[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxB4lZkR7SEzvUh1aufwG46Qjz6YBilGP2cZzn_FGqEM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":135,"fingerprints":200},"page-protection","Page Protection","1.2","mortenf","https:\u002F\u002Fprofiles.wordpress.org\u002Fmortenf\u002F","\u003Cp>This plugin adds optional per-page user name and password protection, implemented using standard HTTP protocol authorization headers, thus triggering the standard user\u002Fpassword dialog of the browser, and making it possible to make the browser store the credentials.\u003C\u002Fp>\n\u003Cp>Subpages of a protected page are protected with the same user name and password as their parent.\u003C\u002Fp>\n\u003Cp>Protected pages and their subpages do not show up in menus, search results and page lists.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>When editing a page, locate the section titled “Page Protection” (probably located near the bottom of the right sidebar).\u003C\u002Fli>\n\u003Cli>Check the box “Protect page and subpages”, and provide a user name and password combination.\u003C\u002Fli>\n\u003Cli>Optionally, check the box “Make page and subpages searchable”, if you want the page and its subpages turn up in search results, but only with their title, not their content.\u003C\u002Fli>\n\u003Cli>Save your page.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright (c) 2009 Morten Høybye Frederiksen \u003Ca href=\"mailto:morten@wasab.dk\" rel=\"nofollow ugc\">morten@wasab.dk\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Permission to use, copy, modify, and distribute this software for any\u003Cbr \u002F>\npurpose with or without fee is hereby granted, provided that the above\u003Cbr \u002F>\ncopyright notice and this permission notice appear in all copies.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES\u003Cbr \u002F>\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\u003Cbr \u002F>\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\u003Cbr \u002F>\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\u003Cbr \u002F>\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\u003Cbr \u002F>\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\u003Cbr \u002F>\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\u003C\u002Fp>\n","Protect pages and their subpages with user name\u002Fpassword, and keep protected pages from showing up in menus, search results and page lists.",80,9743,60,2,"2009-09-09T20:45:00.000Z","2.8.4","2.8","",[20,21,22,23],"access","privacy","protection","security","http:\u002F\u002Fwww.mfd-consult.dk\u002Fpage-protection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-protection.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},4,110,89,30,86,"2026-04-04T16:09:19.529Z",[39,59,81,101,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":47,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":47,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simple-password-protect","Simple Password Protect","1.1.0","Desk9 Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesk9\u002F","\u003Cp>Simple Password Protect provides an easy way to password-protect your entire WordPress website frontend. Perfect for development sites, private blogs, or any site that needs basic access control.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Global Protection\u003C\u002Fstrong>: Protects the entire frontend of your WordPress site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliance\u003C\u002Fstrong>: Modal windows for Legal Disclosure and Privacy Policy pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Authentication\u003C\u002Fstrong>: Uses WordPress password hashing and secure cookies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bypass\u003C\u002Fstrong>: WordPress administrators can access the site without password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Design\u003C\u002Fstrong>: Upload logos, customize colors and text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: Works perfectly ons all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>24-Hour Sessions\u003C\u002Fstrong>: Authenticated users stay logged in for 24 hours\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Development and staging sites\u003C\u002Fli>\n\u003Cli>Private family blogs\u003C\u002Fli>\n\u003Cli>Member-only websites\u003C\u002Fli>\n\u003Cli>Temporary site protection\u003C\u002Fli>\n\u003Cli>Client preview sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit the plugin’s support forum or contact the developer.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin stores a hashed version of your protection password in the WordPress database. It also sets a secure authentication cookie when users successfully enter the password. No personal data is collected or transmitted to external services.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later license.\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n","Protect your entire WordPress site with a simple password. GDPR-compliant with modal links for legal pages.",100,664,1,"2025-10-30T21:56:00.000Z","6.8.5","6.8","7.4",[55,56,21,22,23],"access-control","password","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-password-protect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-password-protect.1.1.0.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":79,"download_link":80,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"zotya-htaccess-protect","htaccess protect","0.7.0","zoltanlaczko","https:\u002F\u002Fprofiles.wordpress.org\u002Fzoltanlaczko\u002F","\u003Cp>Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.\u003C\u002Fp>\n\u003Cp>When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he\u002Fshe inserts the username\u002Fpassword. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.\u003C\u002Fp>\n\u003Cp>The plugin options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enabling\u002Fdisabling the password protection to wp-login.php, WordPress admin pages.\u003C\u002Fli>\n\u003Cli>Modifying the existing users: you can change any .htaccess user’s password and remove the users.\u003C\u002Fli>\n\u003Cli>Create\u002Fmodify an unlimited number of .htaccess users;\u003C\u002Fli>\n\u003Cli>Protect your whole site, making it accessible to only those who have the .htaccess user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is originally was based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtaccess-site-access-control\u002F\" rel=\"ugc\">.htaccess Site Access Control\u003C\u002Fa>. That plugin was working fine but it was abandoned for years and not compatible with the latest WordPress. Most part of the plugin were refactored and translated.\u003C\u002Fp>\n","htaccess protect - Protect your wordpress login or admin pages with password.",900,10716,74,6,"2022-01-23T19:01:00.000Z","5.9.13","5.0","5.6",[76,77,78,22,23],"htaccess","htpasswd","protect","https:\u002F\u002Fgithub.com\u002Fzoltanlaczko\u002Fwp-htaccess-protect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzotya-htaccess-protect.0.7.0.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":47,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"sar-one-click-security","SAR One Click Security","1.3","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>There’s a lot of WordPress security plugins with many many options and pages to setup. And that is fine if you know what to do.\u003Cbr \u002F>\nBut most of the times, you don’t need so much or simply you’re not sure about what to set or not.\u003C\u002Fp>\n\u003Cp>This plugin adds some extra security to your WordPress with only one click. \u003Cstrong>No options page, just activate it!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Like many other security plugins SAR One Click Security adds well known .htaccess rules, but only the ones probed to be safe to use in almost any type of site (including WooCommerce stores), to protect your WordPress from common attacks. This allows you to have a safer WordPress without worries about what protection you should be using.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Turn off ServerSignature directive, that may leak information about your web server.\u003C\u002Fli>\n\u003Cli>Turn off directory listing, avoiding bad configured hostings to leak your files.\u003C\u002Fli>\n\u003Cli>Blocks public access (from web) to following files that may leak information about your WordPress install: .htaccess, license.txt, readme.html, wp-config.php, wp-config-sample.php, install.php\u003C\u002Fli>\n\u003Cli>Blocks access to wp-login.php to dummy bots trying to register in WordPress sites that have registration disabled.\u003C\u002Fli>\n\u003Cli>Blocks requests looking for timthumb.php, reducing server load caused by bots trying to find it. (*)\u003C\u002Fli>\n\u003Cli>Blocks TRACE and TRACK request methods, preventing XST attacks.\u003C\u002Fli>\n\u003Cli>Blocks direct posting to wp-comments-post.php (most spammers do this) and access with blank User Agent, reducing spam comments a lot and also server load.\u003C\u002Fli>\n\u003Cli>Blocks direct access to PHP files in wp-content directory (this includes subdirectories like plugins or themes). Protecting you from a huge number of 0day exploits.\u003C\u002Fli>\n\u003Cli>Blocks direct POST to wp-login.php and access with blank User Agent, preventing most brute-force attacks and reducing server load.\u003C\u002Fli>\n\u003Cli>Blocks access to .txt files under any plugin\u002Ftheme directory to prevent scans for installed plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>Blocks any query string trying to get a copy of the wp-config.php file.\u003C\u002Fli>\n\u003Cli>Blocks gf_page=upload query string argument, this was deprecated in Gravity Forms on May 2015, if your copy of Gravity Forms still uses it, update now!\u003C\u002Fli>\n\u003Cli>Removes version information from page headers. This includes not only the page header (html or xhtml) but also feed headers (rss, rss2, atom, rdf) and opml comments. Only the version number is removed, not the entire generator information.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*) If your theme uses TimThumb, you can disable that blocking rule, check FAQ before installing the plugin to see how.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 3.9.2 or higher. (Works with WordPress network\u002Fmultisite installation).\u003C\u002Fli>\n\u003Cli>Apache 2.4.x web server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It has been tested in many servers including large providers like HostGator, Godaddy and 1&1 with optimal results, and it will work fine in any decent hosting service (that allows you to set options from .htaccess files).\u003C\u002Fp>\n\u003Cp>Anyway, if you get any problem after activating the plugin, check FAQ for instructions on how to manually uninstall it.\u003C\u002Fp>\n\u003Cp>If you’re not sure of which server is your hosting company using or if they allow to use custom .htaccess rules, I would recommend you to contact with your host support \u003Cstrong>before\u003C\u002Fstrong> installing the plugin.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To apply above mentioned security rules simply install and activate the plugin, no options page, no user setup!\u003C\u002Fp>\n\u003Cp>If you need to remove the security rules for some reason, simply deactivate the plugin. If you want to add them again, activate the plugin again, that easy 😉\u003C\u002Fp>\n\u003Cp>And remember, \u003Cstrong>if your theme uses TimThumb, check FAQ before installing the plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n","Adds some extra security to your WordPress with only one click.",200,13616,7,"2025-03-03T20:53:00.000Z","6.7.5","3.9.2",[96,97,76,22,23],"firewall","hardening","http:\u002F\u002Fwww.samuelaguilera.com\u002Farchivo\u002Fprotege-wordpress-facilmente.xhtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsar-one-click-security.1.3.zip",92,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":27,"num_ratings":27,"last_updated":111,"tested_up_to":112,"requires_at_least":73,"requires_php":113,"tags":114,"homepage":118,"download_link":119,"security_score":47,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"protect-my-infos","Protect My Infos","1.3.8","Yuga Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fyugaweb\u002F","\u003Cp>\u003Cstrong>Protect My Infos\u003C\u002Fstrong> is a WordPress plugin designed to protect sensitive information, such as phone numbers and email addresses, by obfuscating or hiding them on the frontend of your site.\u003C\u002Fp>\n\u003Cp>Emails and phone numbers are encoded and hidden from bots, while visitors can interact with placeholders to reveal the information.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate sensitive information with placeholders, blur effects, or base64 encoding.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[protect_my_infos]\u003C\u002Fcode> shortcode for integration in posts or pages.\u003C\u002Fli>\n\u003Cli>Fully customizable settings for icons, colors, and reveal texts.\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the PayPal Donate API to facilitate donations via PayPal’s secure platform.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name\u003C\u002Fstrong>: PayPal Donate API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To provide a “Donate” button for collecting user donations securely via PayPal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Donation amount\u003C\u002Fli>\n\u003Cli>Currency\u003C\u002Fli>\n\u003Cli>PayPal Merchant ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent to PayPal only when a user interacts with the “Donate” button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Links\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Flegalhub-full\" rel=\"nofollow ugc\">PayPal Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Fprivacy-full\" rel=\"nofollow ugc\">PayPal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin does not store or process sensitive personal information. All payment transactions are handled securely by PayPal’s platform.\u003C\u002Fp>\n","Protect sensitive information like emails and phone numbers from bots with advanced obfuscation techniques.",90,914,"2025-12-11T15:33:00.000Z","6.9.4","7.2",[115,116,117,21,23],"anti-spam","email-obfuscation","phone-number-protection","https:\u002F\u002Fwww.yugaweb.com\u002Fprotect-my-infos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-my-infos.1.3.8.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":13,"num_ratings":14,"last_updated":130,"tested_up_to":51,"requires_at_least":131,"requires_php":53,"tags":132,"homepage":18,"download_link":134,"security_score":47,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"access-defender","Access Defender – Advanced VPN & Proxy Blocker","1.1.2","Huzaifa Al Mesbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuzaifaalmesbah\u002F","\u003Cp>Access Defender is the most comprehensive WordPress security plugin for blocking VPNs, proxies, and suspicious traffic. Protect your website from malicious users, spam, fraud, and unauthorized access with our advanced multi-provider detection system.\u003C\u002Fp>\n\u003Cp>NEW in Version 1.1.0: Revolutionary multi-provider system with automatic failover, real-time monitoring, and enhanced reliability!\u003C\u002Fp>\n\u003Ch4>Quick Start Video Tutorial\u003C\u002Fh4>\n\u003Cp>Watch our step-by-step installation and configuration guide:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgWUFEuK1ZhA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Ch4>Advanced VPN & Proxy Detection\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>99.9% Detection Accuracy – Industry-leading precision in identifying VPNs, proxies, and hosting providers\u003C\u002Fli>\n\u003Cli>Multiple Detection Methods – Comprehensive IP analysis using advanced algorithms\u003C\u002Fli>\n\u003Cli>Real-time Threat Assessment – Instant blocking of suspicious traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Provider System (NEW!)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>4+ API Providers – Choose from free and premium services\u003C\u002Fli>\n\u003Cli>Smart Auto-Rotation – Automatic switching between providers when limits are reached\u003C\u002Fli>\n\u003Cli>Zero Downtime Protection – Seamless failover ensures continuous security\u003C\u002Fli>\n\u003Cli>Load Balancing – Distribute requests across multiple providers for optimal performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Real-time Monitoring & Analytics\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Live Usage Statistics – Monitor API calls, success rates, and provider performance\u003C\u002Fli>\n\u003Cli>Detailed Reporting – Track blocked attempts, provider efficiency, and security metrics\u003C\u002Fli>\n\u003Cli>Performance Insights – Optimize your security setup with actionable data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Configuration Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free Provider Auto-Rotation – Perfect for small to medium websites\u003C\u002Fli>\n\u003Cli>Premium Provider Support – Enhanced reliability for high-traffic sites\u003C\u002Fli>\n\u003Cli>Flexible API Management – Easy switching between providers\u003C\u002Fli>\n\u003Cli>Custom Rate Limiting – Intelligent request management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User-Friendly Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup – Get protected in minutes\u003C\u002Fli>\n\u003Cli>Customizable Block Messages – Professional warning pages for blocked users\u003C\u002Fli>\n\u003Cli>Admin Bypass – Administrators never get blocked\u003C\u002Fli>\n\u003Cli>Bot-Friendly – Automatic detection and allowance of search engine crawlers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Access Defender?\u003C\u002Fh3>\n\u003Ch4>For Website Owners:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect against fraud, spam, and malicious activities\u003C\u002Fli>\n\u003Cli>Reduce server load from suspicious traffic\u003C\u002Fli>\n\u003Cli>Improve website performance and user experience\u003C\u002Fli>\n\u003Cli>Maintain compliance with security standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For E-commerce Sites:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Prevent fraudulent transactions and chargebacks\u003C\u002Fli>\n\u003Cli>Block suspicious purchasing patterns\u003C\u002Fli>\n\u003Cli>Protect customer data and payment information\u003C\u002Fli>\n\u003Cli>Reduce cart abandonment from bot traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For Content Creators:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect premium content from unauthorized access\u003C\u002Fli>\n\u003Cli>Prevent content scraping and theft\u003C\u002Fli>\n\u003Cli>Ensure genuine user engagement metrics\u003C\u002Fli>\n\u003Cli>Maintain advertising revenue integrity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported API Providers\u003C\u002Fh3>\n\u003Ch4>Free Providers (Auto-Rotation Enabled):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com (Free) – 45 requests\u002Fminute, reliable detection\u003C\u002Fli>\n\u003Cli>Additional Free APIs – Coming soon for enhanced rotation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Providers (Enhanced Performance):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ProxyCheck.io – Professional-grade detection with 99.9% accuracy\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – Advanced geolocation and VPN detection\u003C\u002Fli>\n\u003Cli>IP-API.com (Pro) – Premium tier with higher limits (Coming Soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Provider Management:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Sequential rotation through free providers\u003C\u002Fli>\n\u003Cli>Automatic failover when rate limits are reached\u003C\u002Fli>\n\u003Cli>Real-time provider health monitoring\u003C\u002Fli>\n\u003Cli>Intelligent request distribution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>E-commerce Websites – Prevent fraud and protect transactions\u003C\u002Fli>\n\u003Cli>Membership Sites – Control access to premium content\u003C\u002Fli>\n\u003Cli>Corporate Websites – Maintain security compliance\u003C\u002Fli>\n\u003Cli>News & Media Sites – Protect against content scraping\u003C\u002Fli>\n\u003Cli>SaaS Platforms – Prevent abuse and unauthorized access\u003C\u002Fli>\n\u003Cli>Any WordPress Site – Universal security enhancement\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy & Security\u003C\u002Fh3>\n\u003Ch4>Data Collection & Processing:\u003C\u002Fh4>\n\u003Cp>Access Defender prioritizes your privacy while providing robust security. Here’s how we handle data:\u003C\u002Fp>\n\u003Ch4>API Provider Data Sharing:\u003C\u002Fh4>\n\u003Cp>When checking IP addresses, minimal data is shared with selected API providers for detection purposes only.\u003C\u002Fp>\n\u003Ch4>Supported Providers & Their Policies:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>ProxyCheck.io – \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – \u003Ca href=\"https:\u002F\u002Fipgeolocation.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Security Measures:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Encrypted API Communications – All provider requests use HTTPS\u003C\u002Fli>\n\u003Cli>No Personal Data Storage – Only IP addresses are processed temporarily\u003C\u002Fli>\n\u003Cli>Automatic Data Purging – Logs are cleared regularly\u003C\u002Fli>\n\u003Cli>Secure Key Management – API keys are encrypted in database\u003C\u002Fli>\n\u003Cli>WordPress Security Standards – Full compliance with WP security guidelines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Analytics & Telemetry:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Opt-in Only – Data collection requires your explicit consent\u003C\u002Fli>\n\u003Cli>Anonymous Usage Data – Helps improve plugin performance\u003C\u002Fli>\n\u003Cli>No Personal Information – Only technical usage statistics\u003C\u002Fli>\n\u003Cli>Full Control – Disable anytime in settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License & Legal\u003C\u002Fh3>\n\u003Ch4>Open Source License\u003C\u002Fh4>\n\u003Cp>Access Defender is licensed under GPLv2 or later. This ensures the plugin remains free and open-source while providing you with the flexibility to use, modify, and distribute it according to your needs.\u003C\u002Fp>\n\u003Ch4>License Details:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free to use for personal and commercial projects\u003C\u002Fli>\n\u003Cli>Modify and customize according to your requirements\u003C\u002Fli>\n\u003Cli>Redistribute under the same license terms\u003C\u002Fli>\n\u003Cli>Access to complete source code\u003C\u002Fli>\n\u003Cli>Community-driven development and support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Legal Information:\u003C\u002Fh4>\n\u003Cp>This plugin provides security features but users should understand:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No 100% Guarantee: No security measure is completely foolproof\u003C\u002Fli>\n\u003Cli>Third-party Dependencies: Plugin functionality depends on external API services\u003C\u002Fli>\n\u003Cli>Service Availability: API provider changes may affect functionality\u003C\u002Fli>\n\u003Cli>User Responsibility: Proper configuration and monitoring are essential\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Best Practices:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Regularly monitor plugin performance\u003C\u002Fli>\n\u003Cli>Keep plugin updated to latest version\u003C\u002Fli>\n\u003Cli>Test configuration on staging environment\u003C\u002Fli>\n\u003Cli>Maintain backup security measures\u003C\u002Fli>\n\u003Cli>Review API provider terms periodically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using Access Defender, you acknowledge these terms and agree to use the plugin responsibly as part of a comprehensive security strategy.\u003C\u002Fp>\n","Advanced VPN & proxy blocker for WordPress. 99.9% accuracy, multi-API rotation, real-time monitoring. Protect against fraud & spam.",50,1618,"2025-10-02T04:29:00.000Z","5.9",[96,21,22,23,133],"spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.1.2.zip",{"attackSurface":136,"codeSignals":180,"taintFlows":192,"riskAssessment":193,"analyzedAt":199},{"hooks":137,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":27,"unprotectedCount":27},[138,144,148,152,156,160,164,168,172],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","template_redirect","page_protection_template_redirect","page-protection.php",24,{"type":139,"name":145,"callback":146,"file":142,"line":147},"parse_query","page_protection_parse_query",36,{"type":149,"name":150,"callback":151,"file":142,"line":34},"filter","wp_list_pages_excludes","page_protection_wp_list_pages_excludes",{"type":149,"name":153,"callback":154,"file":142,"line":155},"the_content","page_protection_the_content",146,{"type":149,"name":157,"callback":158,"file":142,"line":159},"the_excerpt","page_protection_the_excerpt",153,{"type":139,"name":161,"callback":162,"file":142,"line":163},"admin_head","page_protection_admin_head",162,{"type":139,"name":165,"callback":166,"file":142,"line":167},"wp_insert_post","page_protection_insert_post",202,{"type":139,"name":169,"callback":170,"file":142,"line":171},"admin_init","page_protection_admin_init",207,{"type":139,"name":173,"callback":174,"file":142,"line":175},"init","page_protection_init",213,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":189,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":191},[],{"prepared":27,"raw":14,"locations":183},[184,187],{"file":142,"line":185,"context":186},46,"$wpdb->get_results() with variable interpolation",{"file":142,"line":188,"context":186},61,{"escaped":32,"rawEcho":27,"locations":190},[],[],[],{"summary":194,"deductions":195},"The \"page-protection\" plugin v1.2 exhibits a generally strong security posture based on the provided static analysis.  The absence of identified dangerous functions, file operations, external HTTP requests, and a lack of critical or high severity taint flows are positive indicators. All identified outputs are properly escaped, and there are no known vulnerabilities in its history, suggesting a well-maintained and secure plugin. The limited attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events, further contributes to its robust security. \n\nHowever, a significant concern arises from the two SQL queries that are not using prepared statements. This lack of sanitization for database interactions introduces a potential risk for SQL injection vulnerabilities, even if no such vulnerabilities have been publicly recorded or identified in taint analysis. While the plugin has a clean vulnerability history, this specific coding practice should be addressed. The complete absence of nonce checks and capability checks, while not directly leading to immediate exploitation given the current attack surface, represents a missed opportunity for robust authorization and could become a risk if the plugin's functionality or attack surface expands in the future.\n\nIn conclusion, the \"page-protection\" plugin v1.2 is commendably secure in many aspects, particularly concerning its limited attack surface and output escaping. The primary area for improvement lies in adopting prepared statements for all SQL queries to mitigate the risk of SQL injection. Addressing this, along with considering the implementation of nonce and capability checks for future-proofing, would further solidify its security.",[196],{"reason":197,"points":198},"SQL queries without prepared statements",10,"2026-03-16T21:24:56.163Z",{"wat":201,"direct":206},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[],[],[],[],{"cssClasses":207,"htmlComments":211,"htmlAttributes":212,"restEndpoints":223,"jsGlobals":224,"shortcodeOutput":225},[4,208,209,210],"page-protection-switch","page-protection-user-pass","page-protection-options",[],[213,214,215,216,217,218,219,220,221,222],"id=\"page-protection-user-pass\"","id=\"page-protection-options\"","id=\"page-protection-searchable\"","id=\"page-protection-on\"","name=\"page-protection-user\"","id=\"page-protection-user\"","name=\"page-protection-pass\"","id=\"page-protection-pass\"","name=\"page-protection-searchable\"","name=\"page-protection-on\"",[],[],[226],"This page is protected with user name and password..."]