[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feoJSAekXcBxL1LhoyLiYvZmN2oaPBRsYbZvO2uUdyWc":3,"$flrH10nz8Ehk0iQE2hPJaTPC2MLa2n3VI_F3Fp67Nc38":199,"$f5SfSbkbmjxKXqUb37yu-dskhS_OE7ZSFSlCjy9h9LJg":204},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":140,"fingerprints":182},"mdi-http-referer-block","Smart Traffic Source Filter for WordPress","1.0","Medium Interactive","https:\u002F\u002Fprofiles.wordpress.org\u002Fmediuminteractive\u002F","\u003Cp>Tired of spam form submissions from suspicious referral sources? Want to block or redirect traffic from specific ad networks that send low-quality leads? Managing traffic quality shouldn’t require a developer. We made it easy!\u003C\u002Fp>\n\u003Cp>Smart Traffic Source Filter gives WordPress site owners complete control over user experience based on traffic origin. By analyzing the HTTP referrer (both server-side via PHP and client-side via JavaScript when headers are missing), this plugin makes it easy to detect where visitors come from and apply different behavior—whether you need to filter spam, protect forms, redirect unwanted traffic, or optimize conversions for high-quality sources.\u003C\u002Fp>\n\u003Cp>You can define specific referrer domains or patterns, and when a visitor matches those conditions, the plugin can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display a small notification (server-side) showing the detected referrer host or path.\u003C\u002Fli>\n\u003Cli>Hide or reveal specific elements on your site using CSS selectors.\u003C\u002Fli>\n\u003Cli>Redirect visitors from certain sources to a different URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This gives marketers, advertisers, and site owners fine control over how different audiences see the site.\u003C\u002Fp>\n\u003Cp>Example use cases:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide contact forms when users arrive through syndicated search traffic to prevent spam or low-quality leads.\u003C\u002Fli>\n\u003Cli>Hide pricing details when a user comes from social media to encourage engagement before pricing exposure.\u003C\u002Fli>\n\u003Cli>Redirect visitors from affiliate networks to a dedicated landing page.\u003C\u002Fli>\n\u003Cli>Show a simple banner confirming that the user arrived via a partner campaign.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin sets a tracking cookie (\u003Ccode>mdi_syndicated_ref\u003C\u002Fcode>) to remember the detected source for the configured number of days, ensuring consistent visibility rules on repeat visits.\u003C\u002Fp>\n\u003Cp>MDI HTTP Referer Block helps you tailor on-site experiences dynamically based on real visitor origin — simple, server-side controlled, and privacy-respecting.\u003C\u002Fp>\n\u003Cp>For a full guide on blocking syndicated search traffic (e.g., Google Ads Performance Max), see:\u003Cbr \u002F>\nhttps:\u002F\u002Fmediuminteractive.com\u002Fhow-to-block-syndicated-search-traffic-from-performance-max-campaigns-in-google-ads\u002F\u003C\u002Fp>\n","Hide elements or redirect users based on referrer domains. Useful for blocking partners, scrapers, or altering content per source.",0,544,"2025-12-18T11:50:00.000Z","6.9.4","5.6","",[18,19,20,21,22],"cookie","hide-content","redirect","referer","referrer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmdi-http-referer-block.1.0.2.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mediuminteractive",5,30,94,"2026-05-20T00:15:42.163Z",[36,55,79,99,119],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":33,"num_ratings":46,"last_updated":47,"tested_up_to":14,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":53,"download_link":54,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"cp-referrer-and-conversions-tracking","CP Referrer and Conversion Tracking","1.01.28","codepeople","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodepeople\u002F","\u003Cp>CP Referrer and Conversion Tracking is a useful tool for evaluating the result of marketing campaigns. It records the referral website of each visitor and it can also be used to identify the referral of the conversions (purchases, contact form submissions, appointments, bookings).\u003C\u002Fp>\n\u003Cp>The main features are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Records the referrer (HTTP referer) of each website visitor (tracking logs)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Provides graphics \u002F stats of referral websites and visitors (tracking stats)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow to create different referral links for different marketing campaigns (referral sources)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Records the original referrer and the latest referrer of the conversions\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Includes integration with multiple plugins for tracking its conversions\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recording the referrer\u003C\u002Fh4>\n\u003Cp>The CP Referrer and Conversion Tracking plugin implements an efficient way to detect and store the referral website when the HTTP referer header is present(when the user clicks on a link pointing to a webpage). This automatically identify for example when the user comes from Google, Facebook or from other external website.\u003C\u002Fp>\n\u003Cp>The visitors with identified referrers are listed under the “Tracking Logs” menu. The referrer, IP address and time of the first visit is recorded as part of the logs.\u003C\u002Fp>\n\u003Cp>To avoid storing a large number of referrer logs, the old logs are deleted as default every 90 days. This number of days to delete old logs can be edited from the plugin settings.\u003C\u002Fp>\n\u003Ch4>Graphics \u002F stats of referral websites\u003C\u002Fh4>\n\u003Cp>The recorded logs are used to render graphics indicating the evolution of logs received per day, the logs received per hour and the referral websites identified.\u003C\u002Fp>\n\u003Cp>Stats are provided also for logs received per year, during the latest 12 months, during the latest 12 weeks and during the latest 30 days. This helps to evaluate evolution of referrers and visitors during different periods of time. Note: These stats may be impacted by the automatic deletion of old logs.\u003C\u002Fp>\n\u003Cp>This section is located under the plugin menu “Tracking Stats”.\u003C\u002Fp>\n\u003Ch4>Creating different referral links for different marketing campaigns\u003C\u002Fh4>\n\u003Cp>The purpose of this section is to create links for different marketing platforms, making easier to identify the referral.\u003C\u002Fp>\n\u003Cp>For example you can setup a different entry point for a Google Adwords campaign and for a Facebook Ads, this way the exact referrer source will be reported even if the automatic HTTP referer info is not sent.\u003C\u002Fp>\n\u003Cp>This section is located under the plugin menu “Referral Sources”.\u003C\u002Fp>\n\u003Ch4>Tracking Conversions\u003C\u002Fh4>\n\u003Cp>The CP Referrer and Conversion Tracking plugin can identify the referral of conversions, for example contact form submissions, purchases, bookings, appointment requests, etc…\u003C\u002Fp>\n\u003Cp>The conversions are listed with the referrer of the initial visit and also with the referrer of the latest user session in the case the visitor used a different referrer for the latest sessions when the conversion happened.\u003C\u002Fp>\n\u003Cp>To register the conversions the related add-on must be activated (add-ons are included in the plugin). Currently the plugin support several conversion add-ons for different plugins (contact forms, appointment requests, bookings, paypal payments) and we will be continuously working adding new integrations to identify conversions of third party plugins.\u003C\u002Fp>\n\u003Cp>This section is located under the menu “Tracking Conversions”.\u003C\u002Fp>\n\u003Ch4>Tracking conversions originated in other plugins\u003C\u002Fh4>\n\u003Cp>The “Add Ons” menu already includes several conversion add-ons for different plugins, for example to track conversions like the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact forms\u003C\u002Fli>\n\u003Cli>Quote request forms\u003C\u002Fli>\n\u003Cli>Appointment bookings\u003C\u002Fli>\n\u003Cli>General bookings\u003C\u002Fli>\n\u003Cli>Polls\u003C\u002Fli>\n\u003Cli>Payment forms \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Includes conversion tracking for the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-to-email\u002F\" rel=\"ugc\">Contact Form to Email\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fappointment-hour-booking\u002F\" rel=\"ugc\">Appointment Hour Booking\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fappointment-booking-calendar\u002F\" rel=\"ugc\">Appointment Booking Calendar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbooking-calendar-contact-form\u002F\" rel=\"ugc\">Booking Calendar Contact Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcalculated-fields-form\u002F\" rel=\"ugc\">Calculated Fields Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcp-contact-form-with-paypal\u002F\" rel=\"ugc\">Contact Form with PayPal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcp-polls\u002F\" rel=\"ugc\">CP Polls\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-time-slots-booking-form\u002F\" rel=\"ugc\">WP Time Slots Booking Form\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>New add-ons will be added soon.\u003C\u002Fp>\n\u003Cp>For developers: If you need to track a custom conversion writing the please see in the FAQ the supported hooks.\u003C\u002Fp>\n","CP Referrer and Conversion Tracking registers how the website visitors reached the website, identifying the referral website. Also track conversions.",400,13760,12,"2026-01-26T15:21:00.000Z","4.0",[50,51,21,22,52],"conversion","logs","stats","http:\u002F\u002Fwordpress.dwbooster.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcp-referrer-and-conversions-tracking.1.01.28.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":16,"tags":70,"homepage":76,"download_link":77,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wp-block-referral-spam","Block Referral Spam","1.2.1","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">WPDeveloper.net\u003C\u002Fa> brings ‘Block Referral Spam’ for all WordPress user for free.\u003C\u002Fp>\n\u003Cp>This plugins blocks the most number of Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.\u003C\u002Fp>\n\u003Cp>Its super simple to use, nothing to setup, just install and activate the plugin, we will protect from 375+ separate domain (thanks to the user contribution) that spam your Google Analytics. This domain list is always increasing and biggest list available online.\u003C\u002Fp>\n\u003Cp>You could give feedback to us directly, and suggest new spam domain, \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBRS-UO\" rel=\"nofollow ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here is our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBlog-BRS-A1\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>, on how to get Top Referrer right from your WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Other Plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-analytify\u002F\" rel=\"ugc\">Analytify – Ultimate Google Analytics Dashboard\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwitter-cards-meta\u002F\" rel=\"ugc\">Twitter Cards Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fwp-scheduled-posts\u002F\" rel=\"nofollow ugc\">WP Scheduled Posts\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffacebook-secret-meta\u002F\" rel=\"ugc\">Facebook Secret Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-author-report-free\u002F\" rel=\"ugc\">WP Author Report Free\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Contribute in GitHub!!\u003C\u002Fstrong>\u003Cbr \u002F>\n  Contribute in GitHub. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FARCommunications\u002FBlock-Referral-Spam\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>This plugin is a great example of OpenSource community. Pull request are very welcome and usually accepted within 24hr. Together we fight with evil spam bot.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Don’t get confused with the term \u003Cem>Referrer Spam\u003C\u002Fem> or \u003Cem>Referral Spam\u003C\u002Fem> or \u003Cem>Referer Spam\u003C\u002Fem>. Google basically calls it \u003Cem>Referral Traffic\u003C\u002Fem>. It’s all mean the same thing.\u003C\u002Fp>\n\u003Ch3>Donation\u003C\u002Fh3>\n\u003Cp>You could use our free & pro plugins fro link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwpdeveloper.net\u002F\u003C\u002Fp>\n","This plugins blocks maximum Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.",200,9362,82,9,"2017-06-08T21:58:00.000Z","4.8.28","2.5.0",[71,72,73,74,75],"google-analytics-referral-spam","referer-spam","referral-spam","referral-traffic","referrer-spam","https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fblock-referral-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-block-referral-spam.1.2.1.zip",85,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":24,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":16,"tags":93,"homepage":97,"download_link":98,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"advanced-wp-hide-referer","Advanced WP Hide Referer","1.1","wplabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fwplabs\u002F","\u003Cp>Hide Referer for WordPress removes the referer (referrer) from all external links on your blog. It does this by converting all outgoing\u003Cbr \u002F>\nlinks on your blog using the href.li service and effectively hides your site as origin of the referred link.\u003C\u002Fp>\n\u003Cp>For example, Hide Referer for WordPress will convert an external link to wordpress.org, to \u003Ca href=\"https:\u002F\u002Fhref.li\u002F?http:\u002F\u002Fwordpress.org\" rel=\"nofollow ugc\">https:\u002F\u002Fhref.li\u002F?http:\u002F\u002Fwordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Hide Referer for WordPress removes the referer (referrer) from all external links on your blog. It does this by converting all outgoing",10,2477,1,"2015-05-04T09:32:00.000Z","4.2.39","3.3",[94,95,96,21,22],"hide","hide-refer","refer","http:\u002F\u002Fwww.gamesax.com\u002Fwpp\u002FAdvanced-WP-Hide-Referer_1-0.zip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-wp-hide-referer.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":87,"downloaded":107,"rating":11,"num_ratings":11,"last_updated":16,"tested_up_to":108,"requires_at_least":109,"requires_php":16,"tags":110,"homepage":116,"download_link":117,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":118},"cookielander","Cookielander","0.7","zaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fzaus\u002F","\u003Cp>Allows you to specify which querystring, post, header, or cookie parameters to save to temporary storage (session, another cookie, header) for use elsewhere in the site.  Great for capturing referral variables (GET querystring parameters, headers) and reusing them in contact forms, CRMs, etc.\u003C\u002Fp>\n","Save referral variables to temporary storage (cookies)",2121,"4.5.33","3.0",[111,112,113,114,115],"contact-form","cookies","landing-page","landing-referrer","ppc","https:\u002F\u002Fgithub.com\u002Fzaus\u002Fcookielander","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookielander.zip","2026-03-15T10:48:56.248Z",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":11,"downloaded":127,"rating":11,"num_ratings":11,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":137,"download_link":138,"security_score":139,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ndt-redirect","NDT Redirect","1.0.7","Tony Nguyen","https:\u002F\u002Fprofiles.wordpress.org\u002Fnguyenduytan\u002F","\u003Cp>NDT Redirect is a lightweight plugin designed to manage external links on your WordPress site. It intercepts external links, redirects them through an intermediate page with a customizable delay, and applies the \u003Ccode>no-referrer\u003C\u002Fcode> policy to protect user privacy. This plugin is ideal for site owners who want to ensure link safety and maintain control over outbound traffic.\u003C\u002Fp>\n\u003Cp>Key features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a redirect page with a countdown timer for external links.\u003C\u002Fli>\n\u003Cli>Supports \u003Ccode>no-referrer\u003C\u002Fcode> meta tag to prevent referrer leakage.\u003C\u002Fli>\n\u003Cli>Allows administrators to enable\u002Fdisable the plugin and configure settings.\u003C\u002Fli>\n\u003Cli>Customizable redirect time and link target (\u003Ccode>_self\u003C\u002Fcode> or \u003Ccode>_blank\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Option to exclude specific user roles (e.g., Administrators) from redirection.\u003C\u002Fli>\n\u003Cli>Compatible with pages, posts, comments, and WooCommerce products.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NDT Redirect is developed and maintained by Tony Nguyễn and will be supported as long as necessary.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact me via:\u003Cbr \u002F>\n– Email: admin@ndtan.net\u003Cbr \u002F>\n– Telegram: @nguyenduytan\u003Cbr \u002F>\n– Website: https:\u002F\u002Fnguyenduytan.com\u003C\u002Fp>\n","NDT Redirect helps manage external links by adding a no-referrer redirect page, enhancing security and user experience.",409,"2025-04-26T07:19:00.000Z","6.8.5","4.9","7.0",[133,134,135,20,136],"external-links","link-safety","no-referrer","wordpress-security","https:\u002F\u002Fnguyenduytan.com\u002F15-ndt-redirect-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fndt-redirect.1.0.7.zip",92,{"attackSurface":141,"codeSignals":166,"taintFlows":175,"riskAssessment":176,"analyzedAt":181},{"hooks":142,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":11,"unprotectedCount":11},[143,149,154,158],{"type":144,"name":145,"callback":146,"priority":89,"file":147,"line":148},"action","init","mdihtreb_check_and_set_cookie","mdi-http-referer-block.php",84,{"type":144,"name":150,"callback":151,"priority":152,"file":147,"line":153},"wp_head","mdihtreb_show_syndicated_notice",20,154,{"type":144,"name":155,"callback":156,"file":147,"line":157},"admin_init","mdihtreb_register_settings",190,{"type":144,"name":159,"callback":160,"file":147,"line":161},"admin_menu","mdihtreb_register_settings_page",329,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":173,"bundledLibraries":174},[],{"prepared":11,"raw":11,"locations":169},[],{"escaped":171,"rawEcho":11,"locations":172},28,[],2,[],[],{"summary":177,"deductions":178},"The mdi-http-referer-block plugin v1.0 exhibits a strong security posture based on the provided static analysis. There are no identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the potential attack surface. The code demonstrates good practices by not utilizing dangerous functions, not performing file operations, and making no external HTTP requests. Furthermore, all SQL queries are correctly prepared, and all output is properly escaped, mitigating common vulnerabilities. The presence of capability checks, even though nonce checks are absent, suggests some level of access control is considered.\n\nWhile the static analysis reveals no immediate critical or high-severity issues, the absence of taint analysis data and the zero total flows analyzed indicate that a comprehensive security review might be incomplete. The lack of nonce checks on the zero identified entry points is a minor concern, as even without direct entry points, other plugin interactions could potentially leverage these if they were introduced later. The vulnerability history being entirely clear is a positive sign, suggesting a history of secure development or a lack of past exploitation.\n\nOverall, mdi-http-referer-block v1.0 appears to be a secure plugin with a very small attack surface and adherence to secure coding principles in the analyzed areas. The primary area for potential improvement would be ensuring all potential interaction points are thoroughly tested with taint analysis. However, based strictly on the provided data, the risk is currently assessed as very low.",[179],{"reason":180,"points":173},"Missing nonce checks on AJAX\u002Fentry points","2026-04-16T14:27:17.102Z",{"wat":183,"direct":190},{"assetPaths":184,"generatorPatterns":186,"scriptPaths":187,"versionParams":188},[185],"\u002Fwp-content\u002Fplugins\u002Fmdi-http-referer-block\u002Fassets\u002Fjs\u002Fmdi-referrer-tracker.js",[],[],[189],"mdi-http-referer-block\u002Fassets\u002Fjs\u002Fmdi-referrer-tracker.js?ver=",{"cssClasses":191,"htmlComments":193,"htmlAttributes":194,"restEndpoints":195,"jsGlobals":196,"shortcodeOutput":198},[192],"mdihtreb-referrer-notice",[],[],[],[197],"mdihtrebReferrerData",[],{"error":200,"url":201,"statusCode":202,"statusMessage":203,"message":203},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmdi-http-referer-block\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":205,"versions":206},4,[207,215,221,228],{"version":208,"download_url":209,"svn_tag_url":210,"released_at":25,"has_diff":211,"diff_files_changed":212,"diff_lines":25,"trac_diff_url":213,"vulnerabilities":214,"is_current":211},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmdi-http-referer-block.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmdi-http-referer-block\u002Ftags\u002F1.0.3\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmdi-http-referer-block%2Ftags%2F1.0.2&new_path=%2Fmdi-http-referer-block%2Ftags%2F1.0.3",[],{"version":216,"download_url":23,"svn_tag_url":217,"released_at":25,"has_diff":211,"diff_files_changed":218,"diff_lines":25,"trac_diff_url":219,"vulnerabilities":220,"is_current":211},"1.0.2","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmdi-http-referer-block\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmdi-http-referer-block%2Ftags%2F1.0.1&new_path=%2Fmdi-http-referer-block%2Ftags%2F1.0.2",[],{"version":222,"download_url":223,"svn_tag_url":224,"released_at":25,"has_diff":211,"diff_files_changed":225,"diff_lines":25,"trac_diff_url":226,"vulnerabilities":227,"is_current":211},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmdi-http-referer-block.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmdi-http-referer-block\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmdi-http-referer-block%2Ftags%2F1.0&new_path=%2Fmdi-http-referer-block%2Ftags%2F1.0.1",[],{"version":6,"download_url":229,"svn_tag_url":230,"released_at":25,"has_diff":211,"diff_files_changed":231,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":232,"is_current":200},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmdi-http-referer-block.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmdi-http-referer-block\u002Ftags\u002F1.0\u002F",[],[]]