[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffA9t5CDQtVregvjQ_eTtNeUD-c17_v59KU8nZ3aWF_E":3,"$f9dvMXLr3UjiqyjFzqg8HkFMko7Qwhh62rNiojGOBJSw":341,"$fFYUyJwh0bopunp2kXorhjTmjfbvbtUj3J_MCEOYusKg":345},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":35,"analysis":144,"fingerprints":316},"htaccess-secure-files","Htaccess Secure Files","0.5","isaacchapman","https:\u002F\u002Fprofiles.wordpress.org\u002Fisaacchapman\u002F","\u003Cp>\u003Cstrong>The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled, and will automatically raise an error upon activation if this is not the case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or \u003Ca title=\"WordPress role or capbility\" href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">WordPress role or capability\u003C\u002Fa>. By using \u003Ca title=\".htaccess files\" href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHtaccess\" rel=\"nofollow ugc\">.htaccess files\u003C\u002Fa> to secure the content instead of a separate directory outside the web root, WordPress’s native media library functionality can be used to upload secure files and link to them from within the visual editor.\u003C\u002Fp>\n\u003Cp>By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several \u003Ca title=\"WordPress plugins\" href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsearch.php?q=roles+capabilities\" rel=\"ugc\">WordPress plugins\u003C\u002Fa> capable of creating and editing roles and capabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin works by creating a .htaccess files in the directory of each secured file. If you manually edit the .htaccess file and it becomes corrupt (a 500 Internal Server Error is the most likely symptom), I recommend deleting the .htaccess file and then edit and save each secured item in the media library.\u003C\u002Fp>\n","Allows securing files in WP's media library to be only accessible to users with specific roles, capabilities, or IP addresses.",10,6432,100,1,"2012-06-08T07:14:00.000Z","3.3.2","3.2.1","",[20,21,22],"htaccess","media","secure","http:\u002F\u002Fisaacchapman.com\u002Fwordpress-plugins\u002Fhtaccess-secure-files\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.5.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-05-20T09:28:49.337Z",[36,64,82,99,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":26,"last_vuln_date":62,"fetched_at":63},"prevent-file-access","Prevent files \u002F folders access","2.6.1","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction\" rel=\"nofollow ugc\">WordPress Prevent files\u002F folders\u003C\u002Fa> access provides the easiest way to protect WordPress files from public users so that your wordpress media library can be accessed only by \u003Cstrong>WordPress logged in\u003C\u002Fstrong> users or users with \u003Cstrong>specific roles\u002Fcapabilities\u003C\u002Fstrong>. Your \u003Cem>ebooks\u003C\u002Fem>, \u003Cem>pdfs\u003C\u002Fem>, \u003Cem>other important files\u003C\u002Fem>, etc., can be \u003Cstrong>protected from google indexing\u003C\u002Fstrong> so that data is protected from getting stolen. Control users access to media library, Control users access to the WordPress upload folder or sub folders, and restrict all the files published on your WordPress site.\u003C\u002Fp>\n\u003Cp>For restricted Content you can choose to redirect users to \u003Cstrong>403 forbidden page\u003C\u002Fstrong>, your \u003Cstrong>custom page\u003C\u002Fstrong>, \u003Cstrong>WordPress login page\u003C\u002Fstrong>, SSO login page (if you are using OAuth or SAML SSO).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No change required\u003C\u002Fstrong> or \u003Cstrong>no manual work\u003C\u002Fstrong> needed to create a private link to protect your wordpress media file. Our plugin takes care of your media library or via Media, Pages, or Posts.\u003C\u002Fp>\n\u003Cp>We support a level of security where you can choose either \u003Cem>\u003Cstrong>cookie-based\u003C\u002Fstrong>\u003C\u002Fem> restriction or \u003Cem>\u003Cstrong>session-based\u003C\u002Fstrong>\u003C\u002Fem> restriction.\u003Cbr \u002F>\nAlso, we support Apache and Nginx servers to prevent direct access to the WordPress media library and therefore protect the media library for public or restricted users.\u003C\u002Fp>\n\u003Cp>It prevents private download of the media files from public access and only the logged-in users or specific user roles can access and download the wordpress media files.\u003C\u002Fp>\n\u003Cp>We also support media\u002Ffiles\u002Ffolders Restriction based on NFT holding in the user crypto wallet. We support any level of customization according to your requirement.\u003C\u002Fp>\n\u003Ch3>File-Based Protection\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access is developed to allow you to protect wordpress media file in your customized way. It will prevent direct access from media library \u003Cstrong>based on their extension\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>You can protect file types below:\n\n* Images - Every type of image files can be protected. eg: jpeg, jpg, gif, png, bmp, webp, pfg, ico, psd, etc.\n* Videos - Every type of video files can be protected. eg: mp4, m4a, m4v, f4v, f4a, m4b, m4r, f4b, mov, 3gp, avi etc.\n* Documents - Every type of document files can be protected. eg: doc, docx, html, pdf, txt, ppt, xls, xlsx, pptx, odt.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Redirect\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access provides \u003Cstrong>redirect options\u003C\u002Fstrong>. This allow you to redirect the restricted users to any WordPress page of your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>403 forbidden page\u003C\u002Fstrong> \u003Cem>(DEFAULT)\u003C\u002Fem> – \u003Cem>Users will be shown 403 forbidden pages with a restricted access message.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display custom page\u003C\u002Fstrong> – \u003Cem>We can redirect users to any WordPress custom page when they try to access restricted files or folders.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress login\u003C\u002Fstrong> – \u003Cem>Users will be redirected to the WordPress default login page.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IDP login\u003C\u002Fstrong> – \u003Cem>Users will redirect to the selected IDP (SAML\u002FOAuth) login page and after IdP authentication they can see the restricted content.\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Private Directory\u002FProtected folder\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our plugin also gives you a \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Private Directory\u003C\u002Fa> where you can add files of all extension types and restrictions will be applied to all files inside the private directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Membership Based Media Restriction.\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folder allows you to secure media library and control wp-content\u002Fuploads access based on the membership purchased by the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Folder Based Protection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folders access allows you to protect your folders too, the \u003Cstrong>wp-content or uploads\u003C\u002Fstrong> folder where all the wordpress media files like images, videos, and document files are stored will also be protected.\u003C\u002Fli>\n\u003Cli>Users have the option to \u003Cstrong>protect a particular month’s media files or sub folder in uploads directory.\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Restriction\u003C\u002Fstrong> – A particular user can access only a particular folder. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Base folder access\u003C\u002Fstrong> – Uploads folder or subfolders can be restricted for public access and allowed folder access to users with specific role. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We support \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.learndash.com\u002F\" rel=\"nofollow ugc\">LearnDash\u003C\u002Fa>\u003C\u002Fstrong> and other LMS to restrict files and folders according to different groups and specific user roles.\u003C\u002Fp>\n\u003Cp>You can customize the restriction rules and use them as per your needs.\u003C\u002Fp>\n\u003Cp>This functionality operates at the server level, thus if the Apache server rules don’t work, or also the WP Engine, Siteground, and other servers like this run on an Nginx server, which requires the use of Nginx configuration rules. If you face any issues please email us at \u003Cem>info@xecurify.com\u003C\u002Fem> or \u003Cem>oauthsupport@xecurify.com\u003C\u002Fem>. We would recommend you to please ensure your PHP server and rules first which will work on your server before purchasing it or else \u003Cstrong>contact us we will help you to set up the plugin according to your requirements on your site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FREE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your wordpress media files, libraries and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Can restrict five standard extensions (.png, .jpg, .gif, .pdf, .doc).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: Can redirect non-logged-in users to any page of your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep selected files in a protected folder and they will be restricted from the public users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure the plugin on the Apache server easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PREMIUM VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect the non-logged-in users to any page of your WordPress site or to the WordPress login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to wordpress media library from non-logged-in users. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can store unlimited files in a private directory\u002Fprotected folder and they will be restricted from the public users and indexing on search engine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ENTERPRISE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restriction to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ALL INCLUSIVE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Management\u003C\u002Fstrong>: You can create custom folders and subfolders to organize your media library and control access of the created folders and subfolders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download Logs\u003C\u002Fstrong>: You can view logs for uploading, downloading, and deleting files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership Based Media Restriction\u003C\u002Fstrong>: Compatible with Paid Memberships Pro, ARMember Membership, WordPress Membership, and WooCommerce Subscriptions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DOCUMENTATION AND SUPPORT\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For documentation go to our \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you have any questions or want to request new features, contact us via email at \u003Ca href=\"mailto:oauthsupport@xecurify.com\" rel=\"nofollow ugc\">oauthsupport@xecurify.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent public access to WordPress files and folders. Protect downloads from public access, Role-based folder access, and User base folder access.",1000,35035,92,35,"2025-06-24T06:01:00.000Z","6.8.5","3.0.1","5.6",[53,54,55,56,57],"content-restriction","media-restriction","protect-uploads","protect-folders","secure-files","http:\u002F\u002Fminiorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-file-access.2.6.1.zip",97,2,"2025-08-06 00:00:00","2026-04-16T10:56:18.058Z",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":18,"tags":79,"homepage":18,"download_link":81,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":63},"add-watermark","Add Watermarks","2.0.2","Michael Zangl","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelzangl\u002F","\u003Cp>This plugin allows you to add a watermark images on all images that were uploaded in your wordpress. The watermark is generated on-the-fly and cached for faster access.\u003C\u002Fp>\n\u003Cp>To see the plugin in action, select “Add watermark to all images”, chose a watermark image and and submit the settings page. You should then see the watermark appearing on your site. You might need to reload the page (F5 in most browsers) to bypass the browser cache.\u003C\u002Fp>\n\u003Cp>The plugin does not change your source images. To disable all watermarks, simply disable the plugin, and everything is back to normal.\u003C\u002Fp>\n\u003Cp>If you encounter errors (especially syntax errors), check your PHP version. It should be at least 7.0. This plugin requires Apache and mod_rewrite.\u003C\u002Fp>\n","Adds watermarks to selected images without changing the original image.",40,11781,62,15,"2018-10-26T19:21:00.000Z","4.9.29","4.0.0",[20,21,80],"watermark","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-watermark.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":26,"num_ratings":26,"last_updated":91,"tested_up_to":77,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":97,"download_link":98,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":63},"undasecure","UndaSecure","1.2.16","asantosundanet","https:\u002F\u002Fprofiles.wordpress.org\u002Fasantosundanet\u002F","\u003Cp>This plugins adds markers in \u002F.htaccess and \u002Fwp-content\u002Fuploads\u002F.htaccess to secure against attacks and optimize Apache configurations for SEO propouses.\u003C\u002Fp>\n\u003Cp>Sets protection in ROOT\u002F.htaccess for wp-config.php, .htaccess, xmlrpc.php, wp-cron.php.\u003Cbr \u002F>\nSets block author scans in ROOT\u002F.htaccess.\u003C\u002Fp>\n\u003Cp>Sets GZIP\u002FDEFLATE in ROOT\u002F.htaccess.\u003Cbr \u002F>\nSets Header add Access-Control-Allow-Origin in ROOT\u002F.htaccess.\u003Cbr \u002F>\nSets ExpiresActive in ROOT\u002F.htaccess.\u003Cbr \u002F>\nSets Header unset Etag in ROOT\u002F.htaccess.\u003C\u002Fp>\n\u003Cp>Create or add to \u002Fwp-content\u002Fuploads\u002F.htaccess protection for files only.\u003C\u002Fp>\n\u003Cp>Removes files on each WP update to prevent exposing WP version number (readme.html, wp-config-sample.php, license.txt).\u003C\u002Fp>\n","Adds secure optimizations to .htaccess file",1385,"2018-04-06T07:59:00.000Z","4.0",[94,95,22,83,96],"htaccess-protection","optimization","uploads-folder-protection","https:\u002F\u002Fwww.undanet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fundasecure.1.2.16.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":26,"downloaded":107,"rating":26,"num_ratings":26,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":118,"download_link":119,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":63},"bba-secure-file-downloads","BBA Secure File Downloads","1.0.7","Jordan Alexander","https:\u002F\u002Fprofiles.wordpress.org\u002Fsofrustrate\u002F","\u003Cp>BBA Secure File Downloads lets you select files from the Media Library and generate a stable File ID for each file. Then you can place a download button anywhere using:\u003C\u002Fp>\n\u003Cp>[bbasfd_download id=”FILE_ID”]\u003C\u002Fp>\n\u003Cp>The download is served through a controlled endpoint instead of exposing the direct file URL.\u003C\u002Fp>\n\u003Cp>Looking for the PRO version?\u003Cbr \u002F>\nhttps:\u002F\u002Fbigbad.agency\u002Fportfolio\u002Fwordpress-plugins\u002Fsecure-file-downloads-for-wordpress\u002F\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Shortcode:\u003Cbr \u002F>\n* [bbasfd_download id=”FILE_ID”]\u003Cbr \u002F>\nOptional:\u003Cbr \u002F>\n* text=”Get the free plugin”\u003Cbr \u002F>\n* class=”my-css-class”\u003C\u002Fp>\n","Serve Media Library files through a controlled download endpoint, and place download buttons anywhere with a shortcode.",185,"2026-03-08T13:42:00.000Z","6.9.4","5.8","7.0",[113,114,115,116,117],"downloads","file-download","media-library","secure-download","shortcode","https:\u002F\u002Fbigbad.agency\u002Fportfolio\u002Fwordpress-plugins\u002Fsecure-file-downloads-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbba-secure-file-downloads.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":109,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":140,"download_link":141,"security_score":60,"vuln_count":142,"unpatched_count":26,"last_vuln_date":143,"fetched_at":63},"redirection","Redirection","5.7.5","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>Redirection is the most popular redirect manager for WordPress. With it you can easily manage 301 redirections, keep track of 404 errors, and generally tidy up any loose ends your site may have. This can help reduce errors and improve your site ranking.\u003C\u002Fp>\n\u003Cp>Redirection is designed to be used on sites with a few redirects to sites with thousands of redirects.\u003C\u002Fp>\n\u003Cp>It has been a WordPress plugin for over 10 years and has been recommended countless times. And it’s free!\u003C\u002Fp>\n\u003Cp>Full documentation can be found at \u003Ca href=\"https:\u002F\u002Fredirection.me\" rel=\"nofollow ugc\">https:\u002F\u002Fredirection.me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Redirection is compatible with PHP from 7.4 to 8.4.\u003C\u002Fp>\n\u003Ch4>Redirect manager\u003C\u002Fh4>\n\u003Cp>Create and manage redirects quickly and easily without needing Apache or Nginx knowledge. If your WordPress supports permalinks then you can use Redirection to redirect any URL.\u003C\u002Fp>\n\u003Cp>There is full support for regular expressions so you can create redirect patterns to match any number of URLs. You can match query parameters and even pass them through to the target URL.\u003C\u002Fp>\n\u003Cp>The plugin can also be configured to monitor when post or page permalinks are changed and automatically create a redirect to the new URL.\u003C\u002Fp>\n\u003Ch4>Conditional redirects\u003C\u002Fh4>\n\u003Cp>In addition to straightforward URL matching you can redirect based on other conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login status – redirect only if the user is logged in or logged out\u003C\u002Fli>\n\u003Cli>WordPress capability – redirect if the user is able to perform a certain capability\u003C\u002Fli>\n\u003Cli>Browser – redirect if the user is using a certain browser\u003C\u002Fli>\n\u003Cli>Referrer – redirect if the user visited the link from another page\u003C\u002Fli>\n\u003Cli>Cookies – redirect if a particular cookie is set\u003C\u002Fli>\n\u003Cli>HTTP headers – redirect based on a HTTP header\u003C\u002Fli>\n\u003Cli>Custom filter – redirect based on your own WordPress filter\u003C\u002Fli>\n\u003Cli>IP address – redirect if the client IP address matches\u003C\u002Fli>\n\u003Cli>Server – redirect another domain if also hosted on this server\u003C\u002Fli>\n\u003Cli>Page type – redirect if the current page is a 404\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Full logging\u003C\u002Fh4>\n\u003Cp>A configurable logging option allows to view all redirects occurring on your site, including information about the visitor, the browser used, and the referrer. A ‘hit’ count is maintained for each redirect so you can see if a URL is being used.\u003C\u002Fp>\n\u003Cp>Logs can be exported for external viewing, and can be searched and filtered for more detailed investigation.\u003C\u002Fp>\n\u003Cp>Display geographic information about an IP address, as well as a full user agent information, to try and understand who the visitor is.\u003C\u002Fp>\n\u003Cp>You are able to disable or reduce IP collection to meet the legal requirements of your geographic region, and can change the amount of information captured from the bare minimum to HTTP headers.\u003C\u002Fp>\n\u003Cp>You can also log any redirect happening on your site, including those performed outside of Redirection.\u003C\u002Fp>\n\u003Ch4>Add HTTP headers\u003C\u002Fh4>\n\u003Cp>HTTP headers can be added to redirects or your entire site that help reduce the impact of redirects or help increase security. You can also add your own custom headers.\u003C\u002Fp>\n\u003Ch4>Track 404 errors\u003C\u002Fh4>\n\u003Cp>Redirection will keep track of all 404 errors that occur on your site, allowing you to track down and fix problems.\u003C\u002Fp>\n\u003Cp>Errors can be grouped to show where you should focus your attention, and can be redirected in bulk.\u003C\u002Fp>\n\u003Ch4>Query parameter handling\u003C\u002Fh4>\n\u003Cp>You can match query parameters exactly, ignore them, and even pass them through to your target.\u003C\u002Fp>\n\u003Ch4>Migrate Permalinks\u003C\u002Fh4>\n\u003Cp>Changed your permalink structure? You can migrate old permalinks simply by entering the old permalink structure. Multiple migrations are supported.\u003C\u002Fp>\n\u003Ch4>Apache & Nginx support\u003C\u002Fh4>\n\u003Cp>By default Redirection will manage all redirects using WordPress. However you can configure it so redirects are automatically saved to a .htaccess file and handled by Apache itself.\u003C\u002Fp>\n\u003Cp>If you use Nginx then you can export redirects to an Nginx rewrite rules file.\u003C\u002Fp>\n\u003Ch4>Fine-grained permissions\u003C\u002Fh4>\n\u003Cp>Fine-grained permissions are available so you can customise the plugin for different users. This makes it particularly suitable for client sites where you may want to prevent certain actions, and remove functionality.\u003C\u002Fp>\n\u003Ch4>Import & Export\u003C\u002Fh4>\n\u003Cp>The plugin has a fully-featured import and export system and you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import and export to Apache .htaccess\u003C\u002Fli>\n\u003Cli>Export to Nginx rewrite rules\u003C\u002Fli>\n\u003Cli>Copy redirects between sites using JSON\u003C\u002Fli>\n\u003Cli>Import and export to CSV for viewing in a spreadsheet\u003C\u002Fli>\n\u003Cli>Use WP CLI to automate import and export\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also import from the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple 301 Redirects\u003C\u002Fli>\n\u003Cli>SEO Redirection\u003C\u002Fli>\n\u003Cli>Safe Redirect Manager\u003C\u002Fli>\n\u003Cli>Rank Math\u003C\u002Fli>\n\u003Cli>WordPress old slug redirects\u003C\u002Fli>\n\u003Cli>Quick Post\u002FPages redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Search Regex compatible\u003C\u002Fh4>\n\u003Cp>Redirection is compatible with \u003Ca href=\"https:\u002F\u002Fsearchregex.com\" rel=\"nofollow ugc\">Search Regex\u003C\u002Fa>, allowing you to bulk update your redirects.\u003C\u002Fp>\n\u003Ch4>Wait, it’s free?\u003C\u002Fh4>\n\u003Cp>Yes, it’s really free. There’s no premium version and no need to pay money to get access to features. This is a dedicated redirect management plugin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please submit bugs, patches, and feature requests to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjohngodley\u002Fredirection\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fjohngodley\u002Fredirection\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please submit translations to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fredirection\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fredirection\u003C\u002Fa>\u003C\u002Fp>\n","Manage 301 redirects, track 404 errors, and improve your site. No knowledge of Apache or Nginx required.",2000000,71778834,88,693,"2026-03-01T07:42:00.000Z","6.5","7.4",[136,137,138,20,139],"301","404","apache","redirect","https:\u002F\u002Fredirection.me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fredirection.5.7.5.zip",5,"2018-11-14 00:00:00",{"attackSurface":145,"codeSignals":190,"taintFlows":248,"riskAssessment":307,"analyzedAt":315},{"hooks":146,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":26,"unprotectedCount":26},[147,153,157,161,166,170,174,178,182],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","init","hsf_init","htaccess-secure-files.php",75,{"type":148,"name":154,"callback":155,"file":151,"line":156},"admin_menu","hsf_admin_menu",101,{"type":148,"name":158,"callback":159,"file":151,"line":160},"admin_head","hsf_admin_head",107,{"type":162,"name":163,"callback":164,"file":151,"line":165},"filter","manage_media_columns","hsf_manage_media_columns",363,{"type":162,"name":167,"callback":168,"priority":11,"file":151,"line":169},"manage_media_custom_column","hsf_manage_media_custom_column",381,{"type":162,"name":171,"callback":172,"priority":11,"file":151,"line":173},"attachment_fields_to_edit","hsf_attachment_fields_to_edit",394,{"type":162,"name":175,"callback":176,"priority":11,"file":151,"line":177},"attachment_fields_to_save","hsf_attachment_fields_to_save",417,{"type":148,"name":179,"callback":180,"file":151,"line":181},"delete_attachment","hsf_delete_attachment",429,{"type":148,"name":183,"callback":184,"file":151,"line":185},"admin_footer","hsf_admin_footer",678,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":194,"fileOperations":246,"externalRequests":26,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":247},[],{"prepared":14,"raw":26,"locations":193},[],{"escaped":26,"rawEcho":195,"locations":196},24,[197,201,203,205,207,209,211,213,215,217,218,220,222,224,226,228,230,232,234,236,238,240,242,244],{"file":198,"line":199,"context":200},"dl.php",79,"raw output",{"file":151,"line":202,"context":200},110,{"file":151,"line":204,"context":200},111,{"file":151,"line":206,"context":200},180,{"file":151,"line":208,"context":200},193,{"file":151,"line":210,"context":200},205,{"file":151,"line":212,"context":200},229,{"file":151,"line":214,"context":200},230,{"file":151,"line":216,"context":200},232,{"file":151,"line":216,"context":200},{"file":151,"line":219,"context":200},233,{"file":151,"line":221,"context":200},239,{"file":151,"line":223,"context":200},264,{"file":151,"line":225,"context":200},265,{"file":151,"line":227,"context":200},266,{"file":151,"line":229,"context":200},267,{"file":151,"line":231,"context":200},283,{"file":151,"line":233,"context":200},284,{"file":151,"line":235,"context":200},285,{"file":151,"line":237,"context":200},313,{"file":151,"line":239,"context":200},326,{"file":151,"line":241,"context":200},336,{"file":151,"line":243,"context":200},349,{"file":151,"line":245,"context":200},692,14,[],[249,275,296],{"entryPoint":250,"graph":251,"unsanitizedCount":273,"severity":274},"\u003Cdl> (dl.php:0)",{"nodes":252,"edges":269},[253,258,263,267],{"id":254,"type":255,"label":256,"file":198,"line":257},"n0","source","$_SERVER['REQUEST_URI']",74,{"id":259,"type":260,"label":261,"file":198,"line":257,"wp_function":262},"n1","sink","header() [Header Injection]","header",{"id":264,"type":255,"label":265,"file":198,"line":266},"n2","$_SERVER (x5)",89,{"id":268,"type":260,"label":261,"file":198,"line":46,"wp_function":262},"n3",[270,272],{"from":254,"to":259,"sanitized":271},false,{"from":264,"to":268,"sanitized":271},6,"medium",{"entryPoint":276,"graph":277,"unsanitizedCount":26,"severity":295},"hsf_admin_screen (htaccess-secure-files.php:115)",{"nodes":278,"edges":291},[279,282,286,288],{"id":254,"type":255,"label":280,"file":151,"line":281},"$_POST",163,{"id":259,"type":260,"label":283,"file":151,"line":284,"wp_function":285},"update_option() [Settings Manipulation]",165,"update_option",{"id":264,"type":255,"label":287,"file":151,"line":281},"$_POST (x2)",{"id":268,"type":260,"label":289,"file":151,"line":208,"wp_function":290},"echo() [XSS]","echo",[292,294],{"from":254,"to":259,"sanitized":293},true,{"from":264,"to":268,"sanitized":293},"low",{"entryPoint":297,"graph":298,"unsanitizedCount":26,"severity":295},"\u003Chtaccess-secure-files> (htaccess-secure-files.php:0)",{"nodes":299,"edges":304},[300,301,302,303],{"id":254,"type":255,"label":280,"file":151,"line":281},{"id":259,"type":260,"label":283,"file":151,"line":284,"wp_function":285},{"id":264,"type":255,"label":287,"file":151,"line":281},{"id":268,"type":260,"label":289,"file":151,"line":208,"wp_function":290},[305,306],{"from":254,"to":259,"sanitized":293},{"from":264,"to":268,"sanitized":293},{"summary":308,"deductions":309},"The 'htaccess-secure-files' v0.5 plugin exhibits a generally strong security posture with a negligible attack surface, demonstrating good development practices by avoiding direct exposure of AJAX handlers, REST API routes, and shortcodes. The complete absence of external HTTP requests further mitigates risk.  However, the static analysis reveals a significant concern: 0% of output is properly escaped, despite 24 output instances. This is a critical oversight that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is ever reflected in the output without proper sanitization.  The single taint flow with an unsanitized path also warrants attention, as it indicates a potential for directory traversal or other path manipulation vulnerabilities, though its severity is not quantified as high or critical. The plugin's vulnerability history is clean, suggesting a lack of past exploitable issues, which is positive.  Overall, while the plugin's architecture is secure against common web attacks targeting entry points, the critical lack of output escaping and the presence of an unsanitized path flow represent serious weaknesses that require immediate attention.",[310,313],{"reason":311,"points":312},"0% of outputs properly escaped",8,{"reason":314,"points":142},"Flows with unsanitized paths","2026-03-17T01:44:34.724Z",{"wat":317,"direct":326},{"assetPaths":318,"generatorPatterns":321,"scriptPaths":322,"versionParams":323},[319,320],"\u002Fwp-content\u002Fplugins\u002Fhtaccess-secure-files\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fhtaccess-secure-files\u002Fadmin.js",[],[320],[324,325],"htaccess-secure-files\u002Fadmin.css?ver=","htaccess-secure-files\u002Fadmin.js?ver=",{"cssClasses":327,"htmlComments":328,"htmlAttributes":332,"restEndpoints":334,"jsGlobals":335,"shortcodeOutput":340},[],[329,330,331],"#### DO NOT EDIT BELOW (Htaccess Secure Files plugin created content) ####","#### Start of Htaccess Secure Files plugin created entries ####","#### End of Htaccess Secure Files plugin created entries ####",[333],"data-hsf-saved",[],[336,337,338,339],"hsf_allowed_roles","hsf_allowed_capabilities","hsf_allowed_ips","hsf_denied_response",[],{"error":293,"url":342,"statusCode":343,"statusMessage":344,"message":344},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhtaccess-secure-files\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":142,"versions":346},[347,352,359,366,373],{"version":6,"download_url":24,"svn_tag_url":348,"released_at":27,"has_diff":271,"diff_files_changed":349,"diff_lines":27,"trac_diff_url":350,"vulnerabilities":351,"is_current":293},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhtaccess-secure-files\u002Ftags\u002F0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhtaccess-secure-files%2Ftags%2F0.4&new_path=%2Fhtaccess-secure-files%2Ftags%2F0.5",[],{"version":353,"download_url":354,"svn_tag_url":355,"released_at":27,"has_diff":271,"diff_files_changed":356,"diff_lines":27,"trac_diff_url":357,"vulnerabilities":358,"is_current":271},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhtaccess-secure-files\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhtaccess-secure-files%2Ftags%2F0.3&new_path=%2Fhtaccess-secure-files%2Ftags%2F0.4",[],{"version":360,"download_url":361,"svn_tag_url":362,"released_at":27,"has_diff":271,"diff_files_changed":363,"diff_lines":27,"trac_diff_url":364,"vulnerabilities":365,"is_current":271},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhtaccess-secure-files\u002Ftags\u002F0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhtaccess-secure-files%2Ftags%2F0.2&new_path=%2Fhtaccess-secure-files%2Ftags%2F0.3",[],{"version":367,"download_url":368,"svn_tag_url":369,"released_at":27,"has_diff":271,"diff_files_changed":370,"diff_lines":27,"trac_diff_url":371,"vulnerabilities":372,"is_current":271},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhtaccess-secure-files\u002Ftags\u002F0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhtaccess-secure-files%2Ftags%2F0.1&new_path=%2Fhtaccess-secure-files%2Ftags%2F0.2",[],{"version":374,"download_url":375,"svn_tag_url":376,"released_at":27,"has_diff":271,"diff_files_changed":377,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":378,"is_current":271},"0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-secure-files.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhtaccess-secure-files\u002Ftags\u002F0.1\u002F",[],[]]