[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsT9ORoyS7OSoCgLK2E4QiFyY33oj7cb6LyAKcgPOqr8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":140,"fingerprints":497},"nohackme-defender","NoHackMe Defender","1.1.0","Roman","https:\u002F\u002Fprofiles.wordpress.org\u002Fneedtome\u002F","\u003Cp>The NoHackMe Defender plugin ensures the security of your WordPress site by blocking IP addresses when receiving suspicious requests, or when too many requests are received from a single IP over a certain period. The plugin offers comprehensive protection mechanisms including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hacking protection: Blocks IP addresses that send suspicious data.\u003C\u002Fli>\n\u003Cli>Parsing protection: Prevents malicious parsing attempts on your website.\u003C\u002Fli>\n\u003Cli>DoS protection: Stops denial-of-service attacks by limiting excessive requests.\u003C\u002Fli>\n\u003Cli>Password brute force protection: Prevents repeated login attempts to guess passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore our instructional videos to see the NoHackMe Defender plugin in action and learn how to configure settings and manage blocked IP addresses efficiently:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fl6LFvNn7RE8\" rel=\"nofollow ugc\">Protect Your WordPress Site for Free – Installing and Configuring NoHackMe Defender Plugin\u003C\u002Fa>: A thorough guide on activating and configuring the NoHackMe Defender plugin, including its free version features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FDqTvUfLmmGQ\" rel=\"nofollow ugc\">How to Protect Your Site from Hackers, Parsing, and DoS – Testing WordPress Plugin NoHackMe Defender\u003C\u002Fa>: Demonstrates the plugin’s effectiveness in blocking suspicious requests and securing your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F35G8wi02-70\" rel=\"nofollow ugc\">Premium Protection for WordPress Sites – A Breakdown of the Paid Features of NoHackMe Defender Plugin\u003C\u002Fa>: Explores the advanced features available in the premium version of the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more information and a live demonstration, visit our \u003Ca href=\"https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F\" rel=\"nofollow ugc\">Plugin Demo Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Special thanks to our sponsors for supporting the development of this plugin:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmalinovsky.io\" rel=\"nofollow ugc\">malinovsky.io\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloap.net\" rel=\"nofollow ugc\">gloap.net\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloapm.com\" rel=\"nofollow ugc\">gloapm.com\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fimgai.art\" rel=\"nofollow ugc\">imgai.art\u003C\u002Fa>\u003C\u002Fp>\n","Enhance your WordPress security by blocking IPs that send too many or suspicious requests.",20,1028,0,"2024-06-26T04:39:00.000Z","6.5.8","6.0","7.4",[19,20,21,22,23],"anti-hack","firewall","ip-blocking","protection","security","https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnohackme-defender.1.1.0.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"needtome",1,30,88,"2026-04-04T11:09:25.786Z",[37,57,79,101,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":52,"download_link":56,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"guardify","Guardify Firewall","1.1.2","BitCleric","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoamuller23\u002F","\u003Cp>\u003Cstrong>Guardify\u003C\u002Fstrong> is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL injections, malicious bots, and unauthorized access attempts. With an intuitive dashboard, detailed statistics, and advanced settings, Guardify empowers you to secure your site effortlessly.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Web Application Firewall (WAF)\u003C\u002Fstrong>\u003Cbr \u002F>\nIntercepts and filters all incoming traffic before it reaches WordPress. Blocks SQL injection, XSS, RFI, LFI, and other attack vectors.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Brute Force Attack Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nBlocks repeated login attempts by limiting login frequency and analyzing IP reputation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>2-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds an extra layer of login security for admin users, using time-based one-time passwords (TOTP).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-Time Activity Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack login attempts, blocked IPs, suspicious requests, and system actions with detailed logs. View statistics by day, week, or month.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom IP Whitelisting & Blacklisting\u003C\u002Fstrong>\u003Cbr \u002F>\nControl access to your site by adding IPs or IP ranges to allow or deny lists. Includes temporary blocking for failed login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>GeoIP Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock or allow access from specific countries using the MaxMind GeoIP2 database integration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bot Access Control\u003C\u002Fstrong>\u003Cbr \u002F>\nDetect and manage access from known bots, scrapers, and fake crawlers. Option to block non-human traffic.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anti-PHP Injection & File Access Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nPrevents direct access to PHP files in sensitive directories such as \u003Ccode>\u002Fwp-includes\u002F\u003C\u002Fcode> and \u003Ccode>\u002Fwp-content\u002Fuploads\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Plugin and Theme Installation\u003C\u002Fstrong>\u003Cbr \u002F>\nRestrict installation of new plugins and themes via the WordPress dashboard — even by administrators. This helps prevent unauthorized or accidental installation of insecure components. Manual installation via FTP remains possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Theme Editor\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable access to the Theme Editor (\u003Ccode>\u002Fwp-admin\u002Ftheme-editor.php\u003C\u002Fcode>) to prevent direct file editing. This minimizes the risk of malicious code injection or unintentional file corruption.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Forbidden Comment Words Filter\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically mark comments as spam if they contain forbidden words or patterns (e.g., \u003Ccode>http\u003C\u002Fcode>, \u003Ccode>viagra\u003C\u002Fcode>, \u003Ccode>casino\u003C\u002Fcode>, \u003Ccode>porn\u003C\u002Fcode>). Helps drastically reduce comment spam by detecting common keywords and links.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Block IPs in .htaccess\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen enabled, IPs that exceed the rate limit are automatically added to the \u003Ccode>.htaccess\u003C\u002Fcode> file for permanent blocking. This server-level block prevents any further requests. Use with care, as shared or corporate IPs may be affected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nStay informed with email alerts about critical security events, such as admin login attempts or IP bans.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizable Firewall Rules\u003C\u002Fstrong>\u003Cbr \u002F>\nAdvanced users can fine-tune rules with regex filters, HTTP method checks, user-agent filters, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Admin Interface\u003C\u002Fstrong>\u003Cbr \u002F>\nGuardify features a modern and intuitive UI built using native WordPress design language.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically cleans up all data, logs, and settings when uninstalled—leaving your database clean.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Guardify is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL inj &hellip;",10,480,100,2,"2025-06-04T19:22:00.000Z","6.8.5","5.0","",[54,20,21,23,55],"brute-force-protection","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguardify.1.1.2.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":47,"vuln_count":32,"unpatched_count":13,"last_vuln_date":78,"fetched_at":28},"ninjafirewall","NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall","4.8.4","nintechnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fnintechnet\u002F","\u003Ch4>A true Web Application Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.\u003C\u002Fp>\n\u003Cp>It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache \u003Ca href=\"http:\u002F\u002Fwww.modsecurity.org\u002F\" title=\"\" rel=\"nofollow ugc\">ModSecurity\u003C\u002Fa> module or the PHP \u003Ca href=\"http:\u002F\u002Fsuhosin.org\u002F\" title=\"\" rel=\"nofollow ugc\">Suhosin\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is \u003Cstrong>not compatible with Microsoft Windows\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>NinjaFirewall can hook, scan, sanitise or reject any HTTP\u002FHTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.\u003C\u002Fp>\n\u003Ch4>Powerful filtering engine\u003C\u002Fh4>\n\u003Cp>NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fintroduction-to-ninjafirewall-filtering-engine\u002F\" title=\"\" rel=\"nofollow ugc\">An introduction to NinjaFirewall filtering engine\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Fastest and most efficient brute-force attack protection for WordPress\u003C\u002Fh4>\n\u003Cp>By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.\u003C\u002Fp>\n\u003Cp>See our benchmarks and stress-tests: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fwordpress-brute-force-attack-detection-plugins-comparison-2015\u002F\" title=\"\" rel=\"nofollow ugc\">Brute-force attack detection plugins comparison\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The protection applies to the \u003Ccode>wp-login.php\u003C\u002Fcode> script but can be extended to the \u003Ccode>xmlrpc.php\u003C\u002Fcode> one. The incident can also be written to the server \u003Ccode>AUTH\u003C\u002Fcode> log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).\u003C\u002Fp>\n\u003Ch4>Real-time detection\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Guard\u003C\u002Fstrong> real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).\u003C\u002Fp>\n\u003Ch4>File integrity monitoring\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Check\u003C\u002Fstrong> lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.\u003C\u002Fp>\n\u003Ch4>Watch your website traffic in real time\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Live Log\u003C\u002Fstrong> lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the \u003Ccode>tail -f\u003C\u002Fcode> Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, \u003Cstrong>Live Log\u003C\u002Fstrong> is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.\u003C\u002Fp>\n\u003Ch4>Event Notifications\u003C\u002Fh4>\n\u003Cp>NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-adds-php-backtrace-to-email-notifications\u002F\" title=\"NinjaFirewall adds PHP backtrace to email notifications\" rel=\"nofollow ugc\">attach a PHP backtrace\u003C\u002Fa> to important notifications.\u003C\u002Fp>\n\u003Cp>Monitored events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrator login.\u003C\u002Fli>\n\u003Cli>Modification of any administrator account in the database.\u003C\u002Fli>\n\u003Cli>Plugins upload, installation, (de)activation, update, deletion.\u003C\u002Fli>\n\u003Cli>Themes upload, installation, activation, deletion.\u003C\u002Fli>\n\u003Cli>WordPress update.\u003C\u002Fli>\n\u003Cli>Pending security update in your plugins and themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stay protected against the latest WordPress security vulnerabilities\u003C\u002Fh4>\n\u003Cp>To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins\u002Fthemes, a new set of security rules will be made available to protect your blog immediately.\u003C\u002Fp>\n\u003Ch4>Strong Privacy\u003C\u002Fh4>\n\u003Cp>Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).\u003C\u002Fp>\n\u003Cp>Your website can run NinjaFirewall and be \u003Cstrong>compliant with the General Data Protection Regulation (GDPR)\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-general-data-protection-regulation-compliance\u002F\" title=\"GDPR Compliance\" rel=\"nofollow ugc\">See our blog for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>IPv6 compatibility\u003C\u002Fh4>\n\u003Cp>IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.\u003C\u002Fp>\n\u003Ch4>Multi-site support\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.\u003C\u002Fp>\n\u003Ch4>Possibility to prepend your own PHP code to the firewall\u003C\u002Fh4>\n\u003Cp>You can prepend your own PHP code to the firewall with the help of an \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-the-htninja-configuration-file\u002F\" rel=\"nofollow ugc\">optional distributed configuration file\u003C\u002Fa>. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.\u003C\u002Fp>\n\u003Ch4>Low Footprint Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is very fast, optimised, compact, and requires very low system resource.\u003Cbr \u002F>\nSee for yourself: download and install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-profiler\u002F\" title=\"\" rel=\"ugc\">Code Profiler\u003C\u002Fa> plugin and compare NinjaFirewall’s performance with other security plugins.\u003C\u002Fp>\n\u003Ch4>Non-Intrusive User Interface\u003C\u002Fh4>\n\u003Cp>NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.\u003C\u002Fp>\n\u003Ch4>Contextual Help\u003C\u002Fh4>\n\u003Cp>Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it.\u003Cbr \u002F>\nIf you need help, click on the \u003Cem>Help\u003C\u002Fem> menu tab located in the upper right corner of each page in your admin panel.\u003C\u002Fp>\n\u003Ch4>Need more security ?\u003C\u002Fh4>\n\u003Cp>Check out our new supercharged edition: \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"NinjaFirewall WP+ Edition\" rel=\"nofollow ugc\">NinjaFirewall WP+ Edition\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unix shared memory use for inter-process communication and blazing fast performances.\u003C\u002Fli>\n\u003Cli>IP-based Access Control.\u003C\u002Fli>\n\u003Cli>Role-based Access Control.\u003C\u002Fli>\n\u003Cli>Country-based Access Control via geolocation.\u003C\u002Fli>\n\u003Cli>URL-based Access Control.\u003C\u002Fli>\n\u003Cli>Bot-based Access Control.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fcentralized-logging-with-ninjafirewall\u002F\" title=\"Centralized Logging\" rel=\"nofollow ugc\">Centralized Logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Antispam for comment and user regisration forms.\u003C\u002Fli>\n\u003Cli>Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks.\u003C\u002Fli>\n\u003Cli>Response body filter to scan the output of the HTML page right before it is sent to your visitors browser.\u003C\u002Fli>\n\u003Cli>Better File uploads management.\u003C\u002Fli>\n\u003Cli>Better logs management.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fsyslog-logging-with-ninjafirewall\u002F\" title=\"Syslog logging\" rel=\"nofollow ugc\">Syslog logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa> about the WP+ Edition unique features. \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F?comparison\" title=\"\" rel=\"nofollow ugc\">Compare\u003C\u002Fa> the WP and WP+ Editions.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.9+\u003C\u002Fli>\n\u003Cli>Admin\u002FSuperadmin with \u003Ccode>manage_options\u003C\u002Fcode> + \u003Ccode>unfiltered_html capabilities\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>PHP 7.1+\u003C\u002Fli>\n\u003Cli>MySQL or MariaDB with MySQLi extension\u003C\u002Fli>\n\u003Cli>Apache \u002F Nginx \u002F LiteSpeed \u002F Openlitespeed compatible\u003C\u002Fli>\n\u003Cli>Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is \u003Cstrong>NOT\u003C\u002Fstrong> compatible with Microsoft Windows.\u003C\u002Fli>\n\u003C\u002Ful>\n","A true Web Application Firewall to protect and secure WordPress.",100000,3089632,98,217,"2026-03-12T09:53:00.000Z","6.9.4","4.9","7.1",[20,74,22,23,75],"malware","virus","https:\u002F\u002Fnintechnet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninjafirewall.4.8.4.zip","2021-05-30 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":70,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":26,"vuln_count":99,"unpatched_count":13,"last_vuln_date":100,"fetched_at":28},"zero-spam","Zero Spam for WordPress","5.7.7","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1423449,82,142,"2026-03-12T13:51:00.000Z","6.9","8.2",[20,22,23,95,96],"spam","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.7.7.zip",5,"2024-04-15 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":47,"num_ratings":111,"last_updated":112,"tested_up_to":70,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":118,"download_link":119,"security_score":26,"vuln_count":120,"unpatched_count":13,"last_vuln_date":121,"fetched_at":28},"injection-guard","Injection Guard","1.3.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Project URI:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPL v3\u003C\u002Fp>\n\u003Cp>Injection Guard is a WordPress plugin designed to block malicious query string attacks and suspicious URL parameters. It logs all incoming attempts, blocks harmful parameters, and adds extra security intelligence to your WordPress admin—like user session tracking and capability audit.\u003C\u002Fp>\n\u003Cp>The plugin uses the \u003Ccode>ig_\u003C\u002Fcode> prefix for database keys and functions, follows WordPress coding standards, and supports multiple languages. It’s compatible with pretty permalinks and helps in securing your site from automated bots and manual attacks.\u003C\u002Fp>\n\u003Ch3>Method A (Admin Panel)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to WordPress Admin > Plugins > Add New > Upload Plugin\u003C\u002Fli>\n\u003Cli>Upload the ZIP file and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to Settings > IG Settings and click “Save Settings”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Method B (Manual Upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the plugin package\u003C\u002Fli>\n\u003Cli>Upload the folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Finjection-guard\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Activate the plugin from the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>Visit Settings > IG Settings to configure\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Logs all unique query strings attempting to penetrate your website\u003C\u002Fli>\n\u003Cli>Blocks malicious or unknown query parameters\u003C\u002Fli>\n\u003Cli>Tracks login, logout, session start and duration per user\u003C\u002Fli>\n\u003Cli>Capability audit report for all WordPress users\u003C\u002Fli>\n\u003Cli>Multi-language support (FR, DE, ES)\u003C\u002Fli>\n\u003Cli>Bootstrap-based admin UI and dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software licensed under the GNU GPL v2 or later.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.",1000,32926,4,"2026-03-14T21:13:00.000Z","3.0","7.0",[116,20,23,117,55],"anti-hacking","sql-injection","https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finjection-guard.1.3.0.zip",6,"2026-03-20 10:55:45",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":16,"requires_php":72,"tags":136,"homepage":52,"download_link":139,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wt-security","WebTotem Security","2.4.35","WebTotem","https:\u002F\u002Fprofiles.wordpress.org\u002Fwtsec\u002F","\u003Cp>\u003Cstrong>WebTotem: Enhance Your WordPress Website Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebTotem the Ultimate WordPress Security Plugin for Comprehensive Protection\u003Cbr \u002F>\nIn today’s digital landscape, safeguarding your WordPress website against a myriad of threats is paramount. WebTotem emerges as a formidable security solution, offering a suite of powerful features designed to protect your website from the ground up. With antivirus scans, firewall protection, SSL certificate monitoring, and port analysis, WebTotem ensures your web space is meticulously guarded. Pushing the envelope further, it incorporates CVE vulnerability scanning to preemptively identify and mitigate potential risks, fortifying your website’s defense mechanism.\u003Cbr \u002F>\nWebTotem transforms your website into an impenetrable fortress by integrating additional layers of security such as activity logs, two-factor authentication (2FA), brute force attack prevention, and CAPTCHA functionalities. This not only guarantees uninterrupted operation but also establishes a reliable security framework for your website.\u003C\u002Fp>\n\u003Ch3>Core Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Antivirus Protection:\u003C\u002Fstrong> Conducts thorough scans of your files for malicious software, hidden shells, and dubious modifications, marking the first step towards a secure website. It’s an intuitive solution for maintaining your site’s integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Defense:\u003C\u002Fstrong> Offers real-time safeguarding against SQL injections, XSS, and DOS attacks, ensuring your data remains secure from unwelcome intrusions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SSL Module:\u003C\u002Fstrong> Administers continuous monitoring and management of your site’s SSL certificates, protecting data transmission round the clock.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Port Scanner:\u003C\u002Fstrong> Employs meticulous analysis to identify open ports, blocking unauthorized access and neutralizing potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Path Scanner:\u003C\u002Fstrong> Proactively searches and reviews accessible paths to files and directories, closing off avenues for attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reputation Module:\u003C\u002Fstrong> Vigilantly monitors and alerts you about any blacklisting issues, safeguarding your site’s online reputation and visibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility Module:\u003C\u002Fstrong> Keeps a close watch on site availability and page response times, ensuring optimal performance and a seamless user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technology Scanner:\u003C\u002Fstrong> Accurately identifies your site’s technology stack and its versions, aiding in keeping your systems up-to-date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Highlight Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> A cornerstone feature that scans for known vulnerabilities within the Common Vulnerabilities and Exposures (CVE) database, enabling swift remediation to boost your site’s security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Resource Module:\u003C\u002Fstrong> Provides crucial insights into RAM and CPU usage, along with disk space analytics, facilitating efficient resource utilization for enhanced site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log:\u003C\u002Fstrong> An essential tool for monitoring site changes and activities, offering a comprehensive event timeline for enhanced security oversight and swift incident response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Enhanced Security Measures:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Elevates security by requiring a second form of verification, seamlessly integrated within your CMS to protect administrative access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Integration:\u003C\u002Fstrong> A versatile tool against spam bots and automated attacks, offering customizable CAPTCHA deployment to safeguard your forms from unwarranted submissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-Force Protection:\u003C\u002Fstrong> Actively combats password guessing attempts, employing proactive measures to prevent unauthorized access to your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Assessment (Scoring):\u003C\u002Fstrong> Offers a detailed security evaluation based on an innovative methodology, pinpointing improvement areas with strategic recommendations to fortify your website’s security stance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Remediation Advice:\u003C\u002Fstrong> Goes beyond detection by providing actionable, detailed guidance for addressing vulnerabilities, enhancing your website’s resilience against threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WebTotem stands as a comprehensive security plugin, expertly crafted to enhance your WordPress site’s defenses. By adopting WebTotem, you not only protect your site from current threats but also strengthen its overall security architecture, ensuring a safe and robust online presence.\u003C\u002Fp>\n","WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.",900,92711,84,13,"2025-10-06T06:25:00.000Z","6.6.5",[137,20,138,22,23],"antivirus","monitoring","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-security.2.4.35.zip",{"attackSurface":141,"codeSignals":213,"taintFlows":445,"riskAssessment":481,"analyzedAt":496},{"hooks":142,"ajaxHandlers":187,"restRoutes":207,"shortcodes":208,"cronEvents":209,"entryPointCount":212,"unprotectedCount":13},[143,149,153,157,161,165,169,172,175,179,182],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","nohackme_defender_daily_event","nohackme_defender_do_daily_event","nohackme-defender.php",116,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_menu","closure",709,{"type":144,"name":154,"callback":155,"file":147,"line":156},"admin_init","nohackme_defender_register_settings",712,{"type":144,"name":158,"callback":159,"file":147,"line":160},"admin_enqueue_scripts","nohackme_defender_enqueue_admin_scripts",1121,{"type":144,"name":162,"callback":163,"file":147,"line":164},"plugins_loaded","nohackme_defender_load_textdomain",1127,{"type":144,"name":166,"callback":167,"file":147,"line":168},"admin_notices","nohackme_defender_admin_notice_wpconfig",1139,{"type":144,"name":154,"callback":170,"file":147,"line":171},"nohackme_defender_check_wpconfig",1143,{"type":144,"name":166,"callback":173,"file":147,"line":174},"nohackme_defender_show_admin_notice",1162,{"type":144,"name":176,"callback":177,"file":147,"line":178},"admin_footer","pdxglobal_admin_scripts",1209,{"type":144,"name":166,"callback":180,"file":147,"line":181},"nohackme_defender_check_premium_plugin_folder",1212,{"type":183,"name":184,"callback":185,"file":147,"line":186},"filter","plugin_action_links_nohackme_defender\u002Fnohackme_defender.php","nohackme_defender_add_settings_link",1246,[188,193,194,197,199,202,204],{"action":189,"nopriv":190,"callback":189,"hasNonce":191,"hasCapCheck":190,"file":192,"line":99},"nohackme_defender_restore_defaults",false,true,"ajax.php",{"action":189,"nopriv":191,"callback":189,"hasNonce":191,"hasCapCheck":190,"file":192,"line":120},{"action":195,"nopriv":190,"callback":195,"hasNonce":191,"hasCapCheck":190,"file":192,"line":196},"nohackme_defender_restore_defaults_ips_google",35,{"action":195,"nopriv":191,"callback":195,"hasNonce":191,"hasCapCheck":190,"file":192,"line":198},36,{"action":200,"nopriv":190,"callback":200,"hasNonce":191,"hasCapCheck":190,"file":192,"line":201},"nohackme_defender_restore_defaults_ips_yandex",65,{"action":200,"nopriv":191,"callback":200,"hasNonce":191,"hasCapCheck":190,"file":192,"line":203},66,{"action":205,"nopriv":190,"callback":205,"hasNonce":190,"hasCapCheck":191,"file":147,"line":206},"pdxglobal_dismiss_daily_notice",1194,[],[],[210],{"hook":145,"callback":145,"file":147,"line":211},59,7,{"dangerousFunctions":214,"sqlUsage":229,"outputEscaping":231,"fileOperations":442,"externalRequests":32,"nonceChecks":443,"capabilityChecks":32,"bundledLibraries":444},[215,219,222,226],{"fn":216,"file":147,"line":217,"context":218},"unserialize",214,"$reason = @unserialize(_pdxglobal_get_file_via_wpfs(NOHACKME_DEFENDER_BANNED_PATH . $ip));",{"fn":216,"file":147,"line":220,"context":221},560,"$ips = @unserialize($data);",{"fn":216,"file":223,"line":224,"context":225},"nohackme.php",47,"$settings = @unserialize(file_get_contents($settings_path . 'settings'));",{"fn":216,"file":223,"line":227,"context":228},129,"$cur_ips = @unserialize(file_get_contents($settings_path . 'cur_ips_counters'));",{"prepared":13,"raw":13,"locations":230},[],{"escaped":232,"rawEcho":233,"locations":234},149,103,[235,237,239,241,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440],{"file":192,"line":33,"context":236},"raw output",{"file":192,"line":238,"context":236},60,{"file":192,"line":240,"context":236},90,{"file":242,"line":243,"context":236},"funcs.php",83,{"file":242,"line":245,"context":236},85,{"file":242,"line":247,"context":236},86,{"file":147,"line":249,"context":236},153,{"file":147,"line":251,"context":236},174,{"file":147,"line":253,"context":236},193,{"file":147,"line":255,"context":236},218,{"file":147,"line":257,"context":236},221,{"file":147,"line":259,"context":236},224,{"file":147,"line":261,"context":236},227,{"file":147,"line":263,"context":236},235,{"file":147,"line":265,"context":236},238,{"file":147,"line":267,"context":236},241,{"file":147,"line":269,"context":236},252,{"file":147,"line":271,"context":236},260,{"file":147,"line":273,"context":236},263,{"file":147,"line":275,"context":236},264,{"file":147,"line":277,"context":236},268,{"file":147,"line":279,"context":236},270,{"file":147,"line":281,"context":236},277,{"file":147,"line":283,"context":236},292,{"file":147,"line":285,"context":236},304,{"file":147,"line":287,"context":236},309,{"file":147,"line":289,"context":236},314,{"file":147,"line":291,"context":236},315,{"file":147,"line":293,"context":236},319,{"file":147,"line":295,"context":236},351,{"file":147,"line":297,"context":236},358,{"file":147,"line":299,"context":236},360,{"file":147,"line":301,"context":236},367,{"file":147,"line":303,"context":236},385,{"file":147,"line":305,"context":236},397,{"file":147,"line":307,"context":236},406,{"file":147,"line":309,"context":236},407,{"file":147,"line":311,"context":236},411,{"file":147,"line":313,"context":236},441,{"file":147,"line":315,"context":236},448,{"file":147,"line":317,"context":236},450,{"file":147,"line":319,"context":236},453,{"file":147,"line":321,"context":236},460,{"file":147,"line":323,"context":236},478,{"file":147,"line":325,"context":236},490,{"file":147,"line":327,"context":236},499,{"file":147,"line":329,"context":236},500,{"file":147,"line":331,"context":236},504,{"file":147,"line":333,"context":236},534,{"file":147,"line":335,"context":236},541,{"file":147,"line":337,"context":236},564,{"file":147,"line":339,"context":236},606,{"file":147,"line":341,"context":236},608,{"file":147,"line":343,"context":236},639,{"file":147,"line":345,"context":236},641,{"file":147,"line":347,"context":236},672,{"file":147,"line":349,"context":236},674,{"file":147,"line":351,"context":236},703,{"file":147,"line":353,"context":236},739,{"file":147,"line":355,"context":236},741,{"file":147,"line":357,"context":236},743,{"file":147,"line":359,"context":236},745,{"file":147,"line":361,"context":236},746,{"file":147,"line":363,"context":236},792,{"file":147,"line":365,"context":236},795,{"file":147,"line":367,"context":236},799,{"file":147,"line":369,"context":236},801,{"file":147,"line":371,"context":236},806,{"file":147,"line":373,"context":236},809,{"file":147,"line":375,"context":236},816,{"file":147,"line":377,"context":236},833,{"file":147,"line":379,"context":236},837,{"file":147,"line":381,"context":236},843,{"file":147,"line":383,"context":236},846,{"file":147,"line":385,"context":236},849,{"file":147,"line":387,"context":236},855,{"file":147,"line":389,"context":236},858,{"file":147,"line":391,"context":236},865,{"file":147,"line":393,"context":236},868,{"file":147,"line":395,"context":236},875,{"file":147,"line":397,"context":236},877,{"file":147,"line":399,"context":236},917,{"file":147,"line":401,"context":236},920,{"file":147,"line":403,"context":236},922,{"file":147,"line":405,"context":236},927,{"file":147,"line":407,"context":236},929,{"file":147,"line":409,"context":236},934,{"file":147,"line":411,"context":236},936,{"file":147,"line":413,"context":236},943,{"file":147,"line":415,"context":236},965,{"file":147,"line":417,"context":236},968,{"file":147,"line":419,"context":236},972,{"file":147,"line":421,"context":236},978,{"file":147,"line":423,"context":236},981,{"file":147,"line":425,"context":236},989,{"file":147,"line":427,"context":236},992,{"file":147,"line":429,"context":236},999,{"file":147,"line":431,"context":236},1003,{"file":147,"line":433,"context":236},1006,{"file":147,"line":435,"context":236},1009,{"file":147,"line":437,"context":236},1012,{"file":223,"line":439,"context":236},112,{"file":223,"line":441,"context":236},188,16,8,[],[446,469],{"entryPoint":447,"graph":448,"unsanitizedCount":48,"severity":468},"nohackme_defender_get_settings_page (nohackme-defender.php:775)",{"nodes":449,"edges":465},[450,455,460,463],{"id":451,"type":452,"label":453,"file":147,"line":454},"n0","source","$_SERVER",840,{"id":456,"type":457,"label":458,"file":147,"line":383,"wp_function":459},"n1","sink","echo() [XSS]","echo",{"id":461,"type":452,"label":462,"file":147,"line":385},"n2","$_SERVER['SERVER_ADDR']",{"id":464,"type":457,"label":458,"file":147,"line":385,"wp_function":459},"n3",[466,467],{"from":451,"to":456,"sanitized":190},{"from":461,"to":464,"sanitized":190},"medium",{"entryPoint":470,"graph":471,"unsanitizedCount":13,"severity":480},"\u003Cnohackme-defender> (nohackme-defender.php:0)",{"nodes":472,"edges":477},[473,474,475,476],{"id":451,"type":452,"label":453,"file":147,"line":454},{"id":456,"type":457,"label":458,"file":147,"line":383,"wp_function":459},{"id":461,"type":452,"label":462,"file":147,"line":385},{"id":464,"type":457,"label":458,"file":147,"line":385,"wp_function":459},[478,479],{"from":451,"to":456,"sanitized":191},{"from":461,"to":464,"sanitized":191},"low",{"summary":482,"deductions":483},"The 'nohackme-defender' plugin v1.1.0 presents a generally good security posture with several strengths, including a complete absence of known CVEs and a robust use of prepared statements for all SQL queries.  All identified entry points, including AJAX handlers, are protected by authentication checks, and there are no direct REST API routes exposed. Nonce and capability checks are also present, indicating an awareness of common WordPress security practices.\n\nHowever, there are notable areas of concern. The presence of four 'unserialize' calls is a significant risk, as it can lead to Remote Code Execution vulnerabilities if untrusted data is passed to it.  While no critical or high severity taint flows were found, the single flow with unsanitized paths warrants attention. Furthermore, the output escaping is only properly implemented in 59% of cases, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is output without sufficient sanitization.  The plugin also performs file operations and makes external HTTP requests, which are potential vectors if not handled with extreme care.\n\nGiven the plugin's clean vulnerability history, it suggests a potentially proactive development approach or simply a lack of past exploitation. Nevertheless, the identified code signals, particularly the use of 'unserialize' and insufficient output escaping, represent tangible security risks that should be addressed to maintain a strong security posture.",[484,487,489,491,494],{"reason":485,"points":486},"Use of unserialize function",15,{"reason":488,"points":45},"Unsanitized paths in taint flow",{"reason":490,"points":443},"Low percentage of properly escaped output",{"reason":492,"points":493},"File operations performed",3,{"reason":495,"points":493},"External HTTP requests made","2026-03-16T23:10:51.063Z",{"wat":498,"direct":503},{"assetPaths":499,"generatorPatterns":500,"scriptPaths":501,"versionParams":502},[],[],[],[],{"cssClasses":504,"htmlComments":505,"htmlAttributes":506,"restEndpoints":507,"jsGlobals":508,"shortcodeOutput":509},[],[],[],[],[],[]]