[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdom758fqFPWtJCarmxeM6x3llVf3c8CibkJYfYuddIY":3,"$fqGcZRjeKfb1vXc7oPZXZeH6upUM67FFqolHcpl3OZGI":456,"$fOyHYczzW4nPv1rb0sAGDiJH_Lq2yBLlXUdiXHjSS-j0":461},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":137,"fingerprints":433},"nhrrob-secure","NHR Secure – Login Security, Firewall, 2FA & Audit Log","1.3.1","Nazmul Hasan Robin","https:\u002F\u002Fprofiles.wordpress.org\u002Fnhrrob\u002F","\u003Cp>Keep your WordPress site safe with minimal effort. NHR Secure helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide or protect your admin area from unauthorized access.\u003C\u002Fli>\n\u003Cli>Limit login attempts to prevent brute-force attacks.\u003C\u002Fli>\n\u003Cli>Hide debug logs to prevent sensitive information disclosure.\u003C\u002Fli>\n\u003Cli>Add 2FA to your WordPress site.\u003C\u002Fli>\n\u003Cli>Scan core files, plugins, and themes for known vulnerabilities.\u003C\u002Fli>\n\u003Cli>Monitor site health with one-click security recommendations.\u003C\u002Fli>\n\u003Cli>Protect against SQL injection, XSS, and LFI attacks.\u003C\u002Fli>\n\u003Cli>Block malicious IPs and entire countries.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Features at a glance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>🔒 Limit Login Attempts\u003C\u002Fh3>\n\u003Cp>Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts.\u003Cbr \u002F>\n– Configurable attempt limit (1-20, default: 5)\u003Cbr \u002F>\n– Blocks based on IP + Username combination\u003Cbr \u002F>\n– Auto-unblock after 2 hours\u003C\u002Fp>\n\u003Ch3>🔐 Custom Login Page\u003C\u002Fh3>\n\u003Cp>Hide wp-login.php and use a custom login URL.\u003Cbr \u002F>\n– Default custom URL: \u003Ccode>\u002Fhidden-access-52w\u003C\u002Fcode>\u003Cbr \u002F>\n– Blocks direct access to wp-login.php and wp-admin for guests\u003C\u002Fp>\n\u003Ch3>🛡️ Protect Debug Log File\u003C\u002Fh3>\n\u003Cp>Blocks direct access to \u003Ccode>\u002Fwp-content\u002Fdebug.log\u003C\u002Fcode>\u003Cbr \u002F>\n– Returns 403 Forbidden for all users\u003C\u002Fp>\n\u003Ch3>⚙️ Modern Settings Page\u003C\u002Fh3>\n\u003Cp>Configure everything from a beautiful React-powered interface.\u003Cbr \u002F>\n– Located under \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> NHR Secure\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Dark Mode\u003C\u002Fstrong> support for comfortable viewing\u003Cbr \u002F>\n– Enable\u002Fdisable each feature\u003C\u002Fp>\n\u003Ch3>🔐 Two-Factor Authentication (2FA)\u003C\u002Fh3>\n\u003Cp>Enable two-factor authentication for users.\u003Cbr \u002F>\n– Support for \u003Cstrong>Authenticator Apps\u003C\u002Fstrong> and \u003Cstrong>Email OTP\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Enforce 2FA\u003C\u002Fstrong> for specific user roles (e.g., Administrators)\u003Cbr \u002F>\n– \u003Cstrong>Recovery Codes\u003C\u002Fstrong> for emergency access\u003Cbr \u002F>\n– QR code setup for Authenticator Apps\u003C\u002Fp>\n\u003Ch3>🛡️ Vulnerability Checker\u003C\u002Fh3>\n\u003Cp>Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database.\u003Cbr \u002F>\n– Daily automatic scans\u003Cbr \u002F>\n– Alerts for critical security issues\u003Cbr \u002F>\n– Check file integrity\u003C\u002Fp>\n\u003Ch3>🖥️ User Session Management\u003C\u002Fh3>\n\u003Cp>Monitor and control active user sessions to prevent unauthorized access.\u003Cbr \u002F>\n– \u003Cstrong>View Active Sessions:\u003C\u002Fstrong> See IP, location, device, and login time for all logged-in users.\u003Cbr \u002F>\n– \u003Cstrong>Remote Logout:\u003C\u002Fstrong> Instantly log out suspicious sessions or all other devices.\u003Cbr \u002F>\n– \u003Cstrong>Idle Timeout:\u003C\u002Fstrong> Automatically log out inactive users after a set period.\u003C\u002Fp>\n\u003Ch3>🧱 Hardening & Firewall\u003C\u002Fh3>\n\u003Cp>Essential security hardening to lock down your WordPress site.\u003Cbr \u002F>\n– \u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> Prevent remote attacks and brute-force attempts.\u003Cbr \u002F>\n– \u003Cstrong>Disable File Editor:\u003C\u002Fstrong> Stop file modifications from the dashboard.\u003Cbr \u002F>\n– \u003Cstrong>Hide WP Version:\u003C\u002Fstrong> Obscure your WordPress version from attackers.\u003Cbr \u002F>\n– \u003Cstrong>Block User-Agents:\u003C\u002Fstrong> Prevent bad bots and scrapers from accessing your site.\u003Cbr \u002F>\n– \u003Cstrong>Disable User Enumeration:\u003C\u002Fstrong> Stop attackers from harvesting usernames via REST API.\u003C\u002Fp>\n\u003Ch3>📝 Activity Audit Log\u003C\u002Fh3>\n\u003Cp>Keep a record of important security events on your site.\u003Cbr \u002F>\n– Tracks logins, failed attempts, file changes, and settings updates.\u003Cbr \u002F>\n– View user, IP, and event details.\u003Cbr \u002F>\n– Configurable log retention policy.\u003C\u002Fp>\n\u003Ch3>🏥 Security Health Check & One-Click Secure\u003C\u002Fh3>\n\u003Cp>Get an instant overview of your site’s security posture.\u003Cbr \u002F>\n– \u003Cstrong>Security Score:\u003C\u002Fstrong> View your overall protection percentage and grade (A+ to F).\u003Cbr \u002F>\n– \u003Cstrong>Health Dashboard:\u003C\u002Fstrong> See which security features are active and which need attention.\u003Cbr \u002F>\n– \u003Cstrong>One-Click Secure:\u003C\u002Fstrong> Apply recommended security settings instantly.\u003Cbr \u002F>\n– \u003Cstrong>11 Security Checks:\u003C\u002Fstrong> Comprehensive analysis of your security status.\u003C\u002Fp>\n\u003Ch3>🛡️ Advanced Firewall (IPS)\u003C\u002Fh3>\n\u003Cp>Proactive intrusion prevention system that blocks malicious requests in real-time.\u003Cbr \u002F>\n– \u003Cstrong>SQL Injection Protection:\u003C\u002Fstrong> Detect and block SQLi attacks automatically.\u003Cbr \u002F>\n– \u003Cstrong>XSS Prevention:\u003C\u002Fstrong> Stop cross-site scripting attempts.\u003Cbr \u002F>\n– \u003Cstrong>LFI Protection:\u003C\u002Fstrong> Prevent local file inclusion attacks.\u003Cbr \u002F>\n– \u003Cstrong>Pattern Matching:\u003C\u002Fstrong> Advanced regex-based detection for common attack vectors.\u003Cbr \u002F>\n– \u003Cstrong>Automatic Blocking:\u003C\u002Fstrong> Suspicious requests are blocked before they reach WordPress.\u003C\u002Fp>\n\u003Ch3>🌍 IP & Country Management\u003C\u002Fh3>\n\u003Cp>Control access to your site with granular IP and geographic filtering.\u003Cbr \u002F>\n– \u003Cstrong>IP Whitelist:\u003C\u002Fstrong> Allow trusted IPs to bypass all security filters.\u003Cbr \u002F>\n– \u003Cstrong>IP Blacklist:\u003C\u002Fstrong> Block malicious IPs permanently from your site.\u003Cbr \u002F>\n– \u003Cstrong>CIDR Support:\u003C\u002Fstrong> Use CIDR notation for blocking entire IP ranges (e.g., 192.168.1.0\u002F24).\u003Cbr \u002F>\n– \u003Cstrong>Country Blocking:\u003C\u002Fstrong> Block access from 90+ countries using GeoIP lookup.\u003Cbr \u002F>\n– \u003Cstrong>Smart Caching:\u003C\u002Fstrong> GeoIP lookups are cached for 24 hours for optimal performance.\u003Cbr \u002F>\n– \u003Cstrong>Private IP Detection:\u003C\u002Fstrong> Automatically skip local\u002Fprivate IPs.\u003C\u002Fp>\n\u003Ch3>⚡ Lightweight & Minimal\u003C\u002Fh3>\n\u003Cp>Designed to deliver maximum security with minimal code. No bloat, no complexity.\u003Cbr \u002F>\n– Compatible with most WordPress themes and plugins.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes the \u003Ca href=\"https:\u002F\u002Fwpvulnerability.com\u002F\" rel=\"nofollow ugc\">WPVulnerability\u003C\u002Fa> API to check for vulnerabilities.\u003Cbr \u002F>\n– \u003Cstrong>Service:\u003C\u002Fstrong> WPVulnerability\u003Cbr \u002F>\n– \u003Cstrong>Data:\u003C\u002Fstrong> Only plugin slugs and versions are sent. No personal data is collected.\u003C\u002Fp>\n","A lightweight WordPress security plugin to protect your admin area with a custom login URL, hide debug logs, limit login attempts, and add 2FA.",0,434,"2026-02-07T08:30:00.000Z","6.9.4","6.0","7.4",[18,19,20,21,22],"2fa","debug-log","hide-admin","login-protection","security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnhrrob-secure\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.3.1.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"nhrrob",4,180,23,94,"2026-05-20T03:12:23.880Z",[38,54,77,99,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":14,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"liveupx-security","Liveupx Security","4.0.0","Liveupx","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveupx\u002F","\u003Cp>Liveupx Security is a complete, 100% free WordPress security plugin that rivals paid solutions. No paywalls, ever.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Brute force protection with progressive lockouts (1st\u002F2nd\u002F3rd+ strikes escalate automatically)\u003Cbr \u002F>\n* Multi-provider CAPTCHA: Math, Google reCAPTCHA v3, hCaptcha, Cloudflare Turnstile\u003Cbr \u002F>\n* Honeypot bot detection (wp-login.php + WooCommerce)\u003Cbr \u002F>\n* Passwordless magic link login\u003Cbr \u002F>\n* Two-factor authentication: TOTP (Google Authenticator) + Email OTP\u003Cbr \u002F>\n* Trusted device (30-day bypass cookie)\u003Cbr \u002F>\n* Geolocation login alerts — notify when login comes from a new country\u003Cbr \u002F>\n* Subnet auto-blocking (repeated attacks from \u002F24 range)\u003Cbr \u002F>\n* Custom login URL (hide wp-login.php)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall \u002F WAF\u003C\u002Fstrong>\u003Cbr \u002F>\n* PHP-based Web Application Firewall running at priority 1\u003Cbr \u002F>\n* Remote WAF rule feed (auto-updated from liveupx.com)\u003Cbr \u002F>\n* Admin-defined custom firewall rules\u003Cbr \u002F>\n* Per-endpoint rate limiting (REST API, checkout, search, etc.)\u003Cbr \u002F>\n* REST API security controls (block guests, hide \u002Fusers endpoint)\u003Cbr \u002F>\n* Country\u002Fgeo blocking with API fallback chain\u003Cbr \u002F>\n* Bad bot blocking with verified bot allowlist (Google, Bing, etc.)\u003Cbr \u002F>\n* Referrer blocking with spam referrer presets\u003Cbr \u002F>\n* Bad query\u002FXSS\u002FSQL injection blocking\u003Cbr \u002F>\n* .htaccess security rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malware Scanner\u003C\u002Fstrong>\u003Cbr \u002F>\n* Chunked AJAX scanner — scans plugins, themes, uploads, mu-plugins\u003Cbr \u002F>\n* 30+ malware patterns including backdoors, crypto miners, shell injections\u003Cbr \u002F>\n* Heuristic risk scoring (0–100) per suspicious file\u003Cbr \u002F>\n* Auto-quarantine critical findings during scan\u003Cbr \u002F>\n* Scan diff — shows new threats vs last scan\u003Cbr \u002F>\n* Database malware scanner (posts, options, comments, users)\u003Cbr \u002F>\n* File quarantine and permanent delete\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong>\u003Cbr \u002F>\n* Powered by WPScan API (free tier)\u003Cbr \u002F>\n* Scans all active plugins and active theme for known CVEs\u003Cbr \u002F>\n* CVSS severity scoring (Critical\u002FHigh\u002FMedium\u002FLow)\u003Cbr \u002F>\n* Dashboard widget showing unresolved critical\u002Fhigh count\u003Cbr \u002F>\n* Dedicated Vulnerabilities admin page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File Integrity\u003C\u002Fstrong>\u003Cbr \u002F>\n* WordPress core file integrity check (vs WordPress.org checksums API)\u003Cbr \u002F>\n* Plugin & theme checksum verification (vs WordPress.org checksums)\u003Cbr \u002F>\n* wp-config.php and .htaccess tampering detection\u003Cbr \u002F>\n* Unknown PHP file detection in core directories\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core File Repair\u003C\u002Fstrong>\u003Cbr \u002F>\n* Downloads clean copies from WordPress.org SVN\u003Cbr \u002F>\n* MD5 verification before writing\u003Cbr \u002F>\n* Single file or bulk repair\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers\u003C\u002Fstrong>\u003Cbr \u002F>\n* X-Frame-Options, X-Content-Type-Options, X-XSS-Protection\u003Cbr \u002F>\n* Referrer-Policy, Permissions-Policy (per-feature builder)\u003Cbr \u002F>\n* HSTS with preload support\u003Cbr \u002F>\n* Content-Security-Policy with visual builder\u003Cbr \u002F>\n* CSP violation reporting endpoint (REST API)\u003Cbr \u002F>\n* A–F letter grade for your header configuration\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* User enumeration protection (?author= + REST API)\u003Cbr \u002F>\n* Strong password enforcement\u003Cbr \u002F>\n* Block dangerous usernames (admin, root, etc.)\u003Cbr \u002F>\n* Inactive user auto-lock (configurable threshold)\u003Cbr \u002F>\n* Admin action audit trail\u003Cbr \u002F>\n* Active session manager (view & revoke)\u003Cbr \u002F>\n* GDPR IP anonymization\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Post-Hack Recovery\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lock PHP execution in uploads and wp-includes\u003Cbr \u002F>\n* Log out all users instantly\u003Cbr \u002F>\n* Force password reset for all users\u003Cbr \u002F>\n* Reinstall free plugins from WordPress.org\u003Cbr \u002F>\n* Delete version-revealing files (readme.html, etc.)\u003Cbr \u002F>\n* Weekly security summary email report\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\n* Activity log (filterable, paginated, CSV export, configurable retention)\u003Cbr \u002F>\n* HTML branded email alerts\u003Cbr \u002F>\n* Slack\u002Fwebhook notifications (compatible with Make.com, Zapier, Discord)\u003Cbr \u002F>\n* Real-time dashboard stats (auto-refresh every 30s)\u003Cbr \u002F>\n* 7-day login attempt chart\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n* WP-CLI commands (wp xsec status|scan|block-ip|unblock-ip|2fa-reset|export-settings|import-settings)\u003Cbr \u002F>\n* Settings import\u002Fexport (JSON)\u003Cbr \u002F>\n* Security score with category breakdown\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fliveupx.com\" rel=\"nofollow ugc\">Liveupx.com\u003C\u002Fa>\u003Cbr \u002F>\nCloud hosting partner: \u003Ca href=\"https:\u002F\u002Fxhost.live\" rel=\"nofollow ugc\">xHost\u003C\u002Fa> — by Liveupx.com\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fjusthunt.co\u002Fstartups\u002Fx-security\" rel=\"nofollow ugc\">Featured on JustHunt.co\u003C\u002Fa>\u003C\u002Fp>\n","Complete WordPress security — Firewall, 2FA, Malware Scanner, Vulnerability Scanner, Login Protection, Security Headers. 100% free.",273,"2026-03-21T19:01:00.000Z","5.0",[18,50,21,51,22],"firewall","malware-scanner","https:\u002F\u002Fliveupx.com\u002Fliveupx-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliveupx-security.4.0.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":35,"num_ratings":64,"last_updated":65,"tested_up_to":14,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":71,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":11,"last_vuln_date":75,"fetched_at":76},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,407330579,4861,"2025-12-20T21:06:00.000Z","4.7","7.0",[18,50,69,70,22],"malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00","2026-04-16T10:56:18.058Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":14,"requires_at_least":90,"requires_php":16,"tags":91,"homepage":95,"download_link":96,"security_score":73,"vuln_count":97,"unpatched_count":11,"last_vuln_date":98,"fetched_at":76},"really-simple-ssl","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)","9.5.9","Really Simple Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Freallysimpleplugins\u002F","\u003Cp>Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.\u003C\u002Fp>\n\u003Ch3>Really simple, Effective and Performant WordPress Security\u003C\u002Fh3>\n\u003Cp>Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features.\u003C\u002Fp>\n\u003Cp>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy-to-use:\u003C\u002Fstrong> 1-minute configuration with short onboarding setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Ch4>Easy SSL Migration\u003C\u002Fh4>\n\u003Cp>Migrates your website to HTTPS and enforces SSL in just one click.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>301 redirect via PHP or .htaccess\u003C\u002Fli>\n\u003Cli>Secure cookies\u003C\u002Fli>\n\u003Cli>Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.\u003C\u002Fli>\n\u003Cli>Server Health Check: Your server configuration is every bit as important for your website security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Hardening\u003C\u002Fh4>\n\u003Cp>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent code execution in the uploads folder\u003C\u002Fli>\n\u003Cli>Prevent login feedback and disable user enumeration\u003C\u002Fli>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Username restrictions (block ‘admin’ and public names)\u003C\u002Fli>\n\u003Cli>and much more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Detection\u003C\u002Fh4>\n\u003Cp>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.\u003C\u002Fp>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email.\u003C\u002Fp>\n\u003Ch3>Improve Security with Really Simple Security Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002F\" rel=\"nofollow ugc\">Protect your site with all essential security features by upgrading to Really Simple Security Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Advanced SSL enforcement\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end.\u003C\u002Fli>\n\u003Cli>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Firewall\u003C\u002Fh4>\n\u003Cp>Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors.\u003C\u002Fli>\n\u003Cli>Region blocking – Only allow\u002Fblock access to your site from specific regions.\u003C\u002Fli>\n\u003Cli>Automated and customisable Firewall rules.\u003C\u002Fli>\n\u003Cli>IP blocklist and allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers\u003C\u002Fh4>\n\u003Cp>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.\u003C\u002Fli>\n\u003Cli>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.\u003C\u002Fli>\n\u003Cli>Automatically generate your WordPress-tailored Content Security Policy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Measures\u003C\u002Fh4>\n\u003Cp>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.\u003C\u002Fli>\n\u003Cli>Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Site Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose a custom login URL\u003C\u002Fli>\n\u003Cli>Automated File Permissions check and fixer\u003C\u002Fli>\n\u003Cli>Rename and randomize your database prefix\u003C\u002Fli>\n\u003Cli>Change the debug.log file location to a non-public folder\u003C\u002Fli>\n\u003Cli>Disable application passwords\u003C\u002Fli>\n\u003Cli>Control admin creation\u003C\u002Fli>\n\u003Cli>Disable HTTP methods, reducing HTTP requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Secure your website’s login process and user accounts with powerful security measures.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Step verification (Email login)\u003C\u002Fli>\n\u003Cli>2FA (two factor authentication) with TOTP\u003C\u002Fli>\n\u003Cli>Passwordless login with passkey login\u003C\u002Fli>\n\u003Cli>Enforce strong passwords and frequent password change\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)\u003C\u002Fp>\n\u003Ch4>Access Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict access to your site for specific regions.\u003C\u002Fli>\n\u003Cli>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Useful Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fknowledge-base-overview\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fdefinitions\u002F\" rel=\"nofollow ugc\">Security Definitions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">Translate Really Simple Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Fissues\" rel=\"nofollow ugc\">Issues & pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Flabels\u002Ffeature%20request\" rel=\"nofollow ugc\">Feature requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Love Really Simple Security?\u003C\u002Fh3>\n\u003Cp>If you want to support the continuing development of this plugin, please consider buying \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Really Simple Security Pro\u003C\u002Fa>, which includes some excellent security features and premium support.\u003C\u002Fp>\n\u003Ch3>About Really Simple Plugins\u003C\u002Fh3>\n\u003Cp>Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fabout-us\" rel=\"nofollow ugc\">Really Simple Plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For generating SSL certificates, Really Simple Security uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffbett\u002Fle-acme2-php\u002F\" rel=\"nofollow ugc\">le acme2 PHP\u003C\u002Fa> Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Freally-simple-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> as well!\u003C\u002Fp>\n","Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.",3000000,207313043,98,8815,"2026-03-31T07:09:00.000Z","6.6",[18,92,22,93,94],"https","two-factor","vulnerabilities","https:\u002F\u002Freally-simple-ssl.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.9.zip",3,"2026-03-15 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":87,"num_ratings":109,"last_updated":110,"tested_up_to":14,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":112,"download_link":116,"security_score":87,"vuln_count":32,"unpatched_count":11,"last_vuln_date":117,"fetched_at":76},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall","3.1.0","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Enable two-factor authentication for extra login security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.",2000000,83296786,1447,"2026-04-09T18:49:00.000Z","3.0","",[18,114,50,22,115],"brute-force","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.3.1.0.zip","2023-12-20 00:00:00",{"slug":93,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":73,"num_ratings":127,"last_updated":128,"tested_up_to":14,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":135,"download_link":136,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":76},"Two Factor","0.16.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Plugin settings\u003C\u002Fstrong>: The plugin provides a settings page under “Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Two-Factor” to configure which providers should be disabled site-wide.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Deprecated and removed due to loss of browser support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode> action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_login_backup_links\u003C\u002Fcode> filters the backup links displayed on the two-factor login form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Redirect After the Two-Factor Challenge\u003C\u002Fh3>\n\u003Cp>To redirect users to a specific URL after completing the two-factor challenge, use WordPress Core built-in login_redirect filter. The filter works the same way as in a standard WordPress login flow:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'login_redirect', function( $redirect_to, $requested_redirect_to, $user ) {\n    return home_url( '\u002Fdashboard\u002F' );\n}, 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), email, and backup verification codes.",100000,1606507,202,"2026-03-27T17:24:00.000Z","6.8","7.2",[18,132,133,22,134],"authentication","mfa","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.16.0.zip",{"attackSurface":138,"codeSignals":401,"taintFlows":422,"riskAssessment":423,"analyzedAt":432},{"hooks":139,"ajaxHandlers":322,"restRoutes":323,"shortcodes":394,"cronEvents":395,"entryPointCount":400,"unprotectedCount":11},[140,146,150,154,157,162,167,171,175,179,183,187,191,195,199,203,207,211,215,219,224,229,233,237,240,243,246,250,254,257,262,265,269,273,277,280,285,288,293,296,299,301,305,308,311,315,319],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","rest_api_init","register_routes","includes\\Admin\\Api.php",21,{"type":141,"name":147,"callback":147,"file":148,"line":149},"admin_menu","includes\\Admin\\Menu.php",19,{"type":141,"name":151,"callback":152,"file":153,"line":149},"admin_enqueue_scripts","register_assets","includes\\Assets.php",{"type":141,"name":155,"callback":152,"file":153,"line":156},"wp_enqueue_scripts",20,{"type":141,"name":158,"callback":159,"file":160,"line":161},"init","maybe_install_schema","includes\\AuditLog.php",26,{"type":141,"name":163,"callback":164,"priority":165,"file":160,"line":166},"wp_login","log_login",10,38,{"type":141,"name":168,"callback":169,"file":160,"line":170},"wp_logout","log_logout",39,{"type":141,"name":172,"callback":173,"file":160,"line":174},"wp_login_failed","log_login_failed",40,{"type":141,"name":176,"callback":177,"file":160,"line":178},"activated_plugin","log_plugin_activation",43,{"type":141,"name":180,"callback":181,"file":160,"line":182},"deactivated_plugin","log_plugin_deactivation",44,{"type":141,"name":184,"callback":185,"file":160,"line":186},"user_register","log_user_register",47,{"type":141,"name":188,"callback":189,"file":160,"line":190},"delete_user","log_user_delete",48,{"type":141,"name":192,"callback":193,"priority":165,"file":160,"line":194},"set_user_role","log_user_role_change",49,{"type":141,"name":196,"callback":197,"file":160,"line":198},"wp_trash_post","log_post_trash",52,{"type":141,"name":200,"callback":201,"file":160,"line":202},"untrash_post","log_post_untrash",53,{"type":141,"name":204,"callback":205,"file":160,"line":206},"delete_post","log_post_delete",54,{"type":141,"name":208,"callback":209,"file":160,"line":210},"switch_theme","log_switch_theme",57,{"type":141,"name":212,"callback":213,"file":160,"line":214},"nhrrob_secure_settings_updated","log_settings_update",60,{"type":141,"name":216,"callback":217,"file":160,"line":218},"nhrrob_secure_daily_cleanup","cleanup_logs",63,{"type":141,"name":158,"callback":220,"priority":221,"file":222,"line":223},"inspect_request",5,"includes\\Firewall.php",67,{"type":225,"name":226,"callback":227,"file":228,"line":145},"filter","xmlrpc_enabled","__return_false","includes\\Hardening.php",{"type":225,"name":230,"callback":231,"file":228,"line":232},"wp_headers","closure",24,{"type":225,"name":234,"callback":235,"priority":165,"file":228,"line":236},"map_meta_cap","block_file_edit_caps",33,{"type":225,"name":238,"callback":239,"file":228,"line":170},"the_generator","__return_empty_string",{"type":225,"name":241,"callback":242,"file":228,"line":182},"rest_endpoints","disable_users_endpoint",{"type":141,"name":158,"callback":244,"file":228,"line":245},"check_firewall_rules",51,{"type":141,"name":158,"callback":247,"priority":248,"file":249,"line":149},"handle_blocking",1,"includes\\IPManager.php",{"type":141,"name":172,"callback":251,"file":252,"line":253},"handle_login_failed","includes\\Security.php",88,{"type":141,"name":163,"callback":255,"file":252,"line":256},"handle_login_success",89,{"type":225,"name":258,"callback":259,"priority":260,"file":252,"line":261},"authenticate","check_login_block",30,90,{"type":141,"name":158,"callback":263,"file":252,"line":264},"block_admin_access",156,{"type":141,"name":266,"callback":267,"priority":248,"file":252,"line":268},"template_redirect","handle_custom_login_url",159,{"type":225,"name":270,"callback":271,"priority":165,"file":252,"line":272},"site_url","rewrite_login_url",162,{"type":141,"name":274,"callback":275,"priority":248,"file":252,"line":276},"plugins_loaded","check_debug_log_access",235,{"type":141,"name":266,"callback":278,"priority":248,"file":252,"line":279},"check_debug_log_access_template",236,{"type":141,"name":281,"callback":282,"file":283,"line":284},"admin_init","check_idle_timeout","includes\\SessionManager.php",15,{"type":141,"name":163,"callback":286,"priority":165,"file":283,"line":287},"reset_last_activity",16,{"type":141,"name":289,"callback":290,"file":291,"line":292},"show_user_profile","render_2fa_setup","includes\\TwoFactor.php",36,{"type":141,"name":294,"callback":290,"file":291,"line":295},"edit_user_profile",37,{"type":141,"name":297,"callback":298,"file":291,"line":166},"personal_options_update","save_2fa_setup",{"type":141,"name":300,"callback":298,"file":291,"line":170},"edit_user_profile_update",{"type":225,"name":258,"callback":302,"priority":303,"file":291,"line":304},"check_2fa_requirement",50,42,{"type":141,"name":306,"callback":307,"file":291,"line":178},"login_init","handle_login_actions",{"type":141,"name":281,"callback":309,"file":291,"line":310},"enforce_2fa_for_roles",46,{"type":141,"name":312,"callback":313,"file":291,"line":314},"admin_notices","enforced_2fa_notice",327,{"type":141,"name":316,"callback":317,"file":318,"line":260},"nhrrob_secure_vulnerability_scan_cron","run_scan","includes\\Vulnerability.php",{"type":141,"name":274,"callback":320,"file":321,"line":304},"init_plugin","nhrrob-secure.php",[],[324,330,334,339,344,349,354,359,364,369,374,379,384,389],{"namespace":325,"route":326,"methods":327,"callback":329,"permissionCallback":231,"file":144,"line":260},"nhrrob-secure\u002Fv1","\u002Fsettings",[328],"GET","get_settings",{"namespace":325,"route":326,"methods":331,"callback":333,"permissionCallback":231,"file":144,"line":170},[332],"POST","update_settings",{"namespace":325,"route":335,"methods":336,"callback":337,"permissionCallback":231,"file":144,"line":338},"\u002Fvulnerability\u002Fstatus",[328],"get_vulnerability_status",145,{"namespace":325,"route":340,"methods":341,"callback":342,"permissionCallback":231,"file":144,"line":343},"\u002Fvulnerability\u002Fscan",[332],"trigger_vulnerability_scan",154,{"namespace":325,"route":345,"methods":346,"callback":347,"permissionCallback":231,"file":144,"line":348},"\u002Fscanner\u002Fcore",[332],"scan_core_files",163,{"namespace":325,"route":350,"methods":351,"callback":352,"permissionCallback":231,"file":144,"line":353},"\u002Fscanner\u002Fmalware",[332],"scan_malware",172,{"namespace":325,"route":355,"methods":356,"callback":357,"permissionCallback":231,"file":144,"line":358},"\u002Fscanner\u002Frepair",[332],"repair_file",181,{"namespace":325,"route":360,"methods":361,"callback":362,"permissionCallback":231,"file":144,"line":363},"\u002Fscanner\u002Fdelete",[332],"delete_suspicious_file",197,{"namespace":325,"route":365,"methods":366,"callback":367,"permissionCallback":231,"file":144,"line":368},"\u002Flogs",[328],"get_logs",213,{"namespace":325,"route":370,"methods":371,"callback":372,"permissionCallback":231,"file":144,"line":373},"\u002Fsessions",[328],"get_sessions_list",222,{"namespace":325,"route":375,"methods":376,"callback":377,"permissionCallback":231,"file":144,"line":378},"\u002Fsessions\u002Fdestroy",[332],"destroy_session",231,{"namespace":325,"route":380,"methods":381,"callback":382,"permissionCallback":231,"file":144,"line":383},"\u002Fsessions\u002Fdestroy-others",[332],"destroy_other_sessions",247,{"namespace":325,"route":385,"methods":386,"callback":387,"permissionCallback":231,"file":144,"line":388},"\u002Fhealth-stats",[328],"get_health_stats",256,{"namespace":325,"route":390,"methods":391,"callback":392,"permissionCallback":231,"file":144,"line":393},"\u002Fone-click-secure",[332],"apply_one_click_secure",265,[],[396,398],{"hook":316,"callback":316,"file":321,"line":397},134,{"hook":216,"callback":216,"file":321,"line":399},138,14,{"dangerousFunctions":402,"sqlUsage":403,"outputEscaping":415,"fileOperations":248,"externalRequests":418,"nonceChecks":419,"capabilityChecks":420,"bundledLibraries":421},[],{"prepared":221,"raw":32,"locations":404},[405,408,411,413],{"file":160,"line":406,"context":407},334,"$wpdb->get_var() with variable interpolation",{"file":409,"line":400,"context":410},"uninstall.php","$wpdb->query() with variable interpolation",{"file":409,"line":412,"context":410},31,{"file":409,"line":414,"context":410},32,{"escaped":416,"rawEcho":11,"locations":417},45,[],6,2,18,[],[],{"summary":424,"deductions":425},"The \"nhrrob-secure\" v1.3.1 plugin exhibits a generally strong security posture, particularly in its handling of web requests and data output. The absence of any AJAX handlers, shortcodes, or unprotected REST API routes significantly limits the potential attack surface. Furthermore, the plugin demonstrates excellent output escaping practices, ensuring that all 45 observed outputs are properly sanitized, mitigating risks associated with cross-site scripting (XSS) vulnerabilities. The presence of numerous capability checks (18) also indicates a good understanding of WordPress's permission system, suggesting that access to sensitive functions is likely restricted to authorized users. Taint analysis revealed no critical or high-severity issues, and the plugin has no recorded vulnerability history, which are positive indicators of its security reliability. \n\nHowever, a few areas warrant attention. While the majority of SQL queries utilize prepared statements (56%), the remaining 44% that do not could potentially be vulnerable to SQL injection if they handle user-supplied input without proper sanitization. The single file operation could also be a point of concern depending on its implementation and whether it handles external data without validation. While the plugin includes nonce checks, their limited number (2) might suggest that not all sensitive operations are adequately protected, especially in light of the 14 REST API routes. Overall, \"nhrrob-secure\" appears to be a well-developed plugin with a focus on secure coding, but attention to the un-prepared SQL queries and the scope of nonce protection would further enhance its security.",[426,428,430],{"reason":427,"points":221},"SQL queries without prepared statements",{"reason":429,"points":97},"File operations without clear sanitization context",{"reason":431,"points":32},"Limited nonce checks relative to entry points","2026-03-17T05:54:27.430Z",{"wat":434,"direct":447},{"assetPaths":435,"generatorPatterns":440,"scriptPaths":441,"versionParams":442},[436,437,438,439],"\u002Fwp-content\u002Fplugins\u002Fnhrrob-secure\u002Fbuild\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fnhrrob-secure\u002Fbuild\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fnhrrob-secure\u002Fbuild\u002Fprofile.css","\u002Fwp-content\u002Fplugins\u002Fnhrrob-secure\u002Fbuild\u002Fprofile.js",[],[437,439],[443,444,445,446],"nhrrob-secure\u002Fbuild\u002Fadmin.css?ver=","nhrrob-secure\u002Fbuild\u002Fadmin.js?ver=","nhrrob-secure\u002Fbuild\u002Fprofile.css?ver=","nhrrob-secure\u002Fbuild\u002Fprofile.js?ver=",{"cssClasses":448,"htmlComments":450,"htmlAttributes":451,"restEndpoints":452,"jsGlobals":454,"shortcodeOutput":455},[449],"nhrrob-secure-settings-root",[],[],[453],"\u002Fwp-json\u002Fnhrrob-secure\u002Fv1",[],[],{"error":457,"url":458,"statusCode":459,"statusMessage":460,"message":460},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnhrrob-secure\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":462,"versions":463},9,[464,470,477,484,491,498,505,512,519],{"version":6,"download_url":24,"svn_tag_url":465,"released_at":26,"has_diff":466,"diff_files_changed":467,"diff_lines":26,"trac_diff_url":468,"vulnerabilities":469,"is_current":457},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.3.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.3.0&new_path=%2Fnhrrob-secure%2Ftags%2F1.3.1",[],{"version":471,"download_url":472,"svn_tag_url":473,"released_at":26,"has_diff":466,"diff_files_changed":474,"diff_lines":26,"trac_diff_url":475,"vulnerabilities":476,"is_current":466},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.2.0&new_path=%2Fnhrrob-secure%2Ftags%2F1.3.0",[],{"version":478,"download_url":479,"svn_tag_url":480,"released_at":26,"has_diff":466,"diff_files_changed":481,"diff_lines":26,"trac_diff_url":482,"vulnerabilities":483,"is_current":466},"1.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.1.0&new_path=%2Fnhrrob-secure%2Ftags%2F1.2.0",[],{"version":485,"download_url":486,"svn_tag_url":487,"released_at":26,"has_diff":466,"diff_files_changed":488,"diff_lines":26,"trac_diff_url":489,"vulnerabilities":490,"is_current":466},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.0.6&new_path=%2Fnhrrob-secure%2Ftags%2F1.1.0",[],{"version":492,"download_url":493,"svn_tag_url":494,"released_at":26,"has_diff":466,"diff_files_changed":495,"diff_lines":26,"trac_diff_url":496,"vulnerabilities":497,"is_current":466},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.0.5&new_path=%2Fnhrrob-secure%2Ftags%2F1.0.6",[],{"version":499,"download_url":500,"svn_tag_url":501,"released_at":26,"has_diff":466,"diff_files_changed":502,"diff_lines":26,"trac_diff_url":503,"vulnerabilities":504,"is_current":466},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.0.4&new_path=%2Fnhrrob-secure%2Ftags%2F1.0.5",[],{"version":506,"download_url":507,"svn_tag_url":508,"released_at":26,"has_diff":466,"diff_files_changed":509,"diff_lines":26,"trac_diff_url":510,"vulnerabilities":511,"is_current":466},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.0.3&new_path=%2Fnhrrob-secure%2Ftags%2F1.0.4",[],{"version":513,"download_url":514,"svn_tag_url":515,"released_at":26,"has_diff":466,"diff_files_changed":516,"diff_lines":26,"trac_diff_url":517,"vulnerabilities":518,"is_current":466},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnhrrob-secure%2Ftags%2F1.0.2&new_path=%2Fnhrrob-secure%2Ftags%2F1.0.3",[],{"version":520,"download_url":521,"svn_tag_url":522,"released_at":26,"has_diff":466,"diff_files_changed":523,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":524,"is_current":466},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnhrrob-secure.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnhrrob-secure\u002Ftags\u002F1.0.2\u002F",[],[]]