[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJwkoRRp7UjyAaEYCr95jhxlDdHZRElBNX6sBzNlc9t0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":149,"fingerprints":302},"ninjafirewall","NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall","4.8.4","nintechnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fnintechnet\u002F","\u003Ch4>A true Web Application Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.\u003C\u002Fp>\n\u003Cp>It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache \u003Ca href=\"http:\u002F\u002Fwww.modsecurity.org\u002F\" title=\"\" rel=\"nofollow ugc\">ModSecurity\u003C\u002Fa> module or the PHP \u003Ca href=\"http:\u002F\u002Fsuhosin.org\u002F\" title=\"\" rel=\"nofollow ugc\">Suhosin\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is \u003Cstrong>not compatible with Microsoft Windows\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>NinjaFirewall can hook, scan, sanitise or reject any HTTP\u002FHTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.\u003C\u002Fp>\n\u003Ch4>Powerful filtering engine\u003C\u002Fh4>\n\u003Cp>NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fintroduction-to-ninjafirewall-filtering-engine\u002F\" title=\"\" rel=\"nofollow ugc\">An introduction to NinjaFirewall filtering engine\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Fastest and most efficient brute-force attack protection for WordPress\u003C\u002Fh4>\n\u003Cp>By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.\u003C\u002Fp>\n\u003Cp>See our benchmarks and stress-tests: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fwordpress-brute-force-attack-detection-plugins-comparison-2015\u002F\" title=\"\" rel=\"nofollow ugc\">Brute-force attack detection plugins comparison\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The protection applies to the \u003Ccode>wp-login.php\u003C\u002Fcode> script but can be extended to the \u003Ccode>xmlrpc.php\u003C\u002Fcode> one. The incident can also be written to the server \u003Ccode>AUTH\u003C\u002Fcode> log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).\u003C\u002Fp>\n\u003Ch4>Real-time detection\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Guard\u003C\u002Fstrong> real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).\u003C\u002Fp>\n\u003Ch4>File integrity monitoring\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Check\u003C\u002Fstrong> lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.\u003C\u002Fp>\n\u003Ch4>Watch your website traffic in real time\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Live Log\u003C\u002Fstrong> lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the \u003Ccode>tail -f\u003C\u002Fcode> Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, \u003Cstrong>Live Log\u003C\u002Fstrong> is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.\u003C\u002Fp>\n\u003Ch4>Event Notifications\u003C\u002Fh4>\n\u003Cp>NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-adds-php-backtrace-to-email-notifications\u002F\" title=\"NinjaFirewall adds PHP backtrace to email notifications\" rel=\"nofollow ugc\">attach a PHP backtrace\u003C\u002Fa> to important notifications.\u003C\u002Fp>\n\u003Cp>Monitored events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrator login.\u003C\u002Fli>\n\u003Cli>Modification of any administrator account in the database.\u003C\u002Fli>\n\u003Cli>Plugins upload, installation, (de)activation, update, deletion.\u003C\u002Fli>\n\u003Cli>Themes upload, installation, activation, deletion.\u003C\u002Fli>\n\u003Cli>WordPress update.\u003C\u002Fli>\n\u003Cli>Pending security update in your plugins and themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stay protected against the latest WordPress security vulnerabilities\u003C\u002Fh4>\n\u003Cp>To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins\u002Fthemes, a new set of security rules will be made available to protect your blog immediately.\u003C\u002Fp>\n\u003Ch4>Strong Privacy\u003C\u002Fh4>\n\u003Cp>Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).\u003C\u002Fp>\n\u003Cp>Your website can run NinjaFirewall and be \u003Cstrong>compliant with the General Data Protection Regulation (GDPR)\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-general-data-protection-regulation-compliance\u002F\" title=\"GDPR Compliance\" rel=\"nofollow ugc\">See our blog for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>IPv6 compatibility\u003C\u002Fh4>\n\u003Cp>IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.\u003C\u002Fp>\n\u003Ch4>Multi-site support\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.\u003C\u002Fp>\n\u003Ch4>Possibility to prepend your own PHP code to the firewall\u003C\u002Fh4>\n\u003Cp>You can prepend your own PHP code to the firewall with the help of an \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-the-htninja-configuration-file\u002F\" rel=\"nofollow ugc\">optional distributed configuration file\u003C\u002Fa>. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.\u003C\u002Fp>\n\u003Ch4>Low Footprint Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is very fast, optimised, compact, and requires very low system resource.\u003Cbr \u002F>\nSee for yourself: download and install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-profiler\u002F\" title=\"\" rel=\"ugc\">Code Profiler\u003C\u002Fa> plugin and compare NinjaFirewall’s performance with other security plugins.\u003C\u002Fp>\n\u003Ch4>Non-Intrusive User Interface\u003C\u002Fh4>\n\u003Cp>NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.\u003C\u002Fp>\n\u003Ch4>Contextual Help\u003C\u002Fh4>\n\u003Cp>Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it.\u003Cbr \u002F>\nIf you need help, click on the \u003Cem>Help\u003C\u002Fem> menu tab located in the upper right corner of each page in your admin panel.\u003C\u002Fp>\n\u003Ch4>Need more security ?\u003C\u002Fh4>\n\u003Cp>Check out our new supercharged edition: \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"NinjaFirewall WP+ Edition\" rel=\"nofollow ugc\">NinjaFirewall WP+ Edition\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unix shared memory use for inter-process communication and blazing fast performances.\u003C\u002Fli>\n\u003Cli>IP-based Access Control.\u003C\u002Fli>\n\u003Cli>Role-based Access Control.\u003C\u002Fli>\n\u003Cli>Country-based Access Control via geolocation.\u003C\u002Fli>\n\u003Cli>URL-based Access Control.\u003C\u002Fli>\n\u003Cli>Bot-based Access Control.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fcentralized-logging-with-ninjafirewall\u002F\" title=\"Centralized Logging\" rel=\"nofollow ugc\">Centralized Logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Antispam for comment and user regisration forms.\u003C\u002Fli>\n\u003Cli>Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks.\u003C\u002Fli>\n\u003Cli>Response body filter to scan the output of the HTML page right before it is sent to your visitors browser.\u003C\u002Fli>\n\u003Cli>Better File uploads management.\u003C\u002Fli>\n\u003Cli>Better logs management.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fsyslog-logging-with-ninjafirewall\u002F\" title=\"Syslog logging\" rel=\"nofollow ugc\">Syslog logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa> about the WP+ Edition unique features. \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F?comparison\" title=\"\" rel=\"nofollow ugc\">Compare\u003C\u002Fa> the WP and WP+ Editions.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.9+\u003C\u002Fli>\n\u003Cli>Admin\u002FSuperadmin with \u003Ccode>manage_options\u003C\u002Fcode> + \u003Ccode>unfiltered_html capabilities\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>PHP 7.1+\u003C\u002Fli>\n\u003Cli>MySQL or MariaDB with MySQLi extension\u003C\u002Fli>\n\u003Cli>Apache \u002F Nginx \u002F LiteSpeed \u002F Openlitespeed compatible\u003C\u002Fli>\n\u003Cli>Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is \u003Cstrong>NOT\u003C\u002Fstrong> compatible with Microsoft Windows.\u003C\u002Fli>\n\u003C\u002Ful>\n","A true Web Application Firewall to protect and secure WordPress.",100000,3089632,98,217,"2026-03-12T09:53:00.000Z","6.9.4","4.9","7.1",[20,21,22,23,24],"firewall","malware","protection","security","virus","https:\u002F\u002Fnintechnet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninjafirewall.4.8.4.zip",100,1,0,"2021-05-30 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2021-4451","ninjafirewall-authenticated-phar-deserialization","NinjaFirewall \u003C= 4.3.3 - Authenticated PHAR Deserialization","The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server.  This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).",null,"\u003C4.3.4","4.3.4","medium",6.6,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2024-10-16 06:43:24",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=api-prod",1235,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},3,130010,99,619,78,"2026-04-04T04:21:06.513Z",[57,74,99,117,134],{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":16,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":71,"download_link":72,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":73,"fetched_at":31},"ninjascanner","NinjaScanner – Virus & Malware scan","3.2.8","\u003Ch4>A lightweight, fast and powerful virus scanner for WordPress.\u003C\u002Fh4>\n\u003Cp>NinjaScanner is a lightweight, fast and powerful virus scanner for WordPress which includes many features to help you scan your blog for malware and virus.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>File integrity checker.\u003C\u002Fli>\n\u003Cli>File comparison viewer.\u003C\u002Fli>\n\u003Cli>Exclusion filters.\u003C\u002Fli>\n\u003Cli>File snapshot.\u003C\u002Fli>\n\u003Cli>Database snapshot.\u003C\u002Fli>\n\u003Cli>Anti-malware\u002FAntivirus.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fnin.link\u002Fnssandbox\u002F\" title=\"NinjaScanner sandbox\" rel=\"nofollow ugc\">Sandbox for quarantined files\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Ignored files list.\u003C\u002Fli>\n\u003Cli>Google’s Safe Browsing Lookup API.\u003C\u002Fli>\n\u003Cli>Background scans.\u003C\u002Fli>\n\u003Cli>Scheduled scans (Premium).\u003C\u002Fli>\n\u003Cli>WP-CLI integration (Premium).\u003C\u002Fli>\n\u003Cli>Debugging log.\u003C\u002Fli>\n\u003Cli>Email report.\u003C\u002Fli>\n\u003Cli>Integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninjafirewall\u002F\" title=\"Download NinjaFirewall\" rel=\"ugc\">NinjaFirewall (WP and WP+ Edition)\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multi-site support.\u003C\u002Fli>\n\u003Cli>Contextual help.\u003C\u002Fli>\n\u003Cli>And many more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>File Integrity Checker\u003C\u002Fh4>\n\u003Cp>The File Integrity Checker will compare your WordPress core files as well as your plugin and theme files to their original package. Its File Comparison Viewer will show you the differences between any modified file and the original. You can also \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjascanner-powerful-antivirus-scanner-for-wordpress\u002F#integrity\" title=\"\" rel=\"nofollow ugc\">add your Premium themes and plugins\u003C\u002Fa> to the File Integrity Checker. Infected or corrupted files can be easily restored with one click.\u003C\u002Fp>\n\u003Ch4>File Snapshot\u003C\u002Fh4>\n\u003Cp>The File Snapshot will show you which files were changed, added or deleted since the previous scan.\u003C\u002Fp>\n\u003Ch4>Database Snapshot\u003C\u002Fh4>\n\u003Cp>NinjaScanner will compare all published posts and pages in the database with the previous scan and will report if any of them were changed, added or deleted.\u003C\u002Fp>\n\u003Ch4>Anti-Malware Signatures\u003C\u002Fh4>\n\u003Cp>You can scan your blog for potential malware and virus using the built-in signatures. The scanning engine is compatible with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frfxn\u002Flinux-malware-detect\" title=\"\" rel=\"nofollow ugc\">Linux Malware Detect LMD\u003C\u002Fa> (whose anti-malware signatures are included) and with some \u003Ca href=\"https:\u002F\u002Fwww.clamav.net\u002F\" title=\"\" rel=\"nofollow ugc\">ClamAV\u003C\u002Fa> signatures as well. You can even \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjascanner-powerful-antivirus-scanner-for-wordpress\u002F#signatures\" title=\"\" rel=\"nofollow ugc\">write your own anti-malware signatures\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>NinjaFirewall Integration\u003C\u002Fh4>\n\u003Cp>If you are running our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninjafirewall\u002F\" title=\"Download NinjaFirewall\" rel=\"ugc\">NinjaFirewall (WP or WP+ Edition)\u003C\u002Fa> web application firewall plugin, you can use this option to integrate NinjaScanner into its menu.\u003C\u002Fp>\n\u003Ch4>Fast and Lightweight Scanner\u003C\u002Fh4>\n\u003Cp>NinjaScanner has strictly no impact on your database. It only uses it to store its configuration (less than 1Kb). It saves the scan data, report, logs etc on disk only, makes use of caching to save bandwidth and server resources. It also includes a Garbage Collector that will clean up its cache on a regular basis.\u003C\u002Fp>\n\u003Ch4>Background Scans\u003C\u002Fh4>\n\u003Cp>Another great NinjaScanner feature is that it runs in the background: start a scan, let it run and keep working on your blog as usual. You can even log out of the WordPress dashboard while a scanning process is running! You don’t have to wait patiently until the scan has finished. Additionally, a scan report can be sent to one or more email addresses.\u003C\u002Fp>\n\u003Ch4>Sandbox for quarantined files\u003C\u002Fh4>\n\u003Cp>When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a. sandbox) to make sure that this action does not crash your blog with a fatal error. If it does, it will warn you and will not quarantine the file. It is possible (but not recommended) to disable the sandbox.\u003C\u002Fp>\n\u003Ch4>Advanced Settings\u003C\u002Fh4>\n\u003Cp>NinjaScanner offers many advanced settings to finely tune it, such as exclusion filters, selection of the algorithm to use, a debugging log etc.\u003C\u002Fp>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>Your website can run NinjaScanner and be 100% compliant with the \u003Cstrong>General Data Protection Regulation (GDPR)\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cp>We, the authors, do not collect, share or sell personal information. We don’t track or profile you. Our software does not collect any private data from you or your visitors.\u003C\u002Fp>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cp>Check out our \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjascanner\u002F\" title=\"NinjaScanner Premium Edition\" rel=\"nofollow ugc\">NinjaScanner Premium Edition\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Scheduled Scans\u003C\u002Fstrong>: Don’t leave your blog at risk. With the scheduled scan option, NinjaScanner will run automatically hourly, twice daily or daily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration\u003C\u002Fstrong>: Do you own several blogs and prefer to manage them from the command line? NinjaScanner can nicely integrate with WP-CLI, using the \u003Ccode>ninjascanner\u003C\u002Fcode> command. You can use it to start or stop a scanning process, view its status, its report or log from your favourite terminal, without having to log in to the WordPress Admin Dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dedicated Help Desk with Priority Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight, fast and powerful virus scanner for WordPress.",30000,921392,86,33,"2025-11-29T09:53:00.000Z","4.7.0",[21,22,70,23,24],"scanner","https:\u002F\u002Fnintechnet.com\u002Fninjascanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninjascanner.3.2.8.zip","2025-07-30 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":97,"unpatched_count":29,"last_vuln_date":98,"fetched_at":31},"virusdie","Virusdie – One-click website security","1.1.8","Virusdie","https:\u002F\u002Fprofiles.wordpress.org\u002Fvirusdie\u002F","\u003Cp>ONE-CLICK WEBSITE SECURITY WITH VIRUSDIE WORDPRESS PLUGIN\u003C\u002Fp>\n\u003Ch3>Welcome to the most anticipated website security plugin – Virusdie WordPress Plugin!\u003C\u002Fh3>\n\u003Cp>Managing website security like malware scanning and removal, website hardening, patch management, real-time website protection against online attacks, and blacklist monitoring – is an automatic pleasure and we can prove it!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>More than 3 million\u003C\u002Fstrong> connected websites!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>99.87% malware and vulnerabilities detection rate.\u003C\u002Fstrong> The best detection rate in the industry. Virusdie detects as many threats as possible, including new kinds of threats\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No false positives.\u003C\u002Fstrong> False positives rate — less than 0.0002%. You can always be sure that your antivirus won’t mislead you)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website cleanup in one click.\u003C\u002Fstrong> The industry’s safest automatic cleanup procedures ensure that your site will remain stable after cleanup (automatic malware removal)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time website protection\u003C\u002Fstrong> against attacks by Website Firewall (protection against bad bots, DoS, XSS, SQL injections, suspicious uploads and activities, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Virtual and real patch management\u003C\u002Fstrong> (website hardening). It makes a virtual patch automatically or updates your vulnerable plug-ins and other site components in seconds, minimizing the risk of future problems.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist monitoring and blacklisting tool\u003C\u002Fstrong> that help you save time for unblacklisting by an automated un-blacklist wizard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smooth onboarding:\u003C\u002Fstrong> only dashboard with all you need. Manage Virusdie tools in a click! Your website is in full view: entire web-security status on one page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Friendly and responsive Virusdie support team.\u003C\u002Fstrong> We are welcome to help you and answer your questions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To avoid interruptions to your business, you need to keep your site free of viruses. As they say, shit happens — but when it does, you have to clean it up, and fast. Today, Virusdie makes it possible to resolve 100% of the security issues most businesses face, either fully or partially automatically. We’ve taken powerful website security tools and made them friendly and automatic in WordPress plugin format. Now, you can scan, clean, and protect your site from a single panel with just one click of the mouse. What’s more, you won’t need any help to use Virusdie. This means that you’ll save tons of time while keeping your site’s security under your control!\u003C\u002Fp>\n\u003Ch4>Free plan feature list:\u003C\u002Fh4>\n\u003Cp>1. Antivirus:\u003C\u002Fp>\n\u003Col>\n\u003Cli>No extreme server CPU load while scanning!\u003C\u002Fli>\n\u003Cli>Instant malware database update. The antivirus database is automatically updated in the background, so you won’t even have to think about doing anything manually to be sure you can eliminate as many viruses and vulnerabilities as possible.\u003C\u002Fli>\n\u003Cli>Scans once a month:\n\u003Cul>\n\u003Cli>Scanning website files for malware: all website files (not just CMS’ files), themes, plugins, PHP, JS, HTML, images, files with no type, any binary files and system files, .htaccess, and files with custom types and archives.\u003C\u002Fli>\n\u003Cli>Scanning website database. Scan posts and comments for bad URLs and suspicious content, scan posts and comments for malware and injections.\u003C\u002Fli>\n\u003Cli>Scanning for malware types (threats): malware, malicious redirects, Trojans, backdoors, shell scripts, malicious codes, bad URLs and SEO spam, defaces, code injections, browser coin miners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detailed scan reports with malware and threats description and recommendations.\u003C\u002Fli>\n\u003Cli>Add files to the exclusion list to ignore them in future scans.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#3rdPage\" rel=\"nofollow ugc\">Virusdie Antivirus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>2. WAF:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Don’t slow down your website while you’re using WAF!\u003C\u002Fli>\n\u003Cli>Instant Firewall rules database update.\u003C\u002Fli>\n\u003Cli>Bad requests, hacks attempts and attacks detection.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#6page\" rel=\"nofollow ugc\">Virusdie Firewall\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>3. Patch Management (website hardening)\u003C\u002Fp>\n\u003Col>\n\u003Cli>Instant vulnerabilities database update.\u003C\u002Fli>\n\u003Cli>Check site (files, themes, plugins and components) for known security vulnerabilities and alerts you if found.\u003C\u002Fli>\n\u003Cli>Scan once a month.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#4rdPage\" rel=\"nofollow ugc\">Virusdie Patch Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>4. Blacklists Monitoring\u003C\u002Fp>\n\u003Col>\n\u003Cli>Checking your website more than 60+ blacklists automatically.\u003C\u002Fli>\n\u003Cli>One-click to un-blacklist.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#7page\" rel=\"nofollow ugc\">Virusdie Blacklist Monitoring\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Premium plan feature list:\u003C\u002Fh4>\n\u003Cp>(In addition to the free plan’ feature list)\u003C\u002Fp>\n\u003Cp>1. Antivirus:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Daily scans and Unlimited scans.\u003C\u002Fli>\n\u003Cli>Automatic malware removal: The safest in the industry automatic malware removal – Your website continues to run stably after the automated cleanup.\u003C\u002Fli>\n\u003Cli>Unlimited site cleanups.\u003C\u002Fli>\n\u003Cli>File editor.\u003C\u002Fli>\n\u003Cli>Malicious code highlighting in the file editor.\u003C\u002Fli>\n\u003Cli>Pre-cleanup file backups.\u003C\u002Fli>\n\u003Cli>Exclusion list to add files and ignore them in future scans.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#3rdPage\" rel=\"nofollow ugc\">Virusdie Antivirus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>1. Firewall:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Basic bad request protection.\u003C\u002Fli>\n\u003Cli>XSS and SQL injection protection.\u003C\u002Fli>\n\u003Cli>DoS-attacks protection.\u003C\u002Fli>\n\u003Cli>Brute force protection by limiting login attempts.\u003C\u002Fli>\n\u003Cli>Content scraping protection.\u003C\u002Fli>\n\u003Cli>Malicious uploads prevention.\u003C\u002Fli>\n\u003Cli>IP whitelisting\u002Fblacklisting.\u003C\u002Fli>\n\u003Cli>URL blocking.\u003C\u002Fli>\n\u003Cli>Country blocking.\u003C\u002Fli>\n\u003Cli>History of blocked requests.\u003C\u002Fli>\n\u003Cli>Make custom rules to block requests based by: IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>Make custom rules generic type for POST\u002FGET requests.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#6page\" rel=\"nofollow ugc\">Virusdie Firewall\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Patch Management:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Daily and Unlimited scans.\u003C\u002Fli>\n\u003Cli>Automatic virtual vulnerability patching (website hardening).\u003C\u002Fli>\n\u003Cli>Automatic real patch management.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#4rdPage\" rel=\"nofollow ugc\">Virusdie Patch Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Coming soon:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Teamwork:\u003C\u002Fstrong> you will be able to share access to your site with your team. Simple and secure!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website sharing.\u003C\u002Fstrong> You’ll be able to share your website access with your digital agency who manage your website security – with one click!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website insurance and security expert marketplace:\u003C\u002Fstrong> for being confident that in the event of a complex website infection or damage to your site, getting help from third-party security experts to restore your site won’t cost you any more than the minimum cost in your insurance policy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall statistics and attack attempts reports will be available on the free tier plan!\u003C\u002Fstrong> Keep your finger on the website pulse even for free!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Join us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002FWebSecCommunityVirusdie\" rel=\"nofollow ugc\">Facebook Community\u003C\u002Fa> and find out more about Virusdie cloud security tools.\u003C\u002Fp>\n","Malware scanning & removal, website hardening, patching vulnerabilities, real-time protection against online attacks, blacklist monitoring in a click!",2000,34436,80,9,"2026-01-30T22:05:00.000Z","6.8.5","5.0","5.6",[91,20,92,23,93],"antivirus","malware-scanner","security-plugin","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirusdie.1.1.8.zip",95,4,"2026-02-18 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":18,"tags":114,"homepage":94,"download_link":116,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wt-security","WebTotem Security","2.4.35","WebTotem","https:\u002F\u002Fprofiles.wordpress.org\u002Fwtsec\u002F","\u003Cp>\u003Cstrong>WebTotem: Enhance Your WordPress Website Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebTotem the Ultimate WordPress Security Plugin for Comprehensive Protection\u003Cbr \u002F>\nIn today’s digital landscape, safeguarding your WordPress website against a myriad of threats is paramount. WebTotem emerges as a formidable security solution, offering a suite of powerful features designed to protect your website from the ground up. With antivirus scans, firewall protection, SSL certificate monitoring, and port analysis, WebTotem ensures your web space is meticulously guarded. Pushing the envelope further, it incorporates CVE vulnerability scanning to preemptively identify and mitigate potential risks, fortifying your website’s defense mechanism.\u003Cbr \u002F>\nWebTotem transforms your website into an impenetrable fortress by integrating additional layers of security such as activity logs, two-factor authentication (2FA), brute force attack prevention, and CAPTCHA functionalities. This not only guarantees uninterrupted operation but also establishes a reliable security framework for your website.\u003C\u002Fp>\n\u003Ch3>Core Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Antivirus Protection:\u003C\u002Fstrong> Conducts thorough scans of your files for malicious software, hidden shells, and dubious modifications, marking the first step towards a secure website. It’s an intuitive solution for maintaining your site’s integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Defense:\u003C\u002Fstrong> Offers real-time safeguarding against SQL injections, XSS, and DOS attacks, ensuring your data remains secure from unwelcome intrusions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SSL Module:\u003C\u002Fstrong> Administers continuous monitoring and management of your site’s SSL certificates, protecting data transmission round the clock.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Port Scanner:\u003C\u002Fstrong> Employs meticulous analysis to identify open ports, blocking unauthorized access and neutralizing potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Path Scanner:\u003C\u002Fstrong> Proactively searches and reviews accessible paths to files and directories, closing off avenues for attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reputation Module:\u003C\u002Fstrong> Vigilantly monitors and alerts you about any blacklisting issues, safeguarding your site’s online reputation and visibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility Module:\u003C\u002Fstrong> Keeps a close watch on site availability and page response times, ensuring optimal performance and a seamless user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technology Scanner:\u003C\u002Fstrong> Accurately identifies your site’s technology stack and its versions, aiding in keeping your systems up-to-date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Highlight Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> A cornerstone feature that scans for known vulnerabilities within the Common Vulnerabilities and Exposures (CVE) database, enabling swift remediation to boost your site’s security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Resource Module:\u003C\u002Fstrong> Provides crucial insights into RAM and CPU usage, along with disk space analytics, facilitating efficient resource utilization for enhanced site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log:\u003C\u002Fstrong> An essential tool for monitoring site changes and activities, offering a comprehensive event timeline for enhanced security oversight and swift incident response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Enhanced Security Measures:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Elevates security by requiring a second form of verification, seamlessly integrated within your CMS to protect administrative access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Integration:\u003C\u002Fstrong> A versatile tool against spam bots and automated attacks, offering customizable CAPTCHA deployment to safeguard your forms from unwarranted submissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-Force Protection:\u003C\u002Fstrong> Actively combats password guessing attempts, employing proactive measures to prevent unauthorized access to your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Assessment (Scoring):\u003C\u002Fstrong> Offers a detailed security evaluation based on an innovative methodology, pinpointing improvement areas with strategic recommendations to fortify your website’s security stance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Remediation Advice:\u003C\u002Fstrong> Goes beyond detection by providing actionable, detailed guidance for addressing vulnerabilities, enhancing your website’s resilience against threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WebTotem stands as a comprehensive security plugin, expertly crafted to enhance your WordPress site’s defenses. By adopting WebTotem, you not only protect your site from current threats but also strengthen its overall security architecture, ensuring a safe and robust online presence.\u003C\u002Fp>\n","WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.",900,92711,84,13,"2025-10-06T06:25:00.000Z","6.6.5","6.0",[91,20,115,22,23],"monitoring","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-security.2.4.35.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":27,"num_ratings":28,"last_updated":127,"tested_up_to":16,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"vigilante","Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…","1.5.1","Fernando Tellado","https:\u002F\u002Fprofiles.wordpress.org\u002Ffernandot\u002F","\u003Ch3>Premium Security, Zero Cost\u003C\u002Fh3>\n\u003Cp>Vigilant provides enterprise-level WordPress security features completely free. No premium version, no upsells, no hidden features behind paywalls.\u003C\u002Fp>\n\u003Cp>Protect your site with a complete security suite: firewall, two-factor authentication, brute force protection, security headers, file integrity monitoring, malware detection, user management, activity logging, under attack mode and much more.\u003C\u002Fp>\n\u003Ch3>Instant Protection\u003C\u002Fh3>\n\u003Cp>Once activated, Vigilant immediately applies essential security measures:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Firewall rules against common attacks (SQL injection, XSS, file inclusion)\u003C\u002Fli>\n\u003Cli>Security headers for browser protection\u003C\u002Fli>\n\u003Cli>Login attempt monitoring\u003C\u002Fli>\n\u003Cli>XML-RPC blocking\u003C\u002Fli>\n\u003Cli>WordPress version hiding\u003C\u002Fli>\n\u003Cli>Sensitive file protection (.htaccess, wp-config.php)\u003C\u002Fli>\n\u003Cli>Automatic backup of your existing configuration files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>One-Click Security Presets\u003C\u002Fh3>\n\u003Cp>Choose a preset and get protected instantly:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Standard\u003C\u002Fstrong> – Balanced security suitable for most websites. Enables all modules with sensible defaults that won’t interfere with normal site operation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maximum Security\u003C\u002Fstrong> – Strictest settings for high-security sites. Tighter rate limits, stronger CSP rules, mandatory admin notifications. May require fine-tuning for some setups.\u003C\u002Fp>\n\u003Cp>You can always customize individual settings after applying a preset.\u003C\u002Fp>\n\u003Ch3>Under Attack Mode\u003C\u002Fh3>\n\u003Cp>Is your site under active attack? Activate Under Attack mode with one click and stop malicious traffic instantly:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>JavaScript challenge\u003C\u002Fstrong> – Every visitor must pass an automatic browser verification before accessing your site. Real browsers solve it in seconds, bots get blocked completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Aggressive rate limiting\u003C\u002Fstrong> – Requests limited to 30 per minute with 15-minute blocks for offenders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTP method restriction\u003C\u002Fstrong> – Only GET, POST, and HEAD allowed. PUT, DELETE, PATCH, OPTIONS, and TRACE are blocked\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Empty user agent blocking\u003C\u002Fstrong> – Requests without a user agent header are rejected\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full XML-RPC lockdown\u003C\u002Fstrong> – All XML-RPC access is blocked during the attack\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API restriction\u003C\u002Fstrong> – Only authenticated users can access the REST API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-deactivation\u003C\u002Fstrong> – Mode automatically turns off after 4 hours so you never forget it’s on\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notifications\u003C\u002Fstrong> – Get notified when the mode is activated and deactivated\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HMAC-signed cookies\u003C\u002Fstrong> – Verified visitors receive a cryptographically signed cookie so they only see the challenge once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Under Attack mode works independently from your preset configuration. Your regular security settings are preserved and restored when the mode deactivates.\u003C\u002Fp>\n\u003Ch3>Core Security Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add a second verification step to your WordPress login. Choose the method that works best for your team:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator app (TOTP)\u003C\u002Fstrong> – Google Authenticator, Authy, Microsoft Authenticator, or any TOTP-compatible app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email codes\u003C\u002Fstrong> – One-time 6-digit verification codes sent via email\u003C\u002Fli>\n\u003Cli>QR code setup directly in user profiles\u003C\u002Fli>\n\u003Cli>10 backup codes for emergency access if you lose your device\u003C\u002Fli>\n\u003Cli>Configurable grace period for users to set up their authenticator app\u003C\u002Fli>\n\u003Cli>Trusted devices feature – skip 2FA on recognized devices for configurable days\u003C\u002Fli>\n\u003Cli>Role-based enforcement – require 2FA for administrators, editors, or any role\u003C\u002Fli>\n\u003Cli>Exclude specific users from 2FA requirements\u003C\u002Fli>\n\u003Cli>Admin tool to reset TOTP for users who lost their authenticator\u003C\u002Fli>\n\u003Cli>Configurable code expiry, attempt limits, and email sender name\u003C\u002Fli>\n\u003Cli>User notification emails when 2FA is enabled or method changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block malicious requests before they reach WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection blocking\u003C\u002Fli>\n\u003Cli>XSS (Cross-Site Scripting) attack prevention\u003C\u002Fli>\n\u003Cli>File inclusion protection (LFI\u002FRFI)\u003C\u002Fli>\n\u003Cli>Directory traversal blocking\u003C\u002Fli>\n\u003Cli>Bad bot detection and blocking\u003C\u002Fli>\n\u003Cli>Rate limiting against DDoS and brute force\u003C\u002Fli>\n\u003Cli>IP whitelist and blacklist management\u003C\u002Fli>\n\u003Cli>User-Agent whitelist and blacklist with partial matching\u003C\u002Fli>\n\u003Cli>HTTP method restriction\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Stop unauthorized access attempts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit login attempts with configurable thresholds\u003C\u002Fli>\n\u003Cli>Progressive lockouts – longer blocks for repeat offenders\u003C\u002Fli>\n\u003Cli>Custom login URL – hide wp-login.php from bots\u003C\u002Fli>\n\u003Cli>Login URL change notifications to all admin-area users\u003C\u002Fli>\n\u003Cli>Hide login error messages – don’t reveal valid usernames\u003C\u002Fli>\n\u003Cli>XML-RPC disable – block this common attack vector\u003C\u002Fli>\n\u003Cli>Application passwords control\u003C\u002Fli>\n\u003Cli>Admin login notifications via email\u003C\u002Fli>\n\u003Cli>IP whitelist for trusted locations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comprehensive user account protection:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block insecure usernames (admin, test, root, etc.)\u003C\u002Fli>\n\u003Cli>Force strong passwords with minimum length\u003C\u002Fli>\n\u003Cli>Password expiration with configurable intervals\u003C\u002Fli>\n\u003Cli>Password history – prevent reusing old passwords\u003C\u002Fli>\n\u003Cli>Force password reset for all users (post-hack recovery)\u003C\u002Fli>\n\u003Cli>Session limits – control concurrent logins per user\u003C\u002Fli>\n\u003Cli>Session management – view and revoke active sessions\u003C\u002Fli>\n\u003Cli>Email verification for new registrations\u003C\u002Fli>\n\u003Cli>Registration approval workflow – manually approve new users\u003C\u002Fli>\n\u003Cli>Admin account monitoring – alerts for new admins, email changes, password changes, privilege escalation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Achieve Grade A security ratings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Content Security Policy (CSP) with visual builder\u003C\u002Fli>\n\u003Cli>HSTS (HTTP Strict Transport Security) with preload option\u003C\u002Fli>\n\u003Cli>X-Frame-Options – prevent clickjacking\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options – prevent MIME sniffing\u003C\u002Fli>\n\u003Cli>Referrer Policy control\u003C\u002Fli>\n\u003Cli>Permissions Policy (camera, microphone, geolocation)\u003C\u002Fli>\n\u003Cli>Cross-Origin policies (COEP, COOP, CORP)\u003C\u002Fli>\n\u003Cli>HTTPS enforcer with automatic mixed content fix\u003C\u002Fli>\n\u003Cli>Built-in header testing tool\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>File Integrity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Detect unauthorized changes to your files:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress core verification against official checksums\u003C\u002Fli>\n\u003Cli>Plugin and theme file monitoring with WordPress.org checksums\u003C\u002Fli>\n\u003Cli>Suspicious code scanning for plugins and themes without checksums\u003C\u002Fli>\n\u003Cli>Extra file detection in plugins and themes (files not in original distribution)\u003C\u002Fli>\n\u003Cli>Two-level detection: strict obfuscation combos for plugins, broad patterns for uploads\u003C\u002Fli>\n\u003Cli>Uploads directory scanning for PHP files, double extensions, and .htaccess\u003C\u002Fli>\n\u003Cli>String concatenation obfuscation detection\u003C\u002Fli>\n\u003Cli>Configurable notification levels (all issues, suspicious only, or disabled)\u003C\u002Fli>\n\u003Cli>Ignore list to dismiss known files from results\u003C\u002Fli>\n\u003Cli>Excluded paths and file extensions\u003C\u002Fli>\n\u003Cli>Scheduled automatic scans (daily, weekly)\u003C\u002Fli>\n\u003Cli>HTML formatted email alerts with severity sections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Activity Log\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Track everything happening on your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Successful and failed login attempts\u003C\u002Fli>\n\u003Cli>Two-factor authentication events\u003C\u002Fli>\n\u003Cli>User account changes (creation, deletion, role changes)\u003C\u002Fli>\n\u003Cli>Content modifications (posts, pages)\u003C\u002Fli>\n\u003Cli>Plugin and theme activations\u002Fdeactivations\u003C\u002Fli>\n\u003Cli>Security events and blocked threats\u003C\u002Fli>\n\u003Cli>HTTP request method tracking and filtering (GET, POST, PUT, DELETE)\u003C\u002Fli>\n\u003Cli>Enhanced log detail popup with grouped sections and quick actions\u003C\u002Fli>\n\u003Cli>One-click add IP or User-Agent to firewall whitelist\u002Fblacklist from log entries\u003C\u002Fli>\n\u003Cli>Direct IP lookup links to AbuseIPDB\u003C\u002Fli>\n\u003Cli>Configurable retention period\u003C\u002Fli>\n\u003Cli>Export logs to CSV\u003C\u002Fli>\n\u003Cli>Filter by event type, severity, request method, or date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Hardening\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Additional security measures:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>wp-config.php security constants (DISALLOW_FILE_EDIT, etc.)\u003C\u002Fli>\n\u003Cli>Database prefix security check and one-click change tool\u003C\u002Fli>\n\u003Cli>Comment spam protection with honeypot fields\u003C\u002Fli>\n\u003Cli>Disable pingbacks and trackbacks\u003C\u002Fli>\n\u003Cli>Close comments on old posts\u003C\u002Fli>\n\u003Cli>WordPress head cleanup (remove version, RSD, WLW links)\u003C\u002Fli>\n\u003Cli>Feed management and security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>REST API Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Control API access to your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three access modes: public, authenticated only, or selective\u003C\u002Fli>\n\u003Cli>Block user enumeration via REST API\u003C\u002Fli>\n\u003Cli>Protect sensitive endpoints\u003C\u002Fli>\n\u003Cli>Maintain compatibility with popular plugins (WooCommerce, Contact Form 7, Elementor)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Tools\u003C\u002Fh3>\n\u003Cp>Utilities included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Database Backup\u003C\u002Fstrong> – Download a full or partial database backup as ZIP with table selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Prefix Change\u003C\u002Fstrong> – Change the default wp_ prefix to a random secure prefix\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u002FImport Settings\u003C\u002Fstrong> – Transfer your configuration between sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Backup\u003C\u002Fstrong> – Create backups of .htaccess and wp-config.php on demand\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset to Defaults\u003C\u002Fstrong> – Start fresh with one click\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Safe by Design\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Automatic Backup System\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Your existing .htaccess, wp-config.php, and robots.txt are automatically backed up before any modifications. Backups include integrity verification (MD5 checksums) and are stored safely in wp-content\u002Fvigilante-backups\u002F, persisting through plugin updates.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Clean Rollback\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you deactivate Vigilant, all security rules are automatically removed and your original configuration files are restored. No leftover code, no broken sites.\u003C\u002Fp>\n\u003Ch3>Why choose Vigilant?\u003C\u002Fh3>\n\u003Cp>Most WordPress security plugins reserve their best features for paid plans. Vigilant gives you everything upfront — no premium tier, no feature locks, no upsells. Firewall, 2FA with authenticator app, security headers, file integrity scanner, activity log, and more. All free, all maintained, all following WordPress coding standards.\u003C\u002Fp>\n\u003Cp>If your current security plugin asks you to pay for features that should be basic, take a look at what Vigilant offers out of the box.\u003C\u002Fp>\n\u003Ch3>How does Vigilant compare?\u003C\u002Fh3>\n\u003Cp>We maintain a detailed feature comparison between Vigilant and other popular security plugins (Wordfence, Solid Security, AIOS, Sucuri, SG Security). See what each plugin offers in its free version and where Vigilant fills the gaps.\u003C\u002Fp>\n\u003Cp>&rarr; \u003Ca href=\"https:\u002F\u002Fvigilante.works\u002Fcomparison.html\" rel=\"nofollow ugc\">View the full comparison\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help or have suggestions?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservicios.ayudawp.com\u002F\" rel=\"nofollow ugc\">Official website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fvigilante\u002F\" rel=\"ugc\">WordPress support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002FAyudaWordPressES\" rel=\"nofollow ugc\">YouTube channel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fayudawp.com\u002F\" rel=\"nofollow ugc\">Documentation and tutorials\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Love the plugin? Please leave us a 5-star review and help spread the word!\u003C\u002Fp>\n\u003Ch3>About AyudaWP\u003C\u002Fh3>\n\u003Cp>We are specialists in WordPress security, SEO, and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.\u003C\u002Fp>\n","Premium WordPress Security - 100% FREE: Firewall, 2FA, Security Headers, Login and Malware Protection, File Monitor, Activity Log, Under Attack & more",90,1438,"2026-03-14T18:03:00.000Z","6.2","7.4",[131,20,21,22,23],"2fa","https:\u002F\u002Fservicios.ayudawp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigilante.1.5.1.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":27,"num_ratings":144,"last_updated":145,"tested_up_to":16,"requires_at_least":88,"requires_php":94,"tags":146,"homepage":147,"download_link":148,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"moesec","MoeSec Security – Comprehensive Malware Scanner & Security Suite","2.1","MoeSec","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoesec\u002F","\u003Cp>MoeSec.com is a comprehensive Website Security Platform to protect your website against Hackers, Malware, Vulnerabilities and various threats.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fm6FcDT6NMNQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>The Free MoeSec Security plugin is a powerful security plugin designed to safeguard your WordPress website against a wide range of security threats. With its comprehensive set of features, MoeSec offers Malware Scanning, Malware Detection, Integrity, Logging, Backups, Brute Force & Login Protection and much more. You can visit MoeSec.com to learn more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>File and Database Malware Scanner:\u003C\u002Fstrong> Detect malicious code injections in your files or database and check for known malicious admin users with options to edit, delete, quarantine, whitelist or report a suspicious file for further investigation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>External Security Scan:\u003C\u002Fstrong> Remote Scanning to quickly Check your website for Malware infections, Hack signs, Redirects, Abnormal behaviors and more by scanning it using our external website malware scan engine \u003Ca href=\"https:\u002F\u002Fscan.moesec.com\" rel=\"nofollow ugc\">MoeSec Website Scanner\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Core Integrity Check:\u003C\u002Fstrong> Ensure your WordPress installation hasn’t been tampered with. Scheduled Checks and Email notifications! You can whitelist any customized files or changes!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Protection:\u003C\u002Fstrong> Prevent brute force attacks and implement \u003Cem>2FA – Two-Factor authentication\u003C\u002Fem> via Email or Auth Apps such as Google Authenticator.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall:\u003C\u002Fstrong> Block requests & traffic from specific IPs, IP ranges, Geo-Blocking entire selected countries, user agents and bad bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Hardening:\u003C\u002Fstrong> Implement best practices to secure your WordPress installation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Admin URL:\u003C\u002Fstrong> You can change wp-admin to any custom admin URL for extra protection against automated attacks and bot requests!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bad Bot Blocking:\u003C\u002Fstrong> Prevent malicious bots from accessing your site. You can block Bots, Crawlers & User Agents!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup System:\u003C\u002Fstrong> Generate Website Backups, Database Backups, Schedule Automated backups for your website! \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled Scans:\u003C\u002Fstrong> Automate security checks at regular intervals.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications:\u003C\u002Fstrong> Stay informed about security events and scan results.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much More!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>MoeSec is regularly updated to address the latest security threats and WordPress vulnerabilities, ensuring that your website remains protected against emerging risks.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>You can integrate your website with \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">Recaptcha\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.hcaptcha.com\" rel=\"nofollow ugc\">hCaptcha\u003C\u002Fa> to help mitigating spam visits or fake login attempts. Once this option is enabled, The plugin will communicate to their respected APIs using your own keys that you have created directly with the services and agreed to their terms and privacy policies.\u003C\u002Fp>\n\u003Cp>Also, This plugin is connecting and communicating to our \u003Ca href=\"https:\u002F\u002Fscan.moesec.com\" rel=\"nofollow ugc\">MoeSec Website Scanner Engine\u003C\u002Fa> to perform external website security scans for your website. We don’t send or store anything other than the website URL\u002FDomain during scans and processing the requests or showing scan results.\u003C\u002Fp>\n\u003Cp>Also, This plugin is fetching our update servers on \u003Ca href=\"https:\u002F\u002FMoeSec.com\" rel=\"nofollow ugc\">MoeSec\u003C\u002Fa> everyday to look for new signature updates.\u003C\u002Fp>\n\u003Cp>Also, For Creating QR codes, The plugin is communicating with \u003Ca href=\"https:\u002F\u002Fapi.qrserver.com\" rel=\"nofollow ugc\">qrserver\u003C\u002Fa> just for creating the needed QR codes.\u003C\u002Fp>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>For more information, please visit \u003Ca href=\"https:\u002F\u002Fmoesec.com\" rel=\"nofollow ugc\">MoeSec\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you need professional assistance with malware removal or advanced security protection for your website, please visit our \u003Ca href=\"https:\u002F\u002Fmoesec.com\" rel=\"nofollow ugc\">Professional Services\u003C\u002Fa> .\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>MoeSec is committed to protecting your privacy. The plugin does not collect any personal data from your website visitors. It only processes data within your WordPress installation to perform security scans and implement protective measures.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002FMoeSec.com\" rel=\"nofollow ugc\">MoeSec\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin’s other home\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002FMoeSec.com\u002Fwordpress-security-plugin\u002F\" rel=\"nofollow ugc\">MoeSec Security Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","MoeSec Security is a comprehensive plugin for Malware Scanning, Monitoring, Integrity, Security Hardening and Protection.",30,1384,2,"2025-12-09T09:28:00.000Z",[91,20,21,70,23],"https:\u002F\u002FMoeSec.com\u002Fwordpress-security-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoesec.2.1.zip",{"attackSurface":150,"codeSignals":225,"taintFlows":247,"riskAssessment":290,"analyzedAt":301},{"hooks":151,"ajaxHandlers":213,"restRoutes":222,"shortcodes":223,"cronEvents":224,"entryPointCount":144,"unprotectedCount":29},[152,158,162,166,170,174,178,183,186,190,194,198,202,206,210],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","nfwgccron","nfw_garbage_collector","ninjafirewall.php",104,{"type":153,"name":159,"callback":160,"file":156,"line":161},"admin_enqueue_scripts","nfw_load_ext",375,{"type":153,"name":163,"callback":164,"file":156,"line":165},"admin_init","nfw_admin_init",531,{"type":153,"name":167,"callback":168,"file":156,"line":169},"init","nfw_init_emailremoval",544,{"type":153,"name":171,"callback":172,"file":156,"line":173},"wp_login","nfw_login_hook",612,{"type":153,"name":175,"callback":176,"file":156,"line":177},"wp_logout","nfw_logout_hook",626,{"type":153,"name":179,"callback":180,"priority":181,"file":156,"line":182},"admin_menu","ninjafirewall_admin_menu",10,923,{"type":153,"name":184,"callback":180,"priority":181,"file":156,"line":185},"network_admin_menu",925,{"type":153,"name":187,"callback":188,"priority":96,"file":156,"line":189},"admin_bar_menu","nf_admin_bar_status",972,{"type":153,"name":191,"callback":192,"file":156,"line":193},"nfscanevent","nfscando",1008,{"type":153,"name":195,"callback":196,"priority":28,"file":156,"line":197},"shutdown","nf_check_dbdata",1041,{"type":153,"name":199,"callback":200,"file":156,"line":201},"nfdailyreport","nfdailyreportdo",1043,{"type":153,"name":203,"callback":204,"file":156,"line":205},"nfsecupdates","nfupdatesdo",1074,{"type":153,"name":207,"callback":208,"file":156,"line":209},"wp_network_dashboard_setup","nfw_dashboard_widgets",1125,{"type":153,"name":211,"callback":208,"file":156,"line":212},"wp_dashboard_setup",1127,[214,219],{"action":215,"nopriv":216,"callback":215,"hasNonce":217,"hasCapCheck":216,"file":156,"line":218},"nfw_fullwafsetup",false,true,631,{"action":220,"nopriv":216,"callback":220,"hasNonce":217,"hasCapCheck":216,"file":156,"line":221},"nfw_fullwafconfig",751,[],[],[],{"dangerousFunctions":226,"sqlUsage":227,"outputEscaping":229,"fileOperations":245,"externalRequests":29,"nonceChecks":230,"capabilityChecks":181,"bundledLibraries":246},[],{"prepared":29,"raw":29,"locations":228},[],{"escaped":29,"rawEcho":230,"locations":231},6,[232,235,237,239,241,243],{"file":156,"line":233,"context":234},444,"raw output",{"file":156,"line":236,"context":234},486,{"file":156,"line":238,"context":234},512,{"file":156,"line":240,"context":234},702,{"file":156,"line":242,"context":234},730,{"file":156,"line":244,"context":234},737,14,[],[248,265,277],{"entryPoint":249,"graph":250,"unsanitizedCount":29,"severity":264},"nfw_admin_init (ninjafirewall.php:379)",{"nodes":251,"edges":262},[252,257],{"id":253,"type":254,"label":255,"file":156,"line":256},"n0","source","$_SERVER['SERVER_NAME'] (x2)",485,{"id":258,"type":259,"label":260,"file":156,"line":256,"wp_function":261},"n1","sink","header() [Header Injection]","header",[263],{"from":253,"to":258,"sanitized":217},"low",{"entryPoint":266,"graph":267,"unsanitizedCount":29,"severity":264},"nfw_fullwafsetup (ninjafirewall.php:633)",{"nodes":268,"edges":275},[269,272],{"id":253,"type":254,"label":270,"file":156,"line":271},"$_POST (x3)",679,{"id":258,"type":259,"label":273,"file":156,"line":240,"wp_function":274},"echo() [XSS]","echo",[276],{"from":253,"to":258,"sanitized":217},{"entryPoint":278,"graph":279,"unsanitizedCount":29,"severity":264},"\u003Cninjafirewall> (ninjafirewall.php:0)",{"nodes":280,"edges":287},[281,282,283,285],{"id":253,"type":254,"label":255,"file":156,"line":256},{"id":258,"type":259,"label":260,"file":156,"line":256,"wp_function":261},{"id":284,"type":254,"label":270,"file":156,"line":271},"n2",{"id":286,"type":259,"label":273,"file":156,"line":240,"wp_function":274},"n3",[288,289],{"from":253,"to":258,"sanitized":217},{"from":284,"to":286,"sanitized":217},{"summary":291,"deductions":292},"NinjaFirewall v4.8.4 exhibits a generally strong security posture with several positive indicators. The plugin has a limited attack surface with all identified entry points being protected by authentication checks. Notably, it utilizes prepared statements exclusively for its SQL queries and implements a significant number of nonce and capability checks, demonstrating a good understanding of WordPress security best practices. There are no identified critical or high severity vulnerabilities from taint analysis, and no unpatched CVEs currently exist.",[293,296,298],{"reason":294,"points":295},"All outputs are unescaped",20,{"reason":297,"points":181},"Previous deserialization vulnerability",{"reason":299,"points":300},"Significant number of file operations",5,"2026-03-16T17:06:43.781Z",{"wat":303,"direct":373},{"assetPaths":304,"generatorPatterns":337,"scriptPaths":338,"versionParams":339},[305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336],"\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fninjafirewall-backend.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fcss\u002Fninjafirewall-backend.css","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fbackend-modal.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fadmin-notices.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-helpers.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Flib\u002Fcodemirror.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fjavascript\u002Fjavascript.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fcss\u002Fcss.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fhtmlmixed\u002Fhtmlmixed.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fclike\u002Fclike.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fphp\u002Fphp.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fmatchbrackets.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fshow-hint.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fjavascript-hint.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fcss-hint.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fhtml-hint.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fphp-hint.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fclosebrackets.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fplaceholder.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Frunmode\u002Frunmode.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fdisplay\u002Fplaceholder.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fcss\u002Fcodemirror.css","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fcss\u002Fnfw-helpers.css","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fcss\u002Fadmin-notices.css","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fcss\u002Fcolorbox\u002Fcolorbox.css","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcolorbox\u002Fjquery.colorbox.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fcolorbox\u002Fjquery.colorbox-min.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-modal.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-colorbox.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-dashboard.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-dashboard-widgets.js","\u002Fwp-content\u002Fplugins\u002Fninjafirewall\u002Fjs\u002Fnfw-dashboard-scanner.js",[],[305,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,330,331,332,333,334,335,336],[340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372],"ninjafirewall\u002Fstyle.css?ver=","ninjafirewall\u002Fjs\u002Fninjafirewall-backend.js?ver=","ninjafirewall\u002Fcss\u002Fninjafirewall-backend.css?ver=","ninjafirewall\u002Fjs\u002Fbackend-modal.js?ver=","ninjafirewall\u002Fjs\u002Fadmin-notices.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-helpers.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Flib\u002Fcodemirror.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fjavascript\u002Fjavascript.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fcss\u002Fcss.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fhtmlmixed\u002Fhtmlmixed.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fclike\u002Fclike.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Fmode\u002Fphp\u002Fphp.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fmatchbrackets.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fshow-hint.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fjavascript-hint.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fcss-hint.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fhtml-hint.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fphp-hint.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fclosebrackets.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fplaceholder.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Frunmode\u002Frunmode.js?ver=","ninjafirewall\u002Fjs\u002Fcodemirror\u002Faddon\u002Fdisplay\u002Fplaceholder.js?ver=","ninjafirewall\u002Fcss\u002Fcodemirror.css?ver=","ninjafirewall\u002Fcss\u002Fnfw-helpers.css?ver=","ninjafirewall\u002Fcss\u002Fadmin-notices.css?ver=","ninjafirewall\u002Fcss\u002Fcolorbox\u002Fcolorbox.css?ver=","ninjafirewall\u002Fjs\u002Fcolorbox\u002Fjquery.colorbox.js?ver=","ninjafirewall\u002Fjs\u002Fcolorbox\u002Fjquery.colorbox-min.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-modal.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-colorbox.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-dashboard.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-dashboard-widgets.js?ver=","ninjafirewall\u002Fjs\u002Fnfw-dashboard-scanner.js?ver=",{"cssClasses":374,"htmlComments":384,"htmlAttributes":428,"restEndpoints":435,"jsGlobals":436,"shortcodeOutput":441},[375,376,377,378,379,380,381,382,383],"nf_settings","nf_message","nfw_code_editor","nfw-dashboard-widget","nfw-dashboard-scanner-results","nfw-menu-icon","nfw_colorbox","nfw-admin-notice","nfw_admin_notice_wrapper",[385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427],"\u003C!-- (c) NinTechNet Limited ~ https:\u002F\u002Fnintechnet.com\u002F -->","\u003C!-- NinjaFirewall is not compatible with Microsoft Windows. -->","\u003C!-- NinjaFirewall requires the PHP 'mysqli' extension. -->","\u003C!-- NinjaFirewall requires PHP 7.1 or greater but your current version is -->","\u003C!-- NinjaFirewall requires WordPress 4.7.0 or greater but your current version is -->","\u003C!-- You do not have \"unfiltered_html\" capability. Please enable it in order to run NinjaFirewall (or make sure you do not have \"DISALLOW_UNFILTERED_HTML\" in your wp-config.php script). -->","\u003C!-- Since WP 6.7, translation loading must not be triggered too early. -->","\u003C!-- Select whether we want to use PHP or NF (default since v4.8.1) sessions. -->","\u003C!-- Error: the firewall isn't loaded. -->","\u003C!-- Those classes and constants could be already loaded\u002Fdefined by the firewall (if enabled). -->","\u003C!-- Load script\u002Fstyle files -->","\u003C!-- Install\u002Factivate NinjaFirewall -->","\u003C!-- Warn if the user does not have the 'unfiltered_html' capability: -->","\u003C!-- (Re)create the loader -->","\u003C!-- Create scheduled tasks. -->","\u003C!-- Re-enable brute-force protection -->","\u003C!-- Warn if the user does not have the 'unfiltered_html' capability unless it's CLI. -->","\u003C!-- Re-used code from Firewall Options. -->","\u003C!-- Disable brute-force protection. -->","\u003C!-- Remove any existing cron. -->","\u003C!-- Load the external JS script and CSS: -->","\u003C!-- -Single site: to the admin only. -->","\u003C!-- -Multi-site: to the superadmin and from the -->","\u003C!-- If plugin is activated -->","\u003C!-- If plugin is deactivated -->","\u003C!-- NinjaFirewall Settings Form -->","\u003C!-- ninja firewall: Dashboard Main Widget -->","\u003C!-- ninja firewall: Scan Widget -->","\u003C!-- ninja firewall: IP Intelligence Widget -->","\u003C!-- NinjaFirewall: Code Editor -->","\u003C!-- NinjaFirewall: PHP Mailer -->","\u003C!-- NinjaFirewall: Firewall Log -->","\u003C!-- NinjaFirewall: Update Rules -->","\u003C!-- NinjaFirewall: Scanner -->","\u003C!-- NinjaFirewall: IP Intelligence -->","\u003C!-- NinjaFirewall: Dashboard -->","\u003C!-- NinjaFirewall: Settings -->","\u003C!-- NinjaFirewall: Mailer -->","\u003C!-- NinjaFirewall: Logs -->","\u003C!-- NinjaFirewall: Update -->","\u003C!-- NinjaFirewall: Scan -->","\u003C!-- NinjaFirewall: IP -->","\u003C!-- NinjaFirewall: Dash -->",[429,430,431,432,433,434],"data-nfw-action","data-nfw-target","data-nfw-id","data-nfw-url","data-nfw-editor","data-codemirror-mode",[],[437,438,439,440],"nfw_admin_object","nfw_codemirror_settings","nfw_colorbox_settings","nfw_modal_settings",[]]