[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffS2pJXmB-6tR6hK-DQRuMfmGYHMDx1ecoiAu62Ti_Mw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":139,"fingerprints":197},"hotlink-file-prevention","Hotlink File Prevention","2.0.0","swinggraphics","https:\u002F\u002Fprofiles.wordpress.org\u002Fswinggraphics\u002F","\u003Cp>Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on\u002Foff for individual files in the WordPress media library.\u003C\u002Fp>\n\u003Cp>“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.\u003C\u002Fp>\n\u003Cp>Hotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the HFP plugin is activated, you will have two new features in the media library:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column.\u003C\u002Fli>\n\u003Cli>To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.\u003C\u002Fp>\n\u003Ch4>Note about “Open in new tab” option\u003C\u002Fh4>\n\u003Cp>When you use the “Open in new tab” option for links, WordPress adds \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode>, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.\u003C\u002Fp>\n","Simple hotlink protection for individual files in the media library.",700,7815,98,7,"2024-04-15T22:00:00.000Z","6.5.8","4.6","5.6",[20,21,22,23,24],"admin","attachments","files","hotlink","images","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotlink-file-prevention.2.0.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},3,1310,30,88,"2026-04-04T15:26:33.604Z",[39,60,82,99,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":57,"download_link":58,"security_score":59,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"sazx-hot-link-blocker","Sazx Hotlink Blocker","1.0.0","Tinsae Belay","https:\u002F\u002Fprofiles.wordpress.org\u002Ftinsaebelay\u002F","\u003Cp>This plugin will block all hotlinking  to your uploaded medias from other website.\u003Cbr \u002F>\nHotlink protection is provided via \u003Ccode>.htaccess\u003C\u002Fcode> rules in the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Ch3>Basic Usage\u003C\u002Fh3>\n\u003Cp>Once the Sazx Hotlink Blocker is installed go to your WordPress admin dahsboard > Plugins , and actiate the “Sazx Hotlink Blocker”. and that is all you need to do to start the protection, and cut bandwidth usage. the plugin will create .htacess files during activation, the created .htaccess file will be removed when the plugin is deactivated.\u003C\u002Fp>\n","Blocks every hotlinks to your uploaded assests.",10,1141,100,1,"2021-11-17T18:31:00.000Z","5.8.13","5.0","7.0",[21,22,23,24,56],"media","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsazx-hot-link-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsazx-hot-link-blocker.1.0.0.zip",85,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":27,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":50,"unpatched_count":28,"last_vuln_date":81,"fetched_at":30},"media-cleaner","Media Cleaner: Clean your WordPress!","7.0.5","Jordy Meow","https:\u002F\u002Fprofiles.wordpress.org\u002Ftigroumeow\u002F","\u003Cp>Media Cleaner is a powerful plugin that helps you clean up your WordPress media library by deleting unused media entries and files, as well as fixing broken entries. With an internal trash feature, you can preview and confirm changes before permanently deleting anything. Plus, Media Cleaner uses smart analysis to ensure compatibility with specific plugins and themes.\u003C\u002Fp>\n\u003Cp>Use it alongside \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdatabase-cleaner\u002F\" rel=\"ugc\">Database Cleaner\u003C\u002Fa> for the ultimate clean-up experience.\u003C\u002Fp>\n\u003Cp>Media Cleaner is like a ninja assassin for your Media Library – it’ll stealthily take out all the unnecessary media and broken entries that are cluttering up the place. Just make sure you have a \u003Cstrong>solid backup plan\u003C\u002Fstrong> in place before you let this bad boy loose.\u003C\u002Fp>\n\u003Cp>To learn more about compatibility, features, and the Pro version, check out the \u003Ca href=\"https:\u002F\u002Fmeowapps.com\u002Fmedia-cleaner\u002Ftutorial\u002F\" rel=\"nofollow ugc\">tutorial\u003C\u002Fa> on the \u003Ca href=\"https:\u002F\u002Fmeowapps.com\u002Fmedia-cleaner\u002F\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FqmDSgWZWnSw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>COMPATIBILITY\u003C\u002Fh3>\n\u003Cp>This plugin is compatible with all media types, including retina and WebP versions. It has been tested on a wide range of WordPress versions, including the latest version with Gutenberg, as well as on various themes with a large community of users. It also supports WooCommerce. For users with more complex plugins for handling website content, the Pro version may be necessary for optimal compatibility. We are constantly working to increase compatibility with other plugins.\u003C\u002Fp>\n\u003Ch3>PRO VERSION\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmeowapps.com\u002Fmedia-cleaner\u002F\" rel=\"nofollow ugc\">Media Cleaner Pro\u003C\u002Fa> adds extra features to the free version of Media Cleaner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filesystem Analysis: Scans your physical \u002Fuploads directory and matches it against the Media Library.\u003C\u002Fli>\n\u003Cli>Extra support for complex plugins, such as ACF, Metabox, Divi Builder, Fusion Builder (Avada), WPBakery Page Builder, Visual Composer, Elementor, Beaver Builder, Brizy Builder, Oxygen Builder, Slider Revolution, Justified Image Grid, Avia Framework, and many more!\u003C\u002Fli>\n\u003Cli>Live Site Scan: Analyzes the online version of your website, potentially improving accuracy in some cases.\u003C\u002Fli>\n\u003Cli>WP-CLI support: Allows you to run the plugin at a higher speed or automatically with direct server access (via SSH).\u003C\u002Fli>\n\u003C\u002Ful>\n","Clean your WordPress! Eliminate unused and broken media files. For a faster, and better website.",90000,4405648,741,"2026-03-09T22:57:00.000Z","6.9.4","6.0","7.4",[76,22,24,77,56],"clean","library","https:\u002F\u002Fmeowapps.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-cleaner.7.0.5.zip",99,"2024-04-29 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":27,"num_ratings":92,"last_updated":93,"tested_up_to":72,"requires_at_least":94,"requires_php":25,"tags":95,"homepage":25,"download_link":98,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"clean-image-filenames","Clean Image Filenames","1.5","Upperdog","https:\u002F\u002Fprofiles.wordpress.org\u002Fupperdog\u002F","\u003Cp>This plugin automatically converts language accent characters in filenames when uploading to the media library. Characters are converted into browser and server friendly, non-accent characters.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Converts accent characters to non-accent, latin equivalents in Swedish, Danish, German, and more.\u003C\u002Fli>\n\u003Cli>Removes special characters like exclamation marks, periods, hashtags, and more.\u003C\u002Fli>\n\u003Cli>Lets you choose if you want to convert only image files, or all file types.\u003C\u002Fli>\n\u003Cli>Makes site and server migrations easier thanks to non-accent character filenames.\u003C\u002Fli>\n\u003Cli>Provides filter hook for developers who want to specify which file types to convert.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Räksmörgås.jpg \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> raksmorgas.jpg\u003C\u002Fli>\n\u003Cli>Æblegrød_FTW!.gif \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> aeblegrod-ftw.gif\u003C\u002Fli>\n\u003Cli>Château de Ferrières.png \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> chateau-de-ferrieres.png\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Worth noting\u003C\u002Fh3>\n\u003Cp>The plugin only converts filenames when the files are being uploaded. It can not convert existing files.\u003C\u002Fp>\n\u003Ch3>Filter for developers\u003C\u002Fh3>\n\u003Cp>This filter provides developers a way to specify which file types the plugin should convert. This filter overrides the plugin settings on the media settings page. For a complete list of mime types, see \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FInternet_media_type\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The following example will convert PDF, JPEG and PNG files only:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_clean_image_filenames_mime_types() {\n    $mime_types = array(\n        'application\u002Fpdf',\n        'image\u002Fjpeg',\n        'image\u002Fpng',\n    );\n    return $mime_types;\n}\nadd_filter( 'clean_image_filenames_mime_types', 'my_clean_image_filenames_mime_types' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.",30000,335219,21,"2026-01-14T09:45:00.000Z","2.9",[22,24,56,96,97],"sanitize","upload","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-image-filenames.1.5.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":90,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":54,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":50,"unpatched_count":28,"last_vuln_date":119,"fetched_at":30},"file-upload-types","File Upload Types by WPForms","1.5.0","Jared Atchison","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredatch\u002F","\u003Ch3>WordPress File Upload Types Plugin\u003C\u002Fh3>\n\u003Cp>Do you want to let your WordPress website accept uploads from your users for more file types and to freely upload files? We created the File Upload Types plugin to make it simple for anyone to easily add support for any file types with any extension or MIME type.\u003C\u002Fp>\n\u003Ch4>How WordPress File Uploads Work\u003C\u002Fh4>\n\u003Cp>By default, WordPress only allows \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FUploading_Files#About_Uploading_Files_on_Dashboard\" rel=\"nofollow ugc\">certain file types\u003C\u002Fa> to be uploaded to your website’s media library.\u003C\u002Fp>\n\u003Cp>If someone tries to upload a file type outside of these whitelisted WordPress file extensions, this can be the cause of the \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fcommon-wordpress-errors-and-how-to-fix-them\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"common WordPress error\" rel=\"friend nofollow ugc\">common WordPress error\u003C\u002Fa> \u003Ccode>Sorry, this file type is not permitted for security reasons\u003C\u002Fcode> message.\u003C\u002Fp>\n\u003Cp>It can be frustrating if you’ve \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002Fhow-to-create-a-file-upload-form-in-wordpress\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" rel=\"friend\" title=\"\ncreated a file upload form\">created a file upload form\u003C\u002Fa> in WordPress but the file type you want to accept is a file extension that’s not allowed.\u003C\u002Fp>\n\u003Cp>This plugin lets your website upload more file types beyond the limited file extension types that WordPress allows by default.\u003C\u002Fp>\n\u003Ch4>How does the File Upload Types plugin work?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin works by letting you adjust the internal file whitelist, letting you manually control which types of file extensions your WordPress website can upload.\u003C\u002Fp>\n\u003Cp>This way, you can accept any file type through your website and\u002For any contact form plugin like \u003Ca href=\"https:\u002F\u002Fwww.wpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtypes&utm_content=readme\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What file types can I upload to WordPress with this plugin?\u003C\u002Fh4>\n\u003Cp>The File Upload Types plugin lets you allow uploads of any file extension, including custom file types.\u003C\u002Fp>\n\u003Cp>Some common file extension types this plugin lets you add that WordPress doesn’t support natively include:\u003C\u002Fp>\n\u003Cp>.ai\u003Cbr \u002F>\n.zip\u003Cbr \u002F>\n.xml\u003Cbr \u002F>\n.svg\u003Cbr \u002F>\n.csv\u003Cbr \u002F>\n.mobi\u003Cbr \u002F>\n.cad\u003Cbr \u002F>\n.dwg\u003Cbr \u002F>\n.dxf\u003C\u002Fp>\n\u003Cp>…and any other file extensions that exist, including custom file types.\u003C\u002Fp>\n\u003Cp>We hope that you find the File Upload Types plugin helpful!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was created by the team behind \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – the best drag & drop form builder for WordPress.\u003C\u002Fp>\n\u003Ch3>What’s Next\u003C\u002Fh3>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – The best WordPress Contact Form Plugin.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptinmonster.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get more email subscribers with the most popular conversion optimization plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – See the stats that matter and grow your business with confidence. Best Google Analytics plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Jumpstart your website with the #1 Coming Soon & Maintenance Mode plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" rel=\"nofollow ugc\">RafflePress\u003C\u002Fa> – The Best WordPress giveaway and contest plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa> to learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">WordPress tutorials\u003C\u002Fa> and find out about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=fileuploadtyes&utm_content=readme\" title=\"Best WordPress plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.",242227,80,20,"2024-10-23T14:00:00.000Z","6.6.5","5.5",[21,114,22,115,97],"file-upload","mime","https:\u002F\u002Fwpforms.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffile-upload-types.1.5.0.zip",91,"2024-10-24 20:07:47",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":13,"num_ratings":130,"last_updated":131,"tested_up_to":72,"requires_at_least":132,"requires_php":25,"tags":133,"homepage":137,"download_link":138,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lightbox-photoswipe","Lightbox with PhotoSwipe","5.8.3","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin integrates PhotoSwipe to WordPress. All linked images in a post or page will be displayed using PhotoSwipe, regardless if they are part of a gallery or single images.\u003C\u002Fp>\n\u003Cp>More about the original version of PhotoSwipe see here: \u003Ca href=\"http:\u002F\u002Fphotoswipe.com\" rel=\"nofollow ugc\">http:\u002F\u002Fphotoswipe.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also display EXIF data from supported image types.\u003C\u002Fp>\n\u003Cp>As of version 4.0.0 this plugin requires at least WordPress 5.3 and PHP 7.0. Older PHP version will cause problems. In this case you have to upgrade your PHP version or ask your hoster to do so. Please note that WordPress itself also recommends at least PHP 7.4 – see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fabout\u002Frequirements\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please keep in mind: not the visible thumbnail is relevant, but only the image link. Images should always be linked to the file and not to the attachment page. Since version 5.6.1 there is an option to fix attachment links which can be enabled if needed – however this may slow down your website since then all links on a page will be checked if they are attachment links.\u003C\u002Fp>\n","Integration of PhotoSwipe (http:\u002F\u002Fphotoswipe.com) for WordPress.",20000,937902,113,"2026-02-26T16:27:00.000Z","5.3",[21,134,24,135,136],"gallery","lightbox","photoswipe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flightbox-photoswipe\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flightbox-photoswipe.5.8.3.zip",{"attackSurface":140,"codeSignals":181,"taintFlows":188,"riskAssessment":189,"analyzedAt":196},{"hooks":141,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":28,"unprotectedCount":28},[142,148,153,157,161,165,169,173],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_init","hfp_columns","hotlink-file-prevention.php",40,{"type":149,"name":150,"callback":151,"file":146,"line":152},"filter","attachment_fields_to_edit","hfp_attachment_fields_edit",41,{"type":149,"name":154,"callback":155,"file":146,"line":156},"attachment_fields_to_save","hfp_attachment_fields_save",42,{"type":143,"name":158,"callback":159,"priority":47,"file":146,"line":160},"delete_post","hfp_delete_attachment",43,{"type":149,"name":162,"callback":163,"file":146,"line":164},"manage_media_columns","hfp_column",150,{"type":143,"name":166,"callback":167,"priority":47,"file":146,"line":168},"manage_media_custom_column","hfp_column_value",151,{"type":149,"name":170,"callback":171,"file":146,"line":172},"manage_upload_sortable_columns","hfp_column_sortable",152,{"type":143,"name":174,"callback":175,"file":146,"line":176},"admin_head","closure",153,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":33,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":187},[],{"prepared":28,"raw":28,"locations":184},[],{"escaped":28,"rawEcho":28,"locations":186},[],[],[],{"summary":190,"deductions":191},"The hotlink-file-prevention plugin v2.0.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, unsanitized taint flows, raw SQL queries, or unescaped output demonstrates good coding practices. Furthermore, the lack of reported CVEs in its history suggests a history of responsible development and patching, or simply a lack of past discoveries due to limited exposure or attack surface. The plugin also has a minimal attack surface, with zero identified entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected.\n\nHowever, a notable concern arises from the complete absence of nonce and capability checks across all identified code signals. While the static analysis reports zero entry points, this doesn't guarantee that future updates or specific internal functions won't introduce them. The lack of these fundamental WordPress security mechanisms means that if any entry points were to be discovered or introduced without proper authorization checks, they could be exploited. The presence of file operations (3) without further context also warrants caution, as these operations could be a vector for abuse if not handled with strict input validation and sanitization, though the static analysis did not flag any unsanitized paths.\n\nIn conclusion, the plugin appears robust in its current form regarding known vulnerabilities and core secure coding principles like prepared statements and output escaping. The primary weakness lies in the complete omission of nonce and capability checks, which is a significant security oversight that leaves potential room for vulnerabilities if the attack surface were to expand or if internal functions are not properly secured. The limited reported activity and zero CVEs are positive indicators, but the lack of basic authorization checks is a risk that should be addressed.",[192,194],{"reason":193,"points":47},"Missing Nonce checks",{"reason":195,"points":47},"Missing Capability checks","2026-03-16T19:24:39.514Z",{"wat":198,"direct":203},{"assetPaths":199,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[],[],[],[],{"cssClasses":204,"htmlComments":206,"htmlAttributes":209,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[205],"column-hfp",[207,208],"\u003C!-- BEGIN Hotlink File Prevention -->","\u003C!-- END Hotlink File Prevention -->",[210,211],"id=\"attachments[\\d+][hfp_protect]\"","name=\"attachments[\\d+][hfp_protect]\"",[],[],[]]