[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXlvUNtEIaWzlr_WGWoK5mw0F98OpHlJk66oU6oDyoWU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":15,"tags":17,"homepage":35,"download_link":36,"security_score":37,"vuln_count":13,"unpatched_count":13,"last_vuln_date":38,"fetched_at":39,"vulnerabilities":40,"developer":41,"crawl_stats":38,"alternatives":46,"analysis":157,"fingerprints":260},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",10,1394,0,"2016-04-14T06:46:00.000Z","","4.0",[18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34],"access","attack","axs","block","brute","brute-force-attack","captcha","force","login","no-captcha","nocaptcha","recaptcha","register","secure","security","sign","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":42,"total_installs":11,"avg_security_score":37,"avg_patch_time_days":43,"trust_score":44,"computed_at":45},1,30,84,"2026-04-04T05:36:26.561Z",[47,70,94,114,135],{"slug":48,"name":49,"version":50,"author":51,"author_profile":52,"description":53,"short_description":54,"active_installs":55,"downloaded":56,"rating":57,"num_ratings":58,"last_updated":59,"tested_up_to":60,"requires_at_least":16,"requires_php":15,"tags":61,"homepage":66,"download_link":67,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":38,"fetched_at":69},"manage-xml-rpc","Manage XML-RPC","1.0.2","brainvireinfo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainvireinfo\u002F","\u003Cp>You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Block XML-RPC by following way.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.\u003C\u002Fli>\n\u003Cli>Disable\u002FBlock XML-RPC for all users.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable\u002FDisable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.",6000,64108,60,4,"2024-12-02T07:10:00.000Z","6.7.5",[62,63,32,64,65],"block-xml-rpc","brute-force-attacks","xml-rpc-pingback","xmlrpc-php-attack","http:\u002F\u002Fwww.brainvire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-xml-rpc.1.0.2.zip",92,"2026-03-15T15:16:48.613Z",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":15,"tags":85,"homepage":91,"download_link":92,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":38,"fetched_at":69},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4","5.0",[86,87,88,89,90],"disable-xml-rpc","disable-xmlrpc","pingback","stop-brute-force-attacks","xmlrpc","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip",100,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":16,"requires_php":15,"tags":108,"homepage":15,"download_link":113,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":38,"fetched_at":69},"spiderblocker","Spider Blocker","1.3.7","Niteo","https:\u002F\u002Fprofiles.wordpress.org\u002Fniteoweb\u002F","\u003Cp>Spider Blocker blocks most common bots that consume bandwidth and slow down your blog.\u003Cbr \u002F>\nIt accomplishes this by using .htaccess file to minimize impact on your website. It’s hidden from external scanners.\u003C\u002Fp>\n\u003Cp>Spider Blocker is specifically designed for Apache servers with mod_rewrite enabled, allowing you to effortlessly safeguard your website from the most prevalent bots that hamper performance and drain resources.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Block Unlimited bots from viewing your site\u003C\u002Fli>\n\u003Cli>Easy Export\u002FImport rules (comes with most common list of bots)\u003C\u002Fli>\n\u003Cli>Zero Footprint\u003C\u002Fli>\n\u003C\u002Ful>\n","SpiderBlocker will block most common bots that consume bandwidth and slow down your blog.",20000,612410,80,5,"2024-05-07T13:39:00.000Z","6.5.8",[109,21,110,111,112],"apache","bots","htaccess","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspiderblocker.1.3.7.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":93,"num_ratings":124,"last_updated":125,"tested_up_to":83,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":133,"download_link":134,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":38,"fetched_at":69},"simpletoc","SimpleTOC – Table of Contents Block","6.9.8","Marc Tönsing","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcdk\u002F","\u003Cp>Add a Table of Contents block to your posts and pages. The TOC is a nested list of links to all heading found in the post or page. To use it, simply add a block and search for “SimpleTOC” or just “TOC”.\u003C\u002Fp>\n\u003Cp>The maximum depth of the toc can be configured in in the blocks’ sidebar among many other options. There can hide the headline “Table of Contents” and add your own by using a normal heading block.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fsimpletoc\" rel=\"nofollow ugc\">Spin up\u003C\u002Fa> a new WordPress instance with the SimpleTOC plugin already installed.\u003C\u002Fp>\n\u003Ch4>User Feedback\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“It is lightweight, stable, and fully compatible with WordPress Full Site Editing. A reliable solution that integrates seamlessly and performs exactly as expected.”\u003Cbr \u002F>\n  — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgood-job-1889\u002F\" rel=\"ugc\">@js100 on wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>“Does the job perfectly, and adds no bloat.”\u003Cbr \u002F>\n  — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fdoes-the-job-perfectly-and-adds-no-bloat\u002F\" rel=\"ugc\">@clicknathan on wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>“Simple yet powerful. Great plugin that does exactly what you need.”\u003Cbr \u002F>\n  — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-yet-powerful-106\u002F\" rel=\"ugc\">@mixey on wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Accessibility\u003C\u002Fh4>\n\u003Cp>This plugin is designed & developed for WCAG 2.2 level AA conformance. The plugin is tested with assistive technology and intended to be accessible, however some third party plugins or themes may affect the individual accessibility on a given website. If you find an accessibility issue, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtoensing\u002Fsimpletoc\u002Fissues\" rel=\"nofollow ugc\">let us know\u003C\u002Fa> and we’ll try to address it promptly.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Designed for Gutenberg.\u003C\u002Fli>\n\u003Cli>Zero configuration: Add the SimpleTOC block to your post and that’s it. \u003C\u002Fli>\n\u003Cli>Minimal and valid HTML output.\u003C\u002Fli>\n\u003Cli>Utilizes the browser’s built-in details tag for a collapsible interface.\u003C\u002Fli>\n\u003Cli>No JavaScript or CSS added. Unless you activate the accordion menu.\u003C\u002Fli>\n\u003Cli>Style SimpleTOC with Gutenberg’s native group styling options.\u003C\u002Fli>\n\u003Cli>Inherits the style of your theme.\u003C\u002Fli>\n\u003Cli>Smooth scrolling effect using CSS. \u003C\u002Fli>\n\u003Cli>Accessibility built-in by following web standards.\u003C\u002Fli>\n\u003Cli>Optional ARIA Label and navigation role attributes.\u003C\u002Fli>\n\u003Cli>Translated in \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsimpletoc\u002F\" rel=\"nofollow ugc\">multiple languages\u003C\u002Fa>. Including German, Japanese, Chinese (Taiwan), Dutch, Brazilian Portuguese, French, Spanish and Latvia.\u003C\u002Fli>\n\u003Cli>Ideal for creating a Frequently Asked Questions section on your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Administrators can utilize global settings to supersede the individual block settings.\u003C\u002Fli>\n\u003Cli>Add background and text color with Gutenberg groups.\u003C\u002Fli>\n\u003Cli>Native block support for wide and full width.\u003C\u002Fli>\n\u003Cli>Control the maximum depth of the headings.\u003C\u002Fli>\n\u003Cli>Choose between an ordered, bullet HTML list. Or indent the list.\u003C\u002Fli>\n\u003Cli>Select a heading level or turn it into a paragraph.\u003C\u002Fli>\n\u003Cli>Disable the h2 heading of the TOC block and add your own.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>GeneratePress and Rank Math support.\u003C\u002Fli>\n\u003Cli>Works with popular AMP plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to contribute\u003C\u002Fh4>\n\u003Cp>SimpleTOC is open-source and developed on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtoensing\u002FSimpleTOC\" rel=\"nofollow ugc\">GitHub Pages\u003C\u002Fa>. If you find a bug or have an idea for a feature please feel free to contribute and create a pull request.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin is forked from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpdewouters\u002Fgutentoc\" rel=\"nofollow ugc\">pdewouters\u003C\u002Fa> and uses code from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshazahm1\u002FEasy-Table-of-Contents\" rel=\"nofollow ugc\">Easy-Table-of-Contents\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Many thanks to \u003Ca href=\"https:\u002F\u002Ftomjn.com\" rel=\"nofollow ugc\">Tom J Nowell\u003C\u002Fa> and and Sally CJ who both helped me a lot with my questions over at wordpress.stackexchange.com\u003C\u002Fp>\n\u003Cp>And many more thanks to all the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtoensing\u002Fsimpletoc\u002Fgraphs\u002Fcontributors\" rel=\"nofollow ugc\">developers on GitHub\u003C\u002Fa> who helped me making SimpleTOC what it is today!\u003C\u002Fp>\n\u003Cp>Thanks to Quintus Valerius Soranus for inventing the Table of Contents around 100 BC.\u003C\u002Fp>\n","SEO-friendly Table of Contents Gutenberg block. No JavaScript and no CSS means faster loading.",10000,524061,75,"2026-02-26T07:03:00.000Z","5.9","7.3",[129,21,130,131,132],"accessibility","table","table-of-contents","toc","https:\u002F\u002Fmarc.tv\u002Fsimpletoc-wordpress-inhaltsverzeichnis-plugin-gutenberg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimpletoc.6.9.8.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":55,"downloaded":143,"rating":44,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":154,"download_link":155,"security_score":93,"vuln_count":42,"unpatched_count":13,"last_vuln_date":156,"fetched_at":69},"http-auth","HTTP Auth","1.0.1","Sami Ahmed Siddiqui","https:\u002F\u002Fprofiles.wordpress.org\u002Fsasiddiqui\u002F","\u003Cp>This plugin empowers you to set up HTTP Authentication for your website. This adds an extra layer of security by requiring a username and password to access specific areas.\u003C\u002Fp>\n\u003Cp>Here’s how it benefits you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Admin Security:\u003C\u002Fstrong> Shield your admin pages from brute-force attacks by adding a login barrier.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Controlled Crawling:\u003C\u002Fstrong> Restrict crawlers from accessing your site during development, preventing unnecessary indexing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Launch Access Control:\u003C\u002Fstrong> Maintain control over admin page access even after your website goes live.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Activation\u002FDeactivation:\u003C\u002Fstrong> Conveniently enable or disable HTTP Auth without deactivating the plugin entirely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Us Improve!\u003C\u002Fh3>\n\u003Cp>I am constantly working to enhance this plugin and your feedback is valuable. If you are happy with the plugin, consider leaving a review on WordPress.org. Your positive feedback motivates us to keep improving!\u003C\u002Fp>\n\u003Cp>Link to Reviews: \u003Ca href=\"\" rel=\"nofollow ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fhttp-auth\u002Freviews\u002F?rate=5#new-post\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>We welcome bug reports for HTTP Auth on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamiahmedsiddiqui\u002Fhttp-auth\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsamiahmedsiddiqui\u002Fhttp-auth\u003C\u002Fa>. Please remember that GitHub is primarily for bug reporting, and issues not classified as genuine bugs may be closed.\u003C\u002Fp>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’\u003C\u002Fli>\n\u003Cli>Search for HTTP Auth\u003C\u002Fli>\n\u003Cli>Activate HTTP Auth from your Plugins page.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>http-auth\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate HTTP Auth through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>After activation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to the plugin settings page and set up the plugin for your site.\u003C\u002Fli>\n\u003Cli>You’re done!\u003C\u002Fli>\n\u003C\u002Fol>\n","Provides comprehensive security during development by protecting your entire site and your admin pages from brute-force attacks.",63405,6,"2025-07-22T14:25:00.000Z","6.8.5","3.5","5.6",[150,151,136,152,153],"brute-attack","brute-force","prevent-crawl","restrict-site","https:\u002F\u002Fwww.yasglobal.com\u002Fweb-design-development\u002Fwordpress\u002Fhttp-auth\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-auth.1.0.1.zip","2023-07-26 00:00:00",{"attackSurface":158,"codeSignals":216,"taintFlows":252,"riskAssessment":253,"analyzedAt":259},{"hooks":159,"ajaxHandlers":212,"restRoutes":213,"shortcodes":214,"cronEvents":215,"entryPointCount":13,"unprotectedCount":13},[160,166,169,173,177,180,184,187,191,195,199,203,206,209],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","activated_plugin","protect_ais_active","protect_ais.php",38,{"type":161,"name":167,"callback":168,"file":164,"line":81},"wp_enqueue_scripts","anonymous",{"type":161,"name":170,"callback":171,"file":164,"line":172},"admin_menu","add_menu",45,{"type":161,"name":174,"callback":175,"file":164,"line":176},"init","display_login",49,{"type":161,"name":174,"callback":178,"file":164,"line":179},"ais_signon",54,{"type":161,"name":181,"callback":182,"file":164,"line":183},"admin_enqueue_scripts","register_plugin_scripts",59,{"type":161,"name":174,"callback":185,"file":164,"line":186},"block_default_login",63,{"type":161,"name":188,"callback":189,"file":164,"line":190},"send_headers","not_cache_headers",67,{"type":161,"name":192,"callback":193,"file":164,"line":194},"register_from","ai_register_recapt",69,{"type":161,"name":196,"callback":197,"file":164,"line":198},"registration_errors","ai_register_recapt_validation",73,{"type":161,"name":200,"callback":201,"file":164,"line":202},"admin_notices","ais_activation_notice",97,{"type":161,"name":200,"callback":204,"file":164,"line":205},"ais_permalink_notice",103,{"type":161,"name":200,"callback":207,"file":164,"line":208},"ais_gcaptcha_notice",111,{"type":161,"name":200,"callback":210,"file":164,"line":211},"terminated",335,[],[],[],[],{"dangerousFunctions":217,"sqlUsage":218,"outputEscaping":220,"fileOperations":250,"externalRequests":42,"nonceChecks":42,"capabilityChecks":42,"bundledLibraries":251},[],{"prepared":13,"raw":13,"locations":219},[],{"escaped":221,"rawEcho":222,"locations":223},2,13,[224,227,229,231,234,235,236,238,240,242,244,246,248],{"file":164,"line":225,"context":226},119,"raw output",{"file":164,"line":228,"context":226},125,{"file":164,"line":230,"context":226},142,{"file":232,"line":233,"context":226},"settings.php",35,{"file":232,"line":183,"context":226},{"file":232,"line":186,"context":226},{"file":232,"line":237,"context":226},65,{"file":232,"line":239,"context":226},135,{"file":232,"line":241,"context":226},148,{"file":232,"line":243,"context":226},166,{"file":232,"line":245,"context":226},174,{"file":232,"line":247,"context":226},193,{"file":232,"line":249,"context":226},201,3,[],[],{"summary":254,"deductions":255},"The \"protect-ai-login\" v1.0.0 plugin exhibits a generally positive security posture in terms of its attack surface and vulnerability history.  The absence of any known CVEs and a clean vulnerability history suggest a well-maintained and secure plugin, or at least one that has not been targeted by attackers in the past. The static analysis also reveals good practices such as 100% of SQL queries using prepared statements and the presence of nonce and capability checks, which are crucial for preventing common WordPress vulnerabilities.  The limited number of file operations and external HTTP requests also reduce potential attack vectors.\n\nHowever, there are some areas for concern. The most significant weakness identified is the very low percentage of properly escaped output (13%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the plugin's output, impacting users who interact with it. While the plugin has a limited attack surface and no critical taint flows detected, the unescaped output is a substantial risk that needs immediate attention. The plugin should prioritize properly escaping all user-supplied data before it is outputted to the browser.  Given the absence of other critical issues, focusing on output escaping should be the primary remediation effort.",[256],{"reason":257,"points":258},"Low output escaping percentage",8,"2026-03-16T23:38:30.814Z",{"wat":261,"direct":269},{"assetPaths":262,"generatorPatterns":264,"scriptPaths":265,"versionParams":267},[263],"\u002Fwp-content\u002Fplugins\u002Fprotect-ai-login\u002Fjs\u002Fais-script.js",[],[266],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js?hl=en",[268],"protect-ai-login\u002Fjs\u002Fais-script.js?ver=0.2",{"cssClasses":270,"htmlComments":272,"htmlAttributes":281,"restEndpoints":284,"jsGlobals":285,"shortcodeOutput":287},[271],"g-recaptcha",[273,274,275,276,277,278,279,280],"Copyright 2016  Aishee Nguyen (email : aishee@aishee.net)","This program is free software; you can redistribute it and\u002For modify","it under the terms of the GNU General Public License, version 2, as ","published by the Free Software Foundation.","This program is distributed in the hope that it will be useful,","but WITHOUT ANY WARRANTY; without even the implied warranty of","MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the","GNU General Public License for more details.",[282,283],"data-sitekey","data-sitekey=\"",[],[286],"ReCaptcha",[]]