[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyFEHvEz-PruOO30j_BYlsm2_2oKnABMuEY3uhCooaks":3,"$fxdAfadodsrs7f1u3r1SbIi1hFhXyWsQEnUWC3C_cTtQ":211,"$fSepJUn0HiqRorvUR7V86ohlfMP72K_AluGEL7Wf-8uA":216},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":37,"analysis":147,"fingerprints":198},"restricted-user-activity","Restricted User Activity","1.0.0","Steve Puddick","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevepuddick\u002F","\u003Cp>This plugin prevents unauthorized admin users from damaging or compromising your website.\u003C\u002Fp>\n\u003Cp>A common technique for hackers is to exploit vulnerabilities in your plugins or theme and try to create an unauthorized admin user for themselves. Once they have admin access they can do whatever they want to your website. They can deface it, display inappropriate content, or carry out many other malicious acts.\u003C\u002Fp>\n\u003Cp>Restricted User Activity adds an extra step to the process of allowing Admin users to perform actions on your website. It achieves this by explicitly specifying valid Admin user ids in the wp-config.php file. Even if a hacker was able to create an Admin user for themselves, they won’t be able to perform any actions since their user id would not be in the valid user list.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin requires some technical knowledge about how the WordPress wp-config.php file works and basic PHP coding. A single line of code needs to be added to the wp-config.php file.\u003C\u002Fp>\n","Provides stricter controls for admin user creation and activity",0,148,"2026-03-02T02:58:00.000Z","6.9.4","4.4","7.0",[18,19,20,21],"access","admin","security","user","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frestricted-user-activity","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestricted-user-activity.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"stevepuddick",6,1090,87,30,85,"2026-05-20T00:33:56.776Z",[38,58,79,101,124],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"rolematrix-gw","RoleMatrix","1.0.1","Mohammadreza Maghsoudipour","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaghsoudi\u002F","\u003Cp>RoleMatrix provides a comprehensive solution for managing WordPress user permissions with an intuitive interface designed for both beginners and advanced users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Create Custom Roles\u003C\u002Fstrong> – Build unlimited custom user roles tailored to your specific needs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manage Capabilities\u003C\u002Fstrong> – Control what each role can and cannot do with a user-friendly checkbox interface\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Admin Menu Items\u003C\u002Fstrong> – Restrict visibility of specific admin pages based on user roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom URL Restrictions\u003C\u002Fstrong> – Block direct URL access to protected admin areas\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access Control\u003C\u002Fstrong> – Fine-grained control over every aspect of WordPress admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Agencies managing multiple client sites\u003C\u002Fli>\n\u003Cli>Multi-author blogs and news sites\u003C\u002Fli>\n\u003Cli>E-commerce stores using WooCommerce\u003C\u002Fli>\n\u003Cli>Membership sites with different access levels\u003C\u002Fli>\n\u003Cli>Any WordPress site requiring advanced user management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plugin Integrations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Core Roles\u003C\u002Fli>\n\u003Cli>WooCommerce (Shop Manager, Customer)\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Rank Math SEO\u003C\u002Fli>\n\u003Cli>Duplicator Pro\u003C\u002Fli>\n\u003Cli>And more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Support:\u003C\u002Fstrong> For support requests, please use the WordPress.org support forums.\u003Cbr \u002F>\n\u003Cstrong>Languages:\u003C\u002Fstrong> Currently supports English and Persian (Farsi) with full RTL support.\u003Cbr \u002F>\n\u003Cstrong>Compatibility:\u003C\u002Fstrong> Tested with WordPress 6.8 and PHP 8.2\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security:\u003C\u002Fstrong> All inputs are sanitized and validated. Nonce verification on all forms. Administrator role is always protected.\u003C\u002Fp>\n","A powerful plugin to manage user roles, capabilities, and admin menu access with advanced URL restrictions.",219,"2025-12-06T15:07:00.000Z","6.8.5","5.8","7.4",[52,53,54,20,55],"access-control","admin-menu","capabilities","user-roles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frolematrix-gw.1.0.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":14,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":33,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":26},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29928058,96,1024,"2026-03-02T12:38:00.000Z","3.0","5.5",[18,19,74,59,20],"login","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",8,"2024-11-04 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":14,"requires_at_least":15,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":11,"last_vuln_date":100,"fetched_at":26},"user-role-editor","User Role Editor","4.64.6","Vladimir Garagulya","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinephp\u002F","\u003Cp>User Role Editor WordPress plugin allows you to change user roles and capabilities easy.\u003Cbr \u002F>\nJust turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done.\u003Cbr \u002F>\nAdd new roles and customize its capabilities according to your needs, from scratch of as a copy of other existing role.\u003Cbr \u002F>\nUnnecessary self-made role can be deleted if there are no users whom such role is assigned.\u003Cbr \u002F>\nRole assigned every new created user by default may be changed too.\u003Cbr \u002F>\nCapabilities could be assigned on per user basis. Multiple roles could be assigned to user simultaneously.\u003Cbr \u002F>\nYou can add new capabilities and remove unnecessary capabilities which could be left from uninstalled plugins.\u003Cbr \u002F>\nMulti-site support is provided.\u003C\u002Fp>\n\u003Cp>Try it out on your free TasteWP \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-role-editor\" rel=\"nofollow ugc\">test site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To read more about ‘User Role Editor’ visit \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> at \u003Ca href=\"http:\u002F\u002Fshinephp.com\" rel=\"nofollow ugc\">shinephp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you need more functionality with quality support in a real time? Do you wish to remove advertisements from User Role Editor pages?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">Buy Pro version\u003C\u002Fa>.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa> includes extra modules:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block selected admin menu items for role.\u003C\u002Fli>\n\u003Cli>Hide selected front-end menu items for no logged-in visitors, logged-in users, roles.\u003C\u002Fli>\n\u003Cli>Block selected widgets under “Appearance” menu for role.\u003C\u002Fli>\n\u003Cli>Show widgets at front-end for selected roles.\u003C\u002Fli>\n\u003Cli>Block selected meta boxes (dashboard, posts, pages, custom post types) for role.\u003C\u002Fli>\n\u003Cli>“Export\u002FImport” module. You can export user role to the local file and import it to any WordPress site or other sites of the multi-site WordPress network.\u003C\u002Fli>\n\u003Cli>Roles and Users permissions management via Network Admin  for multisite configuration. One click Synchronization to the whole network.\u003C\u002Fli>\n\u003Cli>“Other roles access” module allows to define which other roles user with current role may see at WordPress: dropdown menus, e.g assign role to user editing user profile, etc.\u003C\u002Fli>\n\u003Cli>Manage user access to editing posts\u002Fpages\u002Fcustom post type using posts\u002Fpages, authors, taxonomies ID list.\u003C\u002Fli>\n\u003Cli>Per plugin users access management for plugins activate\u002Fdeactivate operations.\u003C\u002Fli>\n\u003Cli>Per form users access management for Gravity Forms plugin.\u003C\u002Fli>\n\u003Cli>Shortcode to show enclosed content to the users with selected roles only.\u003C\u002Fli>\n\u003Cli>Posts and pages view restrictions for selected roles.\u003C\u002Fli>\n\u003Cli>Admin back-end pages permissions viewer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro version is advertisement free. Premium support is included.\u003C\u002Fp>\n\u003Ch3>Additional Documentation\u003C\u002Fh3>\n\u003Cp>You can find more information about “User Role Editor” plugin at \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>I am ready to answer on your questions about plugin usage. Use \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugin page comments\u003C\u002Fa> for that.\u003C\u002Fp>\n","User Role Editor WordPress plugin makes user roles and capabilities changing easy. Edit\u002Fadd\u002Fdelete WordPress user roles and capabilities.",700000,21415579,90,287,"2025-12-02T03:45:00.000Z","7.3",[18,94,95,20,21],"editor","role","https:\u002F\u002Fwww.role-editor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-editor.4.64.6.zip",97,2,"2024-12-16 19:51:53",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":14,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":56,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":11,"last_vuln_date":123,"fetched_at":26},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7412197,84,420,"2026-03-08T15:53:00.000Z","5.8.0","5.6.0",[117,118,119,20,55],"access-governance","api-security","restricted-content","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":89,"num_ratings":134,"last_updated":135,"tested_up_to":14,"requires_at_least":136,"requires_php":16,"tags":137,"homepage":142,"download_link":143,"security_score":144,"vuln_count":145,"unpatched_count":11,"last_vuln_date":146,"fetched_at":26},"wpfront-user-role-editor","WPFront User Role Editor","4.2.4","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>WPFront User Role Editor plugin allows you to easily manage WordPress user roles within your site.\u003Cbr \u002F>\nYou can create, edit or delete user roles and manage role capabilities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Edit or rename existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Manage capabilities.\u003C\u002Fli>\n\u003Cli>Allows you to add role capabilities.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Add or Remove capabilities.\u003C\u002Fli>\n\u003Cli>Restore role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles.\u003C\u002Fli>\n\u003Cli>Migrate users.\u003C\u002Fli>\n\u003Cli>Navigation menu permissions basic.\u003C\u002Fli>\n\u003Cli>Widget permissions basic.\u003C\u002Fli>\n\u003Cli>Login redirect basic.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmenu-editor\u002F\" rel=\"nofollow ugc\">Admin menu editor.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmedia-attachment-file-permissions\u002F\" rel=\"nofollow ugc\">Media library permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fuser-level-permissions\u002F\" rel=\"nofollow ugc\">User level permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fnavigation-menu-permissions\u002F\" rel=\"nofollow ugc\">Navigation menu permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fwidget-permissions\u002F\" rel=\"nofollow ugc\">Widget permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Flogin-redirect\u002F\" rel=\"nofollow ugc\">Login redirect advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fposts-pages-extended-permissions\u002F\" rel=\"nofollow ugc\">Post\u002FPage extended permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcustom-post-type-permissions\u002F\" rel=\"nofollow ugc\">Custom post type permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcontent-restriction-shortcodes\u002F\" rel=\"nofollow ugc\">Content restriction shortcodes.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fexport-roles\u002F\" rel=\"nofollow ugc\">Import\u002FExport.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmultisite-sync-roles\u002F\" rel=\"nofollow ugc\">Multisite support.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compare \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fppro\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Spanish tutorial\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYRZdWH-uukI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.",30000,965504,65,"2025-12-02T16:53:00.000Z","5.1",[138,139,20,140,141],"capability-manager","role-editor","user-access","user-permissions","http:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-user-role-editor.4.2.4.zip",94,5,"2025-09-26 00:00:00",{"attackSurface":148,"codeSignals":181,"taintFlows":189,"riskAssessment":190,"analyzedAt":197},{"hooks":149,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":11,"unprotectedCount":11},[150,156,159,163,168,173],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","init","rua_load_textdomain","restricted-user-activity.php",26,{"type":151,"name":157,"callback":158,"file":154,"line":34},"admin_notices","rua_display_admin_notice",{"type":151,"name":152,"callback":160,"priority":161,"file":154,"line":162},"rua_enforce_whitelist",99,62,{"type":164,"name":165,"callback":166,"file":154,"line":167},"filter","manage_users_columns","rua_add_user_id_column",145,{"type":164,"name":169,"callback":170,"priority":171,"file":154,"line":172},"manage_users_custom_column","rua_show_user_id_column_content",10,161,{"type":164,"name":174,"callback":175,"file":154,"line":176},"manage_users_sortable_columns","rua_make_user_id_column_sortable",173,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":188},[],{"prepared":11,"raw":11,"locations":184},[],{"escaped":186,"rawEcho":11,"locations":187},7,[],[],[],{"summary":191,"deductions":192},"The \"restricted-user-activity\" plugin version 1.0.0 exhibits an exceptionally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code analysis reveals no dangerous functions, all SQL queries are properly prepared, and all output is correctly escaped. There are no file operations or external HTTP requests, indicating a contained and robust implementation. The lack of any identified taint flows further strengthens this assessment. This suggests the developers have followed excellent secure coding practices.\n\nHowever, the analysis also highlights several areas that, while not explicitly problematic in this version, represent potential future risks if not addressed. The complete absence of nonce checks and capability checks, while not leading to immediate vulnerabilities in this static snapshot, means that any future addition of entry points (like AJAX or REST API endpoints) would require careful manual auditing to ensure proper authorization is implemented. The plugin's vulnerability history being completely clean is a significant positive, suggesting a history of secure development. Nonetheless, a complete lack of any recorded vulnerabilities, especially for a plugin that might be used in various environments, could also indicate a limited scope of testing or a very small user base, rather than an absolute guarantee of future invulnerability.\n\nIn conclusion, the current version of \"restricted-user-activity\" appears to be highly secure. The developers have demonstrated a strong commitment to secure coding by eliminating common vulnerability vectors. The primary weakness is the lack of inherent authorization mechanisms (nonces, capabilities) which, while not a current issue, necessitates diligence if the plugin's functionality expands. The clean vulnerability history is a testament to its current state, but ongoing vigilance and adherence to secure development practices are always recommended.",[193,195],{"reason":194,"points":145},"Missing nonce checks",{"reason":196,"points":145},"Missing capability checks","2026-03-17T07:20:47.828Z",{"wat":199,"direct":204},{"assetPaths":200,"generatorPatterns":201,"scriptPaths":202,"versionParams":203},[],[],[],[],{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":208,"jsGlobals":209,"shortcodeOutput":210},[],[],[],[],[],[],{"error":212,"url":213,"statusCode":214,"statusMessage":215,"message":215},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Frestricted-user-activity\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":217,"versions":218},1,[219],{"version":6,"download_url":23,"svn_tag_url":220,"released_at":25,"has_diff":221,"diff_files_changed":222,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":223,"is_current":212},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Frestricted-user-activity\u002Ftags\u002F1.0.0\u002F",false,[],[]]