[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKBn7sJOzC7HGuw7SJVe2O4iVI6elo_HvSjkqDcGxHHw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":131,"fingerprints":394},"netsensai-shield","NETSENSAI Shield","1.4.9","Rafal Gierlicki","https:\u002F\u002Fprofiles.wordpress.org\u002Frgierlicki\u002F","\u003Cp>NETSENSAI Shield offers a range of security features, including:\u003C\u002Fp>\n\u003Cp>Changing the login URL to reduce brute force attack risks.\u003C\u002Fp>\n\u003Cp>Disabling the REST API (WP API JSON) for non-logged-in users.\u003C\u002Fp>\n\u003Cp>Disabling XML-RPC to prevent unauthorized access.\u003C\u002Fp>\n\u003Cp>Disabling the WordPress file editor to avoid accidental or malicious changes.\u003C\u002Fp>\n\u003Cp>Disabling Application Passwords to block unauthorized API access.\u003C\u002Fp>\n\u003Cp>Applying advanced HTTP security headers (e.g., HSTS, X-Frame-Options, Content-Security-Policy).\u003C\u002Fp>\n\u003Cp>Integration with W3 Total Cache:\u003C\u002Fp>\n\u003Cp>Permanently disable .htaccess writes by W3TC\u003C\u002Fp>\n\u003Cp>Runtime disabling of Page Cache UI\u003C\u002Fp>\n\u003Cp>One-time full cache flush on first admin page load\u003C\u002Fp>\n\u003Cp>Automatic cache flush on Secure Options save\u003C\u002Fp>\n\u003Cp>Physical cleanup and permanent disable via the W3TC API\u003C\u002Fp>\n\u003Cp>Suppression of Site Health REST API availability notices for non-logged-in users (removes false Site Health errors while maintaining full API blocking).\u003C\u002Fp>\n\u003Cp>In addition, the plugin provides helpful user feedback:\u003C\u002Fp>\n\u003Cp>Email notifications when the login URL changes – sends a localized HTML email (Polish or English) with your old and new login links, change date and the plugin logo, so you remember to update your bookmarks.\u003C\u002Fp>\n\u003Cp>Admin popup when disabling the WP API JSON – displays a friendly modal warning that disabling the REST API may break plugins like WooCommerce or contact forms. The popup includes a purchase link to upgrade to the PRO version if you need this feature without losing functionality.\u003C\u002Fp>\n\u003Cp>Scoped styling – the custom colour for the “Save changes” button is now limited to the Secure Options page, so other admin pages keep the default WordPress look.\u003C\u002Fp>\n\u003Cp>Promotional banner assistant – notifies administrators of summer discount codes and NETSENSAI Shield PRO features.\u003C\u002Fp>\n\u003Cp>The free version provides both core and advanced Level 3 security functionalities. A PRO version offers extended support, additional features, and automatic protection enhancements.\u003C\u002Fp>\n","Hardens and protects your site by locking down login, REST API, XML‑RPC, file editor, and applying HTTP security headers.",1000,6022,100,5,"2025-10-14T20:18:00.000Z","6.8.5","5.6","",[20,21,22,23,24],"cybersecurity","hardening","protection","security","wordpress-security","https:\u002F\u002Fwww.netsensai.pl\u002Fstore\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetsensai-shield.1.4.9.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"rgierlicki",1,30,94,"2026-04-04T03:49:30.131Z",[38,57,77,94,112],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":55,"download_link":56,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cwis-antivirus-malware-detected","WebDefender Security – Protection & AntiSpam","5.0.2.1","CobWeb Security Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fcwis\u002F","\u003Ch4>A Professional Security Protection Plugin for WP\u003C\u002Fh4>\n\u003Cp>The WebDefender was developed by a team of security experts and it incorporates professional security tools for the best all around WordPress website protection and prevention of threats. Includes GDPR compline module.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Protection \u002F Website Hide Function (Prevent Hacker Attack \u002F Security) \u002F Anti-Spam Protection \u002F Brute Force Bot Attack Prevention \u002F Smart Firewall\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detection \u002F Antivirus Scanner \u002F Database Malware \u002F Adware, Spyware, Spam Links\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Diagnostic \u002F Vulnerabilities Detection \u002F Blacklist Monitoring\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Malware Removal Tool \u002F Security Cleaning Tool\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening \u002F Hosting Hardening Check \u002F Automatic Updating Function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Tools \u002F GDPR Compliance Function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these solution make the WebDefender one of the best all around security protection tools for your WordPress resource.\u003C\u002Fp>\n\u003Ch3>The WebDefender offers the following tools and protection measures\u003C\u002Fh3>\n\u003Ch4>Primary Protection Function\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Website Hide function\u003C\u002Fstrong> that hides your WP site from crawlers spiders and bots.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hides website from bots, hides the core WP website components, plugins and themes.\u003C\u002Fli>\n\u003Cli>Fully automatic encryption of your website components.\u003C\u002Fli>\n\u003Cli>Coding website without use of the .htaccess file.\u003C\u002Fli>\n\u003Cli>One click installation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Protection Functions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Firewall\u003C\u002Fstrong> that detects and blocks bot traffic. This is a perfect and powerful prevention tool.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anti-Bot Protection\u003C\u002Fstrong> – Monitors web traffic, filters out, and blocks bad bot traffic to a website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anti-SPAM Protection\u003C\u002Fstrong> – Automatic detection of all comments insert by bots and their filtration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Bot Attack Prevention\u003C\u002Fstrong> – Bots detection system to prevent attempts to crack a password (login security).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Antivirus Security Scanner\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A professional \u003Cstrong>Antivirus Scanner\u003C\u002Fstrong> that will scan your website from external threats. Designed to detect adware and malware, backdoors, exploits, phishing code, trojans and viruses, include built-in \u003Cstrong>malware removal tool\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Malware Scanning\u003C\u002Fstrong> – A unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adware, Spyware and SPAM links detection\u003C\u002Fstrong> – Protect you website from attached code attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities Detection\u003C\u002Fstrong> – Plugins and themes security vulnerabilities, SQL, XSS injections, vulnerable and insecure scripts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Monitoring\u003C\u002Fstrong> – Check your website reputation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Updater\u003C\u002Fstrong> – an automatic functional tool for updating your WordPress Core versions, plugins and themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardening\u003C\u002Fstrong> – Detect the hosting configuration security parameter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Malware Removal Tool\u003C\u002Fh4>\n\u003Cp>Built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection.\u003C\u002Fp>\n\u003Ch4>GDPR Compliance Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>GDPR Consent management\u003C\u002Fli>\n\u003Cli>Cookies and data collection privacy management\u003C\u002Fli>\n\u003Cli>User data management\u003C\u002Fli>\n\u003Cli>Privacy information should we provide to user\u003C\u002Fli>\n\u003Cli>Personal data breaches\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25, 2018. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.\u003C\u002Fp>\n\u003Cp>Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.\u003C\u002Fp>\n\u003Cp>This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> Installing this plugin does not guarantee a full compliment with the GDPR. Please contact a GDPR consultant or a law firm to assess the necessary measures.\u003C\u002Fp>\n\u003Ch3>Technical Description\u003C\u002Fh3>\n\u003Ch4>Hide Function – Perfect Security and Protection solution\u003C\u002Fh4>\n\u003Cp>A passive security mechanism for hack protection against crawlers spiders and bots. A fullprof function – one click and your website will become hidden from bots.\u003C\u002Fp>\n\u003Cp>The Hider algorithm encrypts all layers of a website, thus hiding it from hackers by making existing vulnerabilities and other security risks invisible when searched and does not require manual configuration. Our encoding algorithm does not use the .htaccess file therefore there is no disruption to the operation of your website. This function will make your WordPress website totally invisible! A crucial step in improving your website security.\u003C\u002Fp>\n\u003Ch4>Smart Protection\u003C\u002Fh4>\n\u003Cp>A web application firewall filters, monitors, and blocks bad bot traffic to a website. It is deployed in “front” of a website and analyzes traffic – detecting and blocking anything malicious.\u003C\u002Fp>\n\u003Ch4>Anti SPAM\u003C\u002Fh4>\n\u003Cp>WebDefender includes a unique automatic algorithm for diagnosing the text entered on your website (forum, forms, comments and etc,) where made by a human or a bot. Bots won’t be allowed to enter text on your website. This is a unique algorithm, providing a unique solution to our clients.\u003Cbr \u002F>\nThe crisis is a time when almost every site is faced with a flurry of unwanted emails from reverse forms, posts and comments. Robots literally attack corporate e-mails, because of which sometimes valuable applications can be missed. But putting a captcha on the site you risk losing customer loyalty, as poorly readable images annoy 90% of users. Therefore, we offer a solution developed by WEbdefender specialists to protect the site from spam robots .\u003C\u002Fp>\n\u003Ch4>Brute Force Attack Protection\u003C\u002Fh4>\n\u003Cp>Hackers frequently use automatic bot systems to Brute force a website. Our algorithm detects those bots and prevents attempts of a password crack.\u003C\u002Fp>\n\u003Ch4>The “WebDefender” Antivirus Scanner\u003C\u002Fh4>\n\u003Cp>The builtin professional and multi-functional antivirus scanner offers top of the line security features and advanced functions for viruses and vulnerabilities detection. The scanner incorporates a user friendly malware removal tool. The diagnostic is performed by using a known database of virus signatures as well as Cobweb-Security’s Heuristic algorithm that can detected previously unknown virus signatures and zero-day vulnerabilities thus providing enterprise-level security capabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WebDefender Antivirus Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Virus and malware antivirus scanner\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database security scanning (exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ZIP file scanning (exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adware, Spyware and SPAM links detection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful and easy to use malware removal tool\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security hardening analytics and recommendations\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates (Professional or Premium)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scanner scheduler’s settings (Professional or Premium)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Database Malware Scanning\u003C\u002Fh4>\n\u003Cp>An unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.\u003C\u002Fp>\n\u003Ch4>Adware, Spyware and SPAM links detection\u003C\u002Fh4>\n\u003Cp>The WebDefender Scanner successfully detects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SEO & SPAM links\u003C\u002Fli>\n\u003Cli>Doorway pages (SEO)\u003C\u002Fli>\n\u003Cli>iFrame injections\u003C\u002Fli>\n\u003Cli>Black-hat SEO infections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerabilities Detection\u003C\u002Fh4>\n\u003Cp>One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That’s why a well-timed diagnosis and update are vital for hardening the protection of the website.\u003C\u002Fp>\n\u003Cp>Our security scanner is able to find:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugins and themes vulnerabilities\u003C\u002Fli>\n\u003Cli>SQL, XSS malicious injections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Blacklist Monitoring\u003C\u002Fh4>\n\u003Cp>The WebDefenders’ Blacklist Monitoring scanner checks IP addresses and website domains in the 10  most popular security blacklists and safe browsing databases.\u003C\u002Fp>\n\u003Cp>Real-time Blacklists or Blackhole lists – also called DNS-based Blackhole Lists – are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these security blacklists.\u003C\u002Fp>\n\u003Cp>Leading email systems like Gmail, Yahoo and Hotmail also use security blacklists to filter emails by addresses. If your network’s IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.\u003C\u002Fp>\n\u003Cp>WebDefender Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.\u003C\u002Fp>\n\u003Ch4>The Updater – WP Core, plugin and theme automatic update\u003C\u002Fh4>\n\u003Cp>The importance of using the latest updated version of the WP core, plugins and themes is understandable to everyone and not only for the increase in functionality but in no small degree for the security of the website.\u003C\u002Fp>\n\u003Cp>To make it easier to keep track of update releases for WordPress Core, plugins and themes and installing them automatically, CobWeb-Security has introduced the Security Updater to the functionality of the WebDefender plugin.\u003C\u002Fp>\n\u003Cp>The Updater will enable you to keep track of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Core Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Plugin Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Theme Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Updater has three separate blocks for managing themes, plugins, and WordPress core settings.\u003C\u002Fp>\n\u003Cp>You can choose to update only individual plugins or themes or you can choose to update all of the installed themes and plugins. The Updater will also mark with different colors the importance of an update ( red to green)\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>This function detects the hosting configuration security parameters.\u003C\u002Fp>\n\u003Ch4>Malware Removal Tool, Powerful & Easy To Use\u003C\u002Fh4>\n\u003Cp>The WebDefender Security Scanner will not only help you find all of the viruses and malicious code on your website but we will also help you remove the malware easily. Our built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection. The cleaning process is fairly simple, but it requires some knowledge in coding.\u003C\u002Fp>\n\u003Ch4>Preparing you website for the General Data Protection Regulation (GDPR)\u003C\u002Fh4>\n\u003Cp>This extension for our security plugin helps the website owner or company Data Protection Officer (DPO), Controller, Data Processor employees to fit the web application with the obligations and rights enacted under the GDPR requirement.\u003C\u002Fp>\n\u003Ch4>Professional Upgrade\u003C\u002Fh4>\n\u003Cp>Enhance the security of your website with our Professional upgrade. The Professional package will provide our clients with these additional features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>FireWall:\n\u003Cul>\n\u003Cli>Real-time firewall rules updates\u003C\u002Fli>\n\u003Cli>Real-time IP Blacklists\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Hide Function:\n\u003Cul>\n\u003Cli>New mask codes for updating the Hide function online\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Scanner:\n\u003Cul>\n\u003Cli>Real-time malware signature updates\u003C\u002Fli>\n\u003Cli>Scanner scheduler settings (Professional or Premium)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Premium Program\u003C\u002Fh4>\n\u003Cp>We also offer a Professional WebDefender key that will give you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Scanner scheduler’s settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Upgrade to Premium support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database malware scan (WebDefender exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scanner report export function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A 100% protection – your website’s security in our hands. Our team will monitor your website online 24\u002F7, in case of a hacker attack or malware injection, we will clean and repair you website.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"http:\u002F\u002Fcobweb-security.com\u002Four-product\u002F\" title=\"Fix and protect your site\" rel=\"nofollow ugc\">click here to sign-up\u003C\u002Fa> for WebDefender Professional or Premium now.\u003C\u002Fp>\n\u003Ch4>Cookies set by the Plugin and WordPress\u003C\u002Fh4>\n\u003Cp>This plugin keeps track of user consent by saving them to the database. We can only do that for logged in users. For visitors, however, we track their concent by creating a cookie and storing their preferences there. The same logic applies for cookies. We set a cookie named \u003Cstrong>gdpr\u003C\u002Fstrong> that stores that information.\u003C\u002Fp>\n\u003Cp>WordPress also stores cookies on log in or commenting on a post. You can learn more about \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FWordPress_Cookies\" rel=\"nofollow ugc\">WordPress cookies here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to several external services provided by Cobweb Security in order to deliver antivirus and malware scanning functionality.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Version Check Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fupdate.cobweb-security.com\u002Freleases\u002Fversion.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to check the latest plugin version and update information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Only the plugin version installed is sent.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Licensing API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fclients.cobweb-security.com\u002Fmodules\u002Fservers\u002Fcwislicensing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Validates the plugin license and ensures legitimate usage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Plugin license key and site domain.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Host Check Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fcheck.cobweb-security.com\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Performs security checks and retrieves signature updates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Site domain and plugin environment info.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Signature Updates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fupdate.cobweb-security.com\u002Freleases\u002Fcwis-signatures.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Retrieves malware signature updates for scanning.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> No personal data is sent; only plugin requests for the latest signatures.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These services are necessary for the proper operation of the plugin. No sensitive user data is sent without consent, and all external connections are limited to the above services.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fdownload\u002F\" title=\"Download WordPress\" rel=\"ugc\">WordPress\u003C\u002Fa> version \u003Cstrong>2.8\u003C\u002Fstrong> or higher\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsecure.php.net\u002F\" title=\"PHP scripting language\" rel=\"nofollow ugc\">PHP\u003C\u002Fa> version \u003Cstrong>4.1.0\u003C\u002Fstrong> or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Final Notes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>We’re greatly appreciate for any references in the social networks, forums or blogs to our security scanner \u003Ca href=\"https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F\" title=\"CobWeb Security Ltd.\" rel=\"nofollow ugc\">https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you have any suggestions, ideas, or comments, or if you found a bug, write us \u003Ca href=\"mailto:cwis@cobweb-security.com\" title=\"Email us\" rel=\"nofollow ugc\">cwis@cobweb-security.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","PRO Security – Antivirus Scanner, 2-Layer Protection Hide Security, Brute Force Security  & Antispam, Security Website and Security Hardening.",273166,80,18,"2026-01-20T06:00:00.000Z","6.9.4","2.8",[53,22,23,54,24],"malware-scanner","security-plugin","https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcwis-antivirus-malware-detected.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"sar-one-click-security","SAR One Click Security","1.3","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>There’s a lot of WordPress security plugins with many many options and pages to setup. And that is fine if you know what to do.\u003Cbr \u002F>\nBut most of the times, you don’t need so much or simply you’re not sure about what to set or not.\u003C\u002Fp>\n\u003Cp>This plugin adds some extra security to your WordPress with only one click. \u003Cstrong>No options page, just activate it!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Like many other security plugins SAR One Click Security adds well known .htaccess rules, but only the ones probed to be safe to use in almost any type of site (including WooCommerce stores), to protect your WordPress from common attacks. This allows you to have a safer WordPress without worries about what protection you should be using.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turn off ServerSignature directive, that may leak information about your web server.\u003C\u002Fli>\n\u003Cli>Turn off directory listing, avoiding bad configured hostings to leak your files.\u003C\u002Fli>\n\u003Cli>Blocks public access (from web) to following files that may leak information about your WordPress install: .htaccess, license.txt, readme.html, wp-config.php, wp-config-sample.php, install.php\u003C\u002Fli>\n\u003Cli>Blocks access to wp-login.php to dummy bots trying to register in WordPress sites that have registration disabled.\u003C\u002Fli>\n\u003Cli>Blocks requests looking for timthumb.php, reducing server load caused by bots trying to find it. (*)\u003C\u002Fli>\n\u003Cli>Blocks TRACE and TRACK request methods, preventing XST attacks.\u003C\u002Fli>\n\u003Cli>Blocks direct posting to wp-comments-post.php (most spammers do this) and access with blank User Agent, reducing spam comments a lot and also server load.\u003C\u002Fli>\n\u003Cli>Blocks direct access to PHP files in wp-content directory (this includes subdirectories like plugins or themes). Protecting you from a huge number of 0day exploits.\u003C\u002Fli>\n\u003Cli>Blocks direct POST to wp-login.php and access with blank User Agent, preventing most brute-force attacks and reducing server load.\u003C\u002Fli>\n\u003Cli>Blocks access to .txt files under any plugin\u002Ftheme directory to prevent scans for installed plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>Blocks any query string trying to get a copy of the wp-config.php file.\u003C\u002Fli>\n\u003Cli>Blocks gf_page=upload query string argument, this was deprecated in Gravity Forms on May 2015, if your copy of Gravity Forms still uses it, update now!\u003C\u002Fli>\n\u003Cli>Removes version information from page headers. This includes not only the page header (html or xhtml) but also feed headers (rss, rss2, atom, rdf) and opml comments. Only the version number is removed, not the entire generator information.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*) If your theme uses TimThumb, you can disable that blocking rule, check FAQ before installing the plugin to see how.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.9.2 or higher. (Works with WordPress network\u002Fmultisite installation).\u003C\u002Fli>\n\u003Cli>Apache 2.4.x web server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has been tested in many servers including large providers like HostGator, Godaddy and 1&1 with optimal results, and it will work fine in any decent hosting service (that allows you to set options from .htaccess files).\u003C\u002Fp>\n\u003Cp>Anyway, if you get any problem after activating the plugin, check FAQ for instructions on how to manually uninstall it.\u003C\u002Fp>\n\u003Cp>If you’re not sure of which server is your hosting company using or if they allow to use custom .htaccess rules, I would recommend you to contact with your host support \u003Cstrong>before\u003C\u002Fstrong> installing the plugin.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To apply above mentioned security rules simply install and activate the plugin, no options page, no user setup!\u003C\u002Fp>\n\u003Cp>If you need to remove the security rules for some reason, simply deactivate the plugin. If you want to add them again, activate the plugin again, that easy 😉\u003C\u002Fp>\n\u003Cp>And remember, \u003Cstrong>if your theme uses TimThumb, check FAQ before installing the plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n","Adds some extra security to your WordPress with only one click.",200,13616,7,"2025-03-03T20:53:00.000Z","6.7.5","3.9.2",[72,21,73,22,23],"firewall","htaccess","http:\u002F\u002Fwww.samuelaguilera.com\u002Farchivo\u002Fprotege-wordpress-facilmente.xhtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsar-one-click-security.1.3.zip",92,{"slug":78,"name":79,"version":60,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":13,"downloaded":84,"rating":13,"num_ratings":85,"last_updated":86,"tested_up_to":50,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":92,"download_link":93,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dessky-security","Dessky Security","dessky","https:\u002F\u002Fprofiles.wordpress.org\u002Fdessky\u002F","\u003Cp>Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website. Once you enable all major security measures your input is no longer required. Features include upload directory restriction, disabling of plugin\u002Ftheme editor, admin username check and more.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Fdessky.com\u002F\" rel=\"nofollow ugc\">Dessky Team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Dessky Team does not provide support for the Dessky Security on the WordPress.org forums. In order to get support or make a suggestion from a Dessky Team you will have to Join Our Open Community and \u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">Start a Discussion\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">DISCUSS WITH THE DESSKY TEAM\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">JOIN OUR OPEN COMMUNITY\u003C\u002Fa>: The purpose of this open community is to have a collective place where the community can help each other, and we can get some feedback to improve Dessky Security as well. Joining the community is also a great way to connect with like-minded people and share your experience.\u003C\u002Fp>\n\u003Cp>You can also \u003Ca href=\"https:\u002F\u002Fdessky.me\u002F\" rel=\"nofollow ugc\">GET THE PREMIUM SUPPORT\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdessky.org\u002F\" rel=\"nofollow ugc\">User Documentation\u003C\u002Fa>: Although Dessky Security is already easy to set up, we’ve put together tutorials, guides, and some knowledge bases to help you set up and get started with it.\u003C\u002Fp>\n\u003Cp>I have further questions, how do I contact you?\u003C\u002Fp>\n\u003Cp>Please fill up the \u003Ca href=\"https:\u002F\u002Fdessky.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact form\u003C\u002Fa> and we would be more than happy to assist.\u003C\u002Fp>\n\u003Cp>Credits: Dessky Security is based on the ‘Sucuri WordPress Security’ plugin developed by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fddsucurinet\u002F\" rel=\"nofollow ugc\">Daniel Cid\u003C\u002Fa>.\u003C\u002Fp>\n","Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website.",5999,2,"2025-12-03T15:19:00.000Z","3.2",[21,23,89,90,91],"site-hardening","wordpress-hardening","wordpress-security-check","https:\u002F\u002Fdessky.com\u002Fplugin\u002Fdessky-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdessky-security.1.3.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":13,"downloaded":102,"rating":27,"num_ratings":27,"last_updated":103,"tested_up_to":50,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"security-hardener","Security Hardener","1.0","Marc Armengou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarc4\u002F","\u003Cp>\u003Cstrong>Security Hardener\u003C\u002Fstrong> implements the official WordPress hardening guidelines from the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fhardening\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration \u002F Security \u002F Hardening\u003C\u002Fa> documentation. It uses WordPress core functions and follows best practices without modifying core files.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable file editor in WordPress admin\u003Cbr \u002F>\n* Optionally disable all file modifications (blocks updates – use with caution)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable XML-RPC completely (enabled by default)\u003Cbr \u002F>\n* Remove pingback methods\u003Cbr \u002F>\n* Disable self-pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block \u003Ccode>\u002F?author=N\u003C\u002Fcode> queries (returns 404)\u003Cbr \u002F>\n* Secure REST API user endpoints (require authentication)\u003Cbr \u002F>\n* Remove users from XML sitemaps\u003Cbr \u002F>\n* Prevent canonical redirects that expose usernames\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generic error messages (no username\u002Fpassword hints)\u003Cbr \u002F>\n* IP-based rate limiting with configurable thresholds\u003Cbr \u002F>\n* Security event logging (last 100 events)\u003Cbr \u002F>\n* Automatic blocking after failed attempts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> (clickjacking protection)\u003Cbr \u002F>\n* \u003Ccode>X-Content-Type-Options: nosniff\u003C\u002Fcode> (MIME sniffing protection)\u003Cbr \u002F>\n* \u003Ccode>Referrer-Policy: strict-origin-when-cross-origin\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>Permissions-Policy\u003C\u002Fcode> (restricts geolocation, microphone, camera)\u003Cbr \u002F>\n* Optional HSTS (HTTP Strict Transport Security) for HTTPS sites\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Hardening:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Hide WordPress version\u003Cbr \u002F>\n* Clean up \u003Ccode>wp_head\u003C\u002Fcode> output\u003Cbr \u002F>\n* Remove unnecessary meta tags and links\u003Cbr \u002F>\n* Security event logging system\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong> Always test security settings in a staging environment first. Some features may affect third-party integrations or plugins.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> This plugin does not send data to external services and does not create custom database tables. It stores plugin settings and a security event log in the WordPress options table, and uses transients for temporary login attempt tracking. All data is deleted on uninstall.\u003C\u002Fp>\n","Basic hardening: secure headers, user enumeration blocking, generic login errors, IP-based rate limiting, and WordPress security improvements.",496,"2026-03-05T12:13:00.000Z","6.9","8.2",[107,21,108,109,23],"brute-force","headers","login-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-hardener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.1.0.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":13,"num_ratings":67,"last_updated":122,"tested_up_to":50,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":129,"download_link":130,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wphhsecure","WPHH SECURE – AIO WordPress Security With File Locking & WP Hide Login","1.1.9","WPHackedHelp","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginsupportwphackedhelp\u002F","\u003Cp>Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility. Built for speed, security, and control.\u003C\u002Fp>\n\u003Ch3>Full Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WPHH SECURE\u003C\u002Fstrong> by \u003Ca href=\"https:\u002F\u002Fsecure.wphackedhelp.com\" rel=\"nofollow ugc\">WP Hacked Help\u003C\u002Fa> is a comprehensive WordPress security plugin that integrates advanced file protection and login URL obfuscation. It blocks brute-force attacks, unauthorized access, and file tampering by allowing you to easily lock or unlock your WordPress files and folders with a single click.\u003C\u002Fp>\n\u003Cp>The plugin comes with a user-friendly interface and real-time feedback, ensuring secure operations without any technical knowledge required. WPHH SECURE is built to work seamlessly with the native WordPress functions, ensuring compatibility and safety for all sites, including blogs, business sites, and WooCommerce stores.\u003C\u002Fp>\n\u003Cp>With automatic exclusions for sensitive folders and the ability to manage folder exceptions, WPHH SECURE ensures that critical areas like uploads, cache, and backups are not locked accidentally. It also features login URL hiding to prevent unauthorized access to your site’s backend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>One-Click Lock\u002FUnlock\u003C\u002Fstrong> – Lock or unlock all WordPress files and folders with a single click.\u003Cbr \u002F>\n✅ \u003Cstrong>Smart Dashboard\u003C\u002Fstrong> – Access real-time status updates and track lock activities in the dashboard.\u003Cbr \u002F>\n✅ \u003Cstrong>Role-Based Access\u003C\u002Fstrong> – Configure permissions to restrict access to the lock\u002Funlock feature based on user roles.\u003Cbr \u002F>\n✅ \u003Cstrong>Login URL Hiding\u003C\u002Fstrong> – Prevent brute-force login attempts by hiding or changing your default WordPress login URL.\u003Cbr \u002F>\n✅ \u003Cstrong>Safe File Handling\u003C\u002Fstrong> – Built on WP_Filesystem for secure file handling using AJAX for smooth background execution.\u003Cbr \u002F>\n✅ \u003Cstrong>Auto Exclusions\u003C\u002Fstrong> – Automatically exclude high-priority folders (e.g., uploads, cache, backups) from being locked.\u003Cbr \u002F>\n✅ \u003Cstrong>Visual Progress Feedback\u003C\u002Fstrong> – Watch real-time updates with progress bars and completion messages.\u003Cbr \u002F>\n✅ \u003Cstrong>Folder Exclusion Manager\u003C\u002Fstrong> – Easily add or remove folders from the exclusion list to keep them safe.\u003C\u002Fp>\n","Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility.",70,1870,"2026-01-21T13:20:00.000Z","5.0",[125,126,127,24,128],"brute-force-protection","file-locking","hide-login-url","wp-filesystem","https:\u002F\u002Fsecure.wphackedhelp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwphhsecure.1.1.9.zip",{"attackSurface":132,"codeSignals":334,"taintFlows":386,"riskAssessment":387,"analyzedAt":393},{"hooks":133,"ajaxHandlers":326,"restRoutes":331,"shortcodes":332,"cronEvents":333,"entryPointCount":33,"unprotectedCount":27},[134,140,144,149,153,157,161,165,169,173,177,180,182,185,189,195,200,204,207,211,216,219,224,228,231,233,235,238,242,246,249,252,256,260,264,268,272,276,279,283,286,290,293,297,300,304,306,311,313,317,320,323],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","send_headers","ns_shield_apply_hsts_header","includes\\apply_hsts_header.php",22,{"type":135,"name":136,"callback":141,"file":142,"line":143},"ns_shield_apply_security_headers","includes\\apply_security_headers.php",32,{"type":145,"name":146,"callback":147,"file":148,"line":48},"filter","wp_is_application_passwords_available","__return_false","includes\\disable_app_passwords.php",{"type":135,"name":150,"callback":151,"file":148,"line":152},"init","ns_shield_disable_app_passwords",21,{"type":135,"name":150,"callback":154,"file":155,"line":156},"ns_shield_update_admin_username","includes\\disable_default_admin.php",90,{"type":135,"name":158,"callback":159,"file":155,"line":160},"wp_logout","ns_shield_change_admin_username_after_logout",121,{"type":135,"name":150,"callback":162,"file":163,"line":164},"ns_shield_disable_directory_indexing","includes\\disable_directory_indexing.php",56,{"type":135,"name":150,"callback":166,"file":167,"line":168},"ns_shield_disable_file_editor","includes\\disable_file_editor.php",23,{"type":145,"name":170,"callback":171,"file":172,"line":152},"rest_authentication_errors","closure","includes\\disable_wp_api_json.php",{"type":135,"name":174,"callback":175,"file":172,"line":176},"rest_api_init","ns_shield_disable_wp_api_json",40,{"type":145,"name":178,"callback":147,"file":179,"line":34},"xmlrpc_enabled","includes\\disable_xml_rpc.php",{"type":135,"name":150,"callback":171,"file":179,"line":181},33,{"type":135,"name":150,"callback":183,"file":179,"line":184},"ns_shield_disable_xml_rpc",67,{"type":135,"name":186,"callback":187,"file":188,"line":48},"update_option_ns_shield_settings","on_settings_updated","includes\\integrations\\class-ns-shield-cache-integrator.php",{"type":135,"name":190,"callback":191,"priority":192,"file":193,"line":194},"update_option_ns_shield_login_url","ns_shield_send_login_url_change_email",10,"includes\\integrations\\login-url-email.php",96,{"type":135,"name":196,"callback":197,"file":198,"line":199},"wp_loaded","ns_shield_login_url_guard_blocker","includes\\integrations\\login-url-guard.php",98,{"type":135,"name":201,"callback":202,"priority":203,"file":198,"line":13},"plugins_loaded","ns_shield_login_url_guard_init",20,{"type":135,"name":136,"callback":205,"file":198,"line":206},"ns_shield_send_no_cache_headers",109,{"type":135,"name":208,"callback":209,"priority":27,"file":198,"line":210},"login_init","ns_shield_lock_default_wp_login",328,{"type":145,"name":212,"callback":213,"priority":192,"file":214,"line":215},"plugin_row_meta","ns_shield_custom_row_meta","includes\\integrations\\override-plugin-modal.php",71,{"type":135,"name":217,"callback":218,"file":214,"line":35},"admin_enqueue_scripts","ns_shield_rate_link_styles",{"type":135,"name":220,"callback":221,"file":222,"line":223},"admin_notices","ns_shield_admin_promo_banner","includes\\integrations\\promo-banner.php",107,{"type":145,"name":225,"callback":171,"file":226,"line":227},"site_status_tests","includes\\integrations\\suppress_site_health_error.php",11,{"type":145,"name":229,"callback":147,"file":230,"line":48},"w3tc_can_modify_htaccess","includes\\integrations\\w3-total-cache.php",{"type":135,"name":232,"callback":171,"priority":13,"file":230,"line":47},"admin_footer",{"type":135,"name":234,"callback":171,"priority":192,"file":230,"line":206},"admin_init",{"type":135,"name":236,"callback":171,"priority":203,"file":230,"line":237},"load-settings_page_secure-options",117,{"type":135,"name":232,"callback":239,"file":240,"line":241},"ns_shield_wpapi_modal_popup","includes\\integrations\\wp-api-json-popup.php",132,{"type":135,"name":150,"callback":243,"priority":33,"file":244,"line":245},"ns_shield_add_rewrite_rule","includes\\login_url_functions.php",87,{"type":145,"name":247,"callback":248,"file":244,"line":194},"query_vars","ns_shield_query_vars",{"type":135,"name":196,"callback":250,"file":244,"line":251},"ns_shield_block_default_urls",166,{"type":135,"name":253,"callback":254,"file":244,"line":255},"template_redirect","ns_shield_handle_custom_login_page",191,{"type":145,"name":257,"callback":258,"priority":192,"file":244,"line":259},"redirect_canonical","ns_shield_disable_canonical_redirect",203,{"type":145,"name":261,"callback":262,"priority":192,"file":244,"line":263},"login_url","ns_shield_custom_login_url",233,{"type":145,"name":265,"callback":266,"priority":192,"file":244,"line":267},"lostpassword_url","ns_shield_custom_lostpassword_url",253,{"type":145,"name":269,"callback":270,"priority":192,"file":244,"line":271},"register_url","ns_shield_custom_register_url",268,{"type":145,"name":273,"callback":274,"priority":192,"file":244,"line":275},"site_url","ns_shield_override_wp_login_url",294,{"type":145,"name":277,"callback":274,"priority":192,"file":244,"line":278},"network_site_url",295,{"type":145,"name":280,"callback":281,"priority":192,"file":244,"line":282},"retrieve_password_message","ns_shield_custom_retrieve_password_message",317,{"type":145,"name":284,"callback":285,"priority":192,"file":244,"line":210},"login_redirect","ns_shield_custom_login_redirect",{"type":145,"name":287,"callback":288,"priority":192,"file":244,"line":289},"logout_redirect","ns_shield_custom_logout_url",339,{"type":135,"name":208,"callback":291,"priority":27,"file":244,"line":292},"ns_shield_redirect_checkemail_on_login",362,{"type":135,"name":294,"callback":295,"file":244,"line":296},"login_form","ns_shield_disable_autocomplete",377,{"type":135,"name":294,"callback":298,"file":244,"line":299},"ns_shield_add_login_nonce",385,{"type":145,"name":301,"callback":302,"priority":192,"file":244,"line":303},"login_form_action","ns_shield_login_form_action",402,{"type":135,"name":136,"callback":171,"file":244,"line":305},407,{"type":145,"name":307,"callback":308,"priority":27,"file":309,"line":310},"admin_title","ns_shield_fix_admin_title","netsensai-shield.php",31,{"type":135,"name":201,"callback":312,"file":309,"line":120},"ns_shield_init_cache_integrator",{"type":135,"name":314,"callback":315,"file":309,"line":316},"admin_menu","ns_shield_secure_options_menu",202,{"type":135,"name":234,"callback":318,"file":309,"line":319},"ns_shield_secure_options_settings",242,{"type":135,"name":234,"callback":321,"priority":203,"file":309,"line":322},"ns_shield_flush_rewrite_rules_on_settings_update",360,{"type":135,"name":217,"callback":324,"file":309,"line":325},"ns_shield_admin_enqueue_assets",413,[327],{"action":328,"nopriv":329,"callback":328,"hasNonce":330,"hasCapCheck":329,"file":222,"line":237},"ns_shield_dismiss_promo_banner",false,true,[],[],[],{"dangerousFunctions":335,"sqlUsage":336,"outputEscaping":338,"fileOperations":27,"externalRequests":27,"nonceChecks":33,"capabilityChecks":14,"bundledLibraries":385},[],{"prepared":27,"raw":27,"locations":337},[],{"escaped":339,"rawEcho":168,"locations":340},81,[341,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,373,374,376,378,379,381,383],{"file":155,"line":342,"context":343},26,"raw output",{"file":155,"line":345,"context":343},34,{"file":198,"line":347,"context":343},178,{"file":222,"line":349,"context":343},50,{"file":230,"line":351,"context":343},97,{"file":240,"line":353,"context":343},42,{"file":240,"line":355,"context":343},45,{"file":240,"line":357,"context":343},47,{"file":240,"line":359,"context":343},49,{"file":240,"line":361,"context":343},63,{"file":244,"line":363,"context":343},439,{"file":309,"line":365,"context":343},147,{"file":309,"line":367,"context":343},153,{"file":309,"line":369,"context":343},156,{"file":309,"line":371,"context":343},165,{"file":309,"line":251,"context":343},{"file":309,"line":267,"context":343},{"file":309,"line":375,"context":343},267,{"file":309,"line":377,"context":343},281,{"file":309,"line":278,"context":343},{"file":309,"line":380,"context":343},309,{"file":309,"line":382,"context":343},326,{"file":309,"line":384,"context":343},343,[],[],{"summary":388,"deductions":389},"The netsensai-shield plugin version 1.4.9 demonstrates a generally strong security posture based on the static analysis. The plugin has a minimal attack surface, with only one AJAX handler, and importantly, all entry points are protected by authentication checks. The code utilizes prepared statements for all SQL queries and includes nonce checks, indicating good practices to prevent common vulnerabilities like SQL injection and CSRF. A significant portion of output is also properly escaped, mitigating XSS risks. The absence of known CVEs and past vulnerabilities further contributes to a positive security assessment.",[390],{"reason":391,"points":392},"Outputs not properly escaped",6,"2026-03-16T19:01:25.274Z",{"wat":395,"direct":403},{"assetPaths":396,"generatorPatterns":399,"scriptPaths":400,"versionParams":402},[397,398],"\u002Fwp-content\u002Fplugins\u002Fnetsensai-shield\u002Fassets\u002Fns_logo.png","\u002Fwp-content\u002Fplugins\u002Fnetsensai-shield\u002Fassets\u002Fnetsensai.pl_logo.png",[],[401],"\u002Fwp-content\u002Fplugins\u002Fnetsensai-shield\u002Fassets\u002Fjs\u002Fns-shield-modal.js",[],{"cssClasses":404,"htmlComments":411,"htmlAttributes":412,"restEndpoints":414,"jsGlobals":415,"shortcodeOutput":417},[405,406,407,408,409,410],"ns-popup-logo-container","ns-popup-logo","ns-popup-text","ns-popup-button-container","ns-modal-ok-button","netsensai-shield-plugin",[],[413],"id=\"netsensai-shield-plugin\"",[],[416],"window.nsShieldModalConfig",[]]