[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f38tnsgMMwvS1uW9sklpyVezxvvA3POM-1WPzAIAhQ5M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":133,"fingerprints":188},"identity-plus","Identityplus","2.4.3","Stefan Harsan Farr","https:\u002F\u002Fprofiles.wordpress.org\u002Fshfarr\u002F","\u003Cp>Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally 3) factor authentication and TLS level authentication making your site more secure than ever. Additionally it enables site owners to collaborate in defending against criminality by allowing them to send feedback on certificates and their oweners. With Identityplus, when a spam is reported, we are not only preventing the same spam being posted anywhere else, we are effectively preventing the spammer sending any other kind of spam, anywhere else. Keep on reading for a brief intro into this powerful technology.\u003C\u002Fp>\n\u003Ch4>Log In, Before A Login Page\u003C\u002Fh4>\n\u003Cp>Why Identityplus Is Better Than Any 2 Factor Authentication …\u003C\u002Fp>\n\u003Cp>Whenever you deal with application level login, whether it’s one factor, two factor or any factor for that matter, you need a login page. This page must load before it gets the chance to see who is visiting, which is why Worpress has a protection against repeated login attempts. This can stop bots, to a certain degree, but if you happen to have an application vulnerability that can be used by a hacker to bypass login, whether you forgot to updated your WordPress or something totally out of your control like zero day vulnerability in PHP, your blog is toast, regardless of how many factors of authentications you have.\u003Cbr \u002F>\nIdentityplus uses TLS level authentication, which means the visiting device is authenticated before the login page loads. If the proper PKI credentials are not presented by the device, the page will never, ever load. The visitor is simply directed away from the sensitive page and hence is unable to perform any kind of attack, be that brute force, credential theft or zero day for that matter. No login page, no problem …\u003C\u002Fp>\n\u003Ch4>A VPN Into Your Admin Panel\u003C\u002Fh4>\n\u003Cp>Make Your Admin Panel Accessible Only From Your Computers …\u003C\u002Fp>\n\u003Cp>Having a PKI indenity in your browser is a powreful thing. Because the server expects that identity to be there, it does not only limit access by the user, it also limits access based on computer. As such, your admin panel becomes literally inaccessible from any other computer in the world. To access your admin panel, a hacker must steal your computer and access it from there.\u003C\u002Fp>\n\u003Ch4>SSO Like Never Before\u003C\u002Fh4>\n\u003Cp>Simpler, Faster, More Secure. Sign In Without Having To Do Anyting …\u003C\u002Fp>\n\u003Cp>Once you start using Identityplus, you will see you are hardly asked to do anything, you’ll just notice you are logged in. Don’t get scared, you are logged in because your computer is certified and it’s being identified before you would have the chance to do anything. But since you also logged in with your password or your fingerprint into the device you are using (laptop \u002F mobile phone), you are actually performing 2 factor authentication without even noticing it. You will occasionally notice however, as your certificate becomes idle, that you are being asked for your Identityplus PIN. That’s actually the third factor authentication, all in one solution\u003C\u002Fp>\n\u003Ch4>A Network Of Trust\u003C\u002Fh4>\n\u003Cp>Reward Good Deeds And Block The Spammer, Not The Only Spam …\u003C\u002Fp>\n\u003Cp>When devices wear an impossible to forge identity, something amazing happens: if you restrict access to your comment section to devices with Identityplus certificates, whever you approve a comment, you are sending tokens of trust to the owner of that certificate telling Identityplus that you trust the owner. Now other blogs can trust him too, and he is steadily building a profile that defferentiates him from any malicius bot. Conversely, when you mark a comment as spam, you’ll be telling Identityplus that this is a malicious entity, and we block the certificate making sure the device can’t be used to post spam again. Now we are no longer only stopping spam, we are collectively working on stopping the spammer.\u003C\u002Fp>\n\u003Ch4>Enjoy 10 Connected Users For Free\u003C\u002Fh4>\n\u003Cp>Free Certificates, Free API Up To 10 Connected Users, Unlimited Validations For Free …\u003C\u002Fp>\n\u003Cp>A connected user is a user that can be signed in automatically via Identityplus into a service using Identityplus. If that service is your personal blog, you probably don’t have more than 10 users who regularly sign into the administrative section of your WordPress installation. If that’s the case, you will never have to pay for Identityplus. Visitors that comment with Identityplus accounts that are not connected to local accounts do not count. For this reason the plugin will only connect administrator accouns by default. If you need log more than 10 users into your back-end, you’ll need a business account, the cost of which scales with the number of your active users. Check our the pricing section for details.\u003C\u002Fp>\n\u003Ch3>2.4.3\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 6.1.1\u003C\u002Fp>\n\u003Ch3>2.4.2\u003C\u002Fh3>\n\u003Cp>Minor bug fixes and tested with WordPress 6.0\u003C\u002Fp>\n\u003Ch3>2.4.1\u003C\u002Fh3>\n\u003Cp>Minor bug fixes\u003C\u002Fp>\n\u003Ch3>2.4\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.7\u003C\u002Fp>\n\u003Ch3>2.3\u003C\u002Fh3>\n\u003Cp>Minor update and tested with WordPress 5.5\u003C\u002Fp>\n\u003Ch3>2.2\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.3.2\u003C\u002Fp>\n\u003Ch3>2.1\u003C\u002Fh3>\n\u003Cp>We’ve replaced the necessity to validate the domain with an uploaded file with an automatic callback to achieve even less friction when you install the plug in.\u003C\u002Fp>\n\u003Ch3>2.0\u003C\u002Fh3>\n\u003Cp>This is a major update. We recommend deactivating the “Enforce Identity + Device Certificate” flag for safety during certificate update.\u003C\u002Fp>\n\u003Cp>Added automatic & one click API certificate renewal. This grately improves user experience for maitaining the Identity Plus plugin and prevents accidental certificate expiration, which may cause service outage.\u003Cbr \u002F>\nIntegrated the new service installation proces via automated wizard. It is no longer needed for the user to log into identity plus account and issue certificate before installation. Using the mobile application, or registered device, you can now onboard the service, issue the certificate and activate identity plus in one short flow.\u003Cbr \u002F>\nWe’ve also moved the certificate storage from file to the database for enhanced security.\u003C\u002Fp>\n\u003Ch3>1.6.4\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.3\u003C\u002Fh3>\n\u003Cp>Moved the legacy certificate validation endpoint from https:\u002F\u002Fget.identity.plus to https:\u002F\u002Fsignon.identity.plus. The get endpoint will now exclussively handle the certificate issuing and installation process.\u003C\u002Fp>\n\u003Cp>If you encounter problems while using legacy redirect and you land on get. subdomain, simply click the “back to single sign on” link to return to original flow. Please update your plugin to avoid this behavior. Sorry for the inconvenience.\u003C\u002Fp>\n\u003Ch3>1.6.2\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.1\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6\u003C\u002Fh3>\n\u003Cp>Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.\u003C\u002Fp>\n\u003Ch4>1.5\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.8.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.4 beta\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.1.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.2 beta\u003C\u002Fh4>\n\u003Cp>Corrected WordPress coding practice issues and fixing\u003C\u002Fp>\n\u003Ch4>1.1 beta\u003C\u002Fh4>\n\u003Cp>We’ve restricted automatic login for pages that are filtered so that bots would not be bothered by the presence of the plugin.\u003C\u002Fp>\n\u003Ch4>1.0 beta\u003C\u002Fh4>\n\u003Cp>Version 1.0 beta is the first version of the Identityplus plugin, and it contains the minimum set of functionality and configuration options. Nevertheless, it will give your site an incredible security boost and at the same time it will improve user experience. Please take a moment to familiarize yourself with the core concepts so that you can take maximum advantage of this powerful security technology.\u003C\u002Fp>\n","Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally &hellip;",10,2025,0,"2023-01-03T20:32:00.000Z","6.1.10","3.9","",[19,20,21,22,23],"2factor","authentication","comments","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fidentity-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidentity-plus.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"shfarr",1,30,84,"2026-04-04T15:18:13.277Z",[37,63,83,100,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":28},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","6.9.4","5.6","7.4",[54,55,56,22,57],"antispam","brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",98,3,"2024-07-11 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":81,"download_link":82,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"comment-form-csrf-protection","Comment Form CSRF Protection","1.4","Ayesh Karunaratne","https:\u002F\u002Fprofiles.wordpress.org\u002Fayeshrajans\u002F","\u003Cp>WordPress has a 12-year-old unfixed security vulnerability that it does not properly validate incoming comments.\u003C\u002Fp>\n\u003Cp>An attacker can trick both anonymous and logged-in users to post comments on a victim site without them realizing, while using their own credentials.\u003C\u002Fp>\n\u003Cp>See this issue for more information: https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F10931\u003C\u002Fp>\n\u003Cp>This is a tiny (fewer than 40 effect lines of code) module that adds a secure token to the comment form and validate it before accepting any comment, thus making your comment forms secure as they should\\’ve been for all these years!\u003C\u002Fp>\n\u003Cp>It provides no UI – just install it, and you are all set!\u003C\u002Fp>\n\u003Col>\n\u003Cli>This plugin adds a secret cryptographically-secure token to the comment form. This is a unique value and is computationally impractical to guess it.\u003C\u002Fli>\n\u003Cli>Upon comment submission, the comment is rejected if the secret tokens are not present or computationally invalid.\u003C\u002Fli>\n\u003C\u002Fol>\n","Prevent Cross-Site Request Forgery attacks on your comments form.",500,15435,100,2,"2023-07-23T12:59:00.000Z","6.3.8","4.2","7.1",[21,80,22,23],"csrf","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-form-csrf-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-form-csrf-protection.1.4.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":73,"num_ratings":32,"last_updated":93,"tested_up_to":50,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":98,"download_link":99,"security_score":73,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"spam-comment-remover","Spam Comment Remover","4.0","Sahil Dadwal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahildadwal\u002F","\u003Cp>Spam Comment Remover is a lightweight, zero-setup WordPress plugin that automatically stops spam comments and silently removes them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal spam detection engine  \u003C\u002Fli>\n\u003Cli>Blocks hidden links, disguised URLs, BBCode, anchor tags  \u003C\u002Fli>\n\u003Cli>Blocks gibberish, AI-generated text patterns, random strings  \u003C\u002Fli>\n\u003Cli>Auto-deletes \u003Cem>pending\u003C\u002Fem> and \u003Cem>spam\u003C\u002Fem> comments after activation  \u003C\u002Fli>\n\u003Cli>Keeps admin-approved comments safe  \u003C\u002Fli>\n\u003Cli>No conflict with any plugin or theme  \u003C\u002Fli>\n\u003Cli>Removes “Website” field from the comment form  \u003C\u002Fli>\n\u003Cli>Fully automated system — no settings required  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for bloggers, businesses, portfolio sites, and WooCommerce stores.\u003C\u002Fp>\n","Automatically remove spam comments without Akismet. Universal spam detection that blocks junk, hidden links, fake names, gibberish, and automated subm &hellip;",70,1464,"2025-12-08T18:11:00.000Z","5.0","8.0",[38,97,21,22,23],"cleaner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspam-comment-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-comment-remover.4.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":13,"num_ratings":13,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":17,"tags":113,"homepage":116,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"html-purified","HTML Purified","0.7","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>HTML Purified replaces the default WordPress comments filters with HTML Purifier, a super HTML filtering\u003Cbr \u002F>\nlibrary.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will\u003Cbr \u002F>\n  not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet\u003Cbr \u002F>\n  permissive whitelist, it will also make sure your documents are standards compliant, something\u003Cbr \u002F>\n  only achievable with a comprehensive knowledge of W3C’s specifications.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>An additional feature of HTML Purifier is that it will produce valid well-formed XHTML code, something\u003Cbr \u002F>\nwhich KSES does not do.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configurable KSES or HTML Purifier\u003C\u002Fli>\n\u003Cli>Configurable list of HTML elements and attributes for both KSES and HTML purifier\u003C\u002Fli>\n\u003Cli>Additionally process comments with HTML Tidy\u003C\u002Fli>\n\u003Cli>URL blacklist\u003C\u002Fli>\n\u003Cli>Fully localized (and awaiting translations)\u003C\u002Fli>\n\u003Cli>Automatically escape PHP or anything inside backticks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>HTML Purifier is available in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Spanish, thanks to José Cuesta\u003C\u002Fli>\n\u003Cli>Belorussian, thanks to Marcis Gasuns\u003C\u002Fli>\n\u003Cli>Russian, thanks to Ilyuha\u003C\u002Fli>\n\u003Cli>Uzbekistan, thanks to Alexandra Bolshova\u003C\u002Fli>\n\u003Cli>Dutch, thanks to Pieter\u003C\u002Fli>\n\u003Cli>German, thanks to Andreas Beraz\u003C\u002Fli>\n\u003Cli>Polish, thanks to Kasia Ciszewski & Dawid Śpiechowicz\u003C\u002Fli>\n\u003Cli>Romanian, thanks to Alina @ InboxTranslations.com\u003C\u002Fli>\n\u003Cli>Lithuanian, thanks to Nata Strazda\u003C\u002Fli>\n\u003Cli>Ukranian, thanks to Iflexion Design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation can be found on the \u003Ca href=\"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fhtml-purified\u002F\" rel=\"nofollow ugc\">HTML Purified\u003C\u002Fa> page.\u003C\u002Fp>\n","HTML Purified replaces the default comments filters with the more secure HTML Purifier.",50,17846,"2012-05-05T14:28:00.000Z","3.3.2","2.9",[21,22,23,114,115],"xhtml","xss","http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fhtml-purified\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-purified.0.8.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":50,"requires_at_least":94,"requires_php":52,"tags":129,"homepage":131,"download_link":132,"security_score":73,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"ghosttrap","GhostTrap","1.0.3","LaughterOnWater","https:\u002F\u002Fprofiles.wordpress.org\u002Flaughteronwater\u002F","\u003Cp>\u003Cstrong>GhostTrap\u003C\u002Fstrong> provides sophisticated invisible spam protection using a comprehensive 5-layer detection system. Legitimate users comment normally while automated spam is silently blocked through advanced timing analysis, cryptographic validation, and behavioral detection.\u003C\u002Fp>\n\u003Ch4>5-Layer Protection System\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Timing Analysis\u003C\u002Fstrong> – Detects submissions too fast for human interaction\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cryptographic Signatures\u003C\u002Fstrong> – Prevents replay attacks and form manipulation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Year Validation\u003C\u002Fstrong> – JavaScript-enhanced field verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript Detection\u003C\u002Fstrong> – Ensures legitimate browser interaction\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Fields\u003C\u002Fstrong> – Multiple hidden traps catch automated bots\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Professional Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Admin Interface\u003C\u002Fstrong> – Professional statistics dashboard with custom branding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Statistics\u003C\u002Fstrong> – Track protection effectiveness with detailed blocking metrics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Timing\u003C\u002Fstrong> – Adjust detection sensitivity from 5-300 seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress 6.4+ Compatible\u003C\u002Fstrong> – Full support for block themes and FSE\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bar Integration\u003C\u002Fstrong> – Quick spam statistics for administrators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Screen Options Control\u003C\u002Fstrong> – User-configurable interface elements\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Zero User Friction\u003C\u002Fh4>\n\u003Cp>All protection operates invisibly – no captcha, no puzzles, no delays. Users with JavaScript enabled see normal comment forms, while those with disabled JavaScript get simple year validation. Protection effectiveness remains high in both scenarios.\u003C\u002Fp>\n\u003Ch4>Performance Optimized\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight JavaScript\u003C\u002Fstrong> – Only 2KB, loads exclusively on comment pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Script Loading\u003C\u002Fstrong> – Conditional loading based on comment form presence\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimal Database Impact\u003C\u002Fstrong> – Efficient storage with optional spam archiving\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Compatibility\u003C\u002Fstrong> – Works across all modern browsers with graceful degradation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>GDPR Compliant\u003C\u002Fh4>\n\u003Cp>No external services, no tracking, no personal data collection beyond standard WordPress comment processing. All spam detection happens locally on your server.\u003C\u002Fp>\n\u003Ch4>Attribution\u003C\u002Fh4>\n\u003Cp>Built upon the original Anti-spam plugin foundation by webvitaly, with comprehensive modernization, enhanced detection layers, and professional admin interface for current WordPress compatibility.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>GhostTrap operates with privacy-first design principles:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>No External Services\u003C\u002Fstrong> – All spam detection processing occurs on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Personal Data Collection\u003C\u002Fstrong> – Uses only standard WordPress comment data for protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Tracking or Analytics\u003C\u002Fstrong> – Zero data sharing with third parties or external systems\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Fully Compliant\u003C\u002Fstrong> – Minimal data processing with transparent, local-only operation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Spam Storage\u003C\u002Fstrong> – Blocked comments stored locally only if explicitly enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Configuration\u003C\u002Fh3>\n\u003Ch4>Timing Threshold Recommendations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>High Security Sites:\u003C\u002Fstrong> 10-15 seconds (stricter protection)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>General Purpose Sites:\u003C\u002Fstrong> 15-20 seconds (balanced protection)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility-Focused Sites:\u003C\u002Fstrong> 25-30 seconds (accommodates slower interaction)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reading-Heavy Sites:\u003C\u002Fstrong> 30+ seconds (allows time for content review)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Admin Interface Customization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Admin Bar Statistics\u003C\u002Fstrong> – Toggle spam counter visibility in admin bar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Screen Options\u003C\u002Fstrong> – Control information panel display on comments page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard Integration\u003C\u002Fstrong> – Spam statistics in “At a Glance” widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contextual Help\u003C\u002Fstrong> – Comprehensive protection information in WordPress help system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Technical Requirements\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Server Environment:\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress 5.0 or higher\u003Cbr \u002F>\n* PHP 7.4 or higher\u003Cbr \u002F>\n* Standard WordPress hosting with wp_options table access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Browser Support:\u003C\u002Fstrong>\u003Cbr \u002F>\n* All modern browsers (Chrome, Firefox, Safari, Edge)\u003Cbr \u002F>\n* Internet Explorer 11+ with graceful degradation\u003Cbr \u002F>\n* Mobile browsers with full functionality\u003Cbr \u002F>\n* JavaScript-disabled browsers with fallback protection\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Specifications:\u003C\u002Fstrong>\u003Cbr \u002F>\n* JavaScript payload: ~2KB minified and compressed\u003Cbr \u002F>\n* Database impact: Single option row with minimal queries\u003Cbr \u002F>\n* Server processing: Sub-millisecond detection analysis\u003Cbr \u002F>\n* Memory usage: Negligible footprint during comment processing\u003C\u002Fp>\n","Advanced 5-layer invisible spam protection for comments. No captcha, no user friction - professional spam blocking.",20,272,"2026-02-08T16:30:00.000Z",[54,21,130,22,23],"protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fghosttrap\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fghosttrap.1.0.3.zip",{"attackSurface":134,"codeSignals":176,"taintFlows":183,"riskAssessment":184,"analyzedAt":187},{"hooks":135,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":13,"unprotectedCount":13},[136,142,146,150,154,159,163,168],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","plugins_loaded","identity_plus_initialize","identity-plus.php",41,{"type":137,"name":143,"callback":144,"priority":73,"file":140,"line":145},"wp_footer","identity_plus_add_footer",42,{"type":137,"name":147,"callback":148,"priority":73,"file":140,"line":149},"admin_footer","identity_plus_add_admin_footer",43,{"type":137,"name":151,"callback":152,"priority":11,"file":140,"line":153},"transition_comment_status","identity_plus_comment_callback",44,{"type":137,"name":155,"callback":156,"priority":157,"file":140,"line":158},"wp_insert_comment","identity_plus_comment_inserted",99,45,{"type":137,"name":160,"callback":161,"file":140,"line":162},"wp_logout","identity_plus_log_out",46,{"type":164,"name":165,"callback":166,"file":140,"line":167},"filter","comment_form_defaults","identity_plus_comment_text",48,{"type":164,"name":169,"callback":170,"file":140,"line":171},"preprocess_comment","identity_plus_required_to_comment",49,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":182},[],{"prepared":13,"raw":13,"locations":179},[],{"escaped":13,"rawEcho":13,"locations":181},[],[],[],{"summary":185,"deductions":186},"The static analysis of \"identity-plus\" v2.4.3 reveals a plugin with a seemingly robust security posture based on the provided metrics. There are no identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks. Furthermore, the code signals indicate a lack of dangerous functions, all SQL queries utilize prepared statements, and all output is properly escaped. The absence of file operations, external HTTP requests, and the explicit mention of zero nonce and capability checks are positive indicators, suggesting that the core development practices are security-conscious.  The taint analysis also reports zero flows with unsanitized paths, reinforcing the impression of well-sanitized code. The plugin's vulnerability history is clean, with no recorded CVEs, which further bolsters confidence in its security.  However, the complete absence of AJAX handlers, REST API routes, shortcodes, and cron events, along with zero nonce and capability checks, while appearing safe on the surface, is unusual for a plugin that likely needs to interact with WordPress in some way. This could indicate that the plugin has a very limited functionality or that the static analysis might have missed certain interaction points. The lack of recorded vulnerabilities is a strong positive, but it's important to remember that no plugin is inherently \"unhackable.\" The current data suggests a strong defensive approach by the developers, but the absence of certain typical interaction points warrants a cautious interpretation of the overall risk.",[],"2026-03-17T00:32:43.310Z",{"wat":189,"direct":198},{"assetPaths":190,"generatorPatterns":193,"scriptPaths":194,"versionParams":195},[191,192],"\u002Fwp-content\u002Fplugins\u002Fidentity-plus\u002Flib\u002Fjs\u002Fidentity_plus.js","\u002Fwp-content\u002Fplugins\u002Fidentity-plus\u002Flib\u002Fcss\u002Fidentity_plus.css",[],[191],[196,197],"identity-plus\u002Flib\u002Fjs\u002Fidentity_plus.js?ver=","identity-plus\u002Flib\u002Fcss\u002Fidentity_plus.css?ver=",{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":204},[],[],[],[],[],[]]