[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7RIKw_sNPQjBz_H3Ykm7F-wGp-9jvqcsYobcb5oHDM8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":142,"fingerprints":172},"libxml2-fix","LibXML2 Fix","0.2.4","Joseph Scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fjosephscott\u002F","\u003Cp>Work around for some versions of libxml2 2.7.x that strip out brackets when parsing XML.  This plugin fixes XML-RPC requests that are mangled because of this problem.  The real fix for this (making the use of this plugin unnecessary) is to use PHP 5.2.9+ with libxml2 2.7.3+.\u003C\u002Fp>\n\u003Cp>For more information about this problem see \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F7771\" rel=\"nofollow ugc\">https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F7771\u003C\u002Fa>.\u003C\u002Fp>\n","Work around for some versions of libxml2 2.7.x that strip out brackets when parsing XML.  This plugin fixes XML-RPC requests that are mangled because  &hellip;",300,20050,100,1,"2011-10-04T15:51:00.000Z","",[18],"xml-rpc","http:\u002F\u002Fjosephscott.org\u002Fcode\u002Fwordpress\u002Fplugin-libxml2-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flibxml2-fix.0.2.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":21,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"josephscott",2,20300,30,84,"2026-04-04T22:59:38.749Z",[34,57,78,101,121],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":55,"download_link":56,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4","5.0",[50,51,52,53,54],"disable-xml-rpc","disable-xmlrpc","pingback","stop-brute-force-attacks","xmlrpc","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":16,"download_link":77,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24},"disable-xml-rpc-pingback","Disable XML-RPC Pingback","1.2.2","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>Stops abuse of your site’s XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.\u003C\u002Fp>\n\u003Cp>This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The original one.\u003C\u002Fli>\n\u003Cli>Simple and effective.\u003C\u002Fli>\n\u003Cli>No marketing buzz.\u003C\u002Fli>\n\u003Cli>Maintained and \u003Cstrong>updated when needed\u003C\u002Fstrong> since 2014.\u003C\u002Fli>\n\u003Cli>100% compliant with \u003Cstrong>WordPress coding standards\u003C\u002Fstrong> which makes it fail safe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>60,000+ active installations\u003C\u002Fstrong> can’t be wrong.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’re happy with the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-xml-rpc-pingback\u002Freviews\u002F?filter=5\" rel=\"ugc\">please don’t forget to give it a good rating\u003C\u002Fa>, it will motivate me to keep sharing and improving this plugin (and others).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Removes the following methods from XML-RPC interface.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.8.1 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n","Stops abuse of your site's XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.",60000,420220,78,14,"2025-11-24T11:09:00.000Z","6.8.5","4.8","5.6",[74,52,75,76,18],"ddos","rpc","xml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-pingback.1.2.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":47,"requires_at_least":48,"requires_php":91,"tags":92,"homepage":97,"download_link":98,"security_score":99,"vuln_count":28,"unpatched_count":22,"last_vuln_date":100,"fetched_at":24},"fluent-security","FluentAuth – The Ultimate Authorization & Security Plugin for WordPress","2.1.1","Shahjahan Jewel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechjewel\u002F","\u003Cp>Boost Your Website’s Security with Login\u002FSignup Security, Two-Factor Email Authentication, Login\u002FLogout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlighted Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Factor Authentication for Login\u003C\u002Fli>\n\u003Cli>Magic Login via Email\u003C\u002Fli>\n\u003Cli>Social Login \u002F Register\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003Cli>Dynamic Login Redirects\u003C\u002Fli>\n\u003Cli>Detailed Audit Logs\u003C\u002Fli>\n\u003Cli>Core Security Enhancement\u003C\u002Fli>\n\u003Cli>Security Email Notifications\u003C\u002Fli>\n\u003Cli>Super Fast Solution\u003C\u002Fli>\n\u003Cli>Restrict \u002Fwp-admin for low level user roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What’s new in version 2.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FP_vREW7s2B4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5t_8rvtrkk4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>🚀 Two-Factor Authentication for Login\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator \u002F Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Magic Login via Email\u003C\u002Fstrong>\u003Cbr \u002F>\nSimplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Social Login \u002F Register\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Limit Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Dynamic Login Redirects\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Detailed Audit Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Core Security Enhancement\u003C\u002Fstrong>\u003Cbr \u002F>\nXML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Security Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nAs a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Super Fast Solution\u003C\u002Fstrong>\u003Cbr \u002F>\nWe’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Restrict \u002Fwp-admin for low level user roles\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you want to restrict \u002Fwp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict \u002Fwp-admin access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Customize WordPress Signup Emails\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Custom Login\u002FSignup Shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Disable Admin Email Notifications on User Signup\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Scan WordPress Core File Changes\u003C\u002Fstrong>\u003Cbr \u002F>\nFluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.\u003C\u002Fp>\n\u003Ch3>Why FluentAuth?\u003C\u002Fh3>\n\u003Cp>To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.\u003C\u002Fp>\n\u003Cp>Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.\u003C\u002Fp>\n\u003Cp>To Solve these issues, we decided to build FluentAuth and made it free.\u003C\u002Fp>\n\u003Ch3>Replace Multiple Plugins with FluentAuth\u003C\u002Fh3>\n\u003Cp>FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Login Limit and ban brute force attacks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded\u003C\u002Fli>\n\u003Cli>WPS Limit Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Hide Admin Bar and Access Restriction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar Based on User Roles\u003C\u002Fli>\n\u003Cli>Auto Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar from Non-Admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Guides\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Getting Started with FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Flogin-redirects\u002F\" rel=\"nofollow ugc\">Login \u002F Logout Redirects\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fshortcodes\u002F\" rel=\"nofollow ugc\">Register\u002FLogin Shortcodes in FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgithub-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgoogle-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with Google\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins By The Same Team\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-cart\u002F\" rel=\"ugc\">FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-crm\u002F\" rel=\"ugc\">FluentCRM – Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms – Fastest WordPress Form Builder Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-tables\u002F\" rel=\"ugc\">Ninja Tables – Best WP DataTables Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-charts\u002F\" rel=\"ugc\">Ninja Charts – Best WP Charts Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-payment-form\u002F\" rel=\"ugc\">WPPayForm – Stripe Payments Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmautic-for-fluent-forms\u002F\" rel=\"ugc\">Mautic Integration For Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentforms-pdf\u002F\" rel=\"ugc\">Fluent Forms PDF – PDF Entries for Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\" rel=\"ugc\">FluentSMTP – WordPress Mail SMTP, SES, SendGrid, MailGun Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CONTRIBUTE\u003C\u002Fh3>\n\u003Cp>If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPManageNinja\u002Ffluent-security\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enhance the Security and User Experience of Your Site with Login\u002FSignup Security, Two-Factor Email Authentication, Social Logins and more...",10000,92766,80,28,"2025-12-03T12:25:00.000Z","7.3",[93,94,95,96,18],"login-limit","login-logs","login-redirects","social-logins","https:\u002F\u002Ffluentauth.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffluent-security.2.1.1.zip",98,"2025-12-15 02:19:04",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":72,"tags":116,"homepage":119,"download_link":120,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24},"remove-xmlrpc-pingback-ping","Remove & Disable XML-RPC Pingback","1.6","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. \u003Cstrong>After activation the plugin automatically disables XML-RPC. There’s no need to configure anything.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By disabling the XML-RPC pingback you’ll:\u003Cbr \u002F>\n* lower your server CPU usage\u003Cbr \u002F>\n* prevent malicious scripts from using your site to run pingback denial of service attacks\u003Cbr \u002F>\n* prevent malicious scripts to run denial of service attacks on your site via pingback\u003C\u002Fp>\n\u003Cp>From sucuri.net:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwptavern.com\u002Fhow-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks\" rel=\"nofollow ugc\">How To Prevent WordPress From Participating In Pingback Denial of Service Attacks\u003C\u002Fa> – wptavern.com\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.sucuri.net\u002F2014\u002F03\u002Fmore-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html\" rel=\"nofollow ugc\">More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack\u003C\u002Fa> – sucuri.net\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fhackguard.com\u002Fxmlrpc-php-ping-backs-hackers-denial-service-attacks\" rel=\"nofollow ugc\">xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!\u003C\u002Fa> – hackguard.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Is Your Site Attacking Others?\u003C\u002Fh4>\n\u003Cp>Use \u003Ca href=\"http:\u002F\u002Flabs.sucuri.net\u002F?is-my-wordpress-ddosing\" rel=\"nofollow ugc\">Sucuri’s WordPress DDOS Scanner\u003C\u002Fa> to check if your site is DDOS’ing other websites\u003C\u002Fp>\n\u003Ch4>Why Not Just Disable XMLRPC Altogether?\u003C\u002Fh4>\n\u003Cp>Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.\u003C\u002Fp>\n","Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.",9000,94267,60,6,"2023-07-24T23:03:00.000Z","6.3.8","5.2",[117,118,52,18,54],"disable-ping","ping","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-xmlrpc-pingback-ping","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-xmlrpc-pingback-ping.1.6.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":99,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":16,"tags":135,"homepage":140,"download_link":141,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24},"avatar-manager","Avatar Manager","1.6.1","Cătălin Dogaru","https:\u002F\u002Fprofiles.wordpress.org\u002Fcdog\u002F","\u003Cp>Avatar Manager for WordPress is a sweet and simple plugin for storing avatars locally and more. Easily.\u003C\u002Fp>\n\u003Cp>Enhance your WordPress website by letting your users choose between using Gravatar or a self-hosted avatar image right from their profile screen. Improved workflow, on-demand image generation and custom user permissions under a native interface. Say hello to the Avatar Manager plugin.\u003C\u002Fp>\n\u003Ch4>Help Preserve this Project\u003C\u002Fh4>\n\u003Cp>Want to support this project for continued development and freely available for everyone? Here’s how you can help preserve Avatar Manager:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fresourcestream\u002Favatar-manager#contributing\" rel=\"nofollow ugc\">\u003Cstrong>Get involved.\u003C\u002Fstrong>\u003C\u002Fa> Contribute a patch or help resolving an existing issue or confirmed feature request, or submit a translation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F16020\" rel=\"nofollow ugc\">\u003Cstrong>Suggest adding to core.\u003C\u002Fstrong>\u003C\u002Fa> Whether you find Avatar Manager a good fit for WordPress core your feedback can help make a difference.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Favatar-manager#postform\" rel=\"ugc\">\u003Cstrong>Add your own review.\u003C\u002Fstrong>\u003C\u002Fa> Let others know how was your experience using Avatar Manager.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=SMKJZHX7G3VQS\" rel=\"nofollow ugc\">\u003Cstrong>Make a donation.\u003C\u002Fstrong>\u003C\u002Fa> Keep me motivated with a candy bar or a theater ticket. Is that simple.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Avatar Manager is a user-driven project, and all developments and enhancements depend on users like \u003Cem>you\u003C\u002Fem>! Become a contributor or make a donation, and get your name featured in front of a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favatar-manager\u002Fstats\u002F\" rel=\"ugc\">growing audience\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Thank you for choosing to contribute to Avatar Manager!\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Have a bug or a feature request? Please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fresourcestream\u002Favatar-manager\u002Fissues\" rel=\"nofollow ugc\">open a new issue\u003C\u002Fa>. Before opening any issue, please search for existing issues and read the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnecolas\u002Fissue-guidelines\" rel=\"nofollow ugc\">Issue Guidelines\u003C\u002Fa>, written by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnecolas\u002F\" rel=\"nofollow ugc\">Nicolas Gallagher\u003C\u002Fa>. Please submit all pull requests against development branches.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fresourcestream\u002Favatar-manager\" rel=\"nofollow ugc\">Avatar Manager on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It’s Made\u003C\u002Fh4>\n\u003Cp>Find out how Avatar Manager it’s made on \u003Ca href=\"http:\u002F\u002Fcode.tutsplus.com\u002Fseries\u002Fhow-to-create-a-wordpress-avatar-management-plugin-from-scratch--wp-33866\" rel=\"nofollow ugc\">Tuts+ Code\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Authors\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Cătălin Dogaru\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fprofiles.wordpress.org\u002Fcdog\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fgithub.com\u002Fcdog\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cp>Avatar Manager is brought to you by these fine folks.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdikiy_forester\" rel=\"nofollow ugc\">Artem Frolov\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fbrikou\" rel=\"nofollow ugc\">Brice Capobianco\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fideos\" rel=\"nofollow ugc\">Guy Steyaert\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fartstorm\" rel=\"nofollow ugc\">Johan Steen\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwiiz83\" rel=\"nofollow ugc\">Lucas Uzan\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmateusneves\" rel=\"nofollow ugc\">Mateus Neves\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmodima65\" rel=\"nofollow ugc\">Maura Montero D.\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fpietergoosen\" rel=\"nofollow ugc\">Pieter Goosen\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fschm168\" rel=\"nofollow ugc\">Samantha Muthiah\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsnowboardmommy\" rel=\"nofollow ugc\">Snowboard Mommy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Copyright and License\u003C\u002Fh4>\n\u003Cp>Copyright © 2021 Cătălin Dogaru\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\u003C\u002Fp>\n","Avatar Manager for WordPress is a sweet and simple plugin for storing avatars locally and more. Easily.",6000,114404,39,"2021-02-02T03:31:00.000Z","5.6.17","3.5",[136,137,138,139,18],"avatars","gravatar","profile","users","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favatar-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favatar-manager.1.6.1.zip",{"attackSurface":143,"codeSignals":155,"taintFlows":162,"riskAssessment":163,"analyzedAt":171},{"hooks":144,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":22,"unprotectedCount":22},[145],{"type":146,"name":147,"callback":148,"file":149,"line":150},"filter","xmlrpc_methods","jms_libxml2_fix","libxml2-fix.php",29,[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":161},[],{"prepared":22,"raw":22,"locations":158},[],{"escaped":22,"rawEcho":22,"locations":160},[],[],[],{"summary":164,"deductions":165},"The 'libxml2-fix' plugin v0.2.4 exhibits a remarkably strong security posture based on the provided static analysis. The absence of any identifiable attack surface, such as AJAX handlers, REST API routes, shortcodes, or cron events, significantly reduces the potential for external exploitation.  Furthermore, the code demonstrates excellent security practices with no dangerous functions detected, all SQL queries utilizing prepared statements, and all outputs being properly escaped.  The lack of file operations and external HTTP requests also contributes positively to its security profile. The plugin's vulnerability history is clean, with no known CVEs, which is a positive indicator.  However, the complete lack of nonce and capability checks is a notable concern, even with a zero attack surface. While currently not exploitable due to the limited entry points, this could become a vulnerability if functionality were to be added or exposed in the future without adequate security measures in place. Overall, the plugin is currently very secure due to its minimal functionality and robust internal coding practices, but the absence of basic security checks represents a potential weakness for future development.",[166,169],{"reason":167,"points":168},"Missing nonce checks",5,{"reason":170,"points":168},"Missing capability checks","2026-03-16T20:07:49.714Z",{"wat":173,"direct":178},{"assetPaths":174,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[],[],[],[],{"cssClasses":179,"htmlComments":180,"htmlAttributes":181,"restEndpoints":182,"jsGlobals":183,"shortcodeOutput":184},[],[],[],[],[],[]]