[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpFu2esk-8Jk06bJ1p4yMljnpLjj7ZhqX4lCJsone330":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":133,"fingerprints":231},"htaccess-site-access-control",".htaccess Site Access Control","1.0","Miina Sikk","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiinasikk\u002F","\u003Cp>Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.\u003C\u002Fp>\n\u003Cp>When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he\u002Fshe inserts the username\u002Fpassword. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.\u003C\u002Fp>\n\u003Cp>Free plugin options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enabling\u002Fdisabling the password protection to wp-login.php, WordPress admin pages. Note that you’ll be asked to re-type the .htaccess username\u002Fpassword you created before enabling any of the settings – to ensure that you wouldn’t enable the password protection without even knowing the password yourself!\u003C\u002Fli>\n\u003Cli>Modifying the existing users: you can change any .htaccess user’s password and remove the users.\u003C\u002Fli>\n\u003Cli>Adding one .htaccess user.   \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Premium plugin options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create\u002Fmodify an unlimited number of .htaccess users;\u003C\u002Fli>\n\u003Cli>Protect your whole site, making it accessible to only those who have the .htaccess user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any other suggestions, please let us know! You can contact us via http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-htaccess-site-access-control\u002F\u003C\u002Fp>\n\u003Cp>For more information and support, check out: http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-htaccess-site-access-control\u002F\u003C\u002Fp>\n","Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it's also an easy  …",800,9428,80,3,"2016-05-11T14:32:00.000Z","4.4.34","3.0.1","",[20,21,22,23,24],"htaccess","htpasswd","securing","security","wpsos","http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-htaccess-site-access-control\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-site-access-control.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"miinasikk",9,8050,30,84,"2026-04-05T02:31:52.560Z",[40,61,74,96,117],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"zotya-htaccess-protect","htaccess protect","0.7.0","zoltanlaczko","https:\u002F\u002Fprofiles.wordpress.org\u002Fzoltanlaczko\u002F","\u003Cp>Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.\u003C\u002Fp>\n\u003Cp>When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he\u002Fshe inserts the username\u002Fpassword. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.\u003C\u002Fp>\n\u003Cp>The plugin options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enabling\u002Fdisabling the password protection to wp-login.php, WordPress admin pages.\u003C\u002Fli>\n\u003Cli>Modifying the existing users: you can change any .htaccess user’s password and remove the users.\u003C\u002Fli>\n\u003Cli>Create\u002Fmodify an unlimited number of .htaccess users;\u003C\u002Fli>\n\u003Cli>Protect your whole site, making it accessible to only those who have the .htaccess user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is originally was based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtaccess-site-access-control\u002F\" rel=\"ugc\">.htaccess Site Access Control\u003C\u002Fa>. That plugin was working fine but it was abandoned for years and not compatible with the latest WordPress. Most part of the plugin were refactored and translated.\u003C\u002Fp>\n","htaccess protect - Protect your wordpress login or admin pages with password.",900,10716,74,6,"2022-01-23T19:01:00.000Z","5.9.13","5.0","5.6",[20,21,57,58,23],"protect","protection","https:\u002F\u002Fgithub.com\u002Fzoltanlaczko\u002Fwp-htaccess-protect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzotya-htaccess-protect.0.7.0.zip",{"slug":62,"name":63,"version":6,"author":7,"author_profile":8,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":28,"num_ratings":28,"last_updated":68,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":69,"homepage":72,"download_link":73,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"square-bracket-hack-prevention","Square Bracket Hack Prevention","\u003Cp>The Square Bracket Hack Prevention plugin prevents a simple but very common exploit of WordPress, by adding in a .htaccess rule upon activation preventing hackers from adding a “[” to the URL.\u003C\u002Fp>\n\u003Cp>A common attempt at a WPSOS exploit is to add a “[” to a URL, which can often break a site and expose an ability to inject code. This plugin stops it by banning all attempts at adding a “[” to the URL. It does so via adding code to the .htaccess file.\u003C\u002Fp>\n\u003Cp>Additionally, upon the uninstallation of the plugin, the line is removed. And if the .htaccess file is not editable, then the admin user is warned.\u003C\u002Fp>\n\u003Cp>If you have any suggestions let us know via http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-square-bracket-hack-prevention\u002F\u003C\u002Fp>\n\u003Cp>For more information and support, check out: http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-square-bracket-hack-prevention\u002F\u003C\u002Fp>\n","The Square Bracket Hack Prevention plugin prevents hackers from adding a \"[\" to the URL.",10,1761,"2016-02-05T23:16:00.000Z",[70,20,71,23,24],"hack","redirect","http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-square-bracket-hack-prevention\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsquare-bracket-hack-prevention.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":94,"download_link":95,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-safely-disable-directory-browsing","WP safely disable directory browsing","0.1","Maurisource","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaurisource\u002F","\u003Cp>This essential .htaccess rules plugin allow you to improve security of your wordpress blog.\u003C\u002Fp>\n\u003Cp>More info:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>More info on \u003Ca href=\"http:\u002F\u002Fwww.maurisource.com\u002Fblog\u002Fwp-safely-disable-directory-browsing\u002F\" rel=\"nofollow ugc\">WP safely disable directory browsing\u003C\u002Fa>, with info on how to configure it.\u003C\u002Fli>\n\u003Cli>Special Thanks to \u003Ca href=\"http:\u002F\u002Fwww.maurisource.com\u002F\" rel=\"nofollow ugc\">Agence web Montreal\u003C\u002Fa> for support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Changelog\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>first release\u003C\u002Fli>\n\u003C\u002Ful>\n","This essential .htaccess rules plugin allow you to improve security of your wordpress blog.",300,5850,82,8,"2012-10-05T18:03:00.000Z","2.9.2","2.6",[90,20,91,92,93],"directory-browsing","web-performance-optimization","wordpress-security","wp-content","http:\u002F\u002Fwww.maurisource.com\u002Fblog\u002Fwp-safely-disable-directory-browsing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-safely-disable-directory-browsing.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"sar-one-click-security","SAR One Click Security","1.3","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>There’s a lot of WordPress security plugins with many many options and pages to setup. And that is fine if you know what to do.\u003Cbr \u002F>\nBut most of the times, you don’t need so much or simply you’re not sure about what to set or not.\u003C\u002Fp>\n\u003Cp>This plugin adds some extra security to your WordPress with only one click. \u003Cstrong>No options page, just activate it!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Like many other security plugins SAR One Click Security adds well known .htaccess rules, but only the ones probed to be safe to use in almost any type of site (including WooCommerce stores), to protect your WordPress from common attacks. This allows you to have a safer WordPress without worries about what protection you should be using.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turn off ServerSignature directive, that may leak information about your web server.\u003C\u002Fli>\n\u003Cli>Turn off directory listing, avoiding bad configured hostings to leak your files.\u003C\u002Fli>\n\u003Cli>Blocks public access (from web) to following files that may leak information about your WordPress install: .htaccess, license.txt, readme.html, wp-config.php, wp-config-sample.php, install.php\u003C\u002Fli>\n\u003Cli>Blocks access to wp-login.php to dummy bots trying to register in WordPress sites that have registration disabled.\u003C\u002Fli>\n\u003Cli>Blocks requests looking for timthumb.php, reducing server load caused by bots trying to find it. (*)\u003C\u002Fli>\n\u003Cli>Blocks TRACE and TRACK request methods, preventing XST attacks.\u003C\u002Fli>\n\u003Cli>Blocks direct posting to wp-comments-post.php (most spammers do this) and access with blank User Agent, reducing spam comments a lot and also server load.\u003C\u002Fli>\n\u003Cli>Blocks direct access to PHP files in wp-content directory (this includes subdirectories like plugins or themes). Protecting you from a huge number of 0day exploits.\u003C\u002Fli>\n\u003Cli>Blocks direct POST to wp-login.php and access with blank User Agent, preventing most brute-force attacks and reducing server load.\u003C\u002Fli>\n\u003Cli>Blocks access to .txt files under any plugin\u002Ftheme directory to prevent scans for installed plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>Blocks any query string trying to get a copy of the wp-config.php file.\u003C\u002Fli>\n\u003Cli>Blocks gf_page=upload query string argument, this was deprecated in Gravity Forms on May 2015, if your copy of Gravity Forms still uses it, update now!\u003C\u002Fli>\n\u003Cli>Removes version information from page headers. This includes not only the page header (html or xhtml) but also feed headers (rss, rss2, atom, rdf) and opml comments. Only the version number is removed, not the entire generator information.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*) If your theme uses TimThumb, you can disable that blocking rule, check FAQ before installing the plugin to see how.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.9.2 or higher. (Works with WordPress network\u002Fmultisite installation).\u003C\u002Fli>\n\u003Cli>Apache 2.4.x web server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has been tested in many servers including large providers like HostGator, Godaddy and 1&1 with optimal results, and it will work fine in any decent hosting service (that allows you to set options from .htaccess files).\u003C\u002Fp>\n\u003Cp>Anyway, if you get any problem after activating the plugin, check FAQ for instructions on how to manually uninstall it.\u003C\u002Fp>\n\u003Cp>If you’re not sure of which server is your hosting company using or if they allow to use custom .htaccess rules, I would recommend you to contact with your host support \u003Cstrong>before\u003C\u002Fstrong> installing the plugin.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To apply above mentioned security rules simply install and activate the plugin, no options page, no user setup!\u003C\u002Fp>\n\u003Cp>If you need to remove the security rules for some reason, simply deactivate the plugin. If you want to add them again, activate the plugin again, that easy 😉\u003C\u002Fp>\n\u003Cp>And remember, \u003Cstrong>if your theme uses TimThumb, check FAQ before installing the plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n","Adds some extra security to your WordPress with only one click.",200,13616,100,7,"2025-03-03T20:53:00.000Z","6.7.5","3.9.2",[112,113,20,58,23],"firewall","hardening","http:\u002F\u002Fwww.samuelaguilera.com\u002Farchivo\u002Fprotege-wordpress-facilmente.xhtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsar-one-click-security.1.3.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":28,"num_ratings":28,"last_updated":127,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":128,"homepage":131,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-super-secure-and-fast-htaccess","WP Super Secure and Fast htaccess","1.0.0","Andrea Pernici","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreapernici\u002F","\u003Cp>This essential .htaccess rules plugin allow you to improve security and speed of your wordpress blog.\u003C\u002Fp>\n\u003Cp>More info:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>More info on \u003Ca href=\"http:\u002F\u002Fwww.andreapernici.com\u002Fwordpress\u002Fwp-super-secure-and-fast-htaccess\u002F\" rel=\"nofollow ugc\">WP Super Secure and Fast htaccess\u003C\u002Fa>, with info on how to configure it.\u003C\u002Fli>\n\u003Cli>Check out the other \u003Ca href=\"http:\u002F\u002Fwww.andreapernici.com\u002Fwordpress\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa> by the same author, and read his blog: \u003Ca href=\"http:\u002F\u002Fwww.andreapernici.com\" rel=\"nofollow ugc\">Andrea\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Special Thanks to \u003Ca href=\"http:\u002F\u002Fwww.salserocafe.com\u002F\" rel=\"nofollow ugc\">Salserocafe Article Marketing\u003C\u002Fa> for support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Changelog\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>first release\u003C\u002Fli>\n\u003C\u002Ful>\n","This essential .htaccess rules plugin allow you to improve security and speed of your wordpress blog.",40,5789,"2010-02-11T09:09:00.000Z",[20,129,130,91,92],"page-caching","page-expire-headers","http:\u002F\u002Fwww.andreapernici.com\u002Fwordpress\u002Fwp-super-secure-and-fast-htaccess\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-super-secure-and-fast-htaccess.1.0.0.zip",{"attackSurface":134,"codeSignals":156,"taintFlows":192,"riskAssessment":219,"analyzedAt":230},{"hooks":135,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":28,"unprotectedCount":28},[136,142,147],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_enqueue_scripts","register_plugin_scripts","htaccess-site-access-control.php",28,{"type":137,"name":143,"callback":144,"file":145,"line":146},"admin_menu","wpsos_hp_add_settings_menu","settings-page.php",39,{"type":148,"name":149,"callback":150,"priority":66,"file":145,"line":151},"filter","plugin_row_meta","wpsos_hp_set_plugin_meta",193,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":166,"outputEscaping":168,"fileOperations":85,"externalRequests":28,"nonceChecks":190,"capabilityChecks":190,"bundledLibraries":191},[158,163],{"fn":159,"file":160,"line":161,"context":162},"unserialize","class.htaccess.php",304,"$options = unserialize( get_option( 'wpsos_hp_options' ) );",{"fn":159,"file":145,"line":164,"context":165},73,"\u003C?php $options = unserialize( get_option( 'wpsos_hp_options' ) ); ?>",{"prepared":28,"raw":28,"locations":167},[],{"escaped":169,"rawEcho":34,"locations":170},1,[171,174,176,178,180,182,184,186,188],{"file":145,"line":172,"context":173},55,"raw output",{"file":145,"line":175,"context":173},56,{"file":145,"line":177,"context":173},57,{"file":145,"line":179,"context":173},63,{"file":145,"line":181,"context":173},69,{"file":145,"line":183,"context":173},133,{"file":145,"line":185,"context":173},137,{"file":145,"line":187,"context":173},144,{"file":145,"line":189,"context":173},153,4,[],[193,210],{"entryPoint":194,"graph":195,"unsanitizedCount":14,"severity":209},"wpsos_hp_display_settings_page (settings-page.php:44)",{"nodes":196,"edges":206},[197,201],{"id":198,"type":199,"label":200,"file":145,"line":181},"n0","source","$_SERVER['REQUEST_URI'] (x3)",{"id":202,"type":203,"label":204,"file":145,"line":181,"wp_function":205},"n1","sink","echo() [XSS]","echo",[207],{"from":198,"to":202,"sanitized":208},false,"medium",{"entryPoint":211,"graph":212,"unsanitizedCount":14,"severity":218},"\u003Csettings-page> (settings-page.php:0)",{"nodes":213,"edges":216},[214,215],{"id":198,"type":199,"label":200,"file":145,"line":181},{"id":202,"type":203,"label":204,"file":145,"line":181,"wp_function":205},[217],{"from":198,"to":202,"sanitized":208},"low",{"summary":220,"deductions":221},"The plugin \"htaccess-site-access-control\" v1.0 exhibits a mixed security posture. On the positive side, it demonstrates adherence to several good security practices. There are no known vulnerabilities (CVEs) associated with this plugin, and its vulnerability history is clean, suggesting a generally stable codebase.  Furthermore, all SQL queries utilize prepared statements, and the plugin implements nonce and capability checks, indicating an awareness of fundamental WordPress security mechanisms.  It also avoids external HTTP requests and bundled libraries.\n\nHowever, significant concerns arise from the static analysis. The presence of the `unserialize` function, a known source of deserialization vulnerabilities, is a critical red flag, especially when coupled with the taint analysis revealing two flows with unsanitized paths. This combination strongly suggests a potential for remote code execution or other serious security compromises if user-controlled data is not strictly validated before being passed to `unserialize`. The low percentage of properly escaped output (10%) also indicates a risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data displayed on the frontend may not be sufficiently sanitized.\n\nIn conclusion, while the plugin's lack of external dependencies, clean vulnerability history, and proper SQL usage are strengths, the identified use of `unserialize` with unsanitized data flows and insufficient output escaping present substantial security risks. The absence of a larger attack surface or known CVEs might mask underlying issues that could be exploited through these specific weaknesses.  Recommendation for immediate review and remediation of `unserialize` usage and output escaping is strongly advised.",[222,225,227],{"reason":223,"points":224},"Use of unserialize with unsanitized paths",15,{"reason":226,"points":51},"Low percentage of properly escaped output",{"reason":228,"points":229},"Dangerous function detected: unserialize",5,"2026-03-16T19:20:03.973Z",{"wat":232,"direct":239},{"assetPaths":233,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[234],"\u002Fwp-content\u002Fplugins\u002Fhtaccess-site-access-control\u002Fjs\u002Fscript.js",[],[234],[238],"htaccess-site-access-control\u002Fjs\u002Fscript.js?ver=",{"cssClasses":240,"htmlComments":241,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":246},[],[242],"WPSOS htaccess plugin",[],[],[],[]]