[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5bRpdSY42r4vT7e4Q70rG7TbgHjjP9fwysxNQg4eAkw":3,"$fQarxZAk2FsEzHshyF8q2QKB1no2xaYYsSF8FEH4SCGE":449,"$fhiM649HLxgaAicwYRfoFMp1g2ikybu_IL96NSxE_tMc":453},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":128,"fingerprints":419},"freelancebo-sentra-control","FreelanceBo Sentra Control","2.4.0","FreelanceBo Group S.r.l.s","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreelancebo\u002F","\u003Cp>FreelanceBo Sentra Control is a comprehensive WordPress security plugin that connects your site to the Sentra central console, providing enterprise-grade protection.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong> – Block malicious requests, SQL injection, XSS, and other common attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Scan WordPress core files, themes, and plugins for known malware signatures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Check installed plugins and themes against known vulnerability databases\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> – Limit login attempts and block attackers automatically\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Integrity Monitoring\u003C\u002Fstrong> – Detect unauthorized changes to WordPress core files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Blocklist\u003C\u002Fstrong> – Manage blocked IPs manually or automatically based on threat detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Events Log\u003C\u002Fstrong> – Track all security events with detailed logging\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Central Console\u003C\u002Fstrong> – Manage multiple WordPress sites from a single dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin on your WordPress site\u003C\u002Fli>\n\u003Cli>Connect to your Sentra central console by entering the server URL and API key in Settings\u003C\u002Fli>\n\u003Cli>The plugin automatically starts monitoring your site and reporting to the console\u003C\u002Fli>\n\u003Cli>View scan results, manage firewall rules, and review security events from either the WordPress admin panel or the central console\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.8 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>A Sentra central console account (available at freelancebo.it)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the following external services:\u003C\u002Fp>\n\u003Ch4>FreelanceBo Sentra Control Console\u003C\u002Fh4>\n\u003Cp>This plugin connects to a self-hosted FreelanceBo Sentra Control central console for centralized security monitoring and management. This connection is essential for the plugin to function.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Site URL, WordPress version, PHP version, and installed plugins\u002Fthemes list (during heartbeat and scans)\u003Cbr \u002F>\n* Security events (firewall blocks, failed login attempts, malware detections, file integrity changes)\u003Cbr \u002F>\n* Scan results (malware scan, vulnerability scan, integrity scan findings)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* On plugin activation and periodically via heartbeat (every 5 minutes)\u003Cbr \u002F>\n* When security events occur (login attempts, firewall blocks)\u003Cbr \u002F>\n* When scans are triggered (manually or via scheduled cron)\u003Cbr \u002F>\n* When the admin manages firewall rules, blocklists, or settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong> FreelanceBo Group S.r.l.s., Bologna, Italy\u003Cbr \u002F>\n* Service URL: \u003Ca href=\"https:\u002F\u002Fsentra.freelancebo.it\" rel=\"nofollow ugc\">https:\u002F\u002Fsentra.freelancebo.it\u003C\u002Fa>\u003Cbr \u002F>\n* Terms of Service: \u003Ca href=\"https:\u002F\u002Fsentra.freelancebo.it\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fsentra.freelancebo.it\u002Fterms\u003C\u002Fa>\u003Cbr \u002F>\n* Privacy Policy: \u003Ca href=\"https:\u002F\u002Fsentra.freelancebo.it\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fsentra.freelancebo.it\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The console server URL is configurable by the user in the plugin settings. All data is transmitted over HTTPS. Data is stored on EU-based servers in compliance with GDPR.\u003C\u002Fp>\n\u003Ch4>WordPress.org API\u003C\u002Fh4>\n\u003Cp>The vulnerability scanner module uses the official WordPress.org API to retrieve information about installed plugins, themes, and WordPress core version. This is necessary to check for known vulnerabilities and outdated software.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Plugin slugs, theme slugs, and WordPress core version\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* When a vulnerability scan is triggered (manually or via scheduled cron)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong> WordPress.org\u003Cbr \u002F>\n* API endpoint: \u003Ca href=\"https:\u002F\u002Fapi.wordpress.org\" rel=\"nofollow ugc\">https:\u002F\u002Fapi.wordpress.org\u003C\u002Fa>\u003Cbr \u002F>\n* Terms of Service: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\u003C\u002Fa>\u003Cbr \u002F>\n* Privacy Policy: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Security agent connecting to FreelanceBo Sentra Control console for WAF, malware scanning, brute force protection, and vulnerability scanning.",0,372,"2026-03-22T19:55:00.000Z","6.9.4","5.8","7.4",[18,19,20,21,22],"brute-force","firewall","malware-scanner","security","vulnerability-scanner","https:\u002F\u002Ffreelancebo.it","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.4.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"freelancebo",1,30,94,"2026-05-19T19:15:05.589Z",[37,54,70,85,106],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":14,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-admin-protect","Protector – Malware Removal, Firewall & Core Repair","4.0.2","Marcello Ruoppolo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcelloruoppolome\u002F","\u003Cp>Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protector is different.\u003C\u002Fstrong> It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed.\u003C\u002Fp>\n\u003Cp>Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure. With our new \u003Cstrong>1-Click Security Overview Dashboard\u003C\u002Fstrong>, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds.\u003C\u002Fp>\n\u003Cp>📖 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fkloxstudios.com\u002Fdocumentation\u002Fprotector\u002F\" rel=\"nofollow ugc\">Read the Official Documentation here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>🦠 Malware Threat Scanner & Auto-Repair\u003C\u002Fh3>\n\u003Cp>Don’t just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server:\u003Cbr \u002F>\n* \u003Cstrong>Core Integrity Verification:\u003C\u002Fstrong> Cross-references all Core files against the official WordPress.org checksums.\u003Cbr \u002F>\n* \u003Cstrong>Advanced Pattern Detection:\u003C\u002Fstrong> Detects suspicious code patterns (like \u003Ccode>eval\u003C\u002Fcode>, \u003Ccode>base64_decode\u003C\u002Fcode>, \u003Ccode>shell_exec\u003C\u002Fcode>) hidden in your files.\u003Cbr \u002F>\n* \u003Cstrong>1-Click Auto-Repair:\u003C\u002Fstrong> Found a modified core file? Click “Repair” and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file.\u003C\u002Fp>\n\u003Ch3>🛡️ Login Fortress (Brute-Force Protection)\u003C\u002Fh3>\n\u003Cp>Hackers relentlessly target the \u003Ccode>wp-login.php\u003C\u002Fcode> page. We make it disappear.\u003Cbr \u002F>\n* \u003Cstrong>Secret Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice.\u003Cbr \u002F>\n* \u003Cstrong>Smart Honeypots:\u003C\u002Fstrong> Inject invisible fields into your login and comment forms to trap and block spam\u002Fbrute-force bots automatically.\u003Cbr \u002F>\n* \u003Cstrong>Block Username Scanning:\u003C\u002Fstrong> Prevent attackers from discovering your admin usernames via \u003Ccode>?author=1\u003C\u002Fcode> enumeration.\u003C\u002Fp>\n\u003Ch3>🔒 1-Click Site Hardening\u003C\u002Fh3>\n\u003Cp>Lock down common vulnerabilities instantly:\u003Cbr \u002F>\n* \u003Cstrong>Security Headers:\u003C\u002Fstrong> Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle.\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Control:\u003C\u002Fstrong> Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress.\u003Cbr \u002F>\n* \u003Cstrong>Version Obfuscation:\u003C\u002Fstrong> Hide your WordPress version from the source code so hackers can’t target known exploits.\u003Cbr \u002F>\n* \u003Cstrong>Restrict REST API:\u003C\u002Fstrong> Block public access to endpoints that expose sensitive user data.\u003C\u002Fp>\n\u003Ch3>📊 Live Attack Log\u003C\u002Fh3>\n\u003Cp>Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard.\u003C\u002Fp>\n\u003Ch3>🚀 Upgrade to KloxStudios Pro\u003C\u002Fh3>\n\u003Cp>Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins\u002Fthemes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA.\u003C\u002Fp>\n","Protect your WordPress. The ultimate lightweight security suite. Block brute-force attacks, auto-repair infected core files, hide your login URL, set  &hellip;",200,5324,3,"2026-04-11T09:57:00.000Z","5.0",[18,19,20,51,21],"repair-core","https:\u002F\u002Fkloxstudios.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-admin-protect.4.0.2.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":11,"num_ratings":11,"last_updated":63,"tested_up_to":14,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"atlant-security","Atlant Security","1.1.2","Atlant","https:\u002F\u002Fprofiles.wordpress.org\u002Fxorred\u002F","\u003Cp>\u003Cstrong>Atlant Security\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides enterprise-grade protection through 17 integrated security modules organized in a 5-layer defense architecture.\u003C\u002Fp>\n\u003Ch4>5-Layer Defense Architecture\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Pre-WordPress WAF\u003C\u002Fstrong> — Firewall, rate limiter, and IP blocking run before WordPress processes the request.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Application-Aware\u003C\u002Fstrong> — Login security, custom login URL, two-factor authentication, session hardening, cron monitoring, and REST API policies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content & Config\u003C\u002Fstrong> — WordPress hardening, security headers, AI crawler management, and honeypot traps.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Outbound & Data\u003C\u002Fstrong> — SSRF prevention, malware scanning (files and database).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Response & Recovery\u003C\u002Fstrong> — Post-breach recovery, notifications, visitor log, and audit log.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong>\u003Cbr \u002F>\nInspects every request against 28+ attack pattern families including SQL injection, XSS, remote code execution, path traversal, PHP object injection, and WordPress-specific attacks. Block or log-only mode. Triple URL decoding prevents evasion.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nProgressive lockout system (5 min > 30 min > 24 hours) with configurable thresholds. Generic login error messages prevent username enumeration. Author enumeration blocking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malware Scanner\u003C\u002Fstrong>\u003Cbr \u002F>\nLocal file and database scanner with 38 malware signatures. Detects backdoors, webshells (WSO, c99, r57), crypto miners, credit card skimmers, and obfuscated code. Quarantine system with web access blocking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\nTOTP (Google Authenticator, Authy) and email OTP. Per-role enforcement, 10 recovery codes, 5-minute challenge timeout, replay attack prevention.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Honeypot Traps\u003C\u002Fstrong>\u003Cbr \u002F>\nZero-false-positive bot detection: hidden link traps, fake login pages, comment honeypots, and Contact Form 7 integration. 3-layer safe bot protection ensures Googlebot, Bingbot, and allowed AI crawlers are never blocked.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI Crawler Management\u003C\u002Fstrong>\u003Cbr \u002F>\nControl 20+ known AI\u002FLLM training crawlers (GPTBot, ClaudeBot, Google-Extended, Bytespider, and more). Per-crawler toggles, robots.txt integration, and 403 enforcement. Block training crawlers while allowing browsing bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers\u003C\u002Fstrong>\u003Cbr \u002F>\nManage HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CSP, CORP, and COOP. Letter-grade scoring system. Remove X-Powered-By and Server headers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Session Security\u003C\u002Fstrong>\u003Cbr \u002F>\nCookie hardening (HttpOnly, Secure, SameSite). Session binding via IP + User-Agent fingerprint detects hijacking. Concurrent session limits. Idle timeout. Optional admin bypass for all session restrictions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Rate Limiter\u003C\u002Fstrong>\u003Cbr \u002F>\nSliding-window rate limiting across 11 endpoint categories: frontend, login, search, feed, REST API, WooCommerce checkout, XML-RPC, and cron.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST API Policies\u003C\u002Fstrong>\u003Cbr \u002F>\nPer-route access control with authentication requirements, HTTP method restrictions, rate limits, and IP whitelists. 5 built-in policies protect user enumeration, search, and write endpoints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cron Guard\u003C\u002Fstrong>\u003Cbr \u002F>\nMonitors wp-cron.php for flood attacks. Detects suspicious scheduled tasks via baseline comparison. System cron migration helper.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Outbound Monitor (SSRF Prevention)\u003C\u002Fstrong>\u003Cbr \u002F>\nMonitors all outgoing HTTP requests. Blocks requests to private\u002Finternal IP ranges including cloud metadata endpoints. Domain allowlist with wildcard support. Caller detection traces requests to specific plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Post-Breach Recovery\u003C\u002Fstrong>\u003Cbr \u002F>\n12 emergency actions: terminate sessions, force password reset, rotate secret keys, emergency lockdown, reinstall core, reinstall plugins, audit admin accounts, clear caches, malware scan, disable plugins, and downloadable incident report.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real-Time Dashboard\u003C\u002Fstrong>\u003Cbr \u002F>\nLive visitor monitoring with 15-second auto-refresh. Stat cards, traffic charts, top IPs with VirusTotal integration, browser distribution, and IP detail modals.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Visitor Log & Audit Log\u003C\u002Fstrong>\u003Cbr \u002F>\nComplete request history with filters (IP, URL, bots, blocked, time range). Tamper-resistant admin action audit trail.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nEmail alerts (HTML formatted, color-coded severity), Slack webhooks, custom JSON webhooks, and daily digest. Configurable severity threshold with 5-minute deduplication.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Hardening\u003C\u002Fstrong>\u003Cbr \u002F>\nOne-click toggles: disable XML-RPC, hide WordPress version, block REST API user enumeration, block author enumeration, disable file editor, block PHP execution in uploads.\u003C\u002Fp>\n\u003Ch4>What Makes Atlant Security Different\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Pre-WordPress WAF\u003C\u002Fstrong> — Blocks attacks via auto_prepend_file before WordPress even loads\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Outbound HTTP Monitor\u003C\u002Fstrong> — Detects SSRF attacks and unauthorized outbound connections\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Backdoor Scanner\u003C\u002Fstrong> — Scans wp_options and wp_posts for eval(), base64, and hidden backdoors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client-Side Bot Detection\u003C\u002Fstrong> — JavaScript challenges and browser fingerprinting catch sophisticated bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI\u002FLLM Crawler Blocking\u003C\u002Fstrong> — Identify and block AI training crawlers scraping your content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Traps\u003C\u002Fstrong> — Hidden links, fake login pages, invisible form fields that only bots trigger\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cron Guard\u003C\u002Fstrong> — Monitors wp-cron for unauthorized scheduled tasks planted by malware\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Breach Recovery\u003C\u002Fstrong> — Guided recovery toolkit with 12 emergency actions in one place\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Fingerprint Binding\u003C\u002Fstrong> — Binds sessions to IP + User-Agent so stolen cookies are useless\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Visitor Dashboard\u003C\u002Fstrong> — Live visitor feed updated every 15 seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Password Policy\u003C\u002Fstrong> — Minimum length, complexity, common-password blocking, and passphrase support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular REST API Policies\u003C\u002Fstrong> — Per-endpoint control, not just a global on\u002Foff switch\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Mode Override\u003C\u002Fstrong> — One constant in wp-config.php disables all blocking features instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deactivation Data Control\u003C\u002Fstrong> — Choose to keep or wipe all security data when deactivating\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero phone-home\u003C\u002Fstrong> — No telemetry, no tracking, fully GDPR-compliant (external services used only when explicitly enabled by the admin — see External Services section)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Atlant Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>All-in-one\u003C\u002Fstrong> — Replaces 5-6 separate security plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No external dependencies\u003C\u002Fstrong> — Core security features run locally on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero phone-home\u003C\u002Fstrong> — No telemetry, no tracking (optional features like GeoIP use external services only when explicitly enabled — see External Services section)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR-friendly\u003C\u002Fstrong> — No external fonts, no CDN resources\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup wizard\u003C\u002Fstrong> — Configure core security in under 2 minutes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean uninstall\u003C\u002Fstrong> — Removes all database tables and options when deleted (opt-in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Mode\u003C\u002Fstrong> — Emergency override if you get locked out of your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following third-party services under specific conditions:\u003C\u002Fp>\n\u003Ch4>Cloudflare IP Ranges\u003C\u002Fh4>\n\u003Cp>When Cloudflare integration is enabled, the plugin periodically fetches the current list of Cloudflare edge IP ranges from Cloudflare’s official endpoints. This is used to correctly identify visitor IP addresses behind the Cloudflare proxy and to whitelist Cloudflare edge servers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches publicly available IP range lists.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_cloudflare_ips), only when Cloudflare integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoints: https:\u002F\u002Fwww.cloudflare.com\u002Fips-v4 and https:\u002F\u002Fwww.cloudflare.com\u002Fips-v6\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Cloudflare Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\" rel=\"nofollow ugc\">Cloudflare Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MaxMind GeoLite2 GeoIP Database\u003C\u002Fh4>\n\u003Cp>When GeoIP country detection is enabled and a MaxMind license key is configured, the plugin downloads the GeoLite2-Country database from MaxMind. This database is stored locally and used to resolve visitor IP addresses to country codes for display in the visitor log and dashboard.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Your MaxMind license key is sent to authenticate the download request. No visitor data is sent to MaxMind.\u003C\u002Fli>\n\u003Cli>When: On initial setup and once per week via a scheduled cron job (aswp_update_geoip_db), only when GeoIP is enabled and a license key is configured.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fdownload.maxmind.com\u002Fapp\u002Fgeoip_download\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\" rel=\"nofollow ugc\">MaxMind End User License Agreement\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\" rel=\"nofollow ugc\">MaxMind Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google IP Ranges\u003C\u002Fh4>\n\u003Cp>When Google integration is enabled in the IP Whitelist, the plugin periodically fetches the current list of Google IP ranges from Google’s official endpoint. This is used to automatically whitelist known Google infrastructure IPs (Googlebot, Google Cloud, etc.) so legitimate Google traffic is never blocked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches a publicly available JSON file containing Google IP ranges.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_google_ips), only when Google integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fwww.gstatic.com\u002Fipranges\u002Fgoog.json\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Google Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Microsoft \u002F Bing IP Ranges\u003C\u002Fh4>\n\u003Cp>When Microsoft integration is enabled in the IP Whitelist, the plugin periodically fetches the current list of Bing bot IP ranges from Microsoft’s official endpoint. This is used to automatically whitelist known Bing crawler IPs so legitimate Bing traffic is never blocked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches a publicly available JSON file containing Bing bot IP ranges.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_microsoft_ips), only when Microsoft integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fwww.bing.com\u002Ftoolbox\u002Fbingbot.json\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fservicesagreement\u002F\" rel=\"nofollow ugc\">Microsoft Services Agreement\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprivacy.microsoft.com\u002Fen-us\u002Fprivacystatement\" rel=\"nofollow ugc\">Microsoft Privacy Statement\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress.org Secret Key API\u003C\u002Fh4>\n\u003Cp>The Post-Breach Recovery module can generate new WordPress secret keys and salts using the official WordPress.org API. This is used when an administrator manually triggers the “Rotate Secret Keys” emergency action after a security breach.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches randomly generated keys from the API.\u003C\u002Fli>\n\u003Cli>When: Only when an administrator manually triggers the “Rotate Secret Keys” action in the Post-Breach Recovery module.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fdomains\u002F\" rel=\"ugc\">WordPress.org Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">WordPress.org Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Slack Webhooks\u003C\u002Fh4>\n\u003Cp>When Slack notifications are enabled and a Slack webhook URL is configured, the plugin sends security alert messages to the specified Slack channel. This allows administrators to receive real-time security notifications in Slack.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Security alert messages containing the alert subject, description, severity level, site URL, and the IP address that triggered the alert. No visitor personal data or cookies are sent.\u003C\u002Fli>\n\u003Cli>When: Only when a security event occurs (e.g., brute force attempt, WAF block, honeypot trip) and Slack notifications are enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: Administrator-configured Slack Incoming Webhook URL (e.g., https:\u002F\u002Fhooks.slack.com\u002Fservices\u002F…)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fslack.com\u002Fterms-of-service\" rel=\"nofollow ugc\">Slack Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fslack.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Slack Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Webhooks\u003C\u002Fh4>\n\u003Cp>When webhook notifications are enabled and a webhook URL is configured, the plugin sends security alert payloads in JSON format to the specified endpoint. This allows integration with any external monitoring or alerting system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: JSON payload containing the alert subject, description, severity level, site URL, timestamp, and the IP address that triggered the alert. No visitor personal data or cookies are sent.\u003C\u002Fli>\n\u003Cli>When: Only when a security event occurs and webhook notifications are enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: Administrator-configured webhook URL.\u003C\u002Fli>\n\u003Cli>Terms and privacy: Determined by the third-party service the administrator configures.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade Notices\u003C\u002Fh3>\n\u003Ch4>1.1.2\u003C\u002Fh4>\n\u003Cp>New About page consolidates defense architecture and competitive features. Setup wizard no longer auto-redirects on activation. Dashboard is cleaner with focus on operational data.\u003C\u002Fp>\n\u003Ch4>1.0.7\u003C\u002Fh4>\n\u003Cp>Major UI overhaul: inner sidebar navigation replaces 23 WordPress submenu items with a clean, persistent sidebar panel. All page URLs remain the same — bookmarks still work.\u003C\u002Fp>\n\u003Ch4>1.0.4\u003C\u002Fh4>\n\u003Cp>Adds GeoIP country flags in visitor log, custom login URL, password policy enforcement, and Force SSL Admin setting. Internal prefix migration runs automatically — no action required.\u003C\u002Fp>\n\u003Ch4>1.0.3\u003C\u002Fh4>\n\u003Cp>Adds honeypot traps, security headers management, two-factor authentication, and notification channels. Fixes IP management and status code logging. Recommended update.\u003C\u002Fp>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cp>Initial release. Run the Setup Wizard after activation to configure your site’s security.\u003C\u002Fp>\n","Enterprise-grade WordPress security: WAF, brute force protection, malware scanner, 2FA, honeypots, AI crawler control, and post-breach recovery.",120,"2026-03-30T20:31:00.000Z","6.0","8.0",[18,19,20,21,67],"two-factor-authentication","https:\u002F\u002Fatlantsecurity.com\u002Flearn\u002Fwe-are-releasing-the-best-security-plugin-for-wordpress-in-existence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatlant-security.1.1.2.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":11,"num_ratings":11,"last_updated":79,"tested_up_to":14,"requires_at_least":64,"requires_php":16,"tags":80,"homepage":82,"download_link":83,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":84},"custom-login-url-login-designer","Dotsquares Custom Login URL & Security Suite","1.6.4","maheshsharmads","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshsharmads\u002F","\u003Cp>\u003Cstrong>Dotsquares Custom Login URL & Security Suite\u003C\u002Fstrong> helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers — all from one beautifully designed dashboard.\u003C\u002Fp>\n\u003Ch4>🔑 Login Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Custom login slug — redirect wp-login.php to your own secret URL\u003C\u002Fli>\n\u003Cli>Optionally hide wp-login.php (returns 404 for guests)\u003C\u002Fli>\n\u003Cli>Optionally block wp-admin for non-logged-in users\u003C\u002Fli>\n\u003Cli>Brute force protection with configurable lockout thresholds\u003C\u002Fli>\n\u003Cli>Login honeypot trap (hidden field that catches bots)\u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (TOTP — works with Google Authenticator, Authy, etc.)\u003C\u002Fli>\n\u003Cli>Weak username detection (blocks “admin”, “root”, “test”, etc.)\u003C\u002Fli>\n\u003Cli>Force logout after inactivity (configurable timeout)\u003C\u002Fli>\n\u003Cli>Manual approval for new user registrations\u003C\u002Fli>\n\u003Cli>Prevent display name from matching username\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛡️ Firewall\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable XML-RPC (common attack vector)\u003C\u002Fli>\n\u003Cli>Block bad bots and fake user agents (40+ known bots)\u003C\u002Fli>\n\u003Cli>Block POST requests with empty User-Agent headers\u003C\u002Fli>\n\u003Cli>Rate limiting per IP address\u003C\u002Fli>\n\u003Cli>IP blacklist and whitelist (supports CIDR ranges)\u003C\u002Fli>\n\u003Cli>Geo-blocking by country code\u003C\u002Fli>\n\u003Cli>Restrict REST API for non-logged-in users\u003C\u002Fli>\n\u003Cli>Prevent user enumeration via ?author= scans\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔍 Malware & File Scanner\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Deep scan of WordPress core, plugins, themes and uploads\u003C\u002Fli>\n\u003Cli>40+ malware signature patterns (PHP shells, backdoors, crypto miners, pharma hacks, SEO spam injections)\u003C\u002Fli>\n\u003Cli>Detects known web shells by filename (c99, r57, WSO, b374k, adminer, etc.)\u003C\u002Fli>\n\u003Cli>WordPress core file integrity check (compares against official api.wordpress.org checksums)\u003C\u002Fli>\n\u003Cli>Detects PHP files hidden inside the uploads folder\u003C\u002Fli>\n\u003Cli>Suspicious code pattern detection (eval, exec, base64_decode combos, etc.)\u003C\u002Fli>\n\u003Cli>File change detection using MD5 hash baseline\u003C\u002Fli>\n\u003Cli>File permission scanner (755\u002F644 standards)\u003C\u002Fli>\n\u003Cli>.htaccess security rules generator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👥 User & Session Management\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>View and kill active user sessions\u003C\u002Fli>\n\u003Cli>Session tracking with IP and user-agent logging\u003C\u002Fli>\n\u003Cli>Manual user approval workflow\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📊 Monitoring & Logs\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Security event log (login, logout, failed attempts, plugin\u002Ftheme changes)\u003C\u002Fli>\n\u003Cli>IP blocking log with unblock controls\u003C\u002Fli>\n\u003Cli>Real-time security score (A–F grade with per-check breakdown)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚙️ Other Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Maintenance mode with custom message\u003C\u002Fli>\n\u003Cli>Database backup download\u003C\u002Fli>\n\u003Cli>Email alerts for security events\u003C\u002Fli>\n\u003Cli>Beautiful admin dashboard with quick-toggle switches\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cp>Hardening actions such as \u003Cstrong>DB prefix change\u003C\u002Fstrong> and \u003Cstrong>wp-content rename\u003C\u002Fstrong> are advanced operations.\u003Cbr \u002F>\nAlways run these features on a \u003Cstrong>staging environment\u003C\u002Fstrong> and ensure you have a \u003Cstrong>full backup\u003C\u002Fstrong> before applying them on production.\u003C\u002Fp>\n","Change your WordPress login URL, design the login page, and enhance your site's security with built-in protection tools.",662,"2026-03-30T11:09:00.000Z",[18,19,81,20,21],"login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-url-login-designer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url-login-designer.1.6.4.zip","2026-04-06T09:54:40.288Z",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":14,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":99,"download_link":103,"security_score":95,"vuln_count":104,"unpatched_count":11,"last_vuln_date":105,"fetched_at":27},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall","3.1.0","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Enable two-factor authentication for extra login security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.",2000000,83296786,98,1447,"2026-04-09T18:49:00.000Z","3.0","",[101,18,19,21,102],"2fa","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.3.1.0.zip",4,"2023-12-20 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":14,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":123,"download_link":124,"security_score":125,"vuln_count":126,"unpatched_count":11,"last_vuln_date":127,"fetched_at":27},"sg-security","Security Optimizer – The All-In-One Protection Plugin","1.6.0","SiteGround","https:\u002F\u002Fprofiles.wordpress.org\u002Fsiteground\u002F","\u003Cp>\u003Cstrong>Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin – Security Optimizer.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable \u003Cstrong>2FA (Two-Factor Authentication)\u003C\u002Fstrong> for an extra layer of website security\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> to deter malicious login attempts and brute-force attacks\u003C\u002Fli>\n\u003Cli>Change your default login URL to \u003Cstrong>Custom Login URL\u003C\u002Fstrong> to avoid attacks\u003C\u002Fli>\n\u003Cli>Activate \u003Cstrong>Advanced XSS Protection\u003C\u002Fstrong> to fortify your website against malicious attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lock and Protect System Folders\u003C\u002Fstrong> to ensure no unauthorized or malicious scripts can be executed in your system folders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Themes & Plugins Editor\u003C\u002Fstrong> to safeguard your website from unauthorized access via the WordPress editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide WordPress Version\u003C\u002Fstrong> effortlessly, keeping it hidden from prying eyes\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>Activity Log\u003C\u002Fstrong> to monitor your site and quickly prevent malicious actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Hack Actions\u003C\u002Fstrong> to take immediate actions and prevent further damages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed by the website security experts at \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fwordpress-plugins\u002Fsiteground-security\" rel=\"nofollow ugc\">SiteGround\u003C\u002Fa> and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform.\u003C\u002Fp>\n\u003Ch4>AWARDS:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2022\u002F\" rel=\"nofollow ugc\">Monster Awards 2022\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.templatemonster.com\u002Fawards\u002Fwinners-2021\u002F\" rel=\"nofollow ugc\">Monster Awards 2021\u003C\u002Fa>: Best WordPress Security Plugin 🥇\u003C\u002Fp>\n\u003Ch4>Plugin Video\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFOheCz7sm9A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Plugin Tutorial\u003C\u002Fh4>\n\u003Cp>Unveil the vast array of features and unleash the full potential of our security plugin in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Ftutorials\u002Fwordpress\u002Fsg-security\u002F\" rel=\"nofollow ugc\">Security Optimizer Tutorial\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SITE PROTECTION FEATURES\u003C\u002Fh3>\n\u003Cp>Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website:\u003C\u002Fp>\n\u003Ch4>Lock and Protect System Folders\u003C\u002Fh4>\n\u003Cp>Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.\u003C\u002Fp>\n\u003Ch4>Hide WordPress Version\u003C\u002Fh4>\n\u003Cp>Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.\u003C\u002Fp>\n\u003Ch4>Disable Themes & Plugins Editor\u003C\u002Fh4>\n\u003Cp>Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.\u003C\u002Fp>\n\u003Ch4>Disable XML-RPC\u003C\u002Fh4>\n\u003Cp>Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.\u003C\u002Fp>\n\u003Ch4>Disable RSS and ATOM Feeds\u003C\u002Fh4>\n\u003Cp>Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.\u003C\u002Fp>\n\u003Ch4>Advanced XSS Protection\u003C\u002Fh4>\n\u003Cp>Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.\u003C\u002Fp>\n\u003Ch4>Delete Default Readme.html\u003C\u002Fh4>\n\u003Cp>Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.\u003C\u002Fp>\n\u003Ch3>Login Security\u003C\u002Fh3>\n\u003Ch4>Custom Login Url\u003C\u002Fh4>\n\u003Cp>Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.\u003C\u002Fp>\n\u003Ch4>Login Access\u003C\u002Fh4>\n\u003Cp>Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks.\u003C\u002Fp>\n\u003Ch4>2FA (Two-Factor Authentication)\u003C\u002Fh4>\n\u003Cp>Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.\u003C\u002Fp>\n\u003Ch4>Disable Common Usernames\u003C\u002Fh4>\n\u003Cp>Don’t fall victim to predictable security breaches! The use of common usernames, such as ‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives.\u003C\u002Fp>\n\u003Ch4>Limit Login Attempts\u003C\u002Fh4>\n\u003Cp>Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.\u003C\u002Fp>\n\u003Ch3>ACTIVITY MONITORING\u003C\u002Fh3>\n\u003Cp>Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions\u003C\u002Fp>\n\u003Ch4>Activity Log\u003C\u002Fh4>\n\u003Cp>The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.\u003C\u002Fp>\n\u003Ch4>Weekly Security Reports\u003C\u002Fh4>\n\u003Cp>Receive a weekly traffic summary for your website directly to your inbox. This \u003Cstrong>Weekly Security Report\u003C\u002Fstrong> compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.\u003C\u002Fp>\n\u003Ch3>POST-HACK ACTIONS\u003C\u002Fh3>\n\u003Cp>Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively:\u003C\u002Fp>\n\u003Ch4>Reinstall All Free Plugins\u003C\u002Fh4>\n\u003Cp>In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.\u003C\u002Fp>\n\u003Ch4>Log Out All Users\u003C\u002Fh4>\n\u003Cp>To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.\u003C\u002Fp>\n\u003Ch4>Force Password Reset\u003C\u002Fh4>\n\u003Cp>By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.7\u003C\u002Fli>\n\u003Cli>PHP 7.0\u003C\u002Fli>\n\u003Cli>Working .htaccess file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data Collection\u003C\u002Fh3>\n\u003Cp>Collection of technical data is optional and is \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fkb\u002Fwhat-information-wp-plugins-collect\" rel=\"nofollow ugc\">listed here\u003C\u002Fa>. This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin’s performance. You may find more information on data collection in our \u003Ca href=\"https:\u002F\u002Fwww.siteground.com\u002Fviewtos\u002Fsiteground_plugins_privacy_notice\" rel=\"nofollow ugc\">Plugins Privacy Notice\u003C\u002Fa>.\u003C\u002Fp>\n","Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.",1000000,32328818,90,153,"2026-03-31T11:35:00.000Z","4.7","7.0",[19,81,20,21,122],"web-application-firewall","https:\u002F\u002Fsiteground.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsg-security.1.6.0.zip",86,5,"2025-11-30 00:00:00",{"attackSurface":129,"codeSignals":290,"taintFlows":339,"riskAssessment":411,"analyzedAt":418},{"hooks":130,"ajaxHandlers":229,"restRoutes":260,"shortcodes":274,"cronEvents":275,"entryPointCount":289,"unprotectedCount":11},[131,137,141,146,150,154,158,162,165,168,171,176,180,185,189,192,196,199,203,206,209,210,214,218,222,226],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_notices","closure","admin\u002Fviews\u002Fstatus.php",10,{"type":132,"name":138,"callback":134,"file":139,"line":140},"init","freelancebo-sentra-control.php",19,{"type":142,"name":143,"callback":144,"priority":136,"file":139,"line":145},"filter","http_request_host_is_external","allow_sentra_host",55,{"type":142,"name":147,"callback":148,"priority":136,"file":139,"line":149},"http_request_args","allow_sentra_ssl",56,{"type":132,"name":151,"callback":152,"file":139,"line":153},"admin_menu","add_admin_menu",59,{"type":132,"name":155,"callback":156,"file":139,"line":157},"admin_init","register_settings",60,{"type":132,"name":159,"callback":160,"file":139,"line":161},"admin_enqueue_scripts","enqueue_admin_assets",61,{"type":142,"name":163,"callback":134,"priority":136,"file":139,"line":164},"pre_update_option_sentra_api_secret",142,{"type":142,"name":166,"callback":134,"file":139,"line":167},"cron_schedules",555,{"type":132,"name":169,"callback":134,"file":139,"line":170},"plugins_loaded",563,{"type":132,"name":172,"callback":173,"file":174,"line":175},"sentra_flush_events","flush","includes\u002Fclass-sentra-event-queue.php",15,{"type":132,"name":177,"callback":178,"file":174,"line":179},"shutdown","save_queue",16,{"type":132,"name":181,"callback":182,"file":183,"line":184},"sentra_heartbeat_event","send_heartbeat","includes\u002Fclass-sentra-heartbeat.php",12,{"type":132,"name":186,"callback":187,"file":183,"line":188},"rest_api_init","register_rest_routes",13,{"type":132,"name":186,"callback":187,"file":190,"line":191},"includes\u002Fmodules\u002Fclass-sentra-auto-patcher.php",20,{"type":132,"name":138,"callback":193,"priority":32,"file":194,"line":195},"check_request","includes\u002Fmodules\u002Fclass-sentra-firewall.php",14,{"type":132,"name":197,"callback":198,"file":194,"line":175},"sentra_sync_rules","sync_rules",{"type":132,"name":200,"callback":201,"file":202,"line":188},"sentra_integrity_scan","run_scan","includes\u002Fmodules\u002Fclass-sentra-integrity.php",{"type":132,"name":204,"callback":205,"priority":136,"file":202,"line":175},"upgrader_process_complete","refresh_baseline_after_update",{"type":132,"name":169,"callback":207,"priority":11,"file":208,"line":188},"check_ip","includes\u002Fmodules\u002Fclass-sentra-ip-blocker.php",{"type":132,"name":138,"callback":207,"priority":11,"file":208,"line":175},{"type":142,"name":211,"callback":212,"priority":33,"file":213,"line":179},"authenticate","check_lockout","includes\u002Fmodules\u002Fclass-sentra-login-guard.php",{"type":132,"name":215,"callback":216,"priority":136,"file":213,"line":217},"wp_login_failed","record_failed_login",17,{"type":132,"name":219,"callback":220,"priority":136,"file":213,"line":221},"wp_login","record_successful_login",18,{"type":132,"name":223,"callback":201,"file":224,"line":225},"sentra_malware_scan","includes\u002Fmodules\u002Fclass-sentra-malware-scanner.php",97,{"type":132,"name":227,"callback":201,"file":228,"line":188},"sentra_vuln_scan","includes\u002Fmodules\u002Fclass-sentra-vuln-scanner.php",[230,236,240,244,248,252,256],{"action":231,"nopriv":232,"callback":233,"hasNonce":234,"hasCapCheck":234,"file":139,"line":235},"sentra_api_proxy",false,"ajax_api_proxy",true,64,{"action":237,"nopriv":232,"callback":238,"hasNonce":234,"hasCapCheck":234,"file":139,"line":239},"sentra_run_scan","ajax_run_scan",65,{"action":241,"nopriv":232,"callback":242,"hasNonce":234,"hasCapCheck":234,"file":139,"line":243},"sentra_analyze_for_patches","ajax_analyze_for_patches",66,{"action":245,"nopriv":232,"callback":246,"hasNonce":234,"hasCapCheck":234,"file":139,"line":247},"sentra_run_auto_patch","ajax_run_auto_patch",67,{"action":249,"nopriv":232,"callback":250,"hasNonce":234,"hasCapCheck":234,"file":139,"line":251},"sentra_resolve_finding","ajax_resolve_finding",68,{"action":253,"nopriv":232,"callback":254,"hasNonce":234,"hasCapCheck":234,"file":139,"line":255},"sentra_set_auto_scan","ajax_set_auto_scan",69,{"action":257,"nopriv":232,"callback":258,"hasNonce":234,"hasCapCheck":234,"file":139,"line":259},"sentra_test_connection","ajax_test_connection",163,[261,269],{"namespace":262,"route":263,"methods":264,"callback":266,"permissionCallback":267,"file":183,"line":268},"sentra\u002Fv1","\u002Frun-pending",[265],"POST","rest_run_pending","verify_server_signature",25,{"namespace":262,"route":270,"methods":271,"callback":272,"permissionCallback":267,"file":190,"line":273},"\u002Fauto-patch",[265],"rest_auto_patch",24,[],[276,278,280,282,284,286,288],{"hook":181,"callback":181,"file":139,"line":277},526,{"hook":172,"callback":172,"file":139,"line":279},529,{"hook":197,"callback":197,"file":139,"line":281},532,{"hook":223,"callback":223,"file":139,"line":283},535,{"hook":200,"callback":200,"file":139,"line":285},538,{"hook":227,"callback":227,"file":139,"line":287},541,{"hook":181,"callback":181,"file":183,"line":217},9,{"dangerousFunctions":291,"sqlUsage":330,"outputEscaping":333,"fileOperations":179,"externalRequests":336,"nonceChecks":337,"capabilityChecks":337,"bundledLibraries":338},[292,296,298,301,304,308,310,312,314,318,321,324,326,328],{"fn":293,"file":139,"line":294,"context":295},"set_time_limit",294,"@set_time_limit(300); \u002F\u002F phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged",{"fn":293,"file":139,"line":297,"context":295},332,{"fn":293,"file":139,"line":299,"context":300},398,"@set_time_limit(120); \u002F\u002F phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- needed for long ",{"fn":293,"file":183,"line":302,"context":303},159,"@set_time_limit(300); \u002F\u002F phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- needed for long ",{"fn":305,"file":190,"line":306,"context":307},"preg_replace(\u002Fe)",504,"preg_replace(\n\t\t\t'\u002Fe",{"fn":305,"file":190,"line":309,"context":307},511,{"fn":293,"file":190,"line":311,"context":295},92,{"fn":293,"file":190,"line":313,"context":295},124,{"fn":315,"file":190,"line":316,"context":317},"exec",786,"exec('php -l ' . escapeshellarg($tmp) . ' 2>&1', $output, $return); \u002F\u002F phpcs:ignore WordPress.PHP.Di",{"fn":319,"file":194,"line":255,"context":320},"ini_set","ini_set('pcre.backtrack_limit', '10000'); \u002F\u002F phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged",{"fn":319,"file":194,"line":322,"context":323},96,"ini_set('pcre.backtrack_limit', $original_backtrack_limit); \u002F\u002F phpcs:ignore Squiz.PHP.DiscouragedFun",{"fn":319,"file":194,"line":325,"context":323},109,{"fn":319,"file":194,"line":327,"context":320},141,{"fn":319,"file":194,"line":329,"context":323},171,{"prepared":331,"raw":11,"locations":332},6,[],{"escaped":334,"rawEcho":11,"locations":335},312,[],7,8,[],[340,364,383,392,403],{"entryPoint":341,"graph":342,"unsanitizedCount":32,"severity":363},"ajax_api_proxy (freelancebo-sentra-control.php:476)",{"nodes":343,"edges":360},[344,349,353],{"id":345,"type":346,"label":347,"file":139,"line":348},"n0","source","$_POST",515,{"id":350,"type":351,"label":352,"file":139,"line":348},"n1","transform","→ request()",{"id":354,"type":355,"label":356,"file":357,"line":358,"wp_function":359},"n2","sink","wp_remote_request() [SSRF]","includes\u002Fclass-sentra-api-client.php",54,"wp_remote_request",[361,362],{"from":345,"to":350,"sanitized":232},{"from":350,"to":354,"sanitized":232},"medium",{"entryPoint":365,"graph":366,"unsanitizedCount":32,"severity":363},"\u003Cfreelancebo-sentra-control> (freelancebo-sentra-control.php:0)",{"nodes":367,"edges":379},[368,370,374,375,377],{"id":345,"type":346,"label":347,"file":139,"line":369},455,{"id":350,"type":355,"label":371,"file":139,"line":372,"wp_function":373},"update_option() [Settings Manipulation]",459,"update_option",{"id":354,"type":346,"label":347,"file":139,"line":348},{"id":376,"type":351,"label":352,"file":139,"line":348},"n3",{"id":378,"type":355,"label":356,"file":357,"line":358,"wp_function":359},"n4",[380,381,382],{"from":345,"to":350,"sanitized":234},{"from":354,"to":376,"sanitized":232},{"from":376,"to":378,"sanitized":232},{"entryPoint":384,"graph":385,"unsanitizedCount":11,"severity":391},"ajax_set_auto_scan (freelancebo-sentra-control.php:450)",{"nodes":386,"edges":389},[387,388],{"id":345,"type":346,"label":347,"file":139,"line":369},{"id":350,"type":355,"label":371,"file":139,"line":372,"wp_function":373},[390],{"from":345,"to":350,"sanitized":234},"low",{"entryPoint":393,"graph":394,"unsanitizedCount":32,"severity":391},"send_heartbeat (includes\u002Fclass-sentra-heartbeat.php:99)",{"nodes":395,"edges":401},[396,399],{"id":345,"type":346,"label":397,"file":183,"line":398},"$_SERVER",126,{"id":350,"type":355,"label":371,"file":183,"line":400,"wp_function":373},133,[402],{"from":345,"to":350,"sanitized":232},{"entryPoint":404,"graph":405,"unsanitizedCount":32,"severity":391},"\u003Cclass-sentra-heartbeat> (includes\u002Fclass-sentra-heartbeat.php:0)",{"nodes":406,"edges":409},[407,408],{"id":345,"type":346,"label":397,"file":183,"line":398},{"id":350,"type":355,"label":371,"file":183,"line":400,"wp_function":373},[410],{"from":345,"to":350,"sanitized":232},{"summary":412,"deductions":413},"The freelancebo-sentra-control plugin v2.4.0 exhibits a generally good security posture with a notable absence of known vulnerabilities and a commitment to secure coding practices.  All identified entry points, including AJAX handlers and REST API routes, appear to have proper authentication and permission checks in place, which significantly mitigates the risk of unauthorized access and execution.  Furthermore, the plugin demonstrates strong SQL security by exclusively using prepared statements and ensures output is properly escaped, preventing common cross-site scripting (XSS) vulnerabilities. The vulnerability history showing zero recorded CVEs is a positive indicator of the plugin's current security maturity.\n\nHowever, the static analysis does reveal areas of concern. The presence of dangerous functions like `set_time_limit`, `preg_replace(\u002Fe)`, `exec`, and `ini_set` in the codebase, while not necessarily indicative of a vulnerability in themselves, suggests a potential for misuse if inputs are not rigorously sanitized.  More critically, the taint analysis identified four flows with unsanitized paths. While rated as low severity, these flows represent potential attack vectors where user-supplied data could be used in file operations or other sensitive actions without adequate validation, potentially leading to unexpected behavior or information disclosure. The extensive use of file operations (16 instances) coupled with these unsanitized paths warrants careful review.\n\nIn conclusion, freelancebo-sentra-control v2.4.0 is a relatively secure plugin, largely due to its strong authentication, permission checks, and SQL\u002Foutput sanitization practices. The lack of historical vulnerabilities is encouraging. Nevertheless, the presence of dangerous functions and, more importantly, the taint analysis findings concerning unsanitized paths necessitate attention. Addressing these specific code signals will further enhance the plugin's overall security and resilience against potential exploits.",[414,416],{"reason":415,"points":184},"Flows with unsanitized paths found in taint analysis",{"reason":417,"points":337},"Presence of dangerous functions used in code","2026-04-16T14:19:44.371Z",{"wat":420,"direct":433},{"assetPaths":421,"generatorPatterns":426,"scriptPaths":427,"versionParams":428},[422,423,424,425],"\u002Fwp-content\u002Fplugins\u002Ffreelancebo-sentra-control\u002Fassets\u002Fcss\u002Fsentra-admin.css","\u002Fwp-content\u002Fplugins\u002Ffreelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-admin.js","\u002Fwp-content\u002Fplugins\u002Ffreelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-scan.js","\u002Fwp-content\u002Fplugins\u002Ffreelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-auto-patch.js",[],[423,424,425],[429,430,431,432],"freelancebo-sentra-control\u002Fassets\u002Fcss\u002Fsentra-admin.css?ver=","freelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-admin.js?ver=","freelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-scan.js?ver=","freelancebo-sentra-control\u002Fassets\u002Fjs\u002Fsentra-auto-patch.js?ver=",{"cssClasses":434,"htmlComments":439,"htmlAttributes":440,"restEndpoints":442,"jsGlobals":444,"shortcodeOutput":448},[435,436,437,438],"sentra-admin-wrap","sentra-dashboard-widget","sentra-scan-status","sentra-finding-item",[],[441],"data-sentra-nonce",[443],"\u002Fwp-json\u002Fsentra\u002Fv1\u002Fproxy",[445,446,447],"SentraAdmin","SentraScan","SentraAutoPatch",[],{"error":234,"url":450,"statusCode":451,"statusMessage":452,"message":452},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffreelancebo-sentra-control\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":175,"versions":454},[455,460,467,474,481,488,495,502,509,516,523,530,537,544,551],{"version":6,"download_url":24,"svn_tag_url":456,"released_at":26,"has_diff":232,"diff_files_changed":457,"diff_lines":26,"trac_diff_url":458,"vulnerabilities":459,"is_current":234},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.3.1&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.4.0",[],{"version":461,"download_url":462,"svn_tag_url":463,"released_at":26,"has_diff":232,"diff_files_changed":464,"diff_lines":26,"trac_diff_url":465,"vulnerabilities":466,"is_current":232},"2.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.3.0&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.3.1",[],{"version":468,"download_url":469,"svn_tag_url":470,"released_at":26,"has_diff":232,"diff_files_changed":471,"diff_lines":26,"trac_diff_url":472,"vulnerabilities":473,"is_current":232},"2.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.5&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.3.0",[],{"version":475,"download_url":476,"svn_tag_url":477,"released_at":26,"has_diff":232,"diff_files_changed":478,"diff_lines":26,"trac_diff_url":479,"vulnerabilities":480,"is_current":232},"2.2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.4&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.5",[],{"version":482,"download_url":483,"svn_tag_url":484,"released_at":26,"has_diff":232,"diff_files_changed":485,"diff_lines":26,"trac_diff_url":486,"vulnerabilities":487,"is_current":232},"2.2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.3&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.4",[],{"version":489,"download_url":490,"svn_tag_url":491,"released_at":26,"has_diff":232,"diff_files_changed":492,"diff_lines":26,"trac_diff_url":493,"vulnerabilities":494,"is_current":232},"2.2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.2&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.3",[],{"version":496,"download_url":497,"svn_tag_url":498,"released_at":26,"has_diff":232,"diff_files_changed":499,"diff_lines":26,"trac_diff_url":500,"vulnerabilities":501,"is_current":232},"2.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.1&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.2",[],{"version":503,"download_url":504,"svn_tag_url":505,"released_at":26,"has_diff":232,"diff_files_changed":506,"diff_lines":26,"trac_diff_url":507,"vulnerabilities":508,"is_current":232},"2.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.0&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.1",[],{"version":510,"download_url":511,"svn_tag_url":512,"released_at":26,"has_diff":232,"diff_files_changed":513,"diff_lines":26,"trac_diff_url":514,"vulnerabilities":515,"is_current":232},"2.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.9&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.2.0",[],{"version":517,"download_url":518,"svn_tag_url":519,"released_at":26,"has_diff":232,"diff_files_changed":520,"diff_lines":26,"trac_diff_url":521,"vulnerabilities":522,"is_current":232},"2.1.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.8&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.9",[],{"version":524,"download_url":525,"svn_tag_url":526,"released_at":26,"has_diff":232,"diff_files_changed":527,"diff_lines":26,"trac_diff_url":528,"vulnerabilities":529,"is_current":232},"2.1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.7&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.8",[],{"version":531,"download_url":532,"svn_tag_url":533,"released_at":26,"has_diff":232,"diff_files_changed":534,"diff_lines":26,"trac_diff_url":535,"vulnerabilities":536,"is_current":232},"2.1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.6&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.7",[],{"version":538,"download_url":539,"svn_tag_url":540,"released_at":26,"has_diff":232,"diff_files_changed":541,"diff_lines":26,"trac_diff_url":542,"vulnerabilities":543,"is_current":232},"2.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.5&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.6",[],{"version":545,"download_url":546,"svn_tag_url":547,"released_at":26,"has_diff":232,"diff_files_changed":548,"diff_lines":26,"trac_diff_url":549,"vulnerabilities":550,"is_current":232},"2.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.4&new_path=%2Ffreelancebo-sentra-control%2Ftags%2F2.1.5",[],{"version":552,"download_url":553,"svn_tag_url":554,"released_at":26,"has_diff":232,"diff_files_changed":555,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":556,"is_current":232},"2.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelancebo-sentra-control.2.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffreelancebo-sentra-control\u002Ftags\u002F2.1.4\u002F",[],[]]