[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdcKBKUT5PKJNzAE8_i35YwzgXYz7GG6m82hzRJVV6ug":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":143,"fingerprints":189},"ph-protection","Proxy Hacking Protection","0.0.1","niyari","https:\u002F\u002Fprofiles.wordpress.org\u002Fniyari\u002F","\u003Cp>Proxy Hacking Protection.\u003C\u002Fp>\n\u003Cp>To prevent a reduction in the search results by the replication of illegal content.\u003C\u002Fp>\n\u003Cp>不正なコンテンツの複製による検索結果の低下を防止。\u003C\u002Fp>\n","To prevent a reduction in the search results by the replication of illegal content.",20,2314,0,"2015-11-13T13:45:00.000Z","4.3.34","4.3.1","",[19,20,21,22,23],"google","hack","hacking","protection","proxy","http:\u002F\u002Fpsn.hatenablog.jp\u002Fentry\u002Fproxy-hacking-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fph-protection.0.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-05T02:02:42.875Z",[36,58,80,104,124],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":33,"vuln_count":31,"unpatched_count":13,"last_vuln_date":57,"fetched_at":28},"exploit-scanner","Exploit Scanner","1.5.2","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.\u003C\u002Fp>\n\u003Cp>It does not remove anything. That is left to the user to do.\u003C\u002Fp>\n\u003Cp>Latest MD5 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>17e2ccfc834d691bc68cc5c64f9bed89  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>1d5f9d6220fe159cd44cb70a998a1cd7  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>fbdf61c17f65094c8e331e1e364acf68  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>477d128d84802e3470cec408424a8de3  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>d53210f999847fbd6f5a2ecac0ad42f2  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest SHA1 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>1decc1e47a53d1cab9e8f1ef15b31682198367ee  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>5cec64380a2acdc876fd22fbbbbf8c335df1ed3f  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>99d9e7be23a350f3d1962d0f41e7b4e28c00841e  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>1eeab377a1afc6d776827a063678d2461b29e71d  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>8c890a6af26bb74e9d17e5d2b21d6be27764da45  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">Exploit Scanner homepage\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch3>Interpreting the Results\u003C\u002Fh3>\n\u003Cp>It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err\u003Cbr \u002F>\non the side of caution; if you are unsure then ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002F\" rel=\"ugc\">Support Forums\u003C\u002Fa>,\u003Cbr \u002F>\ndownload a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is:\u003Cbr \u002F>\nmaking matches around unknown external links; finding base64 encoded text in modified core files or the \u003Ccode>wp-config.php\u003C\u002Fcode> file;\u003Cbr \u002F>\nlisting extra admin accounts; or finding content in posts which you did not put there.\u003C\u002Fp>\n\u003Cp>Understanding the three different result levels:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Severe:\u003C\u002Fstrong> results that are often strong indicators of a hack (though they are not definitive proof)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Warning:\u003C\u002Fstrong> these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Note:\u003C\u002Fstrong> lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help! I think I have been hacked!\u003C\u002Fh3>\n\u003Cp>Follow the guides from the Codex:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFAQ_My_site_was_hacked\" rel=\"nofollow ugc\">Codex: FAQ – My site was hacked\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" rel=\"nofollow ugc\">Codex: Hardening WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ensure that you change \u003Cstrong>all\u003C\u002Fstrong> of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine\u003Cbr \u002F>\n(either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from\u003Cbr \u002F>\na clean backup and fresh set of files and, of course, use a new set of passwords.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Cp>Updates to the plugin will be posted here, to \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Holy Shmoly!\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">WordPress Exploit Scanner\u003C\u002Fa> page will always link to the newest version.\u003C\u002Fp>\n\u003Ch3>Other Languages\u003C\u002Fh3>\n\u003Cp>Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwpbiz.jp\u002Ffiles\u002Fexploit-scanner-hashes\u002Fja\u002F\" rel=\"nofollow ugc\">Japanese\u003C\u002Fa> – thanks to Naoko\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftalkpress.de\u002Fartikel\u002Fexploit-scanner-hash-deutsch-wordpress\" rel=\"nofollow ugc\">German\u003C\u002Fa> – thanks to Robert Wetzlmayr\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.\u003C\u002Fp>\n","Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.",9000,1067302,64,40,"2017-11-28T06:49:00.000Z","4.7.32","3.3",[20,21,52,53,54],"scanner","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploit-scanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner.1.5.2.zip","2013-05-29 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"crowdsec","CrowdSec","2.13.1","CrowdSec - lightweight and collaborative security engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdsec\u002F","\u003Cp>The CrowdSec plugin proactively blocks requests coming from known attackers.\u003Cbr \u002F>\nIt does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant CrowdSec Blocklist\u003C\u002Fstrong>: Quickly block known WordPress attackers in a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect and block\u003C\u002Fstrong> admin bruteforce attempts and scans of your WordPress Site.\u003C\u002Fli>\n\u003Cli>Remediation metrics: Enabling you to see the efficiency of the protection.\u003C\u002Fli>\n\u003Cli>(Console Users) Plug any of your existing Blocklist Integrations.\u003C\u002Fli>\n\u003Cli>(CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block aggressive IPs\u003C\u002Fli>\n\u003Cli>Display a captcha for less aggressive IPs\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin blocks detected attackers or displays them a captcha to check they are not bots.",2000,58196,100,5,"2026-01-09T01:11:00.000Z","6.9.4","4.9","7.2",[75,59,76,77,53],"captcha","hacker-protection","ip-blocker","https:\u002F\u002Fgithub.com\u002Fcrowdsecurity\u002Fcs-wordpress-bouncer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowdsec.2.13.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":68,"num_ratings":90,"last_updated":91,"tested_up_to":71,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":13,"last_vuln_date":103,"fetched_at":28},"injection-guard","Injection Guard","1.3.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Project URI:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPL v3\u003C\u002Fp>\n\u003Cp>Injection Guard is a WordPress plugin designed to block malicious query string attacks and suspicious URL parameters. It logs all incoming attempts, blocks harmful parameters, and adds extra security intelligence to your WordPress admin—like user session tracking and capability audit.\u003C\u002Fp>\n\u003Cp>The plugin uses the \u003Ccode>ig_\u003C\u002Fcode> prefix for database keys and functions, follows WordPress coding standards, and supports multiple languages. It’s compatible with pretty permalinks and helps in securing your site from automated bots and manual attacks.\u003C\u002Fp>\n\u003Ch3>Method A (Admin Panel)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to WordPress Admin > Plugins > Add New > Upload Plugin\u003C\u002Fli>\n\u003Cli>Upload the ZIP file and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to Settings > IG Settings and click “Save Settings”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Method B (Manual Upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the plugin package\u003C\u002Fli>\n\u003Cli>Upload the folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Finjection-guard\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Activate the plugin from the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>Visit Settings > IG Settings to configure\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Logs all unique query strings attempting to penetrate your website\u003C\u002Fli>\n\u003Cli>Blocks malicious or unknown query parameters\u003C\u002Fli>\n\u003Cli>Tracks login, logout, session start and duration per user\u003C\u002Fli>\n\u003Cli>Capability audit report for all WordPress users\u003C\u002Fli>\n\u003Cli>Multi-language support (FR, DE, ES)\u003C\u002Fli>\n\u003Cli>Bootstrap-based admin UI and dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software licensed under the GNU GPL v2 or later.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.",1000,32926,4,"2026-03-14T21:13:00.000Z","3.0","7.0",[95,96,53,97,98],"anti-hacking","firewall","sql-injection","wordpress-security","https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finjection-guard.1.3.0.zip",92,6,"2026-03-20 10:55:45",{"slug":105,"name":106,"version":107,"author":106,"author_profile":108,"description":109,"short_description":110,"active_installs":88,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":115,"homepage":120,"download_link":121,"security_score":122,"vuln_count":31,"unpatched_count":13,"last_vuln_date":123,"fetched_at":28},"proxy-vpn-blocker","Proxy & VPN Blocker","3.5.8","https:\u002F\u002Fprofiles.wordpress.org\u002Frickstermuk\u002F","\u003Ch4>Block VPNs, Proxies, Tor & Spam – Strengthen Your WordPress Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Proxy & VPN Blocker\u003C\u002Fstrong> is a complete \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> designed to protect your site from anonymous and abusive traffic.\u003Cbr \u002F>\nIt functions as a powerful \u003Cstrong>VPN blocker\u003C\u002Fstrong>, \u003Cstrong>proxy blocker\u003C\u002Fstrong>, and \u003Cstrong>Tor blocker\u003C\u002Fstrong>, preventing unwanted visitors, spam bots, and fake users from accessing your site.\u003C\u002Fp>\n\u003Cp>Using the trusted \u003Ca href=\"https:\u002F\u002Fproxycheck.io\" rel=\"nofollow ugc\">proxycheck.io\u003C\u002Fa> API, it detects connections from VPNs, open proxies, Tor nodes, and compromised servers — giving you real-time protection without slowing down your site.\u003C\u002Fp>\n\u003Cp>Perfect for login, registration, comments, or any page you want to secure, Proxy & VPN Blocker also includes smart \u003Cstrong>spam protection\u003C\u002Fstrong>, geoblocking, and IP logging to help you stay in control of who can access your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re running a blog, store, or membership site, this plugin helps keep out fake users, block risky regions, and stop automated spam attempts before they start.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful WordPress security plugin – blocks VPNs, proxies, Tor, Mysterium nodes, and compromised servers in real time  \u003C\u002Fli>\n\u003Cli>Country blocking & geoblocking – allow or deny traffic by country or region with flexible IP-based controls  \u003C\u002Fli>\n\u003Cli>Supports IP ranges, CIDRs, specific IPs, and ASNs for precise network-level blocking  \u003C\u002Fli>\n\u003Cli>Optionally use proxycheck.io’s Risk Score for smarter VPN and proxy detection decisions  \u003C\u002Fli>\n\u003Cli>Built-in API Key Statistics with live usage graphs and daily query totals  \u003C\u002Fli>\n\u003Cli>Visitor Action Log – view blocked IPs, detection reason, and plugin response directly in your dashboard  \u003C\u002Fli>\n\u003Cli>Caches known good IPs to reduce API usage and improve performance  \u003C\u002Fli>\n\u003Cli>Works seamlessly with both IPv4 and IPv6 addresses  \u003C\u002Fli>\n\u003Cli>Compatible with Cloudflare and other CDN headers for accurate IP detection  \u003C\u002Fli>\n\u003Cli>Block access to Login, Registration, Admin, Comments, or any page\u002Fpost easily  \u003C\u002Fli>\n\u003Cli>Customize the “Access Denied” message or redirect visitors to a specific page  \u003C\u002Fli>\n\u003Cli>Log registration and recent login IPs in the Users list and profile – linked to proxycheck.io’s Threats page  \u003C\u002Fli>\n\u003Cli>Manage proxycheck.io Whitelist and Blacklist directly from WordPress  \u003C\u002Fli>\n\u003Cli>Simple integration via WordPress Editor and Toolbar for page-level protection  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built to complement other security plugins  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And much more available in \u003Ca href=\"https:\u002F\u002Fproxyvpnblocker.com\u002Fpremium\" rel=\"nofollow ugc\">Proxy & VPN Blocker Premium\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>The proxycheck.io API\u003C\u002Fh4>\n\u003Cp>This Plugin can be used without a proxycheck.io API key, but it will be limited to 100 daily queries to the API. To enhance the capabilities, you can obtain a free API key from proxycheck.io, which allows for 1,000 free daily queries, making it suitable for small WordPress sites.\u003C\u002Fp>\n\u003Cp>Here’s an overview of the free and paid API options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Without an API key (100 queries\u002Fday)\u003C\u002Fli>\n\u003Cli>With a free API key (1,000 queries\u002Fday – ideal for small sites)\u003C\u002Fli>\n\u003Cli>With a paid API key (10,000 to over 10 million queries\u002Fday)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your API key can be used across all of your sites and apps, you only need a proxycheck.io plan that fits your overall needs.\u003C\u002Fp>\n\u003Ch4>User IP Logging Feature\u003C\u002Fh4>\n\u003Cp>Proxy & VPN Blocker allows for local logging of user registration IP addresses. The IP addresses are displayed next to each user in the Users list and on their profile pages, visible to administrators. The Plugin also logs the most recent login IP address for each user, which is also displayed in the User’s list and profile page, with the IP address linked to the proxycheck.io Threats page.\u003C\u002Fp>\n\u003Ch4>Caching Plugin Notice\u003C\u002Fh4>\n\u003Cp>If you’re using caching plugins (like WP Rocket or WP Super Cache), IP-based page blocking might not function correctly due to static caching. A DONOTCACHEPAGE option is available to help mitigate this issue.\u003C\u002Fp>\n\u003Ch4>Privacy & GDPR Compliance\u003C\u002Fh4>\n\u003Cp>To check IP addresses, the plugin sends them to the proxycheck.io API. No personally identifiable information (PII) beyond the IP is transmitted. For details, refer to proxycheck.io’s \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fprivacy\" rel=\"nofollow ugc\">privacy notice\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fgdpr\" rel=\"nofollow ugc\">GDPR Compliance\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This Plugin is \u003Cem>not developed by proxycheck.io\u003C\u002Fem> despite being recommended by them.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For plugin-related support, please use the WordPress.org support forum.\u003C\u002Fli>\n\u003Cli>For API or account questions, contact proxycheck.io directly.\u003C\u002Fli>\n\u003Cli>The proxycheck.io logo is used with express permission.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.",127298,74,32,"2026-03-05T20:02:00.000Z",[116,53,117,118,119],"proxy-blocker","spam-protection","tor-blocker","vpn-blocker","https:\u002F\u002Fproxyvpnblocker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-vpn-blocker.3.5.8.zip",99,"2026-01-09 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":68,"num_ratings":90,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":93,"tags":137,"homepage":17,"download_link":142,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"hostbox-google-recaptcha","Hostbox Google reCAPTCHA","0.0.10","Hostbox","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostbox\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.hostbox.me\u002F\" rel=\"nofollow ugc\">Hostbox Google reCAPTCHA\u003C\u002Fa>, the most straightforward and powerful reCAPTCHA solution for WordPress – 100% free, forever. No premium version, no hidden costs, no advertisements – just pure functionality.\u003C\u002Fp>\n\u003Ch4>What Makes This Plugin Special?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🩵 Completely Free: No premium version, no hidden features.\u003C\u002Fli>\n\u003Cli>💗 reCAPTCHA Versions: Full support for both v2 and v3.\u003C\u002Fli>\n\u003Cli>🛒 WooCommerce Integration: Protect your WooCommerce forms.\u003C\u002Fli>\n\u003Cli>🏔️ Contact Form 7 Integration: Seamless compatibility with CF7.\u003C\u002Fli>\n\u003Cli>📝 Simple Setup: Just add your API keys and you’re ready to go.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose between reCAPTCHA v2 (checkbox) or v3 (invisible)\u003C\u002Fli>\n\u003Cli>Protect WordPress login\u003C\u002Fli>\n\u003Cli>Protect WordPress registration\u003C\u002Fli>\n\u003Cli>Protect WordPress reset password\u003C\u002Fli>\n\u003Cli>Protect WordPress comment\u003C\u002Fli>\n\u003Cli>Protect WooCommerce login\u003C\u002Fli>\n\u003Cli>Protect WooCommerce registration\u003C\u002Fli>\n\u003Cli>Protect WooCommerce checkout\u003C\u002Fli>\n\u003Cli>Protect Contact Form 7\u003C\u002Fli>\n\u003Cli>Adjustable security threshold for v3\u003C\u002Fli>\n\u003Cli>Clean, bloat-free code\u003C\u002Fli>\n\u003Cli>Regular updates and support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy Configuration\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Get your free API keys from Google: \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Choose your preferred reCAPTCHA version\u003C\u002Fli>\n\u003Cli>Paste your keys into the settings\u003C\u002Fli>\n\u003Cli>That’s it! Your forms are protected\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhostbox.me\" rel=\"nofollow ugc\">Discover more from the creators of this plugin\u003C\u002Fa> 🚀\u003Cbr \u002F>\nHostbox provides blazing fast WordPress hosting services – you can learn more at \u003Ca href=\"https:\u002F\u002Fwww.hostbox.me\u002F\" rel=\"nofollow ugc\">www.hostbox.me\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Choose This Plugin?\u003C\u002Fh3>\n\u003Cp>Unlike other reCAPTCHA plugins that lock essential features behind premium paywalls or clutter your admin panel, this plugin gives you everything you need without any catches. We believe in providing a complete, professional solution that respects both you and your users.\u003C\u002Fp>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean, well-documented code\u003C\u002Fli>\n\u003Cli>Regular updates and support\u003C\u002Fli>\n\u003Cli>Hooks and filters for customization\u003C\u002Fli>\n\u003Cli>Minimal performance impact\u003C\u002Fli>\n\u003Cli>No conflicts with other plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Stay protected from spam and bots without compromising on user experience or your budget. Simple, effective, and completely free – the way WordPress plugins should be.\u003C\u002Fp>\n\u003Ch4>What are your brand guidelines?\u003C\u002Fh4>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thanks to \u003Ca href=\"https:\u002F\u002Fwww.hostbox.me\u002F\" rel=\"nofollow ugc\">Hostbox\u003C\u002Fa> for providing the free Google reCAPTCHA plugin.\u003C\u002Fli>\n\u003Cli>The plugin uses \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">Google Recaptcha\u003C\u002Fa> (Google LLC) services to process data and protect against spam. \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Terms of service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with EmailOctopus for email marketing functionality. It sends subscriber data to EmailOctopus when users submit forms with their email addresses.\u003C\u002Fp>\n\u003Cp>Data sent includes: email addresses and any associated form fields configured for EmailOctopus integration.\u003Cbr \u002F>\nThis service is provided by EmailOctopus: \u003Ca href=\"https:\u002F\u002Femailoctopus.com\u002Flegal\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Femailoctopus.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","Simple Google reCAPTCHA (v2 and v3) for WordPress, 100% free, no hidden premium, no catches. Supports WooCommerce and Contact Form 7.",600,3102,"2025-06-06T16:10:00.000Z","6.8.5","5.0",[138,139,140,141,117],"google-recaptcha","hostbox","recaptcha","spam-prevention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostbox-google-recaptcha.0.0.10.zip",{"attackSurface":144,"codeSignals":165,"taintFlows":178,"riskAssessment":179,"analyzedAt":188},{"hooks":145,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":13,"unprotectedCount":13},[146,152,156],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","add_plugin_page","admin-settings.php",12,{"type":147,"name":153,"callback":154,"file":150,"line":155},"admin_init","page_init",16,{"type":147,"name":157,"callback":158,"file":159,"line":160},"wp_footer","ph_prot_inject","ph-protection.php",49,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":177},[],{"prepared":13,"raw":13,"locations":168},[],{"escaped":170,"rawEcho":170,"locations":171},2,[172,176],{"file":173,"line":174,"context":175},"ph-prot-main.php",21,"raw output",{"file":173,"line":174,"context":175},[],[],{"summary":180,"deductions":181},"The \"ph-protection\" v0.0.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface points, dangerous functions, raw SQL queries, file operations, or external HTTP requests is highly commendable. Furthermore, the plugin appears to implement proper input validation and sanitization, as indicated by the zero taint flows and the lack of unsanitized paths.  The vulnerability history also shows a clean record, with no known CVEs or previous security incidents, suggesting a proactive approach to security or a very new and unexplounted plugin.\n\nDespite the overwhelmingly positive findings, there are a couple of minor areas that warrant attention. The 50% rate of properly escaped output means that half of the outputs are potentially unescaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is included in those outputs. Additionally, the complete lack of nonce checks and capability checks, while not an immediate risk given the current lack of identified attack vectors, leaves the plugin vulnerable to potential future attacks if new entry points are introduced without proper authorization mechanisms. Overall, the plugin is secure for its current state, but attention to output escaping and consideration for future authorization checks are recommended.",[182,184,186],{"reason":183,"points":90},"Half of outputs are not properly escaped",{"reason":185,"points":69},"No nonce checks",{"reason":187,"points":69},"No capability checks","2026-03-16T23:03:30.517Z",{"wat":190,"direct":195},{"assetPaths":191,"generatorPatterns":192,"scriptPaths":193,"versionParams":194},[],[],[],[],{"cssClasses":196,"htmlComments":198,"htmlAttributes":202,"restEndpoints":205,"jsGlobals":206,"shortcodeOutput":209},[197],"error-box",[199,200,201]," Proxy Hacking Protection (c) 2015 Pocket Systems. | psn.hatenablog.jp","debug-start working-test","debug-end working-test",[203,204],"name=\"robots\"","content=\"noindex\"",[],[207,208],"window.Htnpsne","Htnpsne.SiteCheck.q",[]]