[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feXWVuu0-oCZ7HqJVhpwmuV9QEvQ3-lvJG9bHlEcYfJ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":131,"fingerprints":235},"gp-firewall","Genius Firewall","1.0.2","Genius Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fwegeniusplugin\u002F","\u003Cp>Democratized web security with the best website firewall: The best WordPress Security Firewall designed for everyone, from beginners to security experts. With powerful features that are effortlessly accessible, it’s user-friendly for those new to web application security. The 1-Click Setup simplifies complex settings, instantly blocking most malicious traffic. Whether you’re a novice or a guru, GENIUS PLUGIN Firewall ensures seamless website security, letting you focus on your tasks.\u003C\u002Fp>\n\u003Ch4>N°1 Saas Multi-Cloud WAF\u003C\u002Fh4>\n\u003Cp>Our Firewall is like no other. No need for complex server, proxy, or DNS changes, or a solution hosted on the same server (vulnerable to exploitation). Genius Plugin is a SaaS and multi-cloud firewall. It’s not hosted on your website, nor is it just a cloud solution or dependent on complex DNS or server settings. It does not relay on a single cloud provider. It’s multi-cloud, powerful yet easy to use. It’s as if it’s omnipresent yet elusive.\u003C\u002Fp>\n\u003Ch4>Mobile Dashboard\u003C\u002Fh4>\n\u003Cp>Accessible from anywhere, anytime, our mobile dashboard offers easy monitoring and adjustment of settings and security rules. With your world cyber-security map and history panel, keep track of live access from legitimate users, administrators, Google, Facebook, LinkedIn, and more.\u003C\u002Fp>\n\u003Ch4>Website Firewall Privacy Revolution\u003C\u002Fh4>\n\u003Cp>With traditional CDN\u002FDNS website firewalls, the provider has the capability to inspect and manipulate all your data passing through the firewall, including sensitive information like passwords, client details, invoices, and emails. Users typically can just try to rely on the trustworthiness and integrity of the WAF provider. We are the FIRST solution to offer unparalleled granular user control over data transmission by allowing transparent and direct filtering of each POST and HEADER variable within the plugin code, in addition to allowing users to selectively activate or deactivate the transmission of various data types, such as POST, HEADER, SESSION ID.\u003C\u002Fp>\n\u003Ch4>Simple Access Sharing\u003C\u002Fh4>\n\u003Cp>Token-based authentication simplifies access management to the admin website side (backoffice) by providing administrators with unique links instead of complex keys. These links grant quick and secure access to sensitive resources without requiring static IPs, dedicated VPNs, or direct access to the firewall dashboard. This approach streamlines access distribution, allowing for easy sharing, revocation, and renewal of access privileges as needed.\u003C\u002Fp>\n\u003Ch4>Free for all\u003C\u002Fh4>\n\u003Cp>Our commitment to democratizing website security is unwavering. We not only strive to provide free firewall protection to as many sites as possible but also offer our Pro plan free of charge for at least one year to non-profit organizations in need of securing their websites. Despite the significant costs involved, we’re continually expanding our server nodes globally to serve more website owners effectively. Our goal is to increase the percentage of secured websites from the current 83% and combat the surge in cybercrime, which has risen by 600% since the start of the pandemic.\u003C\u002Fp>\n\u003Ch4>IP Behavior Monitoring\u003C\u002Fh4>\n\u003Cp>GP Website Security Firewall actively monitors millions of IP behaviors, allowing you to restrict access based on country, network, single IP, VPN, proxy, Tor, relay, and IPs with a bad reputation. Ensure risk-free access for search engines and well-known websites.\u003C\u002Fp>\n\u003Ch4>Groundbreaking Protection Features\u003C\u002Fh4>\n\u003Cp>Experience groundbreaking and exclusive protection features worldwide: Safeguard precisely the data you choose, ensuring the security of your sensitive information without sharing it. Our cloud firewall operates seamlessly without requiring changes to your domain’s DNS or hosting it with us.\u003C\u002Fp>\n\u003Cp>About 50 Features:\u003Cbr \u002F>\nAutomatic Traffic Filtering\u003Cbr \u002F>\nEnhanced Privacy and Data Protection\u003Cbr \u002F>\nCustom Firewall Rules\u003Cbr \u002F>\nPage Requests Rate Limiting by Time\u003Cbr \u002F>\nSearch Engines Whitelisting\u002FBlacklisting\u003Cbr \u002F>\nHost Whitelisting\u002FBlacklisting\u003Cbr \u002F>\nReal-Time Traffic Monitoring\u003Cbr \u002F>\nSecurity Notifications\u002FAlerts\u003Cbr \u002F>\nSecurity Analytics\u002FReporting\u003Cbr \u002F>\nLive World Cyber Attack Map\u003Cbr \u002F>\n…and much more\u003C\u002Fp>\n\u003Cp>For those interested in exploring all features in detail, they can visit this link. https:\u002F\u002Fwww.geniusplugin.com\u002Ffeatures\u002F\u003C\u002Fp>\n\u003Ch3>Genius Plugin Firewall Service\u003C\u002Fh3>\n\u003Cp>Genius Plugin Firewall leverages a powerful Multi-Cloud Software as a Service (SAAS) platform to enhance the security of your WordPress website. Our SAAS service provides a comprehensive set of features and functionalities designed to safeguard your site from various online threats. Below is an overview of the key aspects of our service:\u003C\u002Fp>\n\u003Ch4>Real-Time Threat Detection\u003C\u002Fh4>\n\u003Cp>Our plugin employs advanced threat detection mechanisms to identify and mitigate potential security risks in real-time. By continuously monitoring your website’s traffic, we can promptly respond to emerging threats and ensure the safety of your online presence.\u003C\u002Fp>\n\u003Ch4>Robust Firewall Protection\u003C\u002Fh4>\n\u003Cp>Experience unparalleled firewall protection. We implement industry-leading firewall rules and continuously update them to adapt to evolving security landscapes. This proactive approach ensures that your website remains shielded from the latest threats and vulnerabilities.\u003C\u002Fp>\n\u003Ch4>Intelligent Traffic Filtering\u003C\u002Fh4>\n\u003Cp>Say goodbye to unwanted traffic and malicious requests. Our SAAS service filters incoming traffic intelligently, distinguishing between legitimate users and potential threats. This not only enhances your site’s security but also contributes to optimal performance.\u003C\u002Fp>\n\u003Ch4>Live WORLD Cyber Attack Map\u003C\u002Fh4>\n\u003Cp>The Live World Cyber Attack Map provides real-time visualization of website or application access hits in an interactive and graphical format. This powerful tool allows users to stay informed about incoming traffic and potential attacks, helping them to proactively respond and stay ahead of security threats.\u003C\u002Fp>\n\u003Cp>The map displays the top 20 new access points, highlighting the 10 latest sources of both legitimate visitors and potential attacks. With its visually appealing Network Operations Center (NOC) view, some customers have even utilized this feature to showcase or communicate their website traffic in an impressive manner. It serves as a comprehensive overview, allowing users to understand the overall picture of their web traffic and take necessary measures to ensure the security and stability of their online presence.\u003C\u002Fp>\n\u003Ch4>Captcha human challenge\u003C\u002Fh4>\n\u003Cp>This function can be enabled for visitors which are about to be denied access by your ruleset, but still you give them a chance to visit your website, only if they have not tried to cross your website firewall “red lines”. CAPTCHAs are used to weed out bots with a test meant to be easy for humans and hard for bots. We use hCaptcha as it’s the only one with privacy focus and complies with GDPR, LGPD, PIPL, CCPA. It protects your services from scraping, credential stuffing, account takeovers, spam and more with AI technology. It uses simple tasks and takes less time for most users while stopping more bot traffic.\u003C\u002Fp>\n\u003Ch4>Red lines ambush\u003C\u002Fh4>\n\u003Cp>Red lines ambush are hidden limits you set, beyond which, the visitor is simply denied access temporarily or permanently.\u003Cbr \u002F>\nHow many pages can a human visit per minute? 1, 5, 10, 15.. sure no more. This is one of the red lines you can trace, so that malicious behaviors are ambushed.\u003Cbr \u002F>\nHow many times a visitor can try to access pages that does not exist, or that you don’t want him to access to, before you ban him temporarily?\u003Cbr \u002F>\nHow many times a visitor attempts to make bad requests, you previously determined as being bad requests, for example, because the url address contains prohibited words or requests, before he is denied access?\u003Cbr \u002F>\nWhat is the ultimate number of bad behaviour records, beyond which, the visitor is “killed” permanently?\u003Cbr \u002F>\nWe made red lines ambush so fast and easy to use, yet so powerful, that you will enjoy seeing malicious persons and robots fell into ambushes.\u003C\u002Fp>\n\u003Ch4>Data Privacy and Encryption\u003C\u002Fh4>\n\u003Cp>The Website Firewall is specifically crafted to prioritize privacy, confidentiality, and data protection, offering an array of features and actions to secure sensitive information.\u003Cbr \u002F>\nContrary to the majority of competitors, clients maintain control over the data sent from the WAF setting console (dashboard) and the plugin code before actual transmission, distinguishing Genius Plugin from its counterparts. Users can selectively activate or deactivate the transmission of various data types, such as POST content, often containing sensitive information. Additionally, they have the ability to enable or disable the sending of HEADER data associated with each request, along with the option to activate or deactivate user intelligence tracking.\u003Cbr \u002F>\nGenius Plugin stands out as the first Firewall providing the capability to transparently and directly filter each POST and HEADER variable within the plugin code, offering unparalleled granular user control over the data sent to the firewall.\u003Cbr \u002F>\nTo ensure privacy compliance, we leverage hCaptcha as the human challenge system. hCaptcha adheres to privacy-focused regulations such as GDPR, LGPD, PIPL, and CCPA, assuring the protection of user data. For more information about the hCaptcha third-party service: https:\u002F\u002Fwww.hcaptcha.com\u002F. For more information about its terms of use and privacy policies, please visit respectively https:\u002F\u002Fwww.hcaptcha.com\u002Fprivacy and https:\u002F\u002Fwww.hcaptcha.com\u002Fterms.\u003Cbr \u002F>\nA pivotal privacy-enhancing measure is that GP Firewall does not retain any POST, HEADER, or user tracking intelligence data. It analyzes the data on the fly, storing only the visitor’s IP and the URL request, minimizing the risk of data exposure. Only a few essential fragments of attacks are retained to empower users to enhance their website protection.\u003C\u002Fp>\n\u003Cp>In an additional layer of data safeguarding, rulesets, which may contain fragments of visitor data (IP & URL), are not retained for more than 60 days. This ensures that potentially sensitive information is not stored longer than necessary.\u003Cbr \u002F>\nPlease visit our \u003Ca href=\"https:\u002F\u002Fwww.geniusplugin.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Beyond the crucials\u003C\u002Fh4>\n\u003Cp>3 crucials facts about firewalls:\u003Cbr \u002F>\n• A website or service protected by a firewall, where the entire code is open and hosted on your website, can be easely analyzed. However, this approach may be vulnerable, as hackers may have already bypassed the code, or it may have limited capabilities due to resource consumption… logic!\u003Cbr \u002F>\n• If you rely on a WAF solution that requires you to use a CDN or change your domain nameservers, you could be sending sensitive information such as passwords, client details, invoices, and emails, and relying solely on the trustworthiness and integrity of the WAF provider.\u003Cbr \u002F>\n• Security experts shun CDNs as firewalls due to various risks. Avoid being misled by marketing tactics and try to google “public cdn risks” for more details.\u003C\u002Fp>\n\u003Ch4>Service Terms of Use\u003C\u002Fh4>\n\u003Cp>Please visit our \u003Ca href=\"https:\u002F\u002Fwww.geniusplugin.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for detailed information about the terms and conditions.\u003C\u002Fp>\n","Democratized web security for free with the best website firewall designed for everyone from beginners to security experts using Wordpress.",0,1577,"","6.6.5","4.9","5.6",[18,19,20,21,22],"firewall","protection","secure","security","waf","https:\u002F\u002Fwww.geniusplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-firewall.1.0.2.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"wegeniusplugin",1,30,94,"2026-04-04T14:40:01.255Z",[36,58,72,92,109],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":57},"waf-security-suite-for-cloudflare","Cloud Maestro – WAF Security Suite for Cloudflare","1.0.8","Rob @ 5 Star Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002F5starplugins\u002F","\u003Cp>Cloud Maestro brings centralized Cloudflare Web Application Firewall (WAF) controls directly into WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why would I use a plugin when I can create rules in Cloudflare?\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you manage multiple Cloudflare-connected sites, Cloud Maestro is a productivity tool that helps oversee several domains from a central dashboard using WordPress. If you only manage one domain in Cloudflare, you wouldn’t benefit from this plugin.\u003C\u002Fp>\n\u003Cp>It’s useful for someone managing:\u003Cbr \u002F>\n– Their own sites and client sites\u003Cbr \u002F>\n– Multiple businesses\u003Cbr \u002F>\n– Separate Cloudflare accounts\u003C\u002Fp>\n\u003Cp>People like using Cloud Maestro because configuring security rules one domain at a time is inefficient and error-prone. It allows you to configure WAF rules once and deploy them consistently across all domains in your Cloudflare account — instantly.\u003C\u002Fp>\n\u003Cp>The free version supports one Cloudflare account with multiple domains.\u003C\u002Fp>\n\u003Cp>An optional premium version is available for managing unlimited domains across multiple Cloudflare accounts at once.\u003C\u002Fp>\n\u003Ch3>🛡️ Why Use Cloud Maestro – WAF Security Suite for Cloudflare?\u003C\u002Fh3>\n\u003Cp>Managing security rules across multiple Cloudflare domains is tedious and time-consuming. This plugin streamlines the process, allowing you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deploy in One Click\u003C\u002Fstrong> – Apply comprehensive WAF rules to multiple domains simultaneously\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Time\u003C\u002Fstrong> – No more manually configuring rules on each domain, one at a time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise Security\u003C\u002Fstrong> – Protect against bots, aggressive crawlers, malicious IPs, and common threats\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce Mistakes\u003C\u002Fstrong> – Maintain consistent security rules across domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Free Standard Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>One Cloudflare account\u003C\u002Fli>\n\u003Cli>Multiple domains\u003C\u002Fli>\n\u003Cli>One-click WAF rule deployment\u003C\u002Fli>\n\u003Cli>Centralized Cloudflare controls\u003C\u002Fli>\n\u003Cli>Secure API credential storage (AES-256-CBC encryption)\u003C\u002Fli>\n\u003Cli>Plugin updates\u003Cbr \u002F>\nThe free plugin does not require an upgrade.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 What Gets Protected\u003C\u002Fh3>\n\u003Cp>The plugin deploys \u003Cstrong>3 optimized trusted security rules\u003C\u002Fstrong> (prior versions used 5) that work together to protect your sites:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Good Bot Allowlist\u003C\u002Fstrong> – Ensures legitimate bots (Google, Bing, monitoring tools) can access your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Managed Challenges for Suspicious Traffic\u003C\u002Fstrong> – Automatically challenges requests from certain ASNs and non-US traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Aggressive Crawler Protection\u003C\u002Fstrong> – Blocks unauthorized crawlers and bots (Yandex, Semrush, Ahrefs, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>VPN & Login Protection\u003C\u002Fstrong> – Adds extra challenges for VPN traffic and WordPress login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block Known Threats\u003C\u002Fstrong> – Automatically blocks web hosts, malicious IPs, TOR nodes, and attack vectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Premium Upgrade (Optional)\u003C\u002Fh3>\n\u003Cp>For agencies and professionals managing multiple Cloudflare accounts, a Premium version is available with expanded functionality and tech support. \u003Cstrong>\u003Ca href=\"https:\u002F\u002F5starplugins.com\u002Fcloud-maestro-cloudflare-waf-rules\u002F\" rel=\"nofollow ugc\">Check out our free trial\u003C\u002Fa>\u003C\u002Fstrong> for these features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-Account Management\u003C\u002Fstrong> – Automatically manage domains across ALL your Cloudflare accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Bot Whitelisting\u003C\u002Fstrong> – Built-in checkboxes for 50+ trusted services across 8 categories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom User Agents\u003C\u002Fstrong> – Add your own user agent strings to the Good Bot Rule\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP Whitelisting\u003C\u002Fstrong> – Add trusted IP addresses to the Goot Bot Rule\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Rules management\u003C\u002Fstrong> – View and edit Cloudflare’s IP Rules that block or allow access even before hitting WAF rules (and we are working on connecting to fail2ban and Wordfence blocks)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong> – Get expert help when you need it\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Customization\u003C\u002Fstrong> – Fine-tune rules to match your exact requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Account Management\u003C\u002Fstrong> – Centrally manage unlimited domains across all your Cloudflare accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 Important Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Rule Replacement:\u003C\u002Fstrong> This plugin replaces existing custom WAF rules on targeted domains. Make sure to back up any custom rules you want to keep.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatibility:\u003C\u002Fstrong> Works with Cloudflare Free, Pro, and Business plans. Not compatible with Enterprise plans managed by hosting providers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service Monitoring:\u003C\u002Fstrong> These rules might challenge some monitoring or uptime services. Check Cloudflare’s Events log if services stop connecting, and add exceptions as needed.\u003C\u002Fp>\n","Bulk deploy powerful WAF security rules to multiple Cloudflare domains with one click. Protect your sites from bots, malicious traffic, and threats.",10,625,3,"2026-03-06T05:28:00.000Z","6.9.4","6.0","7.4",[52,53,18,21,54],"bot-protection","cloudflare","waf-rules","https:\u002F\u002F5starplugins.com\u002Fcloud-maestro-cloudflare-waf-rules\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwaf-security-suite-for-cloudflare.1.0.8.zip","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":68,"homepage":70,"download_link":71,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":57},"ipintel-ai-firewall","IPIntel AI Firewall","0.4.0","ipintelai","https:\u002F\u002Fprofiles.wordpress.org\u002Fipintelai\u002F","\u003Cp>IPIntel AI Firewall (WAF) integrates AI-powered IP reputation analysis into WordPress\u003Cbr \u002F>\nto help site owners detect and mitigate automated abuse, scanners, and malicious traffic.\u003C\u002Fp>\n\u003Cp>Incoming requests are evaluated using external reputation signals and risk scoring.\u003Cbr \u002F>\nBased on the assessed risk level, traffic may be allowed, challenged for human verification,\u003Cbr \u002F>\nor blocked automatically.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be easy to use and does not require custom code or\u003Cbr \u002F>\ninfrastructure management.\u003C\u002Fp>\n\u003Cp>Project website:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AI-powered IP reputation and risk scoring\u003C\u002Fli>\n\u003Cli>Automatic allow, challenge, or block decisions\u003C\u002Fli>\n\u003Cli>Human verification challenge for suspicious traffic\u003C\u002Fli>\n\u003Cli>Compatible with aggressive caching environments (one-time manual configuration required)\u003C\u002Fli>\n\u003Cli>Optional visual security badge\u003C\u002Fli>\n\u003Cli>Simple configuration for non-technical users\u003C\u002Fli>\n\u003Cli>Free API key available with daily request limits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>This plugin connects to the IPIntel.ai API to analyze visitor IP addresses\u003Cbr \u002F>\nfor security and threat detection purposes.\u003C\u002Fp>\n\u003Cp>Data transmitted to the external service:\u003Cbr \u002F>\n– Visitor IP address\u003Cbr \u002F>\n– API key (used solely for request authentication)\u003C\u002Fp>\n\u003Cp>No WordPress user account data, cookies, or User-Agent information are transmitted.\u003C\u002Fp>\n\u003Cp>The external service is used exclusively to determine whether a request\u003Cbr \u002F>\nshould be allowed, challenged, or blocked.\u003C\u002Fp>\n\u003Cp>A free API key is available with a daily request limit.\u003C\u002Fp>\n\u003Cp>Get API key:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fdashboard\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fdashboard\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Higher request limits require an upgrade.\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fterms\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Page Cache Compatibility\u003C\u002Fh3>\n\u003Cp>IPIntel AI Firewall relies on per-visitor verification.\u003C\u002Fp>\n\u003Cp>When full-page caching is enabled, the cache must vary by the\u003Cbr \u002F>\nverification cookie in order for challenges to work correctly.\u003C\u002Fp>\n\u003Cp>For LiteSpeed Cache:\u003Cbr \u002F>\n– Go to LiteSpeed Cache \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cache \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Vary\u003Cbr \u002F>\n– Add the following cookie:\u003Cbr \u002F>\n  ipintel_human_ok\u003Cbr \u002F>\n– Save changes and purge the cache\u003C\u002Fp>\n\u003Cp>This is a one-time configuration step.\u003C\u002Fp>\n\u003Cp>Without cache variation, it is technically impossible for any WordPress\u003Cbr \u002F>\nplugin to reliably challenge unverified visitors.\u003C\u002Fp>\n\u003Ch3>Optional Footer Badge\u003C\u002Fh3>\n\u003Cp>The plugin includes an optional footer badge that can be enabled\u003Cbr \u002F>\nfrom the settings page.\u003C\u002Fp>\n\u003Cp>When enabled, the badge displays a small visual indicator showing\u003Cbr \u002F>\nthat the site is protected by IPIntel.ai.\u003C\u002Fp>\n\u003Cp>The badge does not collect data, perform tracking,\u003Cbr \u002F>\nor load external resources.\u003C\u002Fp>\n\u003Cp>The footer badge is disabled by default and can be turned on or off at any time.\u003C\u002Fp>\n","IP reputation firewall (WAF) for WordPress using AI-powered threat analysis and automatic request verification.",88,"2026-01-06T22:19:00.000Z",[52,18,69,21,22],"ip-reputation","https:\u002F\u002Fipintel.ai\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipintel-ai-firewall.0.4.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":48,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":90,"download_link":91,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":57},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,98,156,"2026-02-05T20:29:00.000Z","4.7","7.1",[88,18,20,21,89],"bots","web-application-firewall","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":80,"downloaded":100,"rating":82,"num_ratings":101,"last_updated":102,"tested_up_to":48,"requires_at_least":15,"requires_php":86,"tags":103,"homepage":106,"download_link":107,"security_score":25,"vuln_count":31,"unpatched_count":11,"last_vuln_date":108,"fetched_at":57},"ninjafirewall","NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall","4.8.4","nintechnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fnintechnet\u002F","\u003Ch4>A true Web Application Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.\u003C\u002Fp>\n\u003Cp>It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache \u003Ca href=\"http:\u002F\u002Fwww.modsecurity.org\u002F\" title=\"\" rel=\"nofollow ugc\">ModSecurity\u003C\u002Fa> module or the PHP \u003Ca href=\"http:\u002F\u002Fsuhosin.org\u002F\" title=\"\" rel=\"nofollow ugc\">Suhosin\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is \u003Cstrong>not compatible with Microsoft Windows\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>NinjaFirewall can hook, scan, sanitise or reject any HTTP\u002FHTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.\u003C\u002Fp>\n\u003Ch4>Powerful filtering engine\u003C\u002Fh4>\n\u003Cp>NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fintroduction-to-ninjafirewall-filtering-engine\u002F\" title=\"\" rel=\"nofollow ugc\">An introduction to NinjaFirewall filtering engine\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Fastest and most efficient brute-force attack protection for WordPress\u003C\u002Fh4>\n\u003Cp>By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.\u003C\u002Fp>\n\u003Cp>See our benchmarks and stress-tests: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fwordpress-brute-force-attack-detection-plugins-comparison-2015\u002F\" title=\"\" rel=\"nofollow ugc\">Brute-force attack detection plugins comparison\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The protection applies to the \u003Ccode>wp-login.php\u003C\u002Fcode> script but can be extended to the \u003Ccode>xmlrpc.php\u003C\u002Fcode> one. The incident can also be written to the server \u003Ccode>AUTH\u003C\u002Fcode> log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).\u003C\u002Fp>\n\u003Ch4>Real-time detection\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Guard\u003C\u002Fstrong> real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).\u003C\u002Fp>\n\u003Ch4>File integrity monitoring\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Check\u003C\u002Fstrong> lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.\u003C\u002Fp>\n\u003Ch4>Watch your website traffic in real time\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Live Log\u003C\u002Fstrong> lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the \u003Ccode>tail -f\u003C\u002Fcode> Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, \u003Cstrong>Live Log\u003C\u002Fstrong> is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.\u003C\u002Fp>\n\u003Ch4>Event Notifications\u003C\u002Fh4>\n\u003Cp>NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-adds-php-backtrace-to-email-notifications\u002F\" title=\"NinjaFirewall adds PHP backtrace to email notifications\" rel=\"nofollow ugc\">attach a PHP backtrace\u003C\u002Fa> to important notifications.\u003C\u002Fp>\n\u003Cp>Monitored events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrator login.\u003C\u002Fli>\n\u003Cli>Modification of any administrator account in the database.\u003C\u002Fli>\n\u003Cli>Plugins upload, installation, (de)activation, update, deletion.\u003C\u002Fli>\n\u003Cli>Themes upload, installation, activation, deletion.\u003C\u002Fli>\n\u003Cli>WordPress update.\u003C\u002Fli>\n\u003Cli>Pending security update in your plugins and themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stay protected against the latest WordPress security vulnerabilities\u003C\u002Fh4>\n\u003Cp>To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins\u002Fthemes, a new set of security rules will be made available to protect your blog immediately.\u003C\u002Fp>\n\u003Ch4>Strong Privacy\u003C\u002Fh4>\n\u003Cp>Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).\u003C\u002Fp>\n\u003Cp>Your website can run NinjaFirewall and be \u003Cstrong>compliant with the General Data Protection Regulation (GDPR)\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-general-data-protection-regulation-compliance\u002F\" title=\"GDPR Compliance\" rel=\"nofollow ugc\">See our blog for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>IPv6 compatibility\u003C\u002Fh4>\n\u003Cp>IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.\u003C\u002Fp>\n\u003Ch4>Multi-site support\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.\u003C\u002Fp>\n\u003Ch4>Possibility to prepend your own PHP code to the firewall\u003C\u002Fh4>\n\u003Cp>You can prepend your own PHP code to the firewall with the help of an \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-the-htninja-configuration-file\u002F\" rel=\"nofollow ugc\">optional distributed configuration file\u003C\u002Fa>. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.\u003C\u002Fp>\n\u003Ch4>Low Footprint Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is very fast, optimised, compact, and requires very low system resource.\u003Cbr \u002F>\nSee for yourself: download and install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-profiler\u002F\" title=\"\" rel=\"ugc\">Code Profiler\u003C\u002Fa> plugin and compare NinjaFirewall’s performance with other security plugins.\u003C\u002Fp>\n\u003Ch4>Non-Intrusive User Interface\u003C\u002Fh4>\n\u003Cp>NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.\u003C\u002Fp>\n\u003Ch4>Contextual Help\u003C\u002Fh4>\n\u003Cp>Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it.\u003Cbr \u002F>\nIf you need help, click on the \u003Cem>Help\u003C\u002Fem> menu tab located in the upper right corner of each page in your admin panel.\u003C\u002Fp>\n\u003Ch4>Need more security ?\u003C\u002Fh4>\n\u003Cp>Check out our new supercharged edition: \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"NinjaFirewall WP+ Edition\" rel=\"nofollow ugc\">NinjaFirewall WP+ Edition\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unix shared memory use for inter-process communication and blazing fast performances.\u003C\u002Fli>\n\u003Cli>IP-based Access Control.\u003C\u002Fli>\n\u003Cli>Role-based Access Control.\u003C\u002Fli>\n\u003Cli>Country-based Access Control via geolocation.\u003C\u002Fli>\n\u003Cli>URL-based Access Control.\u003C\u002Fli>\n\u003Cli>Bot-based Access Control.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fcentralized-logging-with-ninjafirewall\u002F\" title=\"Centralized Logging\" rel=\"nofollow ugc\">Centralized Logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Antispam for comment and user regisration forms.\u003C\u002Fli>\n\u003Cli>Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks.\u003C\u002Fli>\n\u003Cli>Response body filter to scan the output of the HTML page right before it is sent to your visitors browser.\u003C\u002Fli>\n\u003Cli>Better File uploads management.\u003C\u002Fli>\n\u003Cli>Better logs management.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fsyslog-logging-with-ninjafirewall\u002F\" title=\"Syslog logging\" rel=\"nofollow ugc\">Syslog logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa> about the WP+ Edition unique features. \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F?comparison\" title=\"\" rel=\"nofollow ugc\">Compare\u003C\u002Fa> the WP and WP+ Editions.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.9+\u003C\u002Fli>\n\u003Cli>Admin\u002FSuperadmin with \u003Ccode>manage_options\u003C\u002Fcode> + \u003Ccode>unfiltered_html capabilities\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>PHP 7.1+\u003C\u002Fli>\n\u003Cli>MySQL or MariaDB with MySQLi extension\u003C\u002Fli>\n\u003Cli>Apache \u002F Nginx \u002F LiteSpeed \u002F Openlitespeed compatible\u003C\u002Fli>\n\u003Cli>Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is \u003Cstrong>NOT\u003C\u002Fstrong> compatible with Microsoft Windows.\u003C\u002Fli>\n\u003C\u002Ful>\n","A true Web Application Firewall to protect and secure WordPress.",3089632,217,"2026-03-12T09:53:00.000Z",[18,104,19,21,105],"malware","virus","https:\u002F\u002Fnintechnet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninjafirewall.4.8.4.zip","2021-05-30 00:00:00",{"slug":110,"name":111,"version":86,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":48,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":126,"download_link":127,"security_score":128,"vuln_count":129,"unpatched_count":11,"last_vuln_date":130,"fetched_at":57},"bulletproof-security","BulletProof Security","AITpro","https:\u002F\u002Fprofiles.wordpress.org\u002Faitpro\u002F","\u003Cp>WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BulletProof Security is a proactive security plugin that automatically fixes 100+ known issues\u002Fconflicts with other plugins\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fsetup-wizard-autofix\u002F\" title=\"BPS Setup Wizard AutoFix\" rel=\"nofollow ugc\">BPS Setup Wizard AutoFix\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Installation and Setup Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRZ1ARaEE0_I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring\u003C\u002Fli>\n\u003Cli>JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Pro Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Quarantine Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Real-time File Monitor (IDPS)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>DB Monitor Intrusion Detection System (IDS)\u003C\u002Fli>\n\u003Cli>DB Diff Tool: data comparison tool\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Status & Info: extensive database status & info\u003C\u002Fli>\n\u003Cli>Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updated in Real-time\u003C\u002Fli>\n\u003Cli>JTC Anti-Spam|Anti-Hacker\u003C\u002Fli>\n\u003Cli>Uploads Folder Anti-Exploit Guard (UAEG)\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Custom php.ini Website Security\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring w\u002FDashboard Alerting|Status Display & additional options\u002Ffeatures\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>File|Folder Lock: File Locking | Detect & Lock Folders that were not created by you\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>PHP Error Logging\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Pro-Tools: 16 mini-plugins\u003C\u002Fli>\n\u003Cli>Heads Up Dashboard Status Display\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ait-pro.com\u002Fbps-features\u002F\" title=\"BulletProof Security Features\" rel=\"nofollow ugc\">View All BulletProof Security Pro Feature Details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Recommended Video Tutorials\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#custom-code\" title=\"BulletProof Security Custom Code Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Custom Code Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#security-log-firewall\" title=\"BulletProof Security Security Log Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Security Log Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Info\u003C\u002Fh3>\n\u003Cp>For details about BulletProof Security plugin features and frequently asked questions see the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fbulletproof-security-plugin-frequently-asked-questions\u002F\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">BulletProof Security Plugin Frequently Asked Questions\u003C\u002Fa> forum topic. Extensive Help Info can be found on the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fread-me-first-free\u002F#bps-free-general-troubleshooting\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">AIT-pro.com Forum\u003C\u002Fa> website and by clicking the Question Mark Help buttons on BulletProof Security plugin pages.\u003C\u002Fp>\n","WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...",30000,4509595,96,674,"2025-12-08T15:11:00.000Z","5.0","7.0",[18,124,125,20,21],"login-security","malware-scanner","https:\u002F\u002Fforum.ait-pro.com\u002Fread-me-first\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulletproof-security.7.1.zip",89,12,"2026-01-06 00:00:00",{"attackSurface":132,"codeSignals":187,"taintFlows":197,"riskAssessment":227,"analyzedAt":234},{"hooks":133,"ajaxHandlers":183,"restRoutes":184,"shortcodes":185,"cronEvents":186,"entryPointCount":11,"unprotectedCount":11},[134,140,145,149,153,157,161,164,169,174,177,180],{"type":135,"name":136,"callback":137,"priority":44,"file":138,"line":139},"filter","submenu_file","waffirewall_highlight_menu","gp-firewall.php",63,{"type":141,"name":142,"callback":143,"file":138,"line":144},"action","admin_init","waffirewall_namespace_costum_assets",610,{"type":141,"name":146,"callback":147,"file":138,"line":148},"admin_notices","waffirewall_install_notify",611,{"type":141,"name":150,"callback":151,"file":138,"line":152},"current_screen","waffirewall_toggle_menu_display",612,{"type":135,"name":154,"callback":155,"file":138,"line":156},"plugin_action_links_gp-firewall\u002Fgp-firewall.php","waffirewall_setting_link",613,{"type":141,"name":158,"callback":159,"priority":31,"file":138,"line":160},"init","waffirewall_header_modify",615,{"type":141,"name":158,"callback":162,"file":138,"line":163},"waffirewall_admin_pages",617,{"type":135,"name":165,"callback":166,"priority":167,"file":138,"line":168},"plugin_row_meta","closure",25,752,{"type":141,"name":170,"callback":171,"file":172,"line":173},"admin_menu","waffirewall_add_plugin_page","settings.php",26,{"type":141,"name":142,"callback":175,"file":172,"line":176},"waffirewall_check_option",27,{"type":141,"name":142,"callback":178,"file":172,"line":179},"waffirewall_page_init",28,{"type":141,"name":146,"callback":181,"file":172,"line":182},"anonymous",128,[],[],[],[],{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":191,"fileOperations":11,"externalRequests":194,"nonceChecks":195,"capabilityChecks":31,"bundledLibraries":196},[],{"prepared":11,"raw":11,"locations":190},[],{"escaped":192,"rawEcho":11,"locations":193},72,[],5,4,[],[198,217],{"entryPoint":199,"graph":200,"unsanitizedCount":31,"severity":216},"waffirewall_checkHash (gp-firewall.php:594)",{"nodes":201,"edges":213},[202,207],{"id":203,"type":204,"label":205,"file":138,"line":206},"n0","source","$_SERVER",601,{"id":208,"type":209,"label":210,"file":138,"line":211,"wp_function":212},"n1","sink","header() [Header Injection]",602,"header",[214],{"from":203,"to":208,"sanitized":215},false,"medium",{"entryPoint":218,"graph":219,"unsanitizedCount":11,"severity":226},"\u003Cgp-firewall> (gp-firewall.php:0)",{"nodes":220,"edges":223},[221,222],{"id":203,"type":204,"label":205,"file":138,"line":206},{"id":208,"type":209,"label":210,"file":138,"line":211,"wp_function":212},[224],{"from":203,"to":208,"sanitized":225},true,"low",{"summary":228,"deductions":229},"The gp-firewall plugin v1.0.2 exhibits a strong security posture based on the provided static analysis.  The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the attack surface.  Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and properly escaping all output.  The presence of nonce and capability checks, while limited, is a positive sign.  However, the plugin does make 5 external HTTP requests, which, without further context, could represent a potential area of concern if these requests are not handled securely or if the external endpoints are compromised.\n\nThe taint analysis revealed one flow with unsanitized paths. While this flow was not classified as critical or high severity, it is a specific area that warrants further investigation to ensure it does not lead to any security vulnerabilities. The plugin's vulnerability history is clean, with no known CVEs, which suggests a generally well-maintained codebase. This lack of past vulnerabilities, combined with the positive static analysis findings, indicates a low risk profile for this plugin. The main points to consider are the external HTTP requests and the single unsanitized path flow, which, although not immediately critical, should be monitored.\n\nIn conclusion, gp-firewall v1.0.2 appears to be a secure plugin with a minimal attack surface and good coding practices. The absence of any historical vulnerabilities further strengthens this assessment. The identified taint flow and external HTTP requests are minor concerns that would benefit from deeper scrutiny, but they do not currently indicate a significant risk. The plugin is generally well-designed from a security perspective.",[230,232],{"reason":231,"points":194},"Flow with unsanitized paths",{"reason":233,"points":46},"External HTTP requests present","2026-03-17T05:54:45.536Z",{"wat":236,"direct":245},{"assetPaths":237,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[238,239],"\u002Fwp-content\u002Fplugins\u002Fgp-firewall\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fgp-firewall\u002Fassets\u002Fjs\u002Fscript.js",[],[239],[243,244],"gp-firewall\u002Fassets\u002Fcss\u002Fstyle.css?ver=","gp-firewall\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":246,"htmlComments":247,"htmlAttributes":255,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":259},[],[248,249,250,251,252,253,254,254,254,254,254,254,254,254,254],"\u003C!-- About -->","\u003C!-- Check PHP version -->","\u003C!-- Get WordPress Core Version -->","\u003C!-- We recommend checking all plugins, but clients can opt to check only active ones. -->","\u003C!-- Uncomment the following lines to include only active plugins. -->","\u003C!-- Check if the current plugin is active \u002F\u002F uncomment this to check only active plugins -->","\u003C!-- uncomment this to check only active plugins -->",[],[],[258],"window.waffirewall_APPV",[]]