[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTjTCiC7rl5S_cLVqq9EU9CaUCbmjlvVn9EDtv6GAx0g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":135,"fingerprints":216},"gravity-forms-force-ssl","Gravity Forms: Force SSL","1.4.1","Timothy Wood","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodearachnid\u002F","\u003Cp>An addon to Gravity Forms to add an option to force your forms to be loaded SSL only. Fully supporting the latest version of Gravity Forms 1.9!\u003C\u002Fp>\n\u003Cp>This plugin requires Gravity Forms 1.7+ and is tested through WordPress 4.1.\u003C\u002Fp>\n\u003Cp>Thanks to the following users for making the plugin better!\u003Cbr \u002F>\n* @limecanvas\u003C\u002Fp>\n\u003Cp>Additional Details:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin is actively supported and we will do our best to help you.\u003C\u002Fli>\n\u003Cli>This plugin has been tested on PHP 5.2.17, 5.3.14, 5.4.4 and WP 3.4, 4.0, and 4.1.\u003C\u002Fli>\n\u003Cli>Background patterns used in the WordPress.org banner were created by http:\u002F\u002Fsubtlepatterns.com\u003C\u002Fli>\n\u003C\u002Ful>\n","An addon to Gravity Forms to add an option to force your forms to be loaded SSL only.",100,5419,2,"2015-01-29T11:26:00.000Z","4.1.42","3.7","",[19,20,21,22,23],"forms","gravityforms","secure","security","ssl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-force-ssl.1.4.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"codearachnid",5,770,30,84,"2026-04-04T06:22:14.402Z",[38,56,74,94,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":26,"num_ratings":26,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"admin-ssl-secure-admin","Admin SSL","2.0-b2","blenjee","https:\u002F\u002Fprofiles.wordpress.org\u002Fblenjee\u002F","\u003Cp>Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private SSL.\u003Cbr \u002F>\nOnce you have activated the plugin please go to the Admin SSL config page to enable SSL, and\u003Cbr \u002F>\nread the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Each time you update Admin SSL, please read the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa> in\u003Cbr \u002F>\ncase there is some important information relating to the update.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Forces SSL on all pages where passwords can be entered.\u003C\u002Fli>\n\u003Cli>Works with Private SSL.\u003C\u002Fli>\n\u003Cli>Custom additional URLS (e.g. wp-admin\u002F) can be secured through the config page.\u003C\u002Fli>\n\u003Cli>You can choose where you want the Admin SSL config page to appear!\u003C\u002Fli>\n\u003Cli>Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1,\u003Cbr \u002F>\nbut note it is no longer supported – you should upgrade to the latest WordPress version.\u003C\u002Fli>\n\u003C\u002Fol>\n","Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private SSL.",53005,"2011-04-24T15:21:00.000Z","3.1.4","3.0",[51,52,22,53,23],"private-ssl","secure-login","shared-ssl","http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-ssl-secure-admin.2.0.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":26,"num_ratings":26,"last_updated":65,"tested_up_to":66,"requires_at_least":17,"requires_php":17,"tags":67,"homepage":72,"download_link":73,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"heartland-secure-submit-addon-for-gravity-forms","Global Payments SecureSubmit Addon for Gravity Forms","2.2.0","SecureSubmit","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkhagan\u002F","\u003Cp>This plugin allows Gravity Forms to use the Global Payments Gateway. All card data is tokenized using Global Payments SecureSubmit product.\u003C\u002Fp>\n\u003Cp>Features of SecureSubmit:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only two configuration fields: public and secret API key\u003C\u002Fli>\n\u003Cli>Simple to install and configure.\u003C\u002Fli>\n\u003Cli>Tokenized payments help reduce PCI Scope\u003C\u002Fli>\n\u003Cli>Enables credit card saving for a friction-reduced checkout.\u003C\u002Fli>\n\u003C\u002Ful>\n","SecureSubmit allows merchants to take PCI-Friendly Credit Card payments with Gravity Forms using Global Payments Payment Gateway.",6598,"2026-01-08T16:27:00.000Z","6.7.5",[68,20,69,70,71],"globalpayments","securesubmit","token","tokenize","https:\u002F\u002Fdeveloper.globalpayments.com\u002Fheartland\u002Fpayments\u002Foverview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheartland-secure-submit-addon-for-gravity-forms.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":92,"download_link":93,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ssl-for-logged-in-users","SSL for Logged In Users","0.1","G","https:\u002F\u002Fprofiles.wordpress.org\u002Fgnetworkau\u002F","\u003Cp>Forces all logged in users to stay on SSL connection. Guests are still served http.\u003Cbr \u002F>\nJust install and activate – all done!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>NOTE: The ‘force_ssl_admin’ and ‘force_ssl_login’ directives in ‘wp-config.php’ are not needed while using this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>SSL Login\u003C\u002Fli>\n\u003Cli>SSL enforced for entire logged-in session\u003C\u002Fli>\n\u003Cli>SSL for Admin and front-end of site\u003C\u002Fli>\n\u003Cli>No messing with ‘wp-config.php’ or ‘htaccess’ directives\u003C\u002Fli>\n\u003Cli>Easy to use, just install and activate on any SSL equipped site – no configuration required\u003C\u002Fli>\n\u003Cli>WordPress 3.5 compatible\u003C\u002Fli>\n\u003Cli>Network\u002FMultisite compatible – can be activated on any sites in the Network, individually – sites should have a valid SSL certificate\u003C\u002Fli>\n\u003Cli>Buddypress compatible\u003C\u002Fli>\n\u003Cli>WP-Super-Cache compatible\u003C\u002Fli>\n\u003Cli>S2Member compatible\u003C\u002Fli>\n\u003Cli>Bulletproof Security compatible\u003C\u002Fli>\n\u003Cli>The ‘force_ssl_admin’ and ‘force_ssl_login’ directives in ‘wp-config.php’ are not needed while using this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n","Forces all logged in users to stay on SSL connection",10,4117,86,3,"2013-01-21T23:13:00.000Z","3.5.2","2.6",[90,91,21,22,23],"https","login","http:\u002F\u002Fgnetwork.com.au\u002Fwordpress\u002Fssl-for-logged-in-users-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fssl-for-logged-in-users.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":26,"downloaded":102,"rating":26,"num_ratings":26,"last_updated":103,"tested_up_to":66,"requires_at_least":17,"requires_php":17,"tags":104,"homepage":110,"download_link":111,"security_score":112,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"pii-tokenizer","PII Tokenizer","1.0.0","Hemal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamudaytech\u002F","\u003Cp>\u003Cstrong>PII Tokenizer\u003C\u002Fstrong> allows website owners to secure Personally Identifiable Information (PII) such as first name, last name, email, phone, and address in WordPress forms. With seamless integration and a modern admin interface, this plugin provides:\u003Cbr \u002F>\n– Vaultless tokenization and detokenization of PII fields via Java-based APIs.\u003Cbr \u002F>\n– Dynamic buttons for “Tokenize” functionality appended to form fields for easy usage.\u003Cbr \u002F>\n– API key registration after email verification, with secure client ID generation.\u003Cbr \u002F>\n– Compatibility with popular WordPress form plugins like WPForms and Gravity Forms.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n– Protect sensitive data by tokenizing form fields.\u003Cbr \u002F>\n– Use individual “Tokenize” buttons for profile and address fields.\u003Cbr \u002F>\n– Easily detokenize data when required.\u003Cbr \u002F>\n– Modern admin interface for API key registration and management.\u003Cbr \u002F>\n– Backend integration with customizable Java tokenization and detokenization services.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external APIs to provide vaultless tokenization and detokenization services for Personally Identifiable Information (PII). These services are required to tokenize or detokenize sensitive data securely.\u003C\u002Fp>\n\u003Ch3>External API Endpoints\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Vaultless Tokenization API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: The Vaultless Tokenization API is used to convert sensitive PII fields such as name, email, mobile, and address into secure tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: When a user initiates tokenization, the plugin sends the following data to the external API:\n\u003Cul>\n\u003Cli>The specific field data (e.g., name, email, address).\u003C\u002Fli>\n\u003Cli>API key for authentication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditions\u003C\u002Fstrong>: This API is triggered when the “Tokenize” button is clicked by the user in a form integrated with the plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider\u003C\u002Fstrong>: Samuday Technology Services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Detokenization API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: The Detokenization API is used to convert secure tokens back into their original PII form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: When a user initiates detokenization, the plugin sends the following data to the external API:\n\u003Cul>\n\u003Cli>The tokenized data (e.g., tokenized name or address).\u003C\u002Fli>\n\u003Cli>API key for authentication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditions\u003C\u002Fstrong>: This API is triggered when the “Detokenize” button is clicked by the user in a form integrated with the plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider\u003C\u002Fstrong>: Samuday Technology Services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Address Tokenization and Detokenization APIs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: These APIs are specifically designed to handle tokenization and detokenization of address data. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>: The following data is sent when address-related actions are triggered:\n\u003Cul>\n\u003Cli>Complete address JSON (e.g., street, city, zip code).\u003C\u002Fli>\n\u003Cli>API key for authentication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditions\u003C\u002Fstrong>: This API is triggered when address tokenization or detokenization actions are performed via the respective buttons in a form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider\u003C\u002Fstrong>: Samuday Technology Services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPLv2 (or later). You can find the license details here: https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n","Secure Personally Identifiable Information (PII) with vaultless tokenization. Easily tokenize and detokenize profile and address fields in your forms  &hellip;",302,"2025-01-30T12:15:00.000Z",[105,106,107,108,109],"data-security","pii","secure-forms","tokenization","wordpress-plugin","https:\u002F\u002Fwww.sam-uday.in\u002Fvaultless","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpii-tokenizer.1.0.0.zip",92,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":133,"download_link":134,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro &raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,98,156,"2026-02-05T20:29:00.000Z","6.9.4","4.7","7.1",[130,131,21,22,132],"bots","firewall","web-application-firewall","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",{"attackSurface":136,"codeSignals":171,"taintFlows":179,"riskAssessment":208,"analyzedAt":215},{"hooks":137,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":26,"unprotectedCount":26},[138,143,147,152,156,159,163],{"type":139,"name":140,"callback":140,"file":141,"line":142},"action","init","gravityforms-force-ssl.php",36,{"type":139,"name":144,"callback":145,"file":141,"line":146},"the_posts","check_for_shortcode",37,{"type":148,"name":149,"callback":150,"priority":82,"file":141,"line":151},"filter","gform_form_settings","form_settings",38,{"type":148,"name":153,"callback":154,"file":141,"line":155},"gform_pre_form_settings_save","form_settings_save",39,{"type":139,"name":140,"callback":157,"file":141,"line":158},"instance",166,{"type":139,"name":160,"callback":161,"priority":26,"file":141,"line":162},"admin_head","fail_notices",171,{"type":139,"name":164,"callback":165,"file":141,"line":166},"plugins_loaded","load_gf_force_ssl",177,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":26,"externalRequests":26,"nonceChecks":177,"capabilityChecks":26,"bundledLibraries":178},[],{"prepared":26,"raw":26,"locations":174},[],{"escaped":26,"rawEcho":26,"locations":176},[],1,[],[180,198],{"entryPoint":181,"graph":182,"unsanitizedCount":177,"severity":197},"force_ssl (gravityforms-force-ssl.php:76)",{"nodes":183,"edges":194},[184,189],{"id":185,"type":186,"label":187,"file":141,"line":188},"n0","source","$_GET",83,{"id":190,"type":191,"label":192,"file":141,"line":25,"wp_function":193},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[195],{"from":185,"to":190,"sanitized":196},false,"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":26,"severity":207},"\u003Cgravityforms-force-ssl> (gravityforms-force-ssl.php:0)",{"nodes":201,"edges":204},[202,203],{"id":185,"type":186,"label":187,"file":141,"line":188},{"id":190,"type":191,"label":192,"file":141,"line":25,"wp_function":193},[205],{"from":185,"to":190,"sanitized":206},true,"low",{"summary":209,"deductions":210},"The `gravity-forms-force-ssl` v1.4.1 plugin exhibits a strong security posture based on the provided static analysis.  The absence of any identified attack surface entry points, dangerous functions, or direct SQL queries is highly commendable.  Furthermore, the complete lack of unsanitized output and the presence of a nonce check indicate good development practices for securing plugin operations.  The plugin's history is also clean, with no known CVEs, which suggests a well-maintained and secure codebase over time.\n\nHowever, the presence of a single flow with an unsanitized path, even if not critical or high severity in the taint analysis, warrants attention. While the overall attack surface is zero, this single unsanitized path represents a potential blind spot.  The complete absence of capability checks is also a minor concern, as it implies that all actions, if any were to be discovered through further analysis, are not explicitly restricted by user roles.  Despite these minor points, the plugin's design and historical lack of vulnerabilities make it appear relatively secure.",[211,213],{"reason":212,"points":32},"Flow with unsanitized path",{"reason":214,"points":85},"No capability checks","2026-03-16T20:54:03.736Z",{"wat":217,"direct":224},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fgravity-forms-force-ssl\u002Fform-settings.php","\u002Fwp-content\u002Fplugins\u002Fgravity-forms-force-ssl\u002Fplugin-settings.php",[],[],[],{"cssClasses":225,"htmlComments":226,"htmlAttributes":227,"restEndpoints":229,"jsGlobals":230,"shortcodeOutput":231},[],[],[228],"force_ssl",[],[],[]]