":510,"file":348,"line":604,"wp_function":512},{"id":514,"type":504,"label":515,"file":348,"line":631},{"id":518,"type":509,"label":510,"file":348,"line":633,"wp_function":512},{"id":522,"type":504,"label":606,"file":348,"line":607},{"id":540,"type":519,"label":609,"file":348,"line":607},{"id":543,"type":509,"label":510,"file":348,"line":611,"wp_function":512},[649,650,651,652],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":419},{"from":522,"to":540,"sanitized":421},{"from":540,"to":543,"sanitized":421},{"entryPoint":654,"graph":655,"unsanitizedCount":13,"severity":673},"forcefield_blocklist_remove_record (forcefield-block.php:622)",{"nodes":656,"edges":669},[657,659,661,663,665],{"id":503,"type":504,"label":505,"file":299,"line":658},665,{"id":508,"type":509,"label":510,"file":299,"line":660,"wp_function":512},666,{"id":514,"type":504,"label":515,"file":299,"line":662},656,{"id":518,"type":519,"label":664,"file":299,"line":662},"→ forcefield_blocklist_delete_record()",{"id":522,"type":509,"label":666,"file":299,"line":667,"wp_function":668},"query() [SQLi]",615,"query",[670,671,672],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":421},{"from":518,"to":522,"sanitized":419},"low",{"entryPoint":675,"graph":676,"unsanitizedCount":13,"severity":673},"forcefield_blocklist_user_unblock (forcefield-block.php:825)",{"nodes":677,"edges":682},[678,680],{"id":503,"type":504,"label":505,"file":299,"line":679},915,{"id":508,"type":509,"label":510,"file":299,"line":681,"wp_function":512},918,[683],{"from":503,"to":508,"sanitized":419},{"entryPoint":685,"graph":686,"unsanitizedCount":13,"severity":673},"\u003Cforcefield-block> (forcefield-block.php:0)",{"nodes":687,"edges":713},[688,690,691,692,693,694,695,696,698,701,704,707,710],{"id":503,"type":504,"label":689,"file":299,"line":658},"$_REQUEST (x6)",{"id":508,"type":509,"label":510,"file":299,"line":660,"wp_function":512},{"id":514,"type":504,"label":559,"file":299,"line":560},{"id":518,"type":509,"label":510,"file":299,"line":562,"wp_function":512},{"id":522,"type":504,"label":515,"file":299,"line":662},{"id":540,"type":519,"label":664,"file":299,"line":662},{"id":543,"type":509,"label":666,"file":299,"line":667,"wp_function":668},{"id":546,"type":504,"label":515,"file":299,"line":697},957,{"id":699,"type":519,"label":700,"file":299,"line":697},"n8","→ forcefield_blocklist_expire_old_rows()",{"id":702,"type":509,"label":666,"file":299,"line":703,"wp_function":668},"n9",561,{"id":705,"type":504,"label":515,"file":299,"line":706},"n10",976,{"id":708,"type":519,"label":709,"file":299,"line":706},"n11","→ forcefield_blocklist_delete_old_rows()",{"id":711,"type":509,"label":666,"file":299,"line":712,"wp_function":668},"n12",596,[714,715,716,717,718,719,720,721],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":419},{"from":522,"to":540,"sanitized":421},{"from":540,"to":543,"sanitized":419},{"from":546,"to":699,"sanitized":421},{"from":699,"to":702,"sanitized":419},{"from":705,"to":708,"sanitized":421},{"from":708,"to":711,"sanitized":419},{"entryPoint":723,"graph":724,"unsanitizedCount":13,"severity":673},"\u003Cforcefield> (forcefield.php:0)",{"nodes":725,"edges":731},[726,727,728,730],{"id":503,"type":504,"label":515,"file":314,"line":570},{"id":508,"type":509,"label":510,"file":314,"line":572,"wp_function":512},{"id":514,"type":504,"label":729,"file":314,"line":580},"$_SERVER (x3)",{"id":518,"type":509,"label":510,"file":314,"line":582,"wp_function":512},[732,733],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":419},{"entryPoint":735,"graph":736,"unsanitizedCount":13,"severity":673},"\u003Cwordquest> (wordquest.php:0)",{"nodes":737,"edges":770},[738,741,745,748,750,752,756,758,762,763,765,768],{"id":503,"type":504,"label":739,"file":388,"line":740},"$_POST (x8)",431,{"id":508,"type":509,"label":742,"file":388,"line":743,"wp_function":744},"call_user_func() [RCE]",448,"call_user_func",{"id":514,"type":504,"label":746,"file":388,"line":747},"$_REQUEST (x26)",755,{"id":518,"type":509,"label":510,"file":388,"line":749,"wp_function":512},785,{"id":522,"type":504,"label":515,"file":388,"line":751},1759,{"id":540,"type":509,"label":753,"file":388,"line":754,"wp_function":755},"wp_remote_get() [SSRF]",1766,"wp_remote_get",{"id":543,"type":504,"label":505,"file":388,"line":757},2761,{"id":546,"type":509,"label":759,"file":388,"line":760,"wp_function":761},"update_option() [Settings Manipulation]",2790,"update_option",{"id":699,"type":504,"label":515,"file":388,"line":757},{"id":702,"type":509,"label":742,"file":388,"line":764,"wp_function":744},2819,{"id":705,"type":504,"label":766,"file":388,"line":767},"$_GET",3584,{"id":708,"type":509,"label":510,"file":388,"line":769,"wp_function":512},3604,[771,772,773,774,775,776],{"from":503,"to":508,"sanitized":419},{"from":514,"to":518,"sanitized":419},{"from":522,"to":540,"sanitized":419},{"from":543,"to":546,"sanitized":419},{"from":699,"to":702,"sanitized":419},{"from":705,"to":708,"sanitized":419},{"entryPoint":778,"graph":779,"unsanitizedCount":298,"severity":785},"wqhelper_update_sidebar_boxes (wordquest.php:422)",{"nodes":780,"edges":783},[781,782],{"id":503,"type":504,"label":606,"file":388,"line":740},{"id":508,"type":509,"label":742,"file":388,"line":743,"wp_function":744},[784],{"from":503,"to":508,"sanitized":421},"high",{"summary":787,"deductions":788},"The \"forcefield\" plugin v1.0.9 presents a mixed security posture. On the positive side, the plugin demonstrates strong practices in output escaping, with 100% of its numerous outputs properly escaped.  It also shows a good adherence to using prepared statements for SQL queries, with 92% of its 26 queries utilizing this secure method. The absence of known historical vulnerabilities and unpatched CVEs is a significant strength, suggesting a relatively stable and well-maintained codebase regarding past security issues. Furthermore, a good number of capability checks are in place, indicating an effort to restrict access to certain functionalities.\n\nHowever, significant concerns arise from the attack surface. The plugin exposes 17 AJAX handlers, a considerable number, with a striking 15 of them lacking any authentication checks. This directly translates to a high risk of unauthorized access and potential manipulation of plugin functionalities. The taint analysis also flags a critical issue with one high-severity flow exhibiting unsanitized paths, which could lead to security vulnerabilities if not addressed. While no dangerous functions or raw SQL queries were identified, and file operations and external HTTP requests appear to be within reasonable limits, the high number of unprotected AJAX endpoints and the critical taint flow represent immediate and pressing security risks that outweigh the plugin's positive attributes in terms of output and query security.",[789,791,793],{"reason":790,"points":11},"15 unprotected AJAX handlers",{"reason":792,"points":475},"1 critical severity taint flow",{"reason":794,"points":32},"Bundled Freemius v1.0 library","2026-03-16T23:46:16.517Z",{"wat":797,"direct":802},{"assetPaths":798,"generatorPatterns":799,"scriptPaths":800,"versionParams":801},[],[],[],[],{"cssClasses":803,"htmlComments":804,"htmlAttributes":805,"restEndpoints":806,"jsGlobals":807,"shortcodeOutput":808},[],[],[],[],[],[]]