[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_lRjAdbL4d24DOsBbtGMK8a12nShLwGtV9LIYREZOA0":3,"$fpTcUtp64Vuo3Ull8qR0onoGBp1WrzNqFoP4_zpfN-7k":268,"$fJtfMZLHGHbFKUaamPMY5ZzU2mD6UJ2zztQGMILTM8ZM":273},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":143,"fingerprints":248},"houdini","Houdini","1.4.3","PressPage Entertainment Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fphkcorp2005\u002F","\u003Cp>The fact is the internet is open can lead to theft especially to content stealing and plagiarism.\u003C\u002Fp>\n\u003Cp>Until now, there was very little to discourage and deter this serious crime. Yes content theft and\u003Cbr \u002F>\nplagarism is a crime in some jurisdictions.\u003C\u002Fp>\n\u003Cp>You cannot rely on others or the authorities to continue to police the internet as they\u003Cbr \u002F>\ndo not have enough resources. You need to protect your content and deter this theft.\u003C\u002Fp>\n\u003Cp>The basic form of content theft is to copy and paste your content to another medium.\u003C\u002Fp>\n\u003Cp>Well Houdini, prevents this using a little known special algorithm that prevents copying by\u003Cbr \u002F>\nmaking the selected text that is targeted by the perps to be copied, to disappear! Yes disappear!!!\u003Cbr \u002F>\nThe only way to recover is to reload the page in the web browser. If they try again, the content\u003Cbr \u002F>\ndisappears again. As long as they keep trying to select and copy your content, the content will disappear\u003Cbr \u002F>\nbefore they can get a chance to execute the copy command!\u003C\u002Fp>\n\u003Cp>After a few unsuccessful attempts, the theives will move on to a easier target.\u003C\u002Fp>\n\u003Cp>A user became very critical whether houdini can actually protect you from content thieves, and that\u003Cbr \u002F>\nuser gave five critical breaches that was claimed unprotectable. Well, houdini now protects from those\u003Cbr \u002F>\nbreaches either directly or indirectly by giving you tips for your theme modification.\u003C\u002Fp>\n\u003Cp>Additional tips for protecting pages when javascript is disabled at the browser-level, prevent a page\u003Cbr \u002F>\nfrom being printed, embed a watermark to pages for screen capturers, disable RSS and password protect\u003Cbr \u002F>\noages.\u003C\u002Fp>\n\u003Cp>Your are safer!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>We make honorable mention to anyone who helps make this plugin better!\u003C\u002Fp>\n\u003Cp>Special thanks to www.psychingoutthemarkets.com for their recommendation of a user configurable text field.\u003C\u002Fp>\n\u003Cp>Special thanks to http:\u002F\u002Ffourisland.com\u002Fblog\u002Fand-like-magic-nothing-happens\u002Ffor pointing out these browser security breaches for content theft. See Admin Settings|Houdini for tips to overcome these breaches!\u003C\u002Fp>\n\u003Cp>Special thanks to http:\u002F\u002Fwww.idreia.com for their recommendation of a user configurable check entry for protecting all pages\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Support is provided at https:\u002F\u002Fgithub.com\u002Fpresspage2018\u002Fhoudini\u002Fissues. You will require a free account on github.com\u003C\u002Fp>\n\u003Cp>Please contact presspage.entertainment@gmail.com or visit the above forum with questions, comments, or requests.\u003C\u002Fp>\n","Provides a method to copy protect your webpages from plagiarism and content theft.",10,4275,0,"2020-08-23T18:13:00.000Z","5.5.18","2.9","",[19,4,20,21,22],"copy-protected","javascript","phk","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhoudini","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoudini.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"phkcorp2005",6,150,78,30,79,"2026-05-20T05:16:57.455Z",[39,59,77,95,121],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":56,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":58},"h-seeed-wp","H Speed WP","4.0.2","yokudekiru","https:\u002F\u002Fprofiles.wordpress.org\u002Fyokudekiru\u002F","\u003Ch3>日本語\u003C\u002Fh3>\n\u003Cp>☆はじめに☆\u003C\u002Fp>\n\u003Cp>このページよりもより詳しい内容は\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fxn--48sa.jp\u002Fh-speed-wp\" rel=\"nofollow ugc\">私のサイトのH Speed WPの解説ページ\u003C\u002Fa>に載っています。ぜひこのサイトもご覧ください。\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ワードプレスの高速化とサーバーの負荷削減、セキュリティアップやスパムコメントの防止、サイトの盗用防止などを実行するプラグインです。\u003Cbr \u002F>\n設定なしでも動作しますが、パフォーマンスを最大限発揮するには設定が必要です。\u003C\u002Fp>\n\u003Cp>H Speed WPの主な機能\u003C\u002Fp>\n\u003Cp>それぞれの機能は設定画面から有効化、無効化できるようになっています。\u003Cbr \u002F>\nおすすめ項目には、星マークが付いているので初心者でも、設定しやすいようになっています。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ワードプレスサイトの読み込みを高速化させる機能\u003C\u002Fli>\n\u003Cli>サーバーの容量圧迫を防止する機能\u003C\u002Fli>\n\u003Cli>スパムコメントを防止する機能\u003C\u002Fli>\n\u003Cli>ワードプレスのセキュリティ対策\u003C\u002Fli>\n\u003Cli>サイトの盗用防止\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>など\u003C\u002Fp>\n\u003Ch3>ENGLISH\u003C\u002Fh3>\n\u003Cp>Speedup and load reduction of the WordPress, security enhancement. \u003C\u002Fp>\n\u003Ch3>Effect\u003C\u002Fh3>\n\u003Col>\n\u003Cli>It will become very speed read.\u003C\u002Fli>\n\u003Cli>It reduces the server load.\u003C\u002Fli>\n\u003Cli>It will improve security.\u003C\u002Fli>\n\u003C\u002Fol>\n","ワードプレスの高速化やSEO対策、セキュリティ、スパムコメント、盗用などの対策等の様々な機能を実行するプラグインです。",3528,100,1,"2016-07-05T15:28:00.000Z","4.5.33","4.3",[20,54,22,55],"jquery","speeding-up","http:\u002F\u002Fxn--48sa.jp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fh-seeed-wp.4.0.2.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":52,"requires_php":17,"tags":70,"homepage":74,"download_link":75,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":76},"spoofproof","SpoofProof","1.0","ciphertooth","https:\u002F\u002Fprofiles.wordpress.org\u002Fciphertooth\u002F","\u003Cp>SpoofProof alters the WP login screen to have a two (2) stage login with data from the server selected and or entered by the user displayed to the user to prove they are talking to your server, and not a spoofed site.  (This means a hacker can’t Spoof or Phish your site).\u003C\u002Fp>\n\u003Cp>SpoofProof hooks into the WordPress engine to filter out Javascript and SQL injection from posts to your site.\u003C\u002Fp>\n\u003Cp>SpoofProof tracks login attampts and stops Brute Force attacks by imposing waiting periods on rapid login attempts.\u003C\u002Fp>\n\u003Cp>SpoofProof Detects Man In the Middle (MItM) attacks in progress, records the IP address of the hacker(s) in your log, and stops the user from revealing their password to the hacker(s).  (This stops a hacker from using a MItM to get around the two stage login)\u003C\u002Fp>\n","SpoofProof alters the WP login screen using a web service to verify that you are not being attacked by  spoofing, phishing, or Man in the middle.",1623,"2016-09-06T03:01:00.000Z","4.6.30",[71,72,73,22,60],"anti-injection","anti-javascript-injection","injection","http:\u002F\u002Fciphertooth.com\u002Fspoofproof\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspoofproof.zip","2026-04-16T10:56:18.058Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":13,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":17,"requires_php":17,"tags":88,"homepage":93,"download_link":94,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":76},"bot-lockout","Bot Lockout","1.0.0","kognetiks","https:\u002F\u002Fprofiles.wordpress.org\u002Fkognetiks\u002F","\u003Cp>Bot Lockout is a security plugin that implements a lightweight cryptographic challenge system to distinguish between real browsers and automated bots. Unlike traditional CAPTCHA systems, it uses JavaScript-based cryptographic operations that are easy for humans but difficult for most bots to solve.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight Protection\u003C\u002Fstrong>: Uses minimal resources and doesn’t impact site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cryptographic Challenges\u003C\u002Fstrong>: SHA-256 hashing with date and user agent binding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Whitelisting\u003C\u002Fstrong>: Allow trusted bots (Google, Bing, etc.) and IP addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Exclude specific pages and customize block messages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Logging\u003C\u002Fstrong>: Track blocked attempts for analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Styling\u003C\u002Fstrong>: Add custom CSS to match your site’s design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Daily Token Expiration\u003C\u002Fstrong>: Prevents long-term bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Initial Request\u003C\u002Fstrong>: When a visitor accesses your site, the plugin checks for a valid challenge token\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript Challenge\u003C\u002Fstrong>: If no token exists, a cryptographic challenge is presented\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation\u003C\u002Fstrong>: The challenge combines the current date with the user agent string and creates a SHA-256 hash\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Storage\u003C\u002Fstrong>: The hash is base64 encoded, truncated, and stored as a secure cookie\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation\u003C\u002Fstrong>: Subsequent requests are validated against the stored token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cryptographically Secure\u003C\u002Fstrong>: Uses SHA-256 hashing algorithm\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time-Bound\u003C\u002Fstrong>: Tokens expire daily to prevent long-term bypass\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser-Specific\u003C\u002Fstrong>: User agent binding prevents token sharing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Cookies\u003C\u002Fstrong>: Implements proper cookie security settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong>: Allow trusted services and IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Site Support\u003C\u002Fh4>\n\u003Cp>Bot Lockout supports WordPress Multi-Site installations with both network-wide and site-specific configurations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network Activation\u003C\u002Fstrong>: Apply settings to all sites in the network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site-Specific Activation\u003C\u002Fstrong>: Independent settings for each site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mixed Configuration\u003C\u002Fstrong>: Network-wide defaults with site-specific overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Advisory\u003C\u002Fh3>\n\u003Cp>Bot Lockout is one layer in a broader security strategy, not a silver bullet.\u003C\u002Fp>\n\u003Cp>While Bot Lockout is designed to deter automated bots and AI scrapers through cryptographic JavaScript challenges, no single solution can offer complete protection. Web scraping technologies continue to evolve, and determined actors may find ways to bypass front-end defenses.\u003C\u002Fp>\n\u003Cp>This plugin should be used as part of a multi-layered approach to website security. For best results, we recommend combining Bot Lockout with additional tools such as server-level firewalls, rate limiting, CAPTCHA systems, behavior-based threat detection, and CDN-level bot mitigation.\u003C\u002Fp>\n\u003Cp>Kognetiks makes no guarantee that this plugin will block all unwanted bot traffic. It is intended as a proactive, lightweight defense mechanism—not a comprehensive security system. Users are responsible for evaluating their own threat model and deploying appropriate complementary protections.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbot-lockout\u002F\" rel=\"ugc\">WordPress.org support forums\u003C\u002Fa> or check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbot-lockout\u002F\" rel=\"ugc\">plugin documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Developer\u003C\u002Fstrong>: Kognetiks\u003C\u002Fp>\n\u003Cp>This plugin is licensed under the GPL v3 or later.\u003C\u002Fp>\n","A lightweight WordPress plugin that protects your site from AI scrapers and bad bots using cryptographic JavaScript challenges.",313,"2025-07-29T13:21:00.000Z","6.8.5",[89,90,91,92,22],"anti-scraping","bot-protection","captcha","javascript-challenge","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbot-lockout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbot-lockout.1.0.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":118,"vuln_count":119,"unpatched_count":13,"last_vuln_date":120,"fetched_at":76},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,407330579,94,4861,"2025-12-20T21:06:00.000Z","6.9.4","4.7","7.0",[112,113,114,115,22],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":35,"last_updated":132,"tested_up_to":108,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":139,"download_link":140,"security_score":141,"vuln_count":49,"unpatched_count":13,"last_vuln_date":142,"fetched_at":76},"hostinger","Hostinger Tools","3.0.65","Hostinger","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostinger\u002F","\u003Cp>Hostinger Tools is an all-in-one plugin designed to streamline essential tasks for WordPress site administrators. This plugin offers a range of features to help you manage your site’s information, maintenance mode, security, and redirects effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Basic Info\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the current WordPress version with automatic update checks.\u003C\u002Fli>\n\u003Cli>Shows the current PHP version with automatic update checks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Maintenance Mode\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable or disable maintenance mode for your site.\u003C\u002Fli>\n\u003Cli>Provide a URL to bypass maintenance mode for selected users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Security\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable XML-RPC requests to enhance your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable Authorize application page to enhance your site’s security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Redirects\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force all URLs to use HTTPS for secure browsing.\u003C\u002Fli>\n\u003Cli>Force all URLs to use WWW to ensure consistency in site access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>LLMs.txt Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically generate a structured LLMs.txt file in Markdown format.\u003C\u002Fli>\n\u003Cli>Include website title, description, posts, pages, and products (if WooCommerce is active).\u003C\u002Fli>\n\u003Cli>Keep the file updated when content changes or new content is published.\u003C\u002Fli>\n\u003Cli>Help AI-powered tools better understand and interact with your website content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hostinger Tools is the new version of the previous Hostinger plugin, offering an updated and enhanced experience.\u003Cbr \u002F>\nThe Onboarding assistant and the Learning section previously included in this plugin were moved to the separate plugin Hostinger Easy Onboarding.\u003C\u002Fp>\n","Simplified WordPress management. Manage site info, maintenance, security, & redirects.",3000000,17158936,66,"2026-04-08T12:10:00.000Z","5.5","8.1",[122,136,137,22,138],"https","maintenance","tools","https:\u002F\u002Fhostinger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostinger.3.0.65.zip",99,"2024-01-05 00:00:00",{"attackSurface":144,"codeSignals":167,"taintFlows":197,"riskAssessment":235,"analyzedAt":247},{"hooks":145,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":166,"entryPointCount":49,"unprotectedCount":13},[146,152,156],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","addHoudiniToManagementPage","houdini.php",426,{"type":147,"name":153,"callback":154,"file":150,"line":155},"wp_head","houdini_wp_head",427,{"type":147,"name":157,"callback":158,"file":150,"line":159},"wp_footer","houdini_wp_footer",428,[],[],[163],{"tag":4,"callback":164,"file":150,"line":165},"show_houdini_javascript",425,[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":182,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":196},[],{"prepared":170,"raw":171,"locations":172},16,3,[173,176,179],{"file":150,"line":174,"context":175},181,"$wpdb->query() with unsafe: $pageText",{"file":150,"line":177,"context":178},182,"$wpdb->query() with unsafe: $textSize",{"file":150,"line":180,"context":181},183,"$wpdb->query() with unsafe: $allPages",{"escaped":13,"rawEcho":183,"locations":184},5,[185,188,190,192,194],{"file":150,"line":186,"context":187},103,"raw output",{"file":150,"line":189,"context":187},118,{"file":150,"line":191,"context":187},210,{"file":150,"line":193,"context":187},219,{"file":150,"line":195,"context":187},228,[],[198,224],{"entryPoint":199,"graph":200,"unsanitizedCount":222,"severity":223},"displayHoudiniManagementPage (houdini.php:156)",{"nodes":201,"edges":218},[202,207,212,214],{"id":203,"type":204,"label":205,"file":150,"line":206},"n0","source","$_POST (x2)",168,{"id":208,"type":209,"label":210,"file":150,"line":174,"wp_function":211},"n1","sink","query() [SQLi]","query",{"id":213,"type":204,"label":205,"file":150,"line":206},"n2",{"id":215,"type":209,"label":216,"file":150,"line":191,"wp_function":217},"n3","echo() [XSS]","echo",[219,221],{"from":203,"to":208,"sanitized":220},false,{"from":213,"to":215,"sanitized":220},4,"high",{"entryPoint":225,"graph":226,"unsanitizedCount":222,"severity":223},"\u003Choudini> (houdini.php:0)",{"nodes":227,"edges":232},[228,229,230,231],{"id":203,"type":204,"label":205,"file":150,"line":206},{"id":208,"type":209,"label":210,"file":150,"line":174,"wp_function":211},{"id":213,"type":204,"label":205,"file":150,"line":206},{"id":215,"type":209,"label":216,"file":150,"line":191,"wp_function":217},[233,234],{"from":203,"to":208,"sanitized":220},{"from":213,"to":215,"sanitized":220},{"summary":236,"deductions":237},"The \"houdini\" plugin v1.4.3 presents a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a small attack surface with no unprotected entry points. The code also exhibits good practices regarding SQL queries, with a high percentage utilizing prepared statements. However, significant concerns arise from the static analysis results. A critical weakness is the complete lack of output escaping across all identified outputs, meaning any data processed and displayed by the plugin is potentially vulnerable to cross-site scripting (XSS) attacks. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for data leakage or manipulation. The absence of nonce checks and capability checks on its limited entry points, while not directly exploited by the identified taint flows, still represents a missed security control that could be leveraged in conjunction with other vulnerabilities.",[238,241,243,245],{"reason":239,"points":240},"All outputs are unescaped",15,{"reason":242,"points":119},"Two high severity unsanitized taint flows",{"reason":244,"points":183},"No nonce checks",{"reason":246,"points":183},"No capability checks","2026-04-16T11:38:51.089Z",{"wat":249,"direct":258},{"assetPaths":250,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[251,252],"\u002Fwp-content\u002Fplugins\u002Fhoudini\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fhoudini\u002Fjs\u002Fscript.js",[],[252],[256,257],"houdini\u002Fcss\u002Fstyle.css?ver=","houdini\u002Fjs\u002Fscript.js?ver=",{"cssClasses":259,"htmlComments":260,"htmlAttributes":261,"restEndpoints":262,"jsGlobals":263,"shortcodeOutput":266},[],[],[],[],[264,265],"getSelText","displayPage",[267],"[houdini]",{"error":269,"url":270,"statusCode":271,"statusMessage":272,"message":272},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhoudini\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":274},[]]