[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpsI1-mo-a3kkL9V0aS02surGH7DPGFxZ73aElQAkifA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":123,"fingerprints":359},"liveupx-security","Liveupx Security","1.5.2","Liveupx","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveupx\u002F","\u003Cp>Liveupx Security is a lightweight yet powerful WordPress security plugin that protects your website from hackers, brute force attacks, and malicious activity. Developed by \u003Ca href=\"https:\u002F\u002Fliveupx.com\" rel=\"nofollow ugc\">Liveupx.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection with automatic IP lockout\u003C\u002Fli>\n\u003Cli>Configurable failed login attempts and lockout duration\u003C\u002Fli>\n\u003Cli>Honeypot field to catch automated bots\u003C\u002Fli>\n\u003Cli>Simple math CAPTCHA for human verification\u003C\u002Fli>\n\u003Cli>Hide specific login error messages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block malicious query strings (SQL injection, XSS)\u003C\u002Fli>\n\u003Cli>Block known vulnerability scanners and bad bots\u003C\u002Fli>\n\u003Cli>Disable XML-RPC to prevent DDoS attacks\u003C\u002Fli>\n\u003Cli>Disable pingbacks\u003C\u002Fli>\n\u003Cli>Remove WordPress version from source code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User enumeration protection\u003C\u002Fli>\n\u003Cli>REST API user endpoint protection\u003C\u002Fli>\n\u003Cli>Strong password enforcement\u003C\u002Fli>\n\u003Cli>Block common admin usernames\u003C\u002Fli>\n\u003Cli>Disable theme\u002Fplugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>IP Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manual IP blocking with reason\u003C\u002Fli>\n\u003Cli>IP whitelisting for trusted addresses\u003C\u002Fli>\n\u003Cli>Automatic blocking after security violations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Activity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive security event logging\u003C\u002Fli>\n\u003Cli>Track login attempts and user activity\u003C\u002Fli>\n\u003Cli>Automatic cleanup of old log entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Server Protection (Apache)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>.htaccess security rules\u003C\u002Fli>\n\u003Cli>Protect wp-config.php\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Block common exploits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose Liveupx Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No External Services\u003C\u002Fstrong> – All protection happens on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – Simple settings with sensible defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Source\u003C\u002Fstrong> – 100% free with no premium upsells\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Focused\u003C\u002Fstrong> – No data sent to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cp>This plugin stores security-related data in your WordPress database including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Failed login attempts (IP address, username, timestamp)\u003C\u002Fli>\n\u003Cli>Login lockouts (IP address, duration, reason)\u003C\u002Fli>\n\u003Cli>Blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003Cli>Security activity log (events, user info, IP addresses)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally on your server and is never transmitted to external services.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For documentation and support, visit \u003Ca href=\"https:\u002F\u002Fliveupx.com\u002Fdocs\" rel=\"nofollow ugc\">liveupx.com\u002Fdocs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Liveupx Security is open source. Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fliveupx\u002Fliveupx-security\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Liveupx Security stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login Attempts\u003C\u002Fstrong>: IP addresses, usernames, and timestamps of failed login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockouts\u003C\u002Fstrong>: IP addresses and lockout details for brute force protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Security events including user actions, IP addresses, and timestamps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Lists\u003C\u002Fstrong>: Manually blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used solely for security purposes and is never shared with third parties. Data is automatically cleaned up based on configurable retention periods (default: 7 days for failed logins, 30 days for activity logs).\u003C\u002Fp>\n\u003Cp>You can clear all stored data at any time from the plugin settings. When the plugin is uninstalled, all data is permanently deleted from your database.\u003C\u002Fp>\n","Comprehensive WordPress security plugin with login protection, firewall, brute force prevention, IP blocking, and activity logging.",0,116,"2026-01-09T19:58:00.000Z","6.9.4","5.0","7.4",[18,19,20,21,22],"brute-force","firewall","login-protection","malware","security","https:\u002F\u002Fliveupx.com\u002Fliveupx-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliveupx-security.1.5.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"liveupx",1,30,94,"2026-04-03T23:30:51.976Z",[36,59,77,93,109],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":14,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"gotmls","Anti-Malware Security and Brute-Force Firewall","4.23.88","Eli","https:\u002F\u002Fprofiles.wordpress.org\u002Fscheeeli\u002F","\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Download Definition Updates to protect against new threats.\u003C\u002Fli>\n\u003Cli>Run a Complete Scan to automatically remove known security threats, backdoor scripts, and database injections.\u003C\u002Fli>\n\u003Cli>Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins with known vulnerabilites.\u003C\u002Fli>\n\u003Cli>Upgrade vulnerable versions of timthumb scripts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Premium Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.\u003C\u002Fli>\n\u003Cli>Check the integrity of your WordPress Core files.\u003C\u002Fli>\n\u003Cli>Automatically download new Definition Updates when running a Complete Scan.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Register this plugin at \u003Ca href=\"http:\u002F\u002Fgotmls.net\u002F\" rel=\"nofollow ugc\">GOTMLS.NET\u003C\u002Fa> and get access to new definitions of “Known Threats” and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for “Potential Threats” and leaves it up to you to identify and remove the malicious ones.\u003C\u002Fp>\n\u003Cp>NOTICE: This plugin makes calls to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special thanks to:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clarus Dignus for design suggestions and graphic design work on the banner image.\u003C\u002Fli>\n\u003Cli>Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.\u003C\u002Fli>\n\u003Cli>Marcelo Guernieri for the Brazilian Portuguese translation.\u003C\u002Fli>\n\u003Cli>Umut Can Alparslan for the Turkish translation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmichacassola\u002F\" rel=\"nofollow ugc\">Micha Cassola\u003C\u002Fa> for the German translation.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsitustarget\u002F\" rel=\"nofollow ugc\">Robi Erwin Setiawan\u003C\u002Fa> for the Indonesian translation.\u003C\u002Fli>\n\u003C\u002Ful>\n","This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.",100000,7622347,98,781,"2026-03-09T14:47:00.000Z","3.3","5.6",[52,18,19,53,22],"anti-malware","scanner","https:\u002F\u002Fgotmls.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgotmls.4.23.88.zip",83,9,"2025-10-28 15:41:58",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":25,"num_ratings":31,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"mat-firewall","MAT Firewall","1.0.0","matpluginsofficial","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatpluginsofficial\u002F","\u003Cp>\u003Cstrong>MAT Firewall\u003C\u002Fstrong> is a comprehensive WordPress security plugin designed to safeguard your website from malicious traffic, brute force attacks, and unauthorized access. Whether you’re running a small blog, business site, or eCommerce platform, \u003Cstrong>MAT Firewall\u003C\u002Fstrong> provides robust security while maintaining performance.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Firewall Rules\u003C\u002Fstrong> – Block or allow traffic based on IP, country, URI, HTTP methods, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting & Anti-Brute Force\u003C\u002Fstrong> – Set request limits to prevent spam, DDoS attacks, and abusive bot activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CDN Integration & Protection\u003C\u002Fstrong> – Secure your site with CDN IP whitelisting and anti-spoofing measures.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Monitoring\u003C\u002Fstrong> – View blocked and allowed requests via a detailed security dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Optimized\u003C\u002Fstrong> – Runs efficiently without slowing down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>🚀 \u003Cstrong>Upgrade to MAT Firewall Pro\u003C\u002Fstrong> for \u003Cstrong>unlimited rules, dynamic blocking, enhanced rate-limiting, and priority support.\u003C\u002Fstrong>\u003Cbr \u002F>\n🔗 \u003Ca href=\"https:\u002F\u002Fpro.matplugins.com\" rel=\"nofollow ugc\">Learn More & Upgrade\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Upgrade to MAT Firewall Pro\u003C\u002Fh3>\n\u003Cp>Unlock \u003Cstrong>premium security features\u003C\u002Fstrong> with \u003Cstrong>MAT Firewall Pro\u003C\u002Fstrong>:\u003Cbr \u002F>\n✅ \u003Cstrong>Unlimited Custom Rules\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Advanced Rate-Limiting & Dynamic Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Detailed Security Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Priority Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🔥 \u003Cstrong>Upgrade now:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fpro.matplugins.com\" rel=\"nofollow ugc\">MAT Firewall Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License & Copyright\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under \u003Cstrong>GPLv2 or later\u003C\u002Fstrong>.\u003Cbr \u002F>\nMore details: \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">GNU GPL License\u003C\u002Fa>.\u003C\u002Fp>\n","MAT Firewall is a powerful WordPress security plugin that helps protect your website from malicious attacks, brute force attempts, and unauthorized ac &hellip;",10,413,"2025-04-25T08:26:00.000Z","6.8.5","6.0","8.0",[18,74,19,21,22],"ddos","https:\u002F\u002Fmatplugins.com\u002Fmat-firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmat-firewall.1.0.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":11,"num_ratings":11,"last_updated":86,"tested_up_to":70,"requires_at_least":71,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"custom-login-url-login-designer","Dotsquares Custom Login URL & Security Suite","1.6.2","maheshsharmads","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshsharmads\u002F","\u003Cp>Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers.\u003C\u002Fp>\n\u003Cp>Features included in this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom login slug (redirect wp-login.php to your custom slug)\u003C\u002Fli>\n\u003Cli>Optionally hide wp-login.php (404 for guests)\u003C\u002Fli>\n\u003Cli>Optionally hide wp-admin for guests (404)\u003C\u002Fli>\n\u003Cli>Login page designer (colors, background, form width, custom CSS)\u003C\u002Fli>\n\u003Cli>Brute force protection (limit failed login attempts)\u003C\u002Fli>\n\u003Cli>Firewall (block XML-RPC, block suspicious query strings, IP allow\u002Fblock lists, disallow file editor)\u003C\u002Fli>\n\u003Cli>Malware scanner (heuristic scan for suspicious PHP patterns)\u003C\u002Fli>\n\u003Cli>Hardening (Advanced): DB prefix change + wp-content rename with backup + rollback support\u003C\u002Fli>\n\u003Cli>Rollback system (restores backed-up wp-config.php \u002F .htaccess from plugin backups)\u003C\u002Fli>\n\u003Cli>Security dashboard for monitoring key protection settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cp>Hardening actions such as \u003Cstrong>DB prefix change\u003C\u002Fstrong> and \u003Cstrong>wp-content rename\u003C\u002Fstrong> are advanced operations.\u003Cbr \u002F>\nAlways run these features on a \u003Cstrong>staging environment\u003C\u002Fstrong> and ensure you have a \u003Cstrong>full backup\u003C\u002Fstrong> before applying them on production.\u003C\u002Fp>\n","Change your WordPress login URL, design the login page, and enhance your site's security with built-in protection tools.",307,"2026-03-06T13:54:00.000Z","",[18,19,89,90,22],"login","malware-scanner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-url-login-designer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url-login-designer.1.6.2.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":11,"num_ratings":11,"last_updated":102,"tested_up_to":14,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":107,"download_link":108,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"cyber-smart-defence","Cyber Smart Defence","3.1.3","cybersmartempire","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybersmartempire\u002F","\u003Cp>Cyber Smart Defence is a lightweight WordPress security plugin designed to protect your website against unauthorized access, brute-force login attempts, and suspicious request patterns.\u003C\u002Fp>\n\u003Cp>The plugin runs quietly in the background and integrates directly with WordPress. It monitors login activity, blocks abusive behavior, and records security-related events for administrative review.\u003C\u002Fp>\n\u003Cp>No complex configuration is required. Once activated, protection is enabled automatically.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Login attempt monitoring\u003C\u002Fli>\n\u003Cli>Automatic temporary lockout after multiple failed login attempts\u003C\u002Fli>\n\u003Cli>IP-based threat detection\u003C\u002Fli>\n\u003Cli>Firewall protection against common malicious request patterns\u003C\u002Fli>\n\u003Cli>Secure threat logging for administrators\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service provided by Cyber Smart Empire to check IP reputation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP address of the visitor being checked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* Only when an IP reputation check is performed\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider\u003C\u002Fstrong>\u003Cbr \u002F>\n* Cyber Smart Empire\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service URL\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fterms\u002F\u003C\u002Fp>\n","Lightweight WordPress security firewall with login protection and threat monitoring.",138,"2025-12-24T16:40:00.000Z","5.5","7.2",[18,19,20,22,106],"website-security","https:\u002F\u002Fcybersmartempire.com\u002Fcyberdefence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyber-smart-defence.zip",{"slug":110,"name":111,"version":62,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":11,"downloaded":116,"rating":11,"num_ratings":11,"last_updated":117,"tested_up_to":14,"requires_at_least":118,"requires_php":16,"tags":119,"homepage":121,"download_link":122,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"srworks-armorlite","SRWorks ArmorPro Lite","SRWorks LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrworks\u002F","\u003Cp>\u003Cstrong>ArmorLite\u003C\u002Fstrong> is a free, lightweight WordPress security plugin built for performance. Firewall with 600+ built-in patterns, brute force protection, bot detection, security headers, and login monitoring. No bloat, no unnecessary database queries, no external API calls during normal operation.\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Firewall\u003C\u002Fstrong> — Pure PHP string-matching firewall with 600+ built-in patterns covering SQL injection, XSS, path traversal, shell access, and more. Five categories (Request URI, Query String, User Agent, Referrer, IP Address). Three matching modes: contains, ends-with, and path-only. Pattern manager with per-pattern toggle and hit counts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> — Session-based login tracking with automatic IP lockouts after configurable failed attempts. Login activity log with IP, location, status badges, and usernames tried. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Protection\u003C\u002Fstrong> — Automated bot detection for login, registration, and password reset forms using honeypot fields, timestamp validation, and JavaScript token verification. Blocks bots before they can attempt brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Headers\u003C\u002Fstrong> — Four managed headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection) with dual delivery via PHP and .htaccess. Header probe system avoids duplicates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelist\u003C\u002Fstrong> — Whitelist trusted IPs to bypass all security checks including brute force lockouts and firewall blocking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscation\u003C\u002Fstrong> — Author slug randomization to prevent user enumeration and email obfuscation to protect addresses from scrapers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard\u003C\u002Fstrong> — Real-time stats, blocks over time chart, protection status cards, and WordPress dashboard widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC & REST API Protection\u003C\u002Fstrong> — Disable XML-RPC and protect the REST API from user enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Log\u003C\u002Fstrong> — View blocked requests with IP, matched rule, request URI, and timestamps. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tools\u003C\u002Fstrong> — Health checks with database integrity verification, one-click table repair, and debug mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to ArmorPro\u003C\u002Fh4>\n\u003Cp>Need more protection? \u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">ArmorPro\u003C\u002Fa> adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Engine (blocks attacks before WordPress loads)\u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (TOTP) with backup codes\u003C\u002Fli>\n\u003Cli>Passkey Authentication (Face ID, Touch ID, Windows Hello)\u003C\u002Fli>\n\u003Cli>Custom Login URL (hide wp-login.php)\u003C\u002Fli>\n\u003Cli>IP Blacklist with auto-blacklist for repeat offenders\u003C\u002Fli>\n\u003Cli>Country Blocking with GeoIP\u003C\u002Fli>\n\u003Cli>HSTS, Content-Security-Policy, and Permissions-Policy headers\u003C\u002Fli>\n\u003Cli>Email Notifications and digest summaries\u003C\u002Fli>\n\u003Cli>Extended log retention (90 days)\u003C\u002Fli>\n\u003Cli>Custom firewall patterns\u003C\u002Fli>\n\u003Cli>Export\u002Fimport settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">Learn more about ArmorPro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external third-party services in the following situations:\u003C\u002Fp>\n\u003Ch4>Anonymous Usage Data (Optional)\u003C\u002Fh4>\n\u003Cp>This plugin can optionally share anonymous usage data to help improve ArmorLite. This is disabled by default and requires explicit opt-in from the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When it is called: Daily heartbeat (if opted in)\u003C\u002Fli>\n\u003Cli>Data sent: WordPress version, PHP version, active plugin features (no personal data)\u003C\u002Fli>\n\u003Cli>Service: https:\u002F\u002Fapi.srworks.co\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fsrworks.co\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personal data is collected or stored by this service.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>ArmorLite stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses of visitors who trigger security rules or attempt to log in\u003C\u002Fli>\n\u003Cli>Timestamps of security events\u003C\u002Fli>\n\u003Cli>Usernames used in login attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is stored to help you monitor and protect your website. You can clear all logs at any time from the Tools tab. When the plugin is uninstalled, all data is automatically deleted.\u003C\u002Fp>\n\u003Cp>No visitor data is sent to external services during normal operation. Anonymous usage data sharing is optional and disabled by default.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help with ArmorLite? Have a feature request or found a bug?\u003C\u002Fp>\n\u003Cp>Visit our support page: https:\u002F\u002Fsrworks.co\u002Fcontact\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Firewall patterns inspired by the work of Jeff Starr at Perishable Press (https:\u002F\u002Fperishablepress.com). Used under GPLv2.\u003C\u002Fp>\n\u003Cp>Charts powered by Chart.js (https:\u002F\u002Fwww.chartjs.org), MIT License.\u003C\u002Fp>\n\u003Cp>Tooltips powered by Tippy.js (https:\u002F\u002Fatomiks.github.io\u002Ftippyjs), MIT License.\u003C\u002Fp>\n","Free WordPress security with firewall, brute force protection, bot detection, security headers, IP whitelist, and login monitoring. No bloat.",129,"2026-03-05T19:07:00.000Z","5.3",[18,19,120,20,22],"headers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsrworks-armorlite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsrworks-armorlite.1.0.0.zip",{"attackSurface":124,"codeSignals":252,"taintFlows":314,"riskAssessment":352,"analyzedAt":358},{"hooks":125,"ajaxHandlers":241,"restRoutes":249,"shortcodes":250,"cronEvents":251,"entryPointCount":31,"unprotectedCount":11},[126,132,136,140,145,150,155,158,162,166,170,173,178,182,186,190,193,197,200,204,207,210,213,216,219,223,227,231,234,236,238],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_menu","add_menu","admin\\class-xsec-admin.php",25,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_enqueue_scripts","enqueue_assets",26,{"type":127,"name":137,"callback":138,"file":130,"line":139},"admin_init","register_settings",27,{"type":127,"name":141,"callback":142,"priority":31,"file":143,"line":144},"init","run_firewall","classes\\class-xsec-firewall.php",61,{"type":146,"name":147,"callback":148,"file":143,"line":149},"filter","the_generator","__return_empty_string",66,{"type":146,"name":151,"callback":152,"priority":153,"file":143,"line":154},"style_loader_src","remove_version_strings",9999,67,{"type":146,"name":156,"callback":152,"priority":153,"file":143,"line":157},"script_loader_src",68,{"type":146,"name":159,"callback":160,"file":143,"line":161},"xmlrpc_enabled","__return_false",73,{"type":146,"name":163,"callback":164,"file":143,"line":165},"wp_headers","remove_xmlrpc_header",74,{"type":146,"name":167,"callback":168,"file":143,"line":169},"xmlrpc_methods","disable_pingback_methods",79,{"type":146,"name":163,"callback":171,"file":143,"line":172},"remove_pingback_header",80,{"type":127,"name":174,"callback":175,"priority":67,"file":176,"line":177},"wp_login","on_login_success","classes\\class-xsec-login-security.php",58,{"type":146,"name":179,"callback":180,"priority":32,"file":176,"line":181},"authenticate","check_lockout",59,{"type":127,"name":183,"callback":184,"priority":67,"file":176,"line":185},"wp_login_failed","on_login_failed",60,{"type":127,"name":187,"callback":188,"file":176,"line":189},"login_form","add_honeypot_field",64,{"type":146,"name":179,"callback":191,"priority":131,"file":176,"line":192},"check_honeypot",65,{"type":146,"name":194,"callback":195,"file":176,"line":196},"login_errors","hide_login_errors",70,{"type":127,"name":187,"callback":198,"file":176,"line":199},"add_captcha_field",75,{"type":146,"name":179,"callback":201,"priority":202,"file":176,"line":203},"check_captcha",20,76,{"type":127,"name":141,"callback":205,"file":206,"line":181},"block_user_enumeration","classes\\class-xsec-user-security.php",{"type":146,"name":208,"callback":209,"priority":67,"file":206,"line":185},"redirect_canonical","block_author_scans",{"type":146,"name":211,"callback":212,"file":206,"line":144},"rest_endpoints","disable_rest_user_endpoints",{"type":127,"name":214,"callback":215,"priority":67,"file":206,"line":149},"user_profile_update_errors","validate_password_strength",{"type":146,"name":217,"callback":218,"priority":67,"file":206,"line":154},"registration_errors","validate_registration_password",{"type":146,"name":220,"callback":221,"file":206,"line":222},"illegal_user_logins","block_admin_username",72,{"type":127,"name":224,"callback":225,"priority":67,"file":206,"line":226},"profile_update","log_profile_update",81,{"type":127,"name":228,"callback":229,"file":206,"line":230},"user_register","log_user_registration",82,{"type":127,"name":232,"callback":233,"file":206,"line":56},"delete_user","log_user_deletion",{"type":127,"name":141,"callback":141,"file":235,"line":230},"liveupx-security.php",{"type":127,"name":237,"callback":237,"file":235,"line":56},"plugins_loaded",{"type":127,"name":237,"callback":239,"priority":31,"file":235,"line":240},"xsec_init",111,[242],{"action":243,"nopriv":244,"callback":245,"hasNonce":246,"hasCapCheck":246,"file":247,"line":248},"xsec_action",false,"handle_ajax",true,"admin\\class-xsec-ajax.php",40,[],[],[],{"dangerousFunctions":253,"sqlUsage":254,"outputEscaping":303,"fileOperations":11,"externalRequests":11,"nonceChecks":31,"capabilityChecks":312,"bundledLibraries":313},[],{"prepared":255,"raw":256,"locations":257},14,21,[258,261,263,265,268,270,272,274,276,278,281,283,285,288,290,292,294,296,297,299,301],{"file":130,"line":259,"context":260},172,"$wpdb->get_var() with variable interpolation",{"file":130,"line":262,"context":260},174,{"file":130,"line":264,"context":260},176,{"file":130,"line":266,"context":267},180,"$wpdb->get_results() with variable interpolation",{"file":130,"line":269,"context":267},478,{"file":130,"line":271,"context":267},483,{"file":130,"line":273,"context":267},691,{"file":130,"line":275,"context":267},693,{"file":130,"line":277,"context":260},816,{"file":247,"line":279,"context":280},179,"$wpdb->query() with variable interpolation",{"file":247,"line":282,"context":280},192,{"file":247,"line":284,"context":280},205,{"file":286,"line":287,"context":280},"classes\\class-xsec-helper.php",352,{"file":286,"line":289,"context":280},356,{"file":286,"line":291,"context":280},360,{"file":286,"line":293,"context":280},364,{"file":295,"line":139,"context":280},"uninstall.php",{"file":295,"line":32,"context":280},{"file":295,"line":298,"context":280},33,{"file":295,"line":300,"context":280},36,{"file":295,"line":302,"context":280},39,{"escaped":304,"rawEcho":305,"locations":306},110,2,[307,310],{"file":130,"line":308,"context":309},867,"raw output",{"file":311,"line":256,"context":309},"templates\\blocked.php",3,[],[315,333,341],{"entryPoint":316,"graph":317,"unsanitizedCount":31,"severity":332},"render_logs (admin\\class-xsec-admin.php:807)",{"nodes":318,"edges":330},[319,324],{"id":320,"type":321,"label":322,"file":130,"line":323},"n0","source","$_GET",811,{"id":325,"type":326,"label":327,"file":130,"line":328,"wp_function":329},"n1","sink","get_results() [SQLi]",820,"get_results",[331],{"from":320,"to":325,"sanitized":244},"high",{"entryPoint":334,"graph":335,"unsanitizedCount":31,"severity":332},"\u003Cclass-xsec-admin> (admin\\class-xsec-admin.php:0)",{"nodes":336,"edges":339},[337,338],{"id":320,"type":321,"label":322,"file":130,"line":323},{"id":325,"type":326,"label":327,"file":130,"line":328,"wp_function":329},[340],{"from":320,"to":325,"sanitized":244},{"entryPoint":342,"graph":343,"unsanitizedCount":305,"severity":332},"\u003Cclass-xsec-helper> (classes\\class-xsec-helper.php:0)",{"nodes":344,"edges":350},[345,347],{"id":320,"type":321,"label":346,"file":286,"line":248},"$_SERVER (x2)",{"id":325,"type":326,"label":348,"file":286,"line":192,"wp_function":349},"get_var() [SQLi]","get_var",[351],{"from":320,"to":325,"sanitized":244},{"summary":353,"deductions":354},"The 'liveupx-security' plugin v1.5.2 exhibits a generally strong security posture with several good practices in place. The static analysis indicates a very small attack surface with only one AJAX handler, and importantly, this entry point appears to have authorization checks. The plugin also demonstrates robust output escaping with 98% of outputs properly escaped and a good rate of prepared statements for SQL queries (40%). The absence of file operations and external HTTP requests further contributes to a lower risk profile.  \n\nHowever, the taint analysis reveals a significant concern: 3 out of 3 analyzed flows have unsanitized paths. While the static analysis does not flag any critical or high severity taint flows explicitly, the presence of \"unsanitized paths\" is a strong indicator of potential vulnerabilities, especially if these paths interact with user-supplied input without proper sanitization or validation before being used in file operations or other sensitive contexts. The vulnerability history is clean, with no recorded CVEs, which is a positive sign, but it does not negate the risks identified in the code analysis. \n\nIn conclusion, the plugin has strengths in its limited attack surface and good output handling. The primary weakness lies in the identified unsanitized paths, which require careful investigation to ensure user input is not being mishandled. Despite a clean vulnerability history, the taint analysis findings warrant attention to prevent potential future exploitation.",[355],{"reason":356,"points":357},"Unsanitized paths in taint analysis",15,"2026-03-17T07:23:04.306Z",{"wat":360,"direct":369},{"assetPaths":361,"generatorPatterns":364,"scriptPaths":365,"versionParams":366},[362,363],"\u002Fwp-content\u002Fplugins\u002Fliveupx-security\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fliveupx-security\u002Fassets\u002Fjs\u002Fadmin.js",[],[363],[367,368],"liveupx-security\u002Fassets\u002Fcss\u002Fadmin.css?ver=","liveupx-security\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":370,"htmlComments":372,"htmlAttributes":373,"restEndpoints":375,"jsGlobals":376,"shortcodeOutput":378},[371],"xsec-admin-page",[],[374],"data-action=\"xsec_ajax_actions\"",[],[377],"xsec",[]]