[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fV6mZfvyY-RQggWtrlY2RnKTxWVl5IlA-oY1SgXh15OM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":142,"fingerprints":254},"gauntlet-security","Gauntlet Security","1.4.1","Cornelius Bergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbergen\u002F","\u003Cp>Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, plugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue.\u003C\u002Fp>\n\u003Cp>How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins.\u003C\u002Fp>\n\u003Cp>Checks and recommendations include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set correct file and directory permissions\u003C\u002Fli>\n\u003Cli>Turn off directory indexing\u003C\u002Fli>\n\u003Cli>Prevent code execution in the uploads directory\u003C\u002Fli>\n\u003Cli>Block files in the includes directory\u003C\u002Fli>\n\u003Cli>Prevent access to stray files which could be useful to attackers\u003C\u002Fli>\n\u003Cli>Keep PHP up-to-date\u003C\u002Fli>\n\u003Cli>Disable dangerous PHP functions\u003C\u002Fli>\n\u003Cli>Disable allow_url_include and allow_url_fopen PHP flags\u003C\u002Fli>\n\u003Cli>Turn off the display of PHP errors\u003C\u002Fli>\n\u003Cli>Don’t advertise the PHP version you are running\u003C\u002Fli>\n\u003Cli>Use a strong database password\u003C\u002Fli>\n\u003Cli>Change the default database table prefix\u003C\u002Fli>\n\u003Cli>Keep WordPress up-to-date\u003C\u002Fli>\n\u003Cli>Turn off file editing in the control panel\u003C\u002Fli>\n\u003Cli>Set security keys in WP-Config file\u003C\u002Fli>\n\u003Cli>Don’t advertise the WordPress version you are running\u003C\u002Fli>\n\u003Cli>Turn off self-registration\u003C\u002Fli>\n\u003Cli>Force SSL when accessing the admin area\u003C\u002Fli>\n\u003Cli>Review the development activity and reputation of all plugins\u003C\u002Fli>\n\u003Cli>Remove unused themes from the server\u003C\u002Fli>\n\u003Cli>Rename the plugin directory\u003C\u002Fli>\n\u003Cli>Move the active theme to an alternate location\u003C\u002Fli>\n\u003Cli>Do not use TimThumb\u003C\u002Fli>\n\u003Cli>Do not use common user names (such as “admin”)\u003C\u002Fli>\n\u003Cli>Do not use weak passwords\u003C\u002Fli>\n\u003Cli>Do not have a user with an ID = 1\u003C\u002Fli>\n\u003Cli>Minimize the number of admin users\u003C\u002Fli>\n\u003Cli>Users should not display their login usernames publicly\u003C\u002Fli>\n\u003Cli>Prevent username enumeration through standard author URLs\u003C\u002Fli>\n\u003Cli>…more tests planned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the \u003Ca href=\"screenshots\" rel=\"nofollow ugc\">screenshots\u003C\u002Fa> for more detail on some of the above features.\u003C\u002Fp>\n\u003Cp>Many of these security checks are based on recommendations from the WordPress codex: https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in-depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Apache web server\u003C\u002Fli>\n\u003Cli>WordPress 3.4 minimum\u003C\u002Fli>\n\u003Cli>PHP 5.2.7 minimum\u003C\u002Fli>\n\u003C\u002Ful>\n","Performs a detailed security analysis of your WordPress installation. Provides specific instructions on how to make your site more secure.",70,8052,100,8,"2016-07-19T02:06:00.000Z","4.6.30","3.4","",[20,21,22,23,24],"exploit","hacks","secure","security","vulnerability","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgauntlet-security.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"cbergen",1,30,84,"2026-04-04T02:25:49.225Z",[38,58,80,99,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340310,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[54,22,23,24,55],"lockdown","website-security","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,98,156,"2026-02-05T20:29:00.000Z","6.9.4","4.7","7.1",[75,76,22,23,77],"bots","firewall","web-application-firewall","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":68,"num_ratings":90,"last_updated":91,"tested_up_to":71,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"patchstack","Patchstack – WordPress & Plugins Security","2.3.5","Patchstack","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatchstack\u002F","\u003Cp>Patchstack is a powerful tool that helps identify security vulnerabilities within your websites’ plugins, themes, and WordPress core. It is powered by the WordPress ecosystem’s most active community of ethical hackers. Patchstack is trusted by leading WordPress experts such as Pagely, Cloudways, GridPane, Plesk, and others!\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fz2nuYpg26Vc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Patchstack is a security plugin for WordPress that finds WP core, plugin and theme vulnerabilities in your websites.\u003C\u002Fp>\n\u003Cp>The free version includes up to 48-hour early warning for new vulnerabilities found by our security research community. It also allows you to automatically update vulnerable software, manage updates remotely, and get snapshot reports on your sites’ security status.\u003C\u002Fp>\n\u003Cp>The paid version includes automatic vulnerability protection. Patchstack deploys highly targeted rules on a per-site basis, only when a specific vulnerability is detected on a site.\u003C\u002Fp>\n\u003Cp>This prevents vulnerable components from being exploited without modifying website code, or impacting site performance or functionality. Patchstack’s paid version includes access to 12,000+ individual protection rules (vPatches).\u003C\u002Fp>\n\u003Cp>Patchstack paid version also includes other preventive security features, such as 2 factor authentication, WordPress specific hardening rules, a Community IP blocklist for malicious IP addresses, advanced security settings, and custom protection rules.\u003C\u002Fp>\n\u003Ch3>Post-hack cleanups vs attack prevention in WordPress security\u003C\u002Fh3>\n\u003Cp>Unlike the standard approach to WordPress security (malware scanning and infection cleanups), Patchstack is focused on preventing infections in the first place.\u003C\u002Fp>\n\u003Cp>Thanks to its big WordPress security research community and partnerships with nearly one thousand plugin vendors and developers, Patchstack is regularly among the first to identify new vulnerabilities.\u003C\u002Fp>\n\u003Ch3>Who is Patchstack’s WordPress security plugin for?\u003C\u002Fh3>\n\u003Cp>Patchstack’s vulnerability management works extremely well for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Agencies with WordPress care\u002Fmaintenance plans for their customers’ websites\u003C\u002Fli>\n\u003Cli>WooCommerce websites to protect their revenue and customers from attacks\u003C\u002Fli>\n\u003Cli>Hosting companies that want to deliver highly targeted vulnerability protection easily and at scale\u003Cbr \u002F>\nWebsite owners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You don’t have to be highly technical to use it. Install the plugin, connect it with the Patchstack App, and stay safe!\u003C\u002Fp>\n\u003Ch3>What features are included in the Patchstack Personal (Free) plan?\u003C\u002Fh3>\n\u003Cp>Patchstack’s Personal plan is a free security service for WordPress that lets you find and manage vulnerabilities in your websites. It includes access to a central security dashboard via the Patchstack web App for more visibility and control over your sites’ security:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Be the first to know about new vulnerabilities.\u003C\u002Fli>\n\u003Cli>Receive notifications if any installed plugins or themes have security issues.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress plugins.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress themes.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress core.\u003C\u002Fli>\n\u003Cli>Receive real-time alerts via email if any security vulnerabilities are found.\u003C\u002Fli>\n\u003Cli>Manage core, plugin and theme updates from a single dashboard.\u003C\u002Fli>\n\u003Cli>[Optional] Enable automatic updates for vulnerable plugins only.\u003C\u002Fli>\n\u003Cli>Generate snapshot reports about the security status of your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What features do Patchstack paid subscriptions have?\u003C\u002Fh3>\n\u003Cp>Patchstack’s paid subscriptions include automatic protection for WordPress vulnerabilities, as well as other protection modules.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Virtual patching to prevent vulnerable components from being exploited\u003C\u002Fli>\n\u003Cli>Advanced hardening module for added WordPress security\u003C\u002Fli>\n\u003Cli>Remote hardening settings (including .httacess, login protection and reCAPTCHA)\u003C\u002Fli>\n\u003Cli>Community IP Blocklist of known attacker IP addresses\u003Cbr \u002F>\nAll of these features are included in the Developer and Enterprise plans.\u003Cbr \u002F>\nAdditionally, Developer and Enterprise plan users have access to custom protection rule creation, periodical security reports and report scheduling.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Personal (Free) plan users can enable these features on a per-site basis for $5 \u002F site per month.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\" rel=\"nofollow ugc\">Patchstack website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\" rel=\"nofollow ugc\">Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\u002Fpatchstack-plugin\u002Fchangelog\u002F\" rel=\"nofollow ugc\">Changelog\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\" rel=\"nofollow ugc\">Patchstack Vulnerability Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what our customers say about our paid plans:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“An excellent and valuable service that’s backed by a company that contributes a significant number of resources and money directly back to the WordPress ecosystem.” – John Blackbourn  \u003C\u002Fli>\n\u003Cli>“Patchstack is like CrowdStrike, but for websites!” – Ryan McCue, HumanMade  \u003C\u002Fli>\n\u003Cli>“The service here is superb! And they are always right on it with the best solution to solve the problem or question at hand. The tool itself speaks for itself. I am very satisfied with this project and the service they offer.” – Daniel Canup  \u003C\u002Fli>\n\u003Cli>“This is a security plugin everyone needs to install. The Patchstack team are incredible at what they do. We have been using them for years and have not been disappointed!” – @craniumstudio  \u003C\u002Fli>\n\u003Cli>“We’ve been with Patchstack for a LONG time (even before they were Patchstack). It has always done its job seamlessly and without fail. Ongoing innovation and updates to the Patchstack product mean this plugin is a winner. 5 stars all the way.” – @guapx  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*Comparisons are made by evaluating paid versions.)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsucuri-alternative\u002F\" rel=\"nofollow ugc\">Sucuri vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fwordfence-alternative\u002F\" rel=\"nofollow ugc\">Wordfence vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fmalcare-alternative\u002F\" rel=\"nofollow ugc\">Malcare vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsitelock-alternative\u002F\" rel=\"nofollow ugc\">Sitelock vs. Patchstack\u003C\u002Fa>\u003C\u002Fp>\n","Patchstack automatically identifies and mitigates security vulnerabilities in WordPress plugins, themes, and core.",40000,554865,61,"2026-01-06T14:10:00.000Z","4.4","5.6",[76,23,95,96,24],"virtual-patching","vulnerabilities","https:\u002F\u002Fpatchstack.com\u002F?utm_medium=wp&utm_source=dashboard&utm_campaign=patchstack%20plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpatchstack.2.3.5.zip",{"slug":100,"name":101,"version":73,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":71,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":119,"unpatched_count":27,"last_vuln_date":120,"fetched_at":29},"bulletproof-security","BulletProof Security","AITpro","https:\u002F\u002Fprofiles.wordpress.org\u002Faitpro\u002F","\u003Cp>WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BulletProof Security is a proactive security plugin that automatically fixes 100+ known issues\u002Fconflicts with other plugins\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fsetup-wizard-autofix\u002F\" title=\"BPS Setup Wizard AutoFix\" rel=\"nofollow ugc\">BPS Setup Wizard AutoFix\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Installation and Setup Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRZ1ARaEE0_I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring\u003C\u002Fli>\n\u003Cli>JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Pro Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Quarantine Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Real-time File Monitor (IDPS)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>DB Monitor Intrusion Detection System (IDS)\u003C\u002Fli>\n\u003Cli>DB Diff Tool: data comparison tool\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Status & Info: extensive database status & info\u003C\u002Fli>\n\u003Cli>Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updated in Real-time\u003C\u002Fli>\n\u003Cli>JTC Anti-Spam|Anti-Hacker\u003C\u002Fli>\n\u003Cli>Uploads Folder Anti-Exploit Guard (UAEG)\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Custom php.ini Website Security\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring w\u002FDashboard Alerting|Status Display & additional options\u002Ffeatures\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>File|Folder Lock: File Locking | Detect & Lock Folders that were not created by you\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>PHP Error Logging\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Pro-Tools: 16 mini-plugins\u003C\u002Fli>\n\u003Cli>Heads Up Dashboard Status Display\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ait-pro.com\u002Fbps-features\u002F\" title=\"BulletProof Security Features\" rel=\"nofollow ugc\">View All BulletProof Security Pro Feature Details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Recommended Video Tutorials\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#custom-code\" title=\"BulletProof Security Custom Code Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Custom Code Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#security-log-firewall\" title=\"BulletProof Security Security Log Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Security Log Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Info\u003C\u002Fh3>\n\u003Cp>For details about BulletProof Security plugin features and frequently asked questions see the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fbulletproof-security-plugin-frequently-asked-questions\u002F\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">BulletProof Security Plugin Frequently Asked Questions\u003C\u002Fa> forum topic. Extensive Help Info can be found on the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fread-me-first-free\u002F#bps-free-general-troubleshooting\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">AIT-pro.com Forum\u003C\u002Fa> website and by clicking the Question Mark Help buttons on BulletProof Security plugin pages.\u003C\u002Fp>\n","WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...",30000,4509595,96,674,"2025-12-08T15:11:00.000Z","5.0","7.0",[76,114,115,22,23],"login-security","malware-scanner","https:\u002F\u002Fforum.ait-pro.com\u002Fread-me-first\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulletproof-security.7.1.zip",89,12,"2026-01-06 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":13,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":93,"tags":135,"homepage":137,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":27,"last_vuln_date":141,"fetched_at":29},"login-rebuilder","Login rebuilder","2.8.8","tmatsuur","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmatsuur\u002F","\u003Cp>Have not you experienced unjust access to wp-login.php? If this plug-in is used, a unique login page will be arranged to your site, and unlawful access will be reduced.\u003C\u002Fp>\n\u003Ch4>Some features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin allows you to change wp-login.php to a login page with a unique name (multisite sub-directory type is supported).\u003C\u002Fli>\n\u003Cli>Create a login page for administrators only, and separate it from the login page for users with other roles.\u003C\u002Fli>\n\u003Cli>Disables login by email address.\u003C\u002Fli>\n\u003Cli>When an administrator logs in, the site administrator is notified by email.\u003C\u002Fli>\n\u003Cli>Selects the response when the wp-login.php page is requested.\u003C\u002Fli>\n\u003Cli>Restrict the functions that can be used, such as login via XML-RPC.\u003C\u002Fli>\n\u003Cli>Restrict REST APIs related to users.\u003C\u002Fli>\n\u003Cli>Disable the author archive page.\u003C\u002Fli>\n\u003Cli>Controls the author information of oEmbed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese – https:\u002F\u002Felearn.jp\u002Fwpman\u002Fcolumn\u002Flogin-rebuilder.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese(ja) – \u003Ca href=\"https:\u002F\u002F12net.jp\u002F\" rel=\"nofollow ugc\">Takenori Matsuura\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can send your own language pack to me.\u003C\u002Fp>\n\u003Cp>Please contact to me.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002F12net.jp\u002F (ja)\u003C\u002Fli>\n\u003Cli>email to takenori.matsuura[at]gmail.com\u003C\u002Fli>\n\u003Cli>@tmatsuur on twitter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F12net.jp\u002F\" rel=\"nofollow ugc\">Takenori Matsuura\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plug-in is not guaranteed though the user of WordPress can freely use this plug-in free of charge regardless of the purpose.\u003Cbr \u002F>\nThe author must acknowledge the thing that the operation guarantee and the support in this plug-in use are not done at all beforehand.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>email to takenori.matsuura[at]gmail.com\u003Cbr \u002F>\ntwitter @tmatsuur\u003C\u002Fp>\n","This plugin will create a new login page for your site. You can also create separate login pages for administrators and for other users.",20000,259264,7,"2026-01-19T07:36:00.000Z","6.9.0","3.2.0",[136],"login-secure-security","https:\u002F\u002Felearn.jp\u002Fwpman\u002Fcolumn\u002Flogin-rebuilder.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-rebuilder.2.8.8.zip",99,2,"2023-05-02 00:00:00",{"attackSurface":143,"codeSignals":168,"taintFlows":222,"riskAssessment":248,"analyzedAt":253},{"hooks":144,"ajaxHandlers":159,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":33,"unprotectedCount":27},[145,151,155],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","add_plugin_admin_menu","gauntlet-security.php",33,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_enqueue_scripts","enqueue_admin_assets",36,{"type":146,"name":156,"callback":157,"file":149,"line":158},"plugins_loaded","load_textdomain",42,[160],{"action":161,"nopriv":162,"callback":161,"hasNonce":163,"hasCapCheck":163,"file":149,"line":164},"run_a_test",false,true,39,[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":220,"externalRequests":131,"nonceChecks":33,"capabilityChecks":33,"bundledLibraries":221},[],{"prepared":27,"raw":27,"locations":171},[],{"escaped":173,"rawEcho":174,"locations":175},45,25,[176,179,180,182,183,185,187,189,191,192,194,196,197,199,201,203,205,206,208,209,211,213,214,216,218],{"file":177,"line":131,"context":178},"admin\\views\\about.php","raw output",{"file":177,"line":14,"context":178},{"file":177,"line":181,"context":178},38,{"file":177,"line":49,"context":178},{"file":177,"line":184,"context":178},133,{"file":177,"line":186,"context":178},144,{"file":177,"line":188,"context":178},155,{"file":190,"line":131,"context":178},"admin\\views\\admin.php",{"file":190,"line":14,"context":178},{"file":190,"line":193,"context":178},29,{"file":190,"line":195,"context":178},37,{"file":190,"line":49,"context":178},{"file":190,"line":198,"context":178},60,{"file":190,"line":200,"context":178},64,{"file":190,"line":202,"context":178},68,{"file":204,"line":131,"context":178},"admin\\views\\noreqs.php",{"file":204,"line":14,"context":178},{"file":204,"line":207,"context":178},32,{"file":204,"line":150,"context":178},{"file":204,"line":210,"context":178},43,{"file":204,"line":212,"context":178},44,{"file":204,"line":173,"context":178},{"file":204,"line":215,"context":178},53,{"file":204,"line":217,"context":178},57,{"file":149,"line":219,"context":178},153,6,[],[223,240],{"entryPoint":224,"graph":225,"unsanitizedCount":27,"severity":239},"run_a_test (gauntlet-security.php:132)",{"nodes":226,"edges":237},[227,232],{"id":228,"type":229,"label":230,"file":149,"line":231},"n0","source","$_POST",145,{"id":233,"type":234,"label":235,"file":149,"line":219,"wp_function":236},"n1","sink","echo() [XSS]","echo",[238],{"from":228,"to":233,"sanitized":163},"low",{"entryPoint":241,"graph":242,"unsanitizedCount":27,"severity":239},"\u003Cgauntlet-security> (gauntlet-security.php:0)",{"nodes":243,"edges":246},[244,245],{"id":228,"type":229,"label":230,"file":149,"line":231},{"id":233,"type":234,"label":235,"file":149,"line":219,"wp_function":236},[247],{"from":228,"to":233,"sanitized":163},{"summary":249,"deductions":250},"The gauntlet-security plugin v1.4.1 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are positive indicators.  The plugin demonstrates good practices by using prepared statements for all SQL queries and implementing nonce and capability checks for its single AJAX entry point. The limited attack surface and the lack of critical or high-severity taint flows further contribute to its secure design.  However, a notable concern is the output escaping, where 36% of outputs are not properly escaped. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly included in these unescaped outputs.  While the plugin has a clean history and no critical static analysis findings, the unescaped output represents a potential weakness that should be addressed to achieve a fully robust security profile.  Overall, it's a well-developed plugin with a solid foundation, but a review and correction of unescaped output is recommended.",[251],{"reason":252,"points":119},"Unescaped output detected","2026-03-16T21:36:18.365Z",{"wat":255,"direct":272},{"assetPaths":256,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[257,258,259,260,261,262],"\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fajaxq.js","\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fgoogle-code-prettify\u002Fprettify.css","\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fgoogle-code-prettify\u002Fprettify.js","\u002Fwp-content\u002Fplugins\u002Fgauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fmustache.min.js",[],[258,262,259,261],[266,267,268,269,270,271],"gauntlet-security\u002Fadmin\u002Fassets\u002Fcss\u002Fadmin.css?ver=","gauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fajaxq.js?ver=","gauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fmustache.min.js?ver=","gauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fadmin.js?ver=","gauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fgoogle-code-prettify\u002Fprettify.css?ver=","gauntlet-security\u002Fadmin\u002Fassets\u002Fjs\u002Fgoogle-code-prettify\u002Fprettify.js?ver=",{"cssClasses":273,"htmlComments":274,"htmlAttributes":275,"restEndpoints":277,"jsGlobals":278,"shortcodeOutput":279},[],[],[276],"data-gauntlet-security-test",[],[],[]]