[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD0E0__HCKXQYxfzov684xDgLFYNYfz5Wua-mih0lgsk":3,"$f7OXw4rP86iHLuyt9EhPA7lHZfp2rwHFvJeWIvaBR8ik":217,"$fQy2IjlkCRdMUhLppdyhWNBCFhwoVMJpeqUjw5-JumLo":221},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":204},"ip-guard","IP Guard","1.23.2","dynahsty","https:\u002F\u002Fprofiles.wordpress.org\u002Fdynahsty\u002F","\u003Cp>\u003Cstrong>IP Guard\u003C\u002Fstrong> is a robust plugin that provides functionality to lock WordPress registered user accounts based on the IP address limit set by the administrator.\u003C\u002Fp>\n\u003Cp>The plugin includes many features with a simple interface and uses the \u003Cem>wp_mail\u003C\u002Fem> function to send emails for notifications on locked and unlocked activities. This approach helps enhance security by monitoring and restricting access based on IP addresses, providing an additional layer of protection for user accounts.\u003C\u002Fp>\n\u003Cp>For example, if the administrator set allowed IP address for registered users should be 2, once a user reached the limit which is 2, the account gets automatically locked and display a error message on the login page. The admin can decide to manually unlock the account or the user can wait 7 days for an automatic unlock.\u003C\u002Fp>\n\u003Cp>Tested with:-\u003Cbr \u002F>\nLogin\u002FSignup Popup (Inline Form + Woocommerce) plugin..\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features of IP Guard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Locking mechanism that automatically locks accounts based on set IP address\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Automatically sends mail notifications for locked and unlocked activities\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A admin locked accounts page which displays locked accounts, username and a button for manual unlocking. Note – automatic unlock of user accounts is set to 7 days\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A admin logs page which displays the detected IP address, username and country\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A admin settings page for configuration of the plugin such as setting the maximum IP address allowed, body text for locked and unlocked emails, custom mail notification logo and copyright text\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A user statistics page which displays total number of registered users, administrators and locked accounts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Similar IP in pattern, structure or share the same first and second octets wont get locked\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Attributions\u003C\u002Fh3>\n\u003Cp>Thanks to the provider for the following services and REST APIs for free.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fipinfo.io\u002F (IPv4, IPv6 \u002F free)\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>IPGuard is an open-source project and welcomes all contributors from code to design, and implement new features. For more info \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fblock-editor\u002Fcontributors\u002F\" rel=\"nofollow ugc\">Contributor’s Handbook\u003C\u002Fa> for all the details on how you can help.\u003C\u002Fp>\n","IPGuard is a robust security plugin that empowers administrators to safeguard user accounts by implementing IP address-based lockdowns.",0,925,"2024-03-24T08:28:00.000Z","6.4.8","5.0","7.4",[18,19,20,21,22],"auth-security","block-ip","ip-secure","login-protect","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-guard.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,89,30,86,"2026-05-20T10:29:30.760Z",[37,60,79,97,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"security-hardener","Security Hardener","2.2.0","Marc Armengou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarc4\u002F","\u003Cp>\u003Cstrong>Security Hardener\u003C\u002Fstrong> applies WordPress security best practices based on the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fhardening\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration \u002F Security \u002F Hardening\u003C\u002Fa> documentation and widely accepted hardening measures. It uses WordPress core functions and follows best practices without modifying core files.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable file editor in WordPress admin\u003Cbr \u002F>\n* Optionally disable all file modifications (blocks updates – use with caution)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable XML-RPC completely (enabled by default)\u003Cbr \u002F>\n* Remove pingback methods when XML-RPC is enabled\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pingback Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable self-pingbacks\u003Cbr \u002F>\n* Remove X-Pingback header\u003Cbr \u002F>\n* Block incoming pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block \u003Ccode>\u002F?author=N\u003C\u002Fcode> queries (returns 404)\u003Cbr \u002F>\n* Secure REST API user endpoints (require authentication)\u003Cbr \u002F>\n* Remove users from XML sitemaps\u003Cbr \u002F>\n* Prevent canonical redirects that expose usernames\u003Cbr \u002F>\n* Optionally block author feed pages (\u003Ccode>\u002Fauthor\u002Fusername\u002Ffeed\u002F\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generic error messages (no username\u002Fpassword hints)\u003Cbr \u002F>\n* Login honeypot — silently blocks bots before any credential check\u003Cbr \u002F>\n* IP-based rate limiting with configurable thresholds\u003Cbr \u002F>\n* Security event logging (last 100 events)\u003Cbr \u002F>\n* Automatic blocking after failed attempts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> (clickjacking protection)\u003Cbr \u002F>\n* \u003Ccode>X-Content-Type-Options: nosniff\u003C\u002Fcode> (MIME sniffing protection)\u003Cbr \u002F>\n* \u003Ccode>Referrer-Policy: strict-origin-when-cross-origin\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>Permissions-Policy\u003C\u002Fcode> (restricts geolocation, microphone, camera)\u003Cbr \u002F>\n* Optional HSTS (HTTP Strict Transport Security) for HTTPS sites — max-age set to 1 year\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Hardening:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Hide WordPress version (meta generator tag and asset query strings)\u003Cbr \u002F>\n* Remove obsolete wp_head items (RSD, WLW manifest, shortlink, emoji scripts)\u003Cbr \u002F>\n* Security event logging system\u003Cbr \u002F>\n* Optionally disable Application Passwords for API authentication\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong> Always test security settings in a staging environment first. Some features may affect third-party integrations or plugins.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> This plugin does not send data to external services and does not create custom database tables. It stores plugin settings and a security event log in the WordPress options table, and uses transients for temporary login attempt tracking. All data is preserved on uninstall by default and only deleted if the “Delete all data on uninstall” option is explicitly enabled.\u003C\u002Fp>\n","Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.",200,990,"2026-04-02T19:24:00.000Z","6.9.4","6.9","8.2",[52,53,54,55,22],"brute-force","hardening","headers","login-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-hardener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.2.0.zip",100,"2026-04-16T10:56:18.058Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":11,"num_ratings":11,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"anti-brute-force-login-fraud-detector","Anti-Brute Force, Login Fraud Detector WordPress plugin","1.0.3","aispera31","https:\u002F\u002Fprofiles.wordpress.org\u002Faispera31\u002F","\u003Cp>Anti-Brute Force, Login Fraud Detector WordPress plugin is a security plugin that detects and blocks malicious IP addresses attempting to log into WordPress sites with real-time intelligence data from Criminal IP.\u003Cbr \u002F>\nHackers attempting brute-force attacks on WordPress sites do not use normal IP addresses. Rather, they use VPN, Proxy, Tor, Hosting IP, etc. to avoid tracking. Criminal IP is an IP address-based intelligence search engine platform that scans worldwide IP addresses daily and collects such malicious information.\u003Cbr \u002F>\nThe number of detectable login attempts varies depending on the plan being used by the connected Criminal IP account. Users of the Free membership plan can use up to 500 login IP detections per month for free.\u003C\u002Fp>\n\u003Ch4>Block Login IP Address Options\u003C\u002Fh4>\n\u003Cp>VPN IP – When attempting to log in using a VPN\u003Cbr \u002F>\nTor IP – When attempting to log in from a Tor browser\u003Cbr \u002F>\nProxy IP – When attempting to log in using Proxy\u003Cbr \u002F>\nHosting IP – When attempting to log in from the IP address of a hosting server\u003C\u002Fp>\n\u003Ch4>Additional Features\u003C\u002Fh4>\n\u003Cp>Whitelist: Specific IP addresses can be added to the whitelist to allow login.\u003Cbr \u002F>\nLogin Wait Time: Users who are eventually restricted from logging in can try again after the set login wait time.\u003Cbr \u002F>\nBlocked IP List: Allows you to view a list of all IP addresses subject to login restrictions. The items that may be seen are as follows.\u003Cbr \u002F>\nIP address\u003Cbr \u002F>\nGeographic Information (Country)\u003Cbr \u002F>\nReason for Login Restriction (Tor\u002FVPN\u002FProxy\u002FHosting)\u003Cbr \u002F>\nDetected Date and Time\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Cp>Installing the Criminal IP Anti-Brute Force, Login Fraud Detector plug-in is very simple.\u003Cbr \u002F>\n1. Go to the ‘Plugin’ menu on the WordPress dashboard.\u003Cbr \u002F>\n2. Search ‘Criminal IP’ or ‘Criminal IP Brute Force’ in the search window.\u003Cbr \u002F>\n3. Click the ‘Install and activate’ button.\u003Cbr \u002F>\n4. When the plugin is activated, an icon with the Criminal IP logo will be displayed on the WordPress dashboard sidebar. Click the icon to go to the dashboard and click the ‘Issue API Key’ button to go to Criminal IP.\u003Cbr \u002F>\n5. Create a Criminal IP account, log in, and create an API key in My Page.\u003Cbr \u002F>\n6. Copy and paste the issued API key into the ‘Criminal IP API key’ input column on the plugin settings tab.\u003Cbr \u002F>\n7. On the Settings tab, set the login limit target and login wait time. Click ‘Save Changes’ to finish setting up the plugin.\u003Cbr \u002F>\nPlease report any new features or bugs of the plugin through Criminal IP’s Customer Support. You can also contact support@aispera.com.\u003C\u002Fp>\n","Anti-Brute Force, Login Fraud Detector Wordpress plugin is a security plugin that detects and blocks malicious IP addresses attempting to log into Wor &hellip;",40,1684,"2023-10-20T09:40:00.000Z","6.3.8","5.7","5.6",[52,75,76,55,22],"brute-force-protection","limit-login","https:\u002F\u002Fcriminalip.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-brute-force-login-fraud-detector.1.0.3.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":68,"downloaded":87,"rating":58,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":73,"requires_php":16,"tags":91,"homepage":95,"download_link":96,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"traffic-jammer","Traffic Jammer","1.4.91","Carey","https:\u002F\u002Fprofiles.wordpress.org\u002Fslick2\u002F","\u003Cp>Prevent unwanted traffic incidents that might result in site outages and billing overages.  WordPress plugin that blocks IP and bots categorized as harmful, resulting in heavy server loads from frequently crawled pages, or utilized in vulnerability\u002Fsecurity breach scans.\u003C\u002Fp>\n\u003Ch3>Usage instructions for Integrating AbuseIPDb\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Obtain your free API key from AbuseIPDB (\u003Ca href=\"https:\u002F\u002Fwww.abuseipdb.com\" rel=\"nofollow ugc\">\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>Install and activate the plugin via your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Configure the plugin settings by adding your API key and setting threat thresholds.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Firewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Manually add an IP to be blocked\u003C\u002Fli>\n\u003Cli>Manually add Bots\u002FUser-Agents\u002FScrappers to prevent site visit\u003C\u002Fli>\n\u003Cli>Manually add an IP to be whitelisted on the login page\u003C\u002Fli>\n\u003Cli>Automatically block malicious traffic thru analysis on an hourly basis\u003C\u002Fli>\n\u003Cli>Automatically block excessive login attempts with configurable threshold\u003C\u002Fli>\n\u003Cli>Automatically block excessive visits from an incremented query that would bust the CDN cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP-CLI commands\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>Example\nwp jam block 127.0.0.10\nwp jam unblock 127.0.0.10\nwp jam topip\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fpantheon.io\" rel=\"nofollow ugc\">Pantheon.io\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Prevent traffic overages due to excessive visits from malicious traffic. The plugin can be used on sites hosted on \u003Ca href=\"https:\u002F\u002Fpantheon.io\" rel=\"nofollow ugc\">Pantheon.io\u003C\u002Fa> and no additional symlinks required.\u003C\u002Fp>\n\u003Ch4>Pantheon terminus command\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>terminus wp sitename.env -- jam block 127.0.0.1\nterminus wp sitename.env -- jam unblock 127.0.0.1\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Safeguard your site from malicious activity and unwanted visitors by effortlessly managing IP blocks through the dashboard or command line ingerface.",3829,1,"2025-10-19T19:43:00.000Z","6.8.5",[19,92,93,94,22],"bots","login","pantheon","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftraffic-jammer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-jammer.1.4.91.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":33,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":106,"tested_up_to":48,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":115,"download_link":116,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"block-ip-address-for-woocommerce","Block IP Address for WooCommerce","1.0.4","wpcraftnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcraftnet\u002F","\u003Cp>\u003Cstrong>Block IP Address for WooCommerce\u003C\u002Fstrong> is a powerful, lightweight, and easy-to-use plugin that allows you to \u003Cstrong>block IP addresses in WooCommerce\u003C\u002Fstrong> and protect your online store from spam, bots, and unwanted visitors.\u003C\u002Fp>\n\u003Cp>With this plugin, you can \u003Cstrong>restrict access to your WooCommerce shop, homepage, or specific product categories\u003C\u002Fstrong> using simple IP-based rules. When a visitor’s IP address matches a blocked entry, they are automatically redirected to a page of your choice.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for store owners who want to \u003Cstrong>block IP address in WooCommerce,\u003C\u002Fstrong> control user access, and improve website security without any complex configuration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Block IP Addresses?\u003C\u002Fstrong>\u003Cbr \u002F>\n– Easily block IP address in WooCommerce\u003Cbr \u002F>\n– Prevent spam, bots, and malicious traffic\u003Cbr \u002F>\n– Improve store security with IP-based restrictions\u003Cbr \u002F>\n– Control who can access your shop or categories\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Easily add & manage blocked IP addresses.\u003Cbr \u002F>\n– Define \u003Cstrong>block duration\u003C\u002Fstrong> using start and end dates.\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Shop Page.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Home Page.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Redirect blocked \u003Cstrong>IPs to Specific Category.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Lightweight and simple to configure.\u003Cbr \u002F>\n– No coding required.\u003Cbr \u002F>\n– Compatible with the latest WooCommerce and WordPress versions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why This Plugin Stands Out\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike complex security plugins, \u003Cstrong>Block IP Address for WooCommerce\u003C\u002Fstrong> focuses only on what you need — simple, fast, and effective IP blocking with flexible control.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect For\u003C\u002Fstrong>\u003Cbr \u002F>\n– Store owners who want to \u003Cstrong>block IP address in WooCommerce.\u003C\u002Fstrong>\u003Cbr \u002F>\n– Preventing fake traffic and spam users\u003Cbr \u002F>\n– Restricting access to specific users or regions\u003Cbr \u002F>\n– Temporarily blocking suspicious visitors\u003C\u002Fp>\n\u003Ch3>Contacts\u003C\u002Fh3>\n\u003Cp>If you need assistance, please visit our website at \u003Ca href=\"https:\u002F\u002Fwpcraft.net\" rel=\"nofollow ugc\">wpcraft.net\u003C\u002Fa> or contact our support team at \u003Ca href=\"info@wpcraft.net\" rel=\"nofollow ugc\">info@wpcraft.net\u003C\u002Fa>.\u003C\u002Fp>\n","Block IP Address for WooCommerce – Easily block IP address from accessing your WooCommerce shop, homepage, or specific product categories and redirect &hellip;",674,"2026-04-05T03:30:00.000Z","5.5","7.2",[110,111,112,113,114],"block-ip-address","ip-ban","ip-blocker","ip-restriction","woocommerce-security","https:\u002F\u002Fwpcraft.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-ip-address-for-woocommerce.1.0.4.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":58,"num_ratings":31,"last_updated":127,"tested_up_to":90,"requires_at_least":15,"requires_php":23,"tags":128,"homepage":23,"download_link":132,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":133},"botfirewall","BotFirewall | Stop Spam Bots & Secure Login","2.3.5","SafeWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fhallemmit3\u002F","\u003Cp>\u003Cstrong>BotFirewall\u003C\u002Fstrong> is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks. Using advanced JavaScript verification and encrypted cookies, BotFirewall ensures robust security without disrupting the experience of real users.\u003C\u002Fp>\n\u003Ch3>Why Do You Need BotFirewall?\u003C\u002Fh3>\n\u003Cp>In today’s internet landscape, bots make up a significant portion of web traffic, and many of them are malicious. They can attack your site, send spam, scrape content, or attempt to hack login pages like \u003Ccode>wp-login.php\u003C\u002Fcode>. BotFirewall addresses these threats by providing \u003Cstrong>smart and flexible protection\u003C\u002Fstrong> that:\u003Cbr \u002F>\n– \u003Cstrong>Blocks bots\u003C\u002Fstrong> with seamless JavaScript verification that most bots cannot pass.\u003Cbr \u002F>\n– \u003Cstrong>Secures key pages\u003C\u002Fstrong> like \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access.\u003Cbr \u002F>\n– \u003Cstrong>Uses encrypted cookies\u003C\u002Fstrong> to ensure only verified users gain access.\u003Cbr \u002F>\n– \u003Cstrong>Offers customizable settings\u003C\u002Fstrong> through an intuitive interface in the WordPress admin panel.\u003C\u002Fp>\n\u003Ch3>Key Features of BotFirewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: Ensures visitors can execute JavaScript, effectively filtering out most bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted Cookies\u003C\u002Fstrong>: Cookies are tied to IP and User-Agent for enhanced security against spoofing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Page Protection\u003C\u002Fstrong>: Enable or disable protection for \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> pages via settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist and Blacklist\u003C\u002Fstrong>: Configure lists of allowed bots (e.g., Googlebot) and IPs, and block known malicious IPs, including subnet support (e.g., 192.168.0.0\u002F24).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude URLs\u003C\u002Fstrong>: Specify URLs to bypass bot protection entirely (e.g., for APIs or specific pages).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Statistics\u003C\u002Fstrong>: Monitor bot activity with detailed stats – filter by time periods (Last 24 hours, Last Week, Last Month).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Logging\u003C\u002Fstrong>: Logs blocks and successful verifications with URL details, keeping data for the last 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowed Bots Tab\u003C\u002Fstrong>: Easily select known bots to allow without verification, with quick filters for bot types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Activity\u003C\u002Fstrong>: View the latest 10 logged sessions with details like IP, URL, and status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>: Optimized for minimal impact on site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all data, including logs and settings, upon deactivation and deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Page\u003C\u002Fstrong>: Tailor the text (title, description, countdown), CSS styling, and logo of the verification page to match your site’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Support\u003C\u002Fstrong>: Get assistance directly through Live Chat in the Support tab for quick resolution of issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How Does BotFirewall Work?\u003C\u002Fh3>\n\u003Cp>BotFirewall employs a multi-layered protection system:\u003Cbr \u002F>\n1. \u003Cstrong>Cookie Check\u003C\u002Fstrong>: If a visitor has a valid cookie, they bypass additional checks.\u003Cbr \u002F>\n2. \u003Cstrong>Whitelist\u003C\u002Fstrong>: Known “good” bots (e.g., search engine crawlers) are automatically allowed.\u003Cbr \u002F>\n3. \u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: If no cookie is present, the visitor is redirected to a verification page where they must execute a JavaScript request. Bots unable to run JavaScript are blocked.\u003Cbr \u002F>\n4. \u003Cstrong>Login Page Protection\u003C\u002Fstrong>: Optionally protect \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> to prevent brute-force attacks.\u003Cbr \u002F>\n5. \u003Cstrong>Post-Verification Redirect\u003C\u002Fstrong>: After successful verification, the user is redirected to their original page, and a cookie is set for future visits.\u003C\u002Fp>\n\u003Ch3>Why BotFirewall is a Must-Have for Your Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Spam and DDoS Protection\u003C\u002Fstrong>: Effectively blocks bots that attempt to spam or overload your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Security\u003C\u002Fstrong>: Safeguards \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access and brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexibility\u003C\u002Fstrong>: Customize protection with whitelists, blacklists, cookie lifetime settings, and verification page styling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparency\u003C\u002Fstrong>: Detailed statistics and logs let you monitor bot activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ease of Use\u003C\u002Fstrong>: A user-friendly interface in the WordPress admin panel makes configuration a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Look\u003C\u002Fstrong>: Customize the verification page with your own text, styles, logo, and a modern font (Roboto) for a polished appearance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable Support\u003C\u002Fstrong>: Access our support team via Live Chat for help with any technical or security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BotFirewall is an \u003Cstrong>essential tool\u003C\u002Fstrong> for WordPress site owners who want to protect their content, users, and server from malicious bots. Install BotFirewall today and secure your site with confidence!\u003C\u002Fp>\n","BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks.",20,738,"2025-06-05T14:29:00.000Z",[129,130,131,55,22],"anti-bot","bot-protection","firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfirewall.2.3.5.zip","2026-03-15T15:16:48.613Z",{"attackSurface":135,"codeSignals":152,"taintFlows":160,"riskAssessment":200,"analyzedAt":203},{"hooks":136,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":11,"unprotectedCount":11},[137,143],{"type":138,"name":139,"callback":140,"priority":125,"file":141,"line":142},"filter","authenticate","ip_guard_authenticate","ip-guard.php",23,{"type":144,"name":145,"callback":146,"file":141,"line":147},"action","admin_menu","ip_guard_admin_menu",247,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":11,"externalRequests":88,"nonceChecks":88,"capabilityChecks":88,"bundledLibraries":159},[],{"prepared":88,"raw":11,"locations":155},[],{"escaped":157,"rawEcho":11,"locations":158},82,[],[],[161,189],{"entryPoint":162,"graph":163,"unsanitizedCount":11,"severity":188},"ip_guard_settings_page_content (ip-guard.php:563)",{"nodes":164,"edges":184},[165,170,176,179],{"id":166,"type":167,"label":168,"file":141,"line":169},"n0","source","$_POST (x6)",569,{"id":171,"type":172,"label":173,"file":141,"line":174,"wp_function":175},"n1","sink","update_option() [Settings Manipulation]",570,"update_option",{"id":177,"type":167,"label":178,"file":141,"line":169},"n2","$_POST (x3)",{"id":180,"type":172,"label":181,"file":141,"line":182,"wp_function":183},"n3","echo() [XSS]",609,"echo",[185,187],{"from":166,"to":171,"sanitized":186},true,{"from":177,"to":180,"sanitized":186},"low",{"entryPoint":190,"graph":191,"unsanitizedCount":11,"severity":188},"\u003Cip-guard> (ip-guard.php:0)",{"nodes":192,"edges":197},[193,194,195,196],{"id":166,"type":167,"label":168,"file":141,"line":169},{"id":171,"type":172,"label":173,"file":141,"line":174,"wp_function":175},{"id":177,"type":167,"label":178,"file":141,"line":169},{"id":180,"type":172,"label":181,"file":141,"line":182,"wp_function":183},[198,199],{"from":166,"to":171,"sanitized":186},{"from":177,"to":180,"sanitized":186},{"summary":201,"deductions":202},"Based on the static analysis, the 'ip-guard' plugin v1.23.2 exhibits a very strong security posture. The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a minimal attack surface. The code also demonstrates excellent practices by utilizing prepared statements for all SQL queries, properly escaping all output, and including nonce and capability checks for the single recorded external HTTP request. The lack of file operations further reduces potential vulnerabilities. The taint analysis shows no flows with unsanitized paths, reinforcing the impression of secure coding.\n\nFurthermore, the vulnerability history is entirely clean, with zero known CVEs recorded. This suggests a history of secure development and maintenance for this plugin. While the plugin appears robust, the presence of a single external HTTP request, though protected by nonce and capability checks, remains a potential, albeit minor, point of interest. However, the overall picture is one of a highly secure plugin with no immediate critical or high risks identified in the provided data.",[],"2026-04-16T13:33:03.851Z",{"wat":205,"direct":210},{"assetPaths":206,"generatorPatterns":207,"scriptPaths":208,"versionParams":209},[],[],[],[],{"cssClasses":211,"htmlComments":212,"htmlAttributes":213,"restEndpoints":214,"jsGlobals":215,"shortcodeOutput":216},[],[],[],[],[],[],{"error":186,"url":218,"statusCode":219,"statusMessage":220,"message":220},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fip-guard\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":222,"versions":223},4,[224,232,239,246],{"version":225,"download_url":226,"svn_tag_url":227,"released_at":26,"has_diff":228,"diff_files_changed":229,"diff_lines":26,"trac_diff_url":230,"vulnerabilities":231,"is_current":228},"v1.23.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-guard.v1.23.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fip-guard\u002Ftags\u002Fv1.23.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fip-guard%2Ftags%2Fv1.23.1&new_path=%2Fip-guard%2Ftags%2Fv1.23.2",[],{"version":233,"download_url":234,"svn_tag_url":235,"released_at":26,"has_diff":228,"diff_files_changed":236,"diff_lines":26,"trac_diff_url":237,"vulnerabilities":238,"is_current":228},"v1.23.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-guard.v1.23.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fip-guard\u002Ftags\u002Fv1.23.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fip-guard%2Ftags%2Fv1.23&new_path=%2Fip-guard%2Ftags%2Fv1.23.1",[],{"version":240,"download_url":241,"svn_tag_url":242,"released_at":26,"has_diff":228,"diff_files_changed":243,"diff_lines":26,"trac_diff_url":244,"vulnerabilities":245,"is_current":228},"v1.23","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-guard.v1.23.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fip-guard\u002Ftags\u002Fv1.23\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fip-guard%2Ftags%2Fv1.22&new_path=%2Fip-guard%2Ftags%2Fv1.23",[],{"version":247,"download_url":248,"svn_tag_url":249,"released_at":26,"has_diff":228,"diff_files_changed":250,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":251,"is_current":228},"v1.22","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-guard.v1.22.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fip-guard\u002Ftags\u002Fv1.22\u002F",[],[]]