[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOud7ZwfSQQEhsU80ZIup3IgeUpOAbbSmi6g7GZzl2vk":3,"$fKKaKdoJfMS0Ec80q9IHqIFg8UvArrj2lZ9N2pKKKns8":217,"$f5r1AEwraRmKX0YVHkvKOP7j7r1YfclO8m0NLcSa2ad4":222},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":151,"fingerprints":204},"last-modified-and-if-modified-since-headers","Last-Modified and If-Modified-Since Headers","1.0","zubovd","https:\u002F\u002Fprofiles.wordpress.org\u002Fzubovd\u002F","\u003Cp>This plugin adds the ‘Last-Modified’ header to each post and returns the ‘304 Not Modified’ header to the client without a body in the response if he sent the ‘If-Modified-Since’ header and the post has not changed since that date.\u003C\u002Fp>\n","Add Last-Modified anв support If-Modified-Since Headers",200,2524,100,2,"2021-07-20T14:31:00.000Z","5.7.15","5.2.4","",[20,21,22],"headers","if-modified-since","last-modified","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-modified-and-if-modified-since-headers.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-05-19T21:20:35.715Z",[36,56,79,106,128],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":25,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":53,"download_link":54,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":55},"lh-add-headers","LH Add Headers","1.04","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>A \u003Ccode>304 Not Modified HTTP Header\u003C\u002Fcode> tells your visitors that nothing has changed since their last visit. This is important as without this header visitors may be downloading your webpages from scratch each time, slowing down their experience and your site.\u003C\u002Fp>\n\u003Cp>Generally if you do not pass \u003Ccode>304 Not Modified HTTP Header\u003C\u002Fcode> through your HTTP header, crawlers will fetch your whole website and then compare the content of your site with the already indexed content to check whether anything new has been updated on your website or not. But this process consumes a lot of your server resource and bandwidth.\u003C\u002Fp>\n\u003Cp>You can know more about it \u003Ca href=\"http:\u002F\u002Fwww.feedthebot.com\u002Fifmodified.html\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Before reading any further\u003C\u002Fh4>\n\u003Cp>Before reading any further it is important to understand this plugin uses output buffering, in fact the Etag sent by this plugin is a hash of the sites buffered content. If your site uses server side caching this plugin may break the caching functionality. Therefore I suggest that you please \u003Cstrong>make sure\u003C\u002Fstrong> you have studied the FAQ, before installation and activation.\u003C\u002Fp>\n","Adds the ETag, Last-Modified, and if appropriate 304 headers to HTTP responses generated by WordPress for more efficient caching.",10,2393,"2017-05-02T02:44:00.000Z","4.8.28","3.1.0",[50,51,52,20,22],"cache-control","caching","expires","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-add-headers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-add-headers.zip","2026-04-06T09:54:40.288Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":77,"download_link":78,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.3.2","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Ch4>Free Forever\u003C\u002Fh4>\n\u003Cp>Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n\u003Ch4>Shield — Advanced Features (Optional)\u003C\u002Fh4>\n\u003Cp>Every feature this plugin offers today is and will remain completely free, forever. \u003Cstrong>Shield\u003C\u002Fstrong> is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Advisor\u003C\u002Fstrong> — Analyzes your configuration and gives personalized recommendations in plain language\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Guide\u003C\u002Fstrong> — Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Score Dashboard\u003C\u002Fstrong> — Real-time A+ to F grade with header status for all 10 security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email & Webhook Alerts\u003C\u002Fstrong> — Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Violation Analytics\u003C\u002Fstrong> — See which resources browsers are blocking and why\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weekly Automated Scans\u003C\u002Fstrong> — Automatic security audit with scan history and trend tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at \u003Ca href=\"https:\u002F\u002Fopenheaders.org\u002Fpro\" rel=\"nofollow ugc\">openheaders.org\u002Fpro\u003C\u002Fa>.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1376883,98,78,"2026-03-16T14:46:00.000Z","6.9.4","4.7","7.4",[73,74,20,75,76],"clickjacking","csp","headers-security","hsts","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.3.2.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":104,"last_vuln_date":105,"fetched_at":55},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,718486,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[96,97,98,80,99],"cors-headers","csp-header","custom-headers","security-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",29,7,3,"2026-04-21 19:13:19",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":87,"downloaded":114,"rating":89,"num_ratings":115,"last_updated":116,"tested_up_to":69,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":126,"vuln_count":104,"unpatched_count":25,"last_vuln_date":127,"fetched_at":27},"wp-hide-security-enhancer","WP Hide & Security Enhancer","2.8.3","nsp-code","https:\u002F\u002Fprofiles.wordpress.org\u002Fnsp-code\u002F","\u003Cp>Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.\u003C\u002Fp>\n\u003Cp>By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.\u003C\u002Fp>\n\u003Cp>WP-Hide has launched the \u003Cstrong>easiest way to completely hide your WordPress\u003C\u002Fstrong> core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No file and directory change!\u003C\u002Fstrong>\u003Cbr \u002F>\nNo file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real hide of WordPress core files and plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin not only allows you to change default URLs of you WordPress, but it also hides\u002Fblocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.\u003C\u002Fp>\n\u003Cp>You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPJstAU34SlQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Full plugin documentation available at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>When testing with WordPress theme and plugins detector services\u002Fsites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.\u003C\u002Fp>\n\u003Cp>Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.\u003Cbr \u002F>\nStatistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.\u003Cbr \u002F>\nOver 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking bots attacks useless.\u003C\u002Fp>\n\u003Cp>It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.\u003C\u002Fp>\n\u003Cp>Once configured, you need to \u003Cstrong>clear server cache data and\u002For any cache plugins\u003C\u002Fstrong> (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample usage\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F192011678\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main plugin functionality:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customizes Admin URL\u003C\u002Fli>\n\u003Cli>Blocks default admin URL\u003C\u002Fli>\n\u003Cli>Blocks any direct folder access to completely hide the structure\u003C\u002Fli>\n\u003Cli>Customize wp-login.php filename\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Email Verification Code\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Authenticator App\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Recovery Codes\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Shortcode for front-side user settings interface\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – My Account > Account Details – area for 2FA user settings interface\u003C\u002Fli>\n\u003Cli>Google Captcha \u003C\u002Fli>\n\u003Cli>Blocks default wp-login.php\u003C\u002Fli>\n\u003Cli>Blocks default wp-signup.php\u003C\u002Fli>\n\u003Cli>Blocks XML-RPC API\u003C\u002Fli>\n\u003Cli>Creates New XML-RPC paths\u003C\u002Fli>\n\u003Cli>Adjusts theme URL\u003C\u002Fli>\n\u003Cli>Creates New child Theme URL\u003C\u002Fli>\n\u003Cli>Changes theme style file name\u003C\u002Fli>\n\u003Cli>Cleans any headers for theme style file\u003C\u002Fli>\n\u003Cli>Customizes wp-include \u003C\u002Fli>\n\u003Cli>Blocks default wp-include paths\u003C\u002Fli>\n\u003Cli>Blocks default wp-content\u003C\u002Fli>\n\u003Cli>Customizes plugins URL\u003C\u002Fli>\n\u003Cli>Changes Individual plugin URL \u003C\u002Fli>\n\u003Cli>Blocks default plugins paths\u003C\u002Fli>\n\u003Cli>Creates New upload URL\u003C\u002Fli>\n\u003Cli>Blocks default upload URL\u003C\u002Fli>\n\u003Cli>Removes WordPress version\u003C\u002Fli>\n\u003Cli>Blocks Meta Generator\u003C\u002Fli>\n\u003Cli>Disables the emoji and required javascript code\u003C\u002Fli>\n\u003Cli>Removes pingback tag\u003C\u002Fli>\n\u003Cli>Removes wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Removes rsd_link Meta\u003C\u002Fli>\n\u003Cli>Removes wpemoji\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Minifies Html, Css, JavaScript\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Security Headers\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other plugin functionality will be blocked or interfered in any way by WP-Hide\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows to change the default Admin URL from \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>wp-admin\u003C\u002Fstrong> to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all \u003Cstrong>blocked URL\u003C\u002Fstrong> functionalities, without revealing the link existence at all.\u003C\u002Fp>\n\u003Cp>Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com\u002Fwp-content\u002Fplugins\u002Fwoocommerce\u002F into domain.com\u002Fecommerce\u002Fcdn\u002F or anything customized.\u003C\u002Fp>\n\u003Ch4>Plugin Sections\u003C\u002Fh4>\n\u003Cp>**Hide -> Scan\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exhaustive system security examination with analysis and improvements guidance and fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Theme\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Theme Path – Changes default theme path\u003C\u002Fli>\n\u003Cli>New Style File Path – Changes default style file name and path\u003C\u002Fli>\n\u003Cli>Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003Cli>Child – New Theme Path – Changes default child theme path\u003C\u002Fli>\n\u003Cli>Child – New Style File Path – Changes child theme style-sheet file path and name\u003C\u002Fli>\n\u003Cli>Child – Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP includes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Include Path – Changes default wp-include path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-include URL – Blocks default wp-include URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Content Path – Change default wp-content path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-content URL – Blocks the default content URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Plugin Path – Changes default wp-content\u002Fplugins path\u002FURL\u003C\u002Fli>\n\u003Cli>Block plugin URL – Blocks default wp-content\u002Fplugins URL\u003C\u002Fli>\n\u003Cli>New path \u002F URL for Every Active Plugin\u003C\u002Fli>\n\u003Cli>Customize path and name for any active plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Uploads\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Upload Path – Changes default media files path\u002FURL\u003C\u002Fli>\n\u003Cli>Block upload URL – Blocks default media files URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Comments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-comments-post.php Path\u003C\u002Fli>\n\u003Cli>Block wp-comments-post.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Author\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Author Path\u003C\u002Fli>\n\u003Cli>Prevent Access to Author Archives\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Search Path\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > XML-RPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New XML-RPC Path – Changes default XML-RPC path \u002F URL\u003C\u002Fli>\n\u003Cli>Block default xmlrpc.php – Blocks default XML-RPC URL\u003C\u002Fli>\n\u003Cli>Disable XML-RPC authentication – Filters whether XML-RPC methods require authentication\u003C\u002Fli>\n\u003Cli>Remove pingback – Removes pingback link tag from theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > JSON REST\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clean the REST API response\u003C\u002Fli>\n\u003Cli>Disable JSON REST V1 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Disable JSON REST V2 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Block any JSON REST calls – Any call for JSON REST API service will be blocked\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Disable JSON REST WP RSD endpoint from XML-RPC responses\u003C\u002Fli>\n\u003Cli>Disable Sends a Link header for the REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Root Files\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block license.txt – Blocks access to license.txt root file\u003C\u002Fli>\n\u003Cli>Block readme.html – Blocks access to readme.html root file\u003C\u002Fli>\n\u003Cli>Block wp-activate.php – Blocks access to wp-activate.php file\u003C\u002Fli>\n\u003Cli>Block wp-cron.php – Blocks outside access to wp-cron.php file\u003C\u002Fli>\n\u003Cli>Block wp-signup.php – Blocks default wp-signup.php file\u003C\u002Fli>\n\u003Cli>Block other wp-*.php files – Blocks other wp-.php files within WordPress Root\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > URL Slash\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>URL’s add Slash – Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Core\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling Directory Listing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Meta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Other Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Shortlink Meta\u003C\u002Fli>\n\u003Cli>Remove DNS Prefetch\u003C\u002Fli>\n\u003Cli>Remove Resource Hints\u003C\u002Fli>\n\u003Cli>Remove wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Remove feed_links Meta\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Remove rsd_link Meta\u003C\u002Fli>\n\u003Cli>Remove adjacent_posts_rel Meta\u003C\u002Fli>\n\u003Cli>Remove profile link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Block Detectors\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Detectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Emulate CMS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Emulate CMS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Admin Bar\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Admin Bar for specified urser roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Feed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove feed|rdf|rss|rss2|atom links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Robots.txt\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable admin URL within Robots.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Emoji\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Emoji\u003C\u002Fli>\n\u003Cli>Disable TinyMC Emoji\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Styles\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003Cli>Remove ID from link tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Scripts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Oembed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Oembed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Link Header\u003C\u002Fli>\n\u003Cli>Remove X-Powered-By Header\u003C\u002Fli>\n\u003Cli>Remove Server Header\u003C\u002Fli>\n\u003Cli>Remove X-Pingback Header\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove HTML Comments\u003C\u002Fli>\n\u003Cli>Minify Html, CSS, JavaScript\u003C\u002Fli>\n\u003Cli>Remove general classes from body tag\u003C\u002Fli>\n\u003Cli>Remove ID from Menu items\u003C\u002Fli>\n\u003Cli>Remove class from Menu items\u003C\u002Fli>\n\u003Cli>Remove general classes from post\u003C\u002Fli>\n\u003Cli>Remove general classes from images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > User Interactions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Mouse right click\u003C\u002Fli>\n\u003Cli>Disable Text Selection\u003C\u002Fli>\n\u003Cli>Disable Copy\u003C\u002Fli>\n\u003Cli>Disable Cut\u003C\u002Fli>\n\u003Cli>Disable Paste\u003C\u002Fli>\n\u003Cli>Disable Print\u003C\u002Fli>\n\u003Cli>Disable Print Screen\u003C\u002Fli>\n\u003Cli>Disable Developer Tools\u003C\u002Fli>\n\u003Cli>Disable View Source\u003C\u002Fli>\n\u003Cli>Disable Drag \u002F Drop\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > wp-login.php\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-login.php – Maps a new wp-login.php instead of the default one\u003C\u002Fli>\n\u003Cli>Block default wp-login.php – Blocks default wp-login.php file from being accessible\u003C\u002Fli>\n\u003Cli>Customize the default login page Logo image \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > Admin URL\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Admin URL – Creates a new admin URL instead of the default ”\u002Fwp-admin”. This also applies for admin-ajax.php calls\u003C\u002Fli>\n\u003Cli>Disable customized Admin Url redirect to the Login page\u003C\u002Fli>\n\u003Cli>Block default Admin Url – Blocks default admin URL and files from being accessible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable 2FA\u003C\u002Fli>\n\u003Cli>Enable the 2FA for specific roles\u003C\u002Fli>\n\u003Cli>Enforce User to Configure 2FA\u003C\u002Fli>\n\u003Cli>Primary option for Two-Factor\u003C\u002Fli>\n\u003Cli>Disable 2FA when using Temporary Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Email\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Auth App\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate Authenticator app (TOTP)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Recovery Codes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Recovery Codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Captcha\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Captcha V2\u003C\u002Fli>\n\u003Cli>Google Captcha V3\u003C\u002Fli>\n\u003Cli>CloudFlare Turnstile ( PRO )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Settings -> CDN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CDN Url – Sets-up CDN if applied. Some providers replace site assets with custom URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>HTTP Response Headers are a powerful tool to Harden Your Website Security.\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* X-Download-Options\u003Cbr \u002F>\n* X-Frame-Options (XFO)\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* X-XSS-Protection\u003C\u002Fp>\n\u003Cp>This free version works with Apache and IIS server types. For all server types, check with \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a basic version that can hide everything for basic sites, example \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa>. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.\u003C\u002Fp>\n\u003Cp>Anything wrong with this plugin on your site? Just use the forum or get in touch with us at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact\u003C\u002Fa> and we’ll check it out.\u003C\u002Fp>\n\u003Cp>A website example can be found at \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa> or our website \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin homepage at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">Nsp-Code\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Please help and translate this plugin to your language at \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code\u002FWP-Hide or if it helped with your project, why not leave a 5 star review on this board.\u003C\u002Fp>\n","Protect your website by concealing vulnerable WordPress traces, plugins, themes, login\u002Fadmin url. 2FA, Captcha, Firewall, Security Headers etc.",3374128,275,"2026-03-06T08:34:00.000Z","4.0","5.4",[120,20,121,122,123],"2fa","hide","login","security","https:\u002F\u002Fwp-hide.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-security-enhancer.2.8.3.zip",96,"2024-12-05 16:25:18",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":66,"num_ratings":138,"last_updated":139,"tested_up_to":69,"requires_at_least":70,"requires_php":140,"tags":141,"homepage":146,"download_link":147,"security_score":148,"vuln_count":149,"unpatched_count":25,"last_vuln_date":150,"fetched_at":27},"wp-last-modified-info","WP Last Modified Info","1.9.6","Sayan Datta","https:\u002F\u002Fprofiles.wordpress.org\u002Finfosatech\u002F","\u003Ch3>WP Last Modified Info: the Ultimate Last Modified plugin\u003C\u002Fh3>\n\u003Cp>Most WordPress themes usually show the date when a post was last published. This is fine for most blogs and static websites. However, WordPress is also used by websites where old articles are regularly updated. This last updated date and time is important information for those publications. The most common example is news websites. They often update old stories to show new developments, add corrections, or media files. If they only added the published date, then their users would miss those updates.\u003C\u002Fp>\n\u003Cp>Many popular blogs and websites don’t show any date on their articles. This is a bad practice and you should never remove dates from your blog posts.\u003C\u002Fp>\n\u003Cp>So now it is possible to add last modified\u002Fupdated info on your WordPress posts and pages. Just install and activate this and configuration is very easy.\u003C\u002Fp>\n\u003Cp>Like WP Last Modified Info plugin? Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-last-modified-info\u002Freviews\u002F?rate=5#new-post\" rel=\"ugc\">5-star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What does this plugin do?\u003C\u002Fh4>\n\u003Cp>This plugin automatically inserts last modified or updated info on your WordPress posts (including custom post types) and pages. It is possible to use shortcode \u003Ccode>[lmt-post-modified-info]\u003C\u002Fcode> for a manual insert. This plugin also adds ‘dateModified’ schema markup in WordPress posts automatically and it is used to tell the last modified date & time of a post or a page to various search engines like Google, Bing etc.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allows you to display \u003Cstrong>Last modified\u003C\u002Fstrong> information in your \u003Cstrong>posts and pages individually\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Provides you with options to display the \u003Cstrong>last modified\u002Flast updated date above or below your posts and pages\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>You can also set date\u002Ftime formats and the position of the timestamp in WordPress Posts and Pages which can be either before content or after the content.\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>customize the text which is to be displayed alongside the last modified date\u003C\u002Fstrong> (default: Last updated on).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inserts ‘dateModified’ schema markup to your WordPress posts automatically\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Displays last modified info on all post types column and publish meta box in the dashboard with the author name.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>sort posts\u002Fpages in last updated\u002Fmodified date-time order\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>replace post published date with post modified info\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>display last modified info\u003C\u002Fstrong> on your post as \u003Cstrong>human-readable format\u003C\u002Fstrong>, i.e. Days\u002Fweeks\u002Fmonths\u002Fyears ago.\u003C\u002Fli>\n\u003Cli>Allows you to display last modified info of all posts in the WordPress admin bar.\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>display last modified author info in posts, pages\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Allows you to \u003Cstrong>add last modified timestamp in post\u002Fpage’s custom field\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allows you to edit last modified date and time from the post edit screen and quick edit screen as well\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>You can also add \u003Cstrong>template tags\u003C\u002Fstrong> to your theme files. Go to the FAQ section for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Elementor Dynamic Tags\u003C\u002Fstrong> support with \u003Cstrong>‘dateModified’ schema markup\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Send \u003Cstrong>Email Notification when anyone makes changes to any post\u003C\u002Fstrong> of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tested with Yoast SEO, Rank Math, All in One SEO Pack, SEOPress, Schema\u003C\u002Fstrong> and many other plugins.\u003C\u002Fli>\n\u003Cli>And you can customize all and everything.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with WordPress Version 4.7 and beyond and also compatible with any WordPress theme.\u003C\u002Fli>\n\u003Cli>Fully compatible with Yoast SEO, Rank Math, All in One SEO Pack, SEOPress, Schema and other many plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-last-modified-info\" rel=\"ugc\">support forums\u003C\u002Fa> at WordPress.org.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fwp-last-modified-info\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fwp-last-modified-info\" rel=\"nofollow ugc\">fork the project on GitHub\u003C\u002Fa> and submit your contributions via pull request.\u003C\u002Fli>\n\u003C\u002Ful>\n","Ultimate Last Modified Plugin for WordPress with Gutenberg support. Use shortcodes to show last modified info on WP 4.7+ sites.",40000,684972,830,"2026-01-30T06:26:00.000Z","7.0",[22,142,143,144,145],"modified-time","post-modified","sort-by-modified","timestamp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-last-modified-info\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-last-modified-info.1.9.6.zip",92,5,"2026-02-13 00:00:00",{"attackSurface":152,"codeSignals":164,"taintFlows":171,"riskAssessment":198,"analyzedAt":203},{"hooks":153,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":25,"unprotectedCount":25},[154],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","wp","last_if_modified_headers","last-modified-and-if-modified-since-headers.php",15,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":170},[],{"prepared":25,"raw":25,"locations":167},[],{"escaped":25,"rawEcho":25,"locations":169},[],[],[172,190],{"entryPoint":173,"graph":174,"unsanitizedCount":31,"severity":189},"last_if_modified_headers (last-modified-and-if-modified-since-headers.php:17)",{"nodes":175,"edges":186},[176,181],{"id":177,"type":178,"label":179,"file":158,"line":180},"n0","source","$_SERVER['SERVER_PROTOCOL']",32,{"id":182,"type":183,"label":184,"file":158,"line":180,"wp_function":185},"n1","sink","header() [Header Injection]","header",[187],{"from":177,"to":182,"sanitized":188},false,"medium",{"entryPoint":191,"graph":192,"unsanitizedCount":31,"severity":189},"\u003Clast-modified-and-if-modified-since-headers> (last-modified-and-if-modified-since-headers.php:0)",{"nodes":193,"edges":196},[194,195],{"id":177,"type":178,"label":179,"file":158,"line":180},{"id":182,"type":183,"label":184,"file":158,"line":180,"wp_function":185},[197],{"from":177,"to":182,"sanitized":188},{"summary":199,"deductions":200},"The 'last-modified-and-if-modified-since-headers' plugin v1.0 exhibits an excellent security posture based on the provided static analysis. The complete absence of any identified attack surface points, including AJAX handlers, REST API routes, shortcodes, and cron events, indicates a highly contained and well-defined functionality. Furthermore, the code signals are overwhelmingly positive, with no dangerous functions, all SQL queries using prepared statements, and all output properly escaped. The plugin also avoids file operations, external HTTP requests, and correctly uses nonces and capability checks where applicable.\n\nDespite the strong static analysis, the taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity, they warrant attention as they represent potential vectors for unexpected behavior or data manipulation if the plugin's inputs are not strictly controlled. The lack of any historical vulnerabilities is a significant strength, suggesting consistent security focus from the developers. However, the absence of historical data also means there's no track record to review for past issues and their resolutions, which is a minor point to consider.\n\nIn conclusion, this plugin appears to be very secure due to its minimal attack surface and robust coding practices. The primary area for improvement lies in addressing the identified taint flows, even if they are currently low severity, to ensure complete sanitization of all data paths.",[201],{"reason":202,"points":149},"Flows with unsanitized paths found","2026-03-16T20:10:32.710Z",{"wat":205,"direct":210},{"assetPaths":206,"generatorPatterns":207,"scriptPaths":208,"versionParams":209},[],[],[],[],{"cssClasses":211,"htmlComments":212,"htmlAttributes":213,"restEndpoints":214,"jsGlobals":215,"shortcodeOutput":216},[],[],[],[],[],[],{"error":218,"url":219,"statusCode":220,"statusMessage":221,"message":221},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flast-modified-and-if-modified-since-headers\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":25,"versions":223},[]]