[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fR2FMwYaP9zNCC2gr9ry1aFL-A-BjTVWvCWY-ETWCsLg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":138,"fingerprints":380},"post-migration-checklist-pro","Post Migration Checklist","1.0.1","Vinod Pawar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinoddev\u002F","\u003Cp>The Post Migration Checklist plugin is an essential tool for any WordPress site administrator managing a website migration. Moving a WordPress site can introduce various issues, from broken links and mixed content to SEO visibility problems and performance regressions. This plugin provides a streamlined and systematic approach to verify your site’s health and configuration in its new environment.\u003C\u002Fp>\n\u003Cp>It offers a detailed checklist covering critical areas such as:\u003Cbr \u002F>\n* \u003Cstrong>Technical Configuration:\u003C\u002Fstrong> WordPress version, site URLs, WP_DEBUG status, memory limit, permalinks.\u003Cbr \u002F>\n* \u003Cstrong>Security Checks:\u003C\u002Fstrong> Admin users, plugin\u002Ftheme updates, unused items, 2FA, security plugins.\u003Cbr \u002F>\n* \u003Cstrong>Performance:\u003C\u002Fstrong> Caching, lazy loading, minification, image optimization, TTFB, page size.\u003Cbr \u002F>\n* \u003Cstrong>SEO & Marketing:\u003C\u002Fstrong> Meta tags, noindex, search engine visibility, robots.txt, sitemap.xml, canonical URLs, analytics.\u003Cbr \u002F>\n* \u003Cstrong>HTTPS \u002F SSL:\u003C\u002Fstrong> SSL certificate validation, mixed content, HTTP to HTTPS redirects, HSTS.\u003Cbr \u002F>\n* \u003Cstrong>Email Configuration:\u003C\u002Fstrong> SMTP setup, email sending tests.\u003Cbr \u002F>\n* \u003Cstrong>E-Commerce (WooCommerce):\u003C\u002Fstrong> Checkout, payment gateways, transactional emails (if WooCommerce is active).\u003Cbr \u002F>\n* \u003Cstrong>Forms & Interactions:\u003C\u002Fstrong> Contact forms, file uploads, reCAPTCHA.\u003Cbr \u002F>\n* \u003Cstrong>Files & Folders:\u003C\u002Fstrong> Favicon presence, exposed backup\u002Fsensitive files.\u003Cbr \u002F>\n* \u003Cstrong>Cleanup:\u003C\u002Fstrong> Default content, development plugins, media library.\u003Cbr \u002F>\n* \u003Cstrong>Accessibility:\u003C\u002Fstrong> ALT tags (manual review).\u003Cbr \u002F>\n* \u003Cstrong>Redirection & Legacy Support:\u003C\u002Fstrong> 301 redirects, broken links, .htaccess rules.\u003Cbr \u002F>\n* \u003Cstrong>Multilingual \u002F Multisite:\u003C\u002Fstrong> Language switchers, translations, hreflang tags (if applicable).\u003C\u002Fp>\n\u003Cp>The plugin performs automated scans for many items and provides clear “pass,” “fail,” “warning,” or “info” statuses, along with actionable recommendations for items requiring manual verification or correction. Ensure your site is fully operational, secure, and optimized post-migration with ease.\u003C\u002Fp>\n","Helps site administrators perform a comprehensive checklist and scan after migrating a WordPress website. Identifies issues related to SEO, performanc &hellip;",0,177,"2025-09-02T09:31:00.000Z","6.8.5","5.8","7.4",[18,19,20,21,22],"checklist","migration","post-migration","security","seo","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-migration-checklist-pro.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"vinoddev",1,30,94,"2026-04-04T15:24:22.033Z",[36,56,78,98,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":23,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"hsts-ready","HSTS Ready","1.04","manu225","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanu225\u002F","\u003Cp>Enable easily HSTS on your website.\u003Cbr \u002F>\nAnd see my others WordPress Pro plugin on \u003Ca href=\"https:\u002F\u002Fwww.info-d-74.com\u002Fen\u002Fshop\u002F\" rel=\"nofollow ugc\">my shop\u003C\u002Fa>\u003C\u002Fp>\n","Enable easily HSTS on your website.",3000,31199,4,"2025-12-02T14:53:00.000Z","6.9.4","3.5","5.6",[52,53,21,22,54],"hsts","https","strict-transport-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhsts-ready.1.04.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":14,"requires_at_least":69,"requires_php":50,"tags":70,"homepage":75,"download_link":76,"security_score":25,"vuln_count":31,"unpatched_count":11,"last_vuln_date":77,"fetched_at":27},"make-paths-relative","Make Paths Relative","2.1.0","Sami Ahmed Siddiqui","https:\u002F\u002Fprofiles.wordpress.org\u002Fsasiddiqui\u002F","\u003Cp>This powerful plugin simplifies website maintenance by automatically converting absolute paths (URLs) for resources like links, scripts, stylesheets, and images to relative paths. This ensures your website functions flawlessly regardless of its location on a server or domain.\u003C\u002Fp>\n\u003Ch3>Enhanced Efficiency and Flexibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Seamless Relocation:\u003C\u002Fstrong> Move your website with confidence, knowing all paths will adjust accordingly, preventing broken links and preserving a seamless user – experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized Control:\u003C\u002Fstrong> Update paths once in a central location, eliminating the need for tedious, site-wide modifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Potential Performance Boost:\u003C\u002Fstrong> Relative paths can, in some cases, improve website loading times.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Whitelist Your Domains (Optional)\u003C\u002Fh3>\n\u003Cp>For extra control, you can specify a list of domains that will always be converted to relative paths. This ensures internal links are always optimized while allowing external resources to function properly.\u003C\u002Fp>\n\u003Ch3>Embrace a Streamlined Approach\u003C\u002Fh3>\n\u003Cp>This plugin empowers you to focus on creating exceptional content while eliminating the burden of managing absolute paths. Take control, optimize your workflow, and ensure your website’s continued success!\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>If you want to make plugin works and all the paths relative without going to check\u002Fvisit Settings Page so, just add this line in your theme’s \u003Ccode>functions.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'make_paths_relative_activate_all', '__return_true' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Make sure to check the settings Page.\u003C\u002Fp>\n\u003Ch3>Bug reports\u003C\u002Fh3>\n\u003Cp>Bug reports for \u003Cstrong>Make Paths Relative\u003C\u002Fstrong> are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyasglobal\u002Fmake-paths-relative\u002Fissues\u002F\" rel=\"nofollow ugc\">welcomed on GitHub\u003C\u002Fa>. Please note GitHub is not a support forum, and issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n","Convert Absolute URLs to be relative in your fingertip.",2000,71499,82,15,"2025-07-22T14:32:00.000Z","2.6",[19,71,72,73,74],"relative-links","relative-paths","remove-domain","seo-friendly-urls","https:\u002F\u002Fwww.yasglobal.com\u002Fweb-design-development\u002Fwordpress\u002Fmake-paths-relative\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmake-paths-relative.2.1.0.zip","2023-08-14 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":64,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":48,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"staatic","Staatic – Static Site Generator","1.12.1","Team Staatic","https:\u002F\u002Fprofiles.wordpress.org\u002Fstaatic\u002F","\u003Cp>Staatic lets you create and deploy a streamlined static version of your WordPress site, enhancing performance, SEO, and security simultaneously.\u003C\u002Fp>\n\u003Cp>Features of Staatic include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Powerful Crawler to transform your WordPress site quickly.\u003C\u002Fli>\n\u003Cli>Supports multiple deployment methods, e.g. GitHub, Netlify, AWS (Amazon Web Services) S3 or S3-compatible providers + CloudFront integration, or even your local server (dedicated or shared hosting).\u003C\u002Fli>\n\u003Cli>Very flexible out of the box (allows for additional urls, paths, redirects, exclude rules, etc.).\u003C\u002Fli>\n\u003Cli>Supports HTTP (301, 302, 307, 308) redirects, custom “404 not found” page and other HTTP headers.\u003C\u002Fli>\n\u003Cli>CLI command to publish from the command line.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite installations.\u003C\u002Fli>\n\u003Cli>Compatible with WPML (multilingual) installations.\u003C\u002Fli>\n\u003Cli>Supports HTTP basic auth protected WordPress installations.\u003C\u002Fli>\n\u003Cli>Various integrations to improve compatibility with popular WordPress plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Depending on the chosen deployment method, additional features may be available.\u003C\u002Fp>\n\u003Ch3>Staatic Premium\u003C\u002Fh3>\n\u003Cp>In order to support ongoing development of Staatic, please consider going Premium. In addition to helping the authors maintain Staatic, Staatic Premium adds additional functionality.\u003C\u002Fp>\n\u003Cp>For more information visit \u003Ca href=\"https:\u002F\u002Fstaatic.com\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Staatic\u003C\u002Fa>.\u003C\u002Fp>\n","Staatic lets you create and deploy a streamlined static version of your WordPress site.",64859,86,21,"2026-01-12T14:00:00.000Z","5.0","7.1",[93,21,22,94,95],"performance","speed","static","https:\u002F\u002Fstaatic.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstaatic.1.12.1.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":25,"num_ratings":108,"last_updated":109,"tested_up_to":48,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":115,"download_link":116,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"app-for-cf","App for Cloudflare®","1.9.9","digitalpoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalpoint\u002F","\u003Cp>Unlock advanced Cloudflare features without being a network administrator or developer. Works with any Cloudflare plan (including Free), no Automatic Platform Optimization (APO) subscription needed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cache HTML at network edge\u003C\u002Fli>\n\u003Cli>Preload JavaScript and CSS\u003C\u002Fli>\n\u003Cli>View\u002Fset all Cloudflare settings\u003C\u002Fli>\n\u003Cli>Fixes Cloudflare Flexible SSL redirect loops\u003C\u002Fli>\n\u003Cli>Fixes situation when IPs are coming through as Cloudflare IPs rather than user IPs\u003C\u002Fli>\n\u003Cli>Cloudflare web analytics support\u003C\u002Fli>\n\u003Cli>Cloudflare analytics on dashboard\u003C\u002Fli>\n\u003Cli>Purge cache\u003C\u002Fli>\n\u003Cli>Automatic image transformations (automatically serve AVIF\u002FWebP versions to browsers that support them)\u003C\u002Fli>\n\u003Cli>Turnstile CAPTCHA system for registrations, logins, password reset, comments and\u002For third party plugins\u003C\u002Fli>\n\u003Cli>View Page rules, Cache rules, Firewall rules, IP Address rules, User Agent rules\u003C\u002Fli>\n\u003Cli>View Zero Trust Network Access setup\u003C\u002Fli>\n\u003Cli>View DMARC statistics\u003C\u002Fli>\n\u003Cli>Included tools: HTTP request trace, IP address details, domain details, WHOIS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Directly cache HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>App for Cloudflare® can automatically cache your HTML pages at Cloudflare data centers in 330+ cities. “Standard” WordPress caching plugins can’t escape the laws of physics because \u003Cstrong>information can’t travel faster than the speed of light\u003C\u002Fstrong> (even if the page is cached, the cache exists on your physical origin server, which can be \u003Cstrong>over 20,000 km from an end user\u003C\u002Fstrong>). Caching content in Cloudflare data centers makes your website faster by putting your website cache closer to end-users (95% of the world’s population is within 50ms of a Cloudflare data center).\u003C\u002Fp>\n\u003Cp>This can be done \u003Cstrong>without Cloudflare Workers or even a Page Rule\u003C\u002Fstrong> (done with a single Cache Rule on Cloudflare’s side, and custom code in the plugin).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Preload JavaScript and CSS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Speed your site up by using the option that instructs browsers to preload JavaScript and CSS used to render the page being viewed. Can be used on its own, or in conjunction with Cloudflare’s \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Fearly-hints\u002F\" rel=\"nofollow ugc\">Early Hints\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage all Cloudflare settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All Cloudflare settings can be changed directly within your WordPress admin area.\u003C\u002Fp>\n\u003Cp>Includes \u003Cstrong>Easy config\u003C\u002Fstrong> function that will optimally set your Cloudflare zone settings for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fixes Cloudflare Flexible SSL redirect loops\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically fixes HTTPS redirect loops when using Cloudflare’s Flexible SSL option (traffic between user and Cloudflare is encrypted, but traffic between Cloudflare and origin server is not).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Handles user IP addresses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically handles the situation where your web server is passing Cloudflare IP addresses rather than the IP address of the user making the request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Turnstile CAPTCHA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Cloudflare Turnstile CAPTCHA support for registration, login, password reset, comment forms, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtml-forms\u002F\" rel=\"ugc\">HTML Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmetform\u002F\" rel=\"ugc\">MetForm\u003C\u002Fa> and\u002For \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>. Single-click setup (done transparently via API call).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Network analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View network stats for your website directly within your WordPress admin area with a dashboard widget.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>View rules & firewall\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Quickly review your site’s Cloudflare rules and firewall settings from within your WordPress admin area. Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page rules\u003C\u002Fli>\n\u003Cli>Cache rules\u003C\u002Fli>\n\u003Cli>Firewall custom rules\u003C\u002Fli>\n\u003Cli>IP address rules\u003C\u002Fli>\n\u003Cli>User agent blocking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>DMARC management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Track third parties that are sending email on your behalf (for example an email provider you have authorized like Gmail or Outlook). You can also see unauthorized email senders or spammers sending email on behalf of your domain.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multisite network support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can have a network-wide Cloudflare API token that can be overridden on a per site basis. In the case where a multisite network operator has the site domains in a single Cloudflare account, they can allow the site users to use Cloudflare features for their individual site without disclosing the underlying API token.\u003C\u002Fp>\n\u003Cp>Additionally, a single Pro license for the main network site allows the media from all sites in the network to be stored in the cloud, within a single Cloudflare R2 bucket.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Image Transformations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Supports Cloudflare’s Image Transformation service, which allows Media images to automatically be served in the best format that a browser supports (AVIF, WebP, etc). Additionally, smaller images can be automatically served to users on very slow network connections. No web server configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Store media in the cloud [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily and seamlessly store your WordPress media in the cloud with \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fdeveloper-platform\u002Fr2\u002F\" rel=\"nofollow ugc\">Cloudflare R2\u003C\u002Fa>. This allows you to offload resources (both bandwidth and disk space) from your server. The \u003Cstrong>first 10GB is free\u003C\u002Fstrong>, and only costs $0.015 per GB thereafter (ex. if you had 100GB of media, it would cost $1.35 per month to store it in the cloud).\u003C\u002Fp>\n\u003Cp>Includes the ability to migrate existing media from local filesystem to R2 (or from R2 to local filesystem). Works with individual media, or all media in bulk (includes web-based migration as well as a shell\u002FWP-CLI option).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatically convert uploaded images to AVIF or WebP\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This is done with a free companion plugin, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-shift\u002F\" rel=\"ugc\">Image Shift\u003C\u002Fa> (includes the ability to apply watermarks).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect admin area [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Utilize \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fzero-trust\u002Fproducts\u002Faccess\u002F\" rel=\"nofollow ugc\">Zero Trust Network Access\u003C\u002Fa> to authenticate users before they access your WordPress admin area.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage rules & firewall [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The premium version unlocks the ability to manage (create, delete, suspend and unsuspend) Cloudflare rules and firewall definitions. In addition to defining your own rules, you can deploy useful rules with a single click:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block traffic from certain countries (or Tor exit nodes widely used by spammers and hackers)\u003C\u002Fli>\n\u003Cli>Block AI scrapers & crawlers (block bots from scraping your content for AI applications like model training)\u003C\u002Fli>\n\u003Cli>Force a challenge before users can register (bot\u002Fspammer mitigation)\u003C\u002Fli>\n\u003Cli>Cache static content\u003C\u002Fli>\n\u003Cli>Automatically block the IP address(es) of spammers for a period of time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Backup & restore [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can backup and restore some of your most important Cloudflare configuration settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Zero Trust Access Policies\u003C\u002Fli>\n\u003Cli>Firewall Rules\u003C\u002Fli>\n\u003Cli>Firewall IP Access Rules\u003C\u002Fli>\n\u003Cli>Firewall User Agent Blocking\u003C\u002Fli>\n\u003Cli>Page Rules\u003C\u002Fli>\n\u003Cli>Cache Rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Backups can be restored to different zones (for example if you had extensive configuration for a zone, you could give another zone the same configuration through a backup restore).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API calls are done exclusively through API Tokens (with the \u003Ca href=\"https:\u002F\u002Fappforcf.com\u002Fthreads\u002Fpermissions-needed-for-app-for-cloudflare%C2%AE.3\u002F?utm_source=readme&utm_medium=wordpress&utm_campaign=plugin\" rel=\"nofollow ugc\">minimum required permissions\u003C\u002Fa>) and \u003Cstrong>not\u003C\u002Fstrong> a Global API Key. Global API Keys are an incredibly bad idea from a security standpoint.\u003C\u002Fli>\n\u003Cli>Ability to purge Cloudflare cache from WordPress admin (or via WP-CLI).\u003C\u002Fli>\n\u003Cli>Ability to copy Cloudflare zone settings from a different zone on the same Cloudflare account.\u003C\u002Fli>\n\u003Cli>Cached pages are automatically purged when a post\u002Fpage is edited (just the necessary pages, not all pages). Stale content is not served to users.\u003C\u002Fli>\n\u003Cli>Ability to designate an individual admin user to manage settings (maybe you don’t want all admins to have the ability to change things in Cloudflare).\u003C\u002Fli>\n\u003Cli>Ability to use WordPress filters to add your own logic to things (for example, maybe you don’t want to cache a certain page or post for whatever reason).\u003C\u002Fli>\n\u003Cli>All JavaScript is native (no dependencies on jQuery or anything else).\u003C\u002Fli>\n\u003Cli>No third-party PHP libraries used (no dependencies on other libs).\u003C\u002Fli>\n\u003C\u002Ful>\n","All things Cloudflare (caching, flexible SSL, Turnstile, settings, rules, analytics, media in R2, image transforms [AVIF, WebP], secure admin area).",1000,31530,13,"2026-02-18T00:00:00.000Z","5.2","5.4.0",[113,114,93,21,22],"caching","cloudflare","https:\u002F\u002Fappforcf.com\u002F?utm_source=uri&utm_medium=wordpress&utm_campaign=plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapp-for-cf.1.9.9.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":90,"requires_php":131,"tags":132,"homepage":135,"download_link":136,"security_score":137,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"firstpage-sg-security-headers","Security Headers","1.0.0","Joseph Mendez","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshme21\u002F","\u003Cp>Security headers are directives used by web applications to configure security defenses.\u003C\u002Fp>\n\u003Ch3>Why security headers important?\u003C\u002Fh3>\n\u003Cp>When auditing websites, security headers are frequently forgotten.\u003C\u002Fp>\n\u003Cp>Although some may argue that website security is unrelated to SEO, it does become so when a site is compromised and search traffic completely disappears.\u003C\u002Fp>\n\u003Cp>Everyone who publishes content online should pay special attention to security headers.\u003C\u002Fp>\n\u003Cp>Getting hacked is not good. You lose traffic, customers and it’s a pain to resolve all the issues.\u003C\u002Fp>\n\u003Cp>But good thing you’re smart and have searched for this plugin :).\u003C\u002Fp>\n","Security headers are directives used by web applications to configure security defenses.",700,4275,60,2,"2022-09-24T01:34:00.000Z","6.0.11","7.0",[133,134],"security-headers","seo-security-headers","https:\u002F\u002Fwww.firstpagedigital.sg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirstpage-sg-security-headers.1.0.0.zip",85,{"attackSurface":139,"codeSignals":160,"taintFlows":169,"riskAssessment":373,"analyzedAt":379},{"hooks":140,"ajaxHandlers":151,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":31,"unprotectedCount":31},[141,147],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","pmcp_add_admin_menu","post-migration-checklist.php",66,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_enqueue_scripts","pmcp_enqueue_admin_scripts",68,[152],{"action":153,"nopriv":154,"callback":155,"hasNonce":154,"hasCapCheck":154,"file":145,"line":156},"pmcp_scan_website",false,"pmcp_scan_website_callback",67,[],[],[],{"dangerousFunctions":161,"sqlUsage":162,"outputEscaping":164,"fileOperations":11,"externalRequests":167,"nonceChecks":31,"capabilityChecks":31,"bundledLibraries":168},[],{"prepared":128,"raw":11,"locations":163},[],{"escaped":165,"rawEcho":11,"locations":166},105,[],16,[],[170,304],{"entryPoint":171,"graph":172,"unsanitizedCount":302,"severity":303},"pmcp_scan_website_callback (admin\\class-pmcp-admin.php:87)",{"nodes":173,"edges":279},[174,180,184,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,243,246,249,252,255,258,261,264,267,270,273,276],{"id":175,"type":176,"label":177,"file":178,"line":179},"n0","source","$_POST","admin\\class-pmcp-admin.php",137,{"id":181,"type":182,"label":183,"file":178,"line":179},"n1","transform","→ pmcp_check_ttfb()",{"id":185,"type":186,"label":187,"file":178,"line":188,"wp_function":189},"n2","sink","wp_remote_get() [SSRF]",818,"wp_remote_get",{"id":191,"type":176,"label":177,"file":178,"line":192},"n3",138,{"id":194,"type":182,"label":195,"file":178,"line":192},"n4","→ pmcp_check_total_page_size()",{"id":197,"type":186,"label":187,"file":178,"line":198,"wp_function":189},"n5",842,{"id":200,"type":176,"label":177,"file":178,"line":201},"n6",145,{"id":203,"type":182,"label":204,"file":178,"line":201},"n7","→ pmcp_check_meta_tags_external()",{"id":206,"type":186,"label":187,"file":178,"line":207,"wp_function":189},"n8",889,{"id":209,"type":176,"label":177,"file":178,"line":210},"n9",146,{"id":212,"type":182,"label":213,"file":178,"line":210},"n10","→ pmcp_check_noindex_tags_external()",{"id":215,"type":186,"label":187,"file":178,"line":216,"wp_function":189},"n11",916,{"id":218,"type":176,"label":177,"file":178,"line":219},"n12",148,{"id":221,"type":182,"label":222,"file":178,"line":219},"n13","→ pmcp_check_robots_txt_external()",{"id":224,"type":186,"label":187,"file":178,"line":225,"wp_function":189},"n14",948,{"id":227,"type":176,"label":177,"file":178,"line":228},"n15",149,{"id":230,"type":182,"label":231,"file":178,"line":228},"n16","→ pmcp_check_sitemap_xml_external()",{"id":233,"type":186,"label":187,"file":178,"line":234,"wp_function":189},"n17",974,{"id":236,"type":176,"label":177,"file":178,"line":237},"n18",150,{"id":239,"type":182,"label":240,"file":178,"line":237},"n19","→ pmcp_check_canonical_urls_external()",{"id":242,"type":186,"label":187,"file":178,"line":106,"wp_function":189},"n20",{"id":244,"type":176,"label":177,"file":178,"line":245},"n21",153,{"id":247,"type":182,"label":248,"file":178,"line":245},"n22","→ pmcp_check_opengraph_tags_external()",{"id":250,"type":186,"label":187,"file":178,"line":251,"wp_function":189},"n23",1043,{"id":253,"type":176,"label":177,"file":178,"line":254},"n24",160,{"id":256,"type":182,"label":257,"file":178,"line":254},"n25","→ pmcp_check_mixed_content_external()",{"id":259,"type":186,"label":187,"file":178,"line":260,"wp_function":189},"n26",1098,{"id":262,"type":176,"label":177,"file":178,"line":263},"n27",161,{"id":265,"type":182,"label":266,"file":178,"line":263},"n28","→ pmcp_check_http_to_https_redirect_external()",{"id":268,"type":186,"label":187,"file":178,"line":269,"wp_function":189},"n29",1125,{"id":271,"type":176,"label":177,"file":178,"line":272},"n30",235,{"id":274,"type":182,"label":275,"file":178,"line":272},"n31","→ pmcp_check_hreflang_tags_external()",{"id":277,"type":186,"label":187,"file":178,"line":278,"wp_function":189},"n32",1637,[280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301],{"from":175,"to":181,"sanitized":154},{"from":181,"to":185,"sanitized":154},{"from":191,"to":194,"sanitized":154},{"from":194,"to":197,"sanitized":154},{"from":200,"to":203,"sanitized":154},{"from":203,"to":206,"sanitized":154},{"from":209,"to":212,"sanitized":154},{"from":212,"to":215,"sanitized":154},{"from":218,"to":221,"sanitized":154},{"from":221,"to":224,"sanitized":154},{"from":227,"to":230,"sanitized":154},{"from":230,"to":233,"sanitized":154},{"from":236,"to":239,"sanitized":154},{"from":239,"to":242,"sanitized":154},{"from":244,"to":247,"sanitized":154},{"from":247,"to":250,"sanitized":154},{"from":253,"to":256,"sanitized":154},{"from":256,"to":259,"sanitized":154},{"from":262,"to":265,"sanitized":154},{"from":265,"to":268,"sanitized":154},{"from":271,"to":274,"sanitized":154},{"from":274,"to":277,"sanitized":154},11,"medium",{"entryPoint":305,"graph":306,"unsanitizedCount":108,"severity":303},"\u003Cclass-pmcp-admin> (admin\\class-pmcp-admin.php:0)",{"nodes":307,"edges":348},[308,311,312,313,314,315,316,317,318,319,320,321,322,323,324,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,346],{"id":175,"type":176,"label":309,"file":178,"line":310},"$_POST (x11)",96,{"id":181,"type":186,"label":187,"file":178,"line":188,"wp_function":189},{"id":185,"type":176,"label":177,"file":178,"line":179},{"id":191,"type":182,"label":183,"file":178,"line":179},{"id":194,"type":186,"label":187,"file":178,"line":188,"wp_function":189},{"id":197,"type":176,"label":177,"file":178,"line":192},{"id":200,"type":182,"label":195,"file":178,"line":192},{"id":203,"type":186,"label":187,"file":178,"line":198,"wp_function":189},{"id":206,"type":176,"label":177,"file":178,"line":201},{"id":209,"type":182,"label":204,"file":178,"line":201},{"id":212,"type":186,"label":187,"file":178,"line":207,"wp_function":189},{"id":215,"type":176,"label":177,"file":178,"line":210},{"id":218,"type":182,"label":213,"file":178,"line":210},{"id":221,"type":186,"label":187,"file":178,"line":216,"wp_function":189},{"id":224,"type":176,"label":325,"file":178,"line":219},"$_POST (x2)",{"id":227,"type":182,"label":222,"file":178,"line":219},{"id":230,"type":186,"label":187,"file":178,"line":225,"wp_function":189},{"id":233,"type":176,"label":325,"file":178,"line":228},{"id":236,"type":182,"label":231,"file":178,"line":228},{"id":239,"type":186,"label":187,"file":178,"line":234,"wp_function":189},{"id":242,"type":176,"label":177,"file":178,"line":237},{"id":244,"type":182,"label":240,"file":178,"line":237},{"id":247,"type":186,"label":187,"file":178,"line":106,"wp_function":189},{"id":250,"type":176,"label":177,"file":178,"line":245},{"id":253,"type":182,"label":248,"file":178,"line":245},{"id":256,"type":186,"label":187,"file":178,"line":251,"wp_function":189},{"id":259,"type":176,"label":177,"file":178,"line":254},{"id":262,"type":182,"label":257,"file":178,"line":254},{"id":265,"type":186,"label":187,"file":178,"line":260,"wp_function":189},{"id":268,"type":176,"label":177,"file":178,"line":263},{"id":271,"type":182,"label":266,"file":178,"line":263},{"id":274,"type":186,"label":187,"file":178,"line":269,"wp_function":189},{"id":277,"type":176,"label":177,"file":178,"line":272},{"id":345,"type":182,"label":275,"file":178,"line":272},"n33",{"id":347,"type":186,"label":187,"file":178,"line":278,"wp_function":189},"n34",[349,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372],{"from":175,"to":181,"sanitized":350},true,{"from":185,"to":191,"sanitized":154},{"from":191,"to":194,"sanitized":154},{"from":197,"to":200,"sanitized":154},{"from":200,"to":203,"sanitized":154},{"from":206,"to":209,"sanitized":154},{"from":209,"to":212,"sanitized":154},{"from":215,"to":218,"sanitized":154},{"from":218,"to":221,"sanitized":154},{"from":224,"to":227,"sanitized":154},{"from":227,"to":230,"sanitized":154},{"from":233,"to":236,"sanitized":154},{"from":236,"to":239,"sanitized":154},{"from":242,"to":244,"sanitized":154},{"from":244,"to":247,"sanitized":154},{"from":250,"to":253,"sanitized":154},{"from":253,"to":256,"sanitized":154},{"from":259,"to":262,"sanitized":154},{"from":262,"to":265,"sanitized":154},{"from":268,"to":271,"sanitized":154},{"from":271,"to":274,"sanitized":154},{"from":277,"to":345,"sanitized":154},{"from":345,"to":347,"sanitized":154},{"summary":374,"deductions":375},"The 'post-migration-checklist-pro' v1.0.1 plugin demonstrates a generally good security posture, with several positive indicators in its static analysis. Notably, all SQL queries are prepared, and all output is properly escaped, which are crucial for preventing common web vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a well-maintained and secure codebase to date.\n\nHowever, a significant concern arises from the single unprotected AJAX handler. This represents a direct entry point into the plugin's functionality that could be exploited if sensitive actions are performed without proper authentication or authorization. While the taint analysis did not reveal critical or high-severity issues, the presence of unsanitized paths in the analyzed flows warrants careful consideration, even if they did not lead to exploitable vulnerabilities in this scan.\n\nIn conclusion, the plugin has strong foundations in secure coding practices for SQL and output handling. The primary weakness lies in the unprotected AJAX endpoint. Addressing this single unprotected entry point would significantly strengthen the plugin's overall security. The vulnerability history is a positive sign, but vigilance against potential future threats remains essential.",[376],{"reason":377,"points":378},"Unprotected AJAX handler",8,"2026-03-17T07:16:11.617Z",{"wat":381,"direct":390},{"assetPaths":382,"generatorPatterns":385,"scriptPaths":386,"versionParams":387},[383,384],"\u002Fwp-content\u002Fplugins\u002Fpost-migration-checklist-pro\u002Fadmin\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fpost-migration-checklist-pro\u002Fadmin\u002Fadmin-script.js",[],[384],[388,389],"post-migration-checklist-pro\u002Fadmin\u002Fadmin-style.css?ver=","post-migration-checklist-pro\u002Fadmin\u002Fadmin-script.js?ver=",{"cssClasses":391,"htmlComments":397,"htmlAttributes":398,"restEndpoints":405,"jsGlobals":407,"shortcodeOutput":409},[392,393,394,395,396],"pmcp-scan-form","pmcp-scan-button","pmcp-loading","pmcp-results-content","pmcp_website_url",[],[399,400,401,402,403,404],"id=\"pmcp_website_url\"","id=\"pmcp_scan_button\"","id=\"pmcp_scan_results\"","class=\"pmcp-loading\"","class=\"spinner is-active\"","class=\"pmcp-results-content\"",[406],"\u002Fwp-json\u002Fpmcp\u002Fv1\u002Fscan",[408],"pmcp_ajax_object",[]]