[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frJS0PeUDkK-YfXurEPFkuXQaLJwU6tc2ZR9I4EH1fdk":3,"$fmyKgfm3Ng1JtEh8C9Sumn__vYJC_3mnp4RyAp71fuHw":575,"$f5FL_5rAsStmr5esrNiMF-rPnpgOPbREXVeyxtSFuh_g":579},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":146,"fingerprints":554},"securelywp","SecurelyWP – all-in-one security","1.0.10","SecurelyWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecurelywp\u002F","\u003Cp>SecurelyWP is a hassle-free security plugin that makes your WordPress site safer the moment you activate it. Most features work out of the box, with optional CAPTCHA and two-factor authentication (2FA) configuration for enhanced protection. It includes strong security features, system details, security headers, CAPTCHA integration, and 2FA to keep your site secure and healthy.\u003C\u002Fp>\n\u003Cp>Why Choose SecurelyWP?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works Out of the Box: Most security features activate automatically upon installation.\u003C\u002Fli>\n\u003Cli>Comprehensive Protection: Guards against hacking, malicious files, form spam, and unauthorized access.\u003C\u002Fli>\n\u003Cli>Lightweight: Designed to run smoothly without affecting your site’s speed or performance.\u003C\u002Fli>\n\u003Cli>Free Features: Includes system details, security headers, CAPTCHA, and 2FA to monitor and protect your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Hide WordPress Version\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Stops hackers from targeting weaknesses in your WordPress version.  \u003C\u002Fli>\n\u003Cli>Impact: Good protection with no effect on your site’s appearance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Disable PHP Execution in Uploads Folder\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Prevents harmful scripts from running if someone uploads a malicious file.  \u003C\u002Fli>\n\u003Cli>Impact: Strong defense against file-based attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Prevent User Enumeration\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Blocks hackers from guessing usernames through sneaky methods.  \u003C\u002Fli>\n\u003Cli>Impact: Keeps your user list safe from prying eyes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Detect & Warn About “admin” Username\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Alerts you if your site uses the risky “admin” username.  \u003C\u002Fli>\n\u003Cli>Impact: Big security boost if you change the username.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Disable File Editing in Dashboard\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Stops anyone from modifying your site’s code through the WordPress dashboard.  \u003C\u002Fli>\n\u003Cli>Impact: Major safeguard against unauthorized code changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Force HTTPS for Login & Admin\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Ensures your login and admin pages use a secure connection.  \u003C\u002Fli>\n\u003Cli>Impact: Critical for keeping your credentials safe.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Basic Brute Force Protection (Lite)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Temporarily blocks repeated failed login attempts.  \u003C\u002Fli>\n\u003Cli>Impact: Strong protection against login attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>System Details\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Shows important info about your site to monitor its health.  \u003C\u002Fli>\n\u003Cli>Impact: Keeps you informed about your site’s status.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Security Headers\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Adds HTTP headers to improve your site’s security.  \u003C\u002Fli>\n\u003Cli>Impact: Strengthens your site’s defense with minimal setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>CAPTCHA Protection (Cloudflare Turnstile)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Adds CAPTCHA to prevent spam and bot submissions.  \u003C\u002Fli>\n\u003Cli>Impact: Enhances form security with user-friendly CAPTCHA.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Two-Factor Authentication (2FA)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Why: Adds an extra layer of security by requiring a second verification step during login.  \u003C\u002Fli>\n\u003Cli>Impact: Significantly reduces the risk of unauthorized access.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>2FA Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Authenticator App (TOTP): Use apps like Google Authenticator or Authy for time-based codes.\u003Cbr \u002F>\n– Email 2FA: Receive codes via email for verification.\u003Cbr \u002F>\n– Recovery Codes: Generate emergency codes for access if other methods are unavailable.\u003Cbr \u002F>\n– Per-User Settings: Each user can configure their own 2FA preferences.\u003Cbr \u002F>\n– Multisite Support: Super admins can enforce 2FA network-wide.\u003Cbr \u002F>\n– Flexible Options: Choose primary 2FA method from TOTP, Email 2FA, or Recovery Codes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Forms, Plugins & Multisite for CAPTCHA:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Core WordPress: Login, Registration, Lost Password, Comment\u003Cbr \u002F>\n– E-commerce & Membership: WooCommerce Checkout, MemberPress, Ultimate Member, WP-Members\u003Cbr \u002F>\n– Form Plugins: WPForms, Gravity Forms, Contact Form 7 (CF7), Formidable Forms, Forminator, Elementor Pro, Easy Digital Downloads (EDD), Mailchimp for WordPress\u003Cbr \u002F>\n– Community \u002F Forums: BuddyPress, bbPress\u003Cbr \u002F>\n– Multisite: Multisite Signup Forms\u003C\u002Fp>\n\u003Ch3>How to Set Up CAPTCHA with Cloudflare Turnstile\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Sign Up for Cloudflare:\u003C\u002Fstrong> Go to https:\u002F\u002Fwww.cloudflare.com\u002F and create a free account or log in.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Your Site:\u003C\u002Fstrong> Click “Add a Site” in the dashboard and enter your domain.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Turnstile:\u003C\u002Fstrong> Navigate to the “Turnstile” section in the Cloudflare dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Create a Turnstile Widget:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Click “Add Widget”  \u003C\u002Fli>\n\u003Cli>Provide a name (e.g., “SecurelyWP CAPTCHA”)  \u003C\u002Fli>\n\u003Cli>Add Hostnames (your domain, e.g., example.com) \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Click “Add”  \u003C\u002Fli>\n\u003Cli>Choose the widget type (“Managed”)  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get Your Keys:\u003C\u002Fstrong> Copy the Site Key and Secret Key.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Keys to SecurelyWP:\u003C\u002Fstrong> Go to SecurelyWP > CAPTCHA Settings in WordPress \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> paste keys \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> enable CAPTCHA for desired forms.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Your CAPTCHA:\u003C\u002Fstrong> Visit a form to ensure the CAPTCHA widget appears and works correctly.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>How to Set Up Two-Factor Authentication\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Access 2FA Settings:\u003C\u002Fstrong> Go to “Profile” > “Two-Factor Authentication” in your WordPress dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable 2FA Methods:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Authenticator App: Scan the QR code or enter the secret into your app (Google Authenticator, Authy). Verify with a code.  \u003C\u002Fli>\n\u003Cli>Email 2FA: Enable to receive codes via email.  \u003C\u002Fli>\n\u003Cli>Recovery Codes: Generate emergency codes. Copy or download codes for safekeeping.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Primary Method:\u003C\u002Fstrong> Select your preferred 2FA method (Authenticator App, Email, or Recovery Codes).  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test 2FA:\u003C\u002Fstrong> Log out and log in to verify the 2FA prompt appears below the login form.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite (Super Admins):\u003C\u002Fstrong> Enable network-wide 2FA enforcement for all users.\u003C\u002Fli>\n\u003C\u002Fol>\n","SecurelyWP is a simple security plugin that protects your WordPress site right after activation—no setup needed for most features.",20,934,0,"2025-11-22T01:28:00.000Z","6.8.5","5.0","",[19,20,21,22],"captcha","headers","security","two-factor-authentication-2fa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.10.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":4,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-05-19T20:00:40.638Z",[35,59,83,103,123],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":13,"last_vuln_date":58,"fetched_at":26},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5197886,86,15,"2026-04-16T06:35:00.000Z","7.0","3.9",[19,51,52,53,21],"login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",98,2,"2026-02-23 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":79,"download_link":80,"security_score":56,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":26},"google-captcha","reCaptcha by BestWebSoft","1.86","bestwebsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestwebsoft\u002F","\u003Cp>reCaptcha plugin is an effective security solution that protects your WordPress website forms from spam entries while letting real people pass through with ease.  It can be used for login, registration, password recovery, comments, popular contact forms, and other. reCAPTCHA Version 3, Version 2, Invisible are included.\u003C\u002Fp>\n\u003Cp>Users are required to confirm that they are not a robot before the form can be submitted. It’s easy for people and hard for bots.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-for-google-captcha\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FL2BziEOL3Fg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add reCaptcha to:\n\u003Cul>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Reset password form\u003C\u002Fli>\n\u003Cli>Protected post password form\u003C\u002Fli>\n\u003Cli>Comments form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcontact-form\u002F?k=56575444122cff9ab3ee3e640efb001a\" rel=\"nofollow ugc\">Contact Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Ftestimonials\u002F\" rel=\"nofollow ugc\">Testimonials\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbws-login-register\" rel=\"ugc\">Login & Register Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Custom form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Hide reCaptcha for the allowlisted IP addresses\u003C\u002Fli>\n\u003Cli>Disable the submit button\u003C\u002Fli>\n\u003Cli>Validity check of keys in admin panel\u003C\u002Fli>\n\u003Cli>Available reCaptcha themes for Version 2:\n\u003Cul>\n\u003Cli>Light (default)\u003C\u002Fli>\n\u003Cli>Dark\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Flimit-attempts\u002F?k=1b1865c556920231995b35c3ed889415\" rel=\"nofollow ugc\">Limit Attempts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Hide reCaptcha in your forms for certain user roles\u003C\u002Fli>\n\u003Cli>Hide reCaptcha Badge (Invisible and V3)\u003C\u002Fli>\n\u003Cli>Supports reCaptcha:\n\u003Cul>\n\u003Cli>Version 2\u003C\u002Fli>\n\u003Cli>Version 3\u003C\u002Fli>\n\u003Cli>Invisible reCAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add custom code via plugin settings page\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003Cli>Multilingual and RTL ready\u003C\u002Fli>\n\u003Cli>Edit error message\u003C\u002Fli>\n\u003Cli>Hide Login page\u003C\u002Fli>\n\u003Cli>Force Strong Passwords\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All features from Free version included plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Compatible with:\n\u003Cul>\n\u003Cli>Contact Form 7 (since v 3.4)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fsubscriber\u002F?k=e6d1742fcf1806a39afac207f7920cf3\" rel=\"nofollow ugc\">Subscriber\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fmultilanguage\u002F?k=e48e145002e4b2472e568a81d171b888\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Jetpack contact form\u003C\u002Fli>\n\u003Cli>Fast Secure Contact Form\u003C\u002Fli>\n\u003Cli>MailChimp for WordPress\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Caldera Forms\u003C\u002Fli>\n\u003Cli>Elementor Pro Contact Forms\u003C\u002Fli>\n\u003Cli>LearnDash Registration Page\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Register form\u003C\u002Fli>\n\u003Cli>Lost password form\u003C\u002Fli>\n\u003Cli>Checkout billing form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Divi:\n\u003Cul>\n\u003Cli>Divi Builder Contact form\u003C\u002Fli>\n\u003Cli>Divi Builder Login form\u003C\u002Fli>\n\u003Cli>Divi Theme Contact form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with bbPress:\n\u003Cul>\n\u003Cli>New Topic form\u003C\u002Fli>\n\u003Cli>Reply form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with BuddyPress:\n\u003Cul>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Comments form\u003C\u002Fli>\n\u003Cli>Create a Group form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Forums – wpForo:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>New Topic form\u003C\u002Fli>\n\u003Cli>Reply form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Ultimate Member:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Profile form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with BWS Login Register Form:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Forgot Password form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Easy Digital Downloads Form:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Forgot Password form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Select reCaptcha language manually\u003C\u002Fli>\n\u003Cli>Activate reCaptcha on certain Weekdays and Hours\u003C\u002Fli>\n\u003Cli>Change size: normal or compact (for version 2)\u003C\u002Fli>\n\u003Cli>Configure all subsites on the network\u003C\u002Fli>\n\u003Cli>Block disposable emails\u003C\u002Fli>\n\u003Cli>Administrator Login notification\u003C\u002Fli>\n\u003Cli>Get answer to your support question within one business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-captcha\u002F?k=c4f2e3054fdbaca8a2b61554cbb9638c\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Frecaptcha\u002Frecaptcha-user-guide\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-purchase-a-wordpress-plugin\u002Fhow-to-purchase-wordpress-plugin-from-bestwebsoft\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=RUJ9VwZLFSY\" rel=\"nofollow ugc\">[Video] Installation Instruction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=X-ccRdEFcM0\" rel=\"nofollow ugc\">[Video] Purchase, Installation & Configuration\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=ZFv6txtic0Y\" rel=\"nofollow ugc\">[Video] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help – \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Affiliate Program\u003C\u002Fh4>\n\u003Cp>Earn 20% commission by selling the premium WordPress plugins and themes by BestWebSoft – \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Czech (cs_CZ) (thanks to \u003Ca href=\"mailto:kucerami@gmail.com\" rel=\"nofollow ugc\">Michal Kučera\u003C\u002Fa>, www.n0lim.it, \u003Ca href=\"mailto:info@pamadessoft.cz\" rel=\"nofollow ugc\">PaMaDeSSoft\u003C\u002Fa>, www.pamadessoft.cz)\u003C\u002Fli>\n\u003Cli>French (fr_FR)\u003C\u002Fli>\n\u003Cli>German (de_DE)\u003C\u002Fli>\n\u003Cli>Japanese (ja)\u003C\u002Fli>\n\u003Cli>Italian (it_IT)\u003C\u002Fli>\n\u003Cli>Portuguese (pt_BR)\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO)\u003C\u002Fli>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Spanish (es_ES)\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) (thanks to \u003Ca href=\"mailto:admin@lordiz.com\" rel=\"nofollow ugc\">Lordiz\u003C\u002Fa>, www.lordiz.com)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=f47f3eb3d739725d592249dbd129f7ff\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcontact-form\u002F?k=56575444122cff9ab3ee3e640efb001a\" rel=\"nofollow ugc\">Contact Form\u003C\u002Fa> – Simple contact form plugin any WordPress website must have.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fsubscriber\u002F?k=e6d1742fcf1806a39afac207f7920cf3\" rel=\"nofollow ugc\">Subscriber\u003C\u002Fa> – Add email newsletter sign up form to WordPress posts, pages and widgets. Collect data and subscribe your users.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fmultilanguage\u002F?k=e48e145002e4b2472e568a81d171b888\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> – Translate WordPress website content to other languages manually. Create multilingual pages, posts, widgets, menus, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>lib\u002Frecaptchalib.php – Copyright © 2007. Mike Crawford, Ben Maurer (reCAPTCHA – \u003Ca href=\"http:\u002F\u002Frecaptcha.net\" rel=\"nofollow ugc\">http:\u002F\u002Frecaptcha.net\u003C\u002Fa>). All Rights Reserved.\u003C\u002Fli>\n\u003Cli>The plugin uses Google Recaptcha (Google LLC) services to process data and protect against spam. \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003C\u002Fa> Terms of service \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>This plugin incorporates a license verification mechanism to ensure the authenticity of your license key and provide access to premium features and updates. The verification process involves connecting securely to our external service hosted at BestWebSoft website \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\u003C\u002Fa>. End user license agreement \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress website forms from spam entries with Google reCAPTCHA.",100000,6630359,78,390,"2026-02-25T08:45:00.000Z","6.9.4","6.5",[75,76,19,77,78],"anti-spam-security","antispam","captha","recaptcha","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-captcha.1.86.zip",3,"2025-01-03 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":56,"num_ratings":69,"last_updated":93,"tested_up_to":72,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":101,"download_link":102,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.3.2","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Ch4>Free Forever\u003C\u002Fh4>\n\u003Cp>Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n\u003Ch4>Shield — Advanced Features (Optional)\u003C\u002Fh4>\n\u003Cp>Every feature this plugin offers today is and will remain completely free, forever. \u003Cstrong>Shield\u003C\u002Fstrong> is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Advisor\u003C\u002Fstrong> — Analyzes your configuration and gives personalized recommendations in plain language\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Guide\u003C\u002Fstrong> — Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Score Dashboard\u003C\u002Fstrong> — Real-time A+ to F grade with header status for all 10 security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email & Webhook Alerts\u003C\u002Fstrong> — Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Violation Analytics\u003C\u002Fstrong> — See which resources browsers are blocking and why\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weekly Automated Scans\u003C\u002Fstrong> — Automatic security audit with scan history and trend tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at \u003Ca href=\"https:\u002F\u002Fopenheaders.org\u002Fpro\" rel=\"nofollow ugc\">openheaders.org\u002Fpro\u003C\u002Fa>.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1376883,"2026-03-16T14:46:00.000Z","4.7","7.4",[97,98,20,99,100],"clickjacking","csp","headers-security","hsts","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.3.2.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":94,"requires_php":48,"tags":117,"homepage":17,"download_link":121,"security_score":122,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1246273,80,25,"2025-01-15T17:05:00.000Z","6.7.5",[118,19,119,21,120],"2fa","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":17,"tags":138,"homepage":142,"download_link":143,"security_score":144,"vuln_count":30,"unpatched_count":13,"last_vuln_date":145,"fetched_at":26},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1371626,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[139,140,141,78,21],"google","login","nocaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",85,"2022-08-16 00:00:00",{"attackSurface":147,"codeSignals":428,"taintFlows":443,"riskAssessment":547,"analyzedAt":553},{"hooks":148,"ajaxHandlers":413,"restRoutes":425,"shortcodes":426,"cronEvents":427,"entryPointCount":81,"unprotectedCount":30},[149,155,160,163,167,170,174,179,183,187,190,194,197,200,205,209,213,216,221,225,229,233,237,241,245,248,252,256,260,263,267,270,274,277,280,283,286,289,293,297,300,305,309,313,317,321,323,325,327,329,331,332,333,334,335,337,338,339,342,345,350,354,357,360,364,369,371,376,378,382,386,389,392,395,398,401,403,404,408,411],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_menu","register_menu","admin\u002Fdashboard.php",17,{"type":150,"name":156,"callback":157,"priority":24,"file":158,"line":159},"admin_bar_menu","add_purge_cache_button","includes\u002Fcache\u002Fpurge-cache.php",16,{"type":150,"name":161,"callback":162,"file":158,"line":154},"admin_enqueue_scripts","enqueue_scripts",{"type":150,"name":164,"callback":165,"file":158,"line":166},"wp_enqueue_scripts","force_asset_refresh",18,{"type":150,"name":161,"callback":168,"file":158,"line":169},"force_admin_asset_refresh",19,{"type":150,"name":171,"callback":172,"file":158,"line":173},"admin_notices","show_purge_notice",21,{"type":150,"name":175,"callback":176,"file":177,"line":178},"plugins_loaded","closure","includes\u002Fcaptcha\u002Fcaptcha.php",71,{"type":150,"name":180,"callback":181,"file":177,"line":182},"login_form","securelywp_captcha_render_login",79,{"type":150,"name":184,"callback":185,"file":177,"line":186},"register_form","securelywp_captcha_render_register",82,{"type":150,"name":188,"callback":189,"file":177,"line":144},"lostpassword_form","securelywp_captcha_render_lostpassword",{"type":150,"name":191,"callback":192,"file":177,"line":193},"comment_form_after_fields","securelywp_captcha_render_comment",88,{"type":150,"name":195,"callback":192,"file":177,"line":196},"comment_form_logged_in_after",89,{"type":150,"name":198,"callback":199,"file":177,"line":122},"woocommerce_checkout_before_customer_details","securelywp_captcha_render_checkout",{"type":201,"name":202,"callback":203,"file":177,"line":204},"filter","wpcf7_form_elements","securelywp_captcha_cf7_render",95,{"type":150,"name":206,"callback":207,"file":177,"line":208},"wpcf7_before_send_mail","securelywp_captcha_cf7_verify",96,{"type":201,"name":210,"callback":211,"file":177,"line":212},"gform_pre_render","securelywp_captcha_gf_render",99,{"type":150,"name":214,"callback":215,"file":177,"line":24},"gform_pre_submission","securelywp_captcha_gf_verify",{"type":201,"name":217,"callback":218,"priority":219,"file":177,"line":220},"wpforms_frontend_output","securelywp_captcha_wpforms_render",10,103,{"type":150,"name":222,"callback":223,"priority":219,"file":177,"line":224},"wpforms_process","securelywp_captcha_wpforms_verify",104,{"type":201,"name":226,"callback":227,"priority":219,"file":177,"line":228},"frm_display_form","securelywp_captcha_formidable_render",107,{"type":150,"name":230,"callback":231,"priority":219,"file":177,"line":232},"frm_before_create_entry","securelywp_captcha_formidable_verify",108,{"type":201,"name":234,"callback":235,"priority":219,"file":177,"line":236},"forminator_custom_form_render_response","securelywp_captcha_forminator_render",111,{"type":150,"name":238,"callback":239,"priority":219,"file":177,"line":240},"forminator_custom_form_submit_response","securelywp_captcha_forminator_verify",112,{"type":150,"name":242,"callback":243,"priority":219,"file":177,"line":244},"elementor_pro\u002Fforms\u002Fvalidation","securelywp_captcha_elementor_verify",115,{"type":150,"name":246,"callback":199,"file":177,"line":247},"edd_purchase_form_before_submit",118,{"type":150,"name":249,"callback":250,"priority":219,"file":177,"line":251},"edd_checkout_error_checks","securelywp_captcha_edd_verify",119,{"type":150,"name":253,"callback":254,"file":177,"line":255},"mc4wp_form_before_fields","securelywp_captcha_render",122,{"type":201,"name":257,"callback":258,"priority":219,"file":177,"line":259},"mc4wp_form_submit","securelywp_captcha_mailchimp_verify",123,{"type":150,"name":261,"callback":254,"file":177,"line":262},"bp_before_account_details_fields",126,{"type":150,"name":264,"callback":265,"priority":30,"file":177,"line":266},"bp_core_signup_user","securelywp_captcha_buddypress_verify",127,{"type":150,"name":268,"callback":254,"file":177,"line":269},"bbp_template_after_replies_loop",130,{"type":150,"name":271,"callback":272,"priority":30,"file":177,"line":273},"bbp_new_reply","securelywp_captcha_bbpress_verify",131,{"type":150,"name":275,"callback":272,"priority":30,"file":177,"line":276},"bbp_new_topic",132,{"type":150,"name":278,"callback":254,"file":177,"line":279},"mepr-account-form",135,{"type":150,"name":281,"callback":254,"file":177,"line":282},"um_after_form_fields",138,{"type":150,"name":284,"callback":254,"file":177,"line":285},"wpmem_register_form",141,{"type":150,"name":287,"callback":254,"file":177,"line":288},"signup_extra_fields",144,{"type":150,"name":290,"callback":291,"priority":219,"file":177,"line":292},"wpmu_validate_user_signup","securelywp_captcha_multisite_verify",145,{"type":150,"name":164,"callback":294,"file":295,"line":296},"securelywp_captcha_enqueue_script","includes\u002Fcaptcha\u002Frender.php",27,{"type":150,"name":298,"callback":294,"file":295,"line":299},"login_enqueue_scripts",28,{"type":201,"name":301,"callback":302,"priority":31,"file":303,"line":304},"authenticate","securelywp_captcha_verify_authenticate","includes\u002Fcaptcha\u002Fverify.php",56,{"type":201,"name":306,"callback":307,"priority":31,"file":303,"line":308},"registration_errors","securelywp_captcha_verify_registration",57,{"type":201,"name":310,"callback":311,"priority":31,"file":303,"line":312},"allow_password_reset","securelywp_captcha_verify_lostpassword",58,{"type":201,"name":314,"callback":315,"priority":31,"file":303,"line":316},"preprocess_comment","securelywp_captcha_verify_comment",59,{"type":150,"name":318,"callback":319,"priority":31,"file":303,"line":320},"woocommerce_after_checkout_validation","securelywp_captcha_verify_woocommerce_checkout",61,{"type":150,"name":206,"callback":207,"file":303,"line":322},64,{"type":150,"name":214,"callback":215,"file":303,"line":324},67,{"type":150,"name":222,"callback":223,"priority":219,"file":303,"line":326},70,{"type":150,"name":230,"callback":231,"priority":219,"file":303,"line":328},73,{"type":150,"name":238,"callback":239,"priority":219,"file":303,"line":330},76,{"type":150,"name":242,"callback":243,"priority":219,"file":303,"line":182},{"type":150,"name":249,"callback":250,"priority":219,"file":303,"line":186},{"type":201,"name":257,"callback":258,"priority":219,"file":303,"line":144},{"type":150,"name":264,"callback":265,"priority":30,"file":303,"line":193},{"type":150,"name":271,"callback":272,"priority":30,"file":303,"line":336},91,{"type":150,"name":275,"callback":272,"priority":30,"file":303,"line":122},{"type":150,"name":290,"callback":291,"priority":219,"file":303,"line":204},{"type":201,"name":340,"callback":176,"file":303,"line":341},"gform_validation_message",173,{"type":150,"name":175,"callback":343,"priority":30,"file":344,"line":182},"securelywp_firewall_core","includes\u002Ffirewall\u002Ffirewall.php",{"type":150,"name":346,"callback":347,"file":348,"line":349},"wp_login_failed","track_failed_login","includes\u002Fhardening\u002Fbrute-force-lite.php",41,{"type":150,"name":351,"callback":352,"priority":219,"file":348,"line":353},"wp_login","clear_attempts",42,{"type":201,"name":301,"callback":355,"priority":11,"file":348,"line":356},"check_login_attempts",43,{"type":150,"name":171,"callback":358,"file":359,"line":296},"check_admin_username","includes\u002Fhardening\u002Fdetect-admin-username.php",{"type":150,"name":361,"callback":362,"file":363,"line":11},"init","initialize","includes\u002Fhardening\u002Fdisable-php-uploads.php",{"type":201,"name":365,"callback":366,"priority":219,"file":367,"line":368},"login_url","ensure_https_url","includes\u002Fhardening\u002Fforce-https.php",40,{"type":201,"name":370,"callback":366,"priority":219,"file":367,"line":349},"admin_url",{"type":201,"name":372,"callback":373,"priority":374,"file":375,"line":349},"style_loader_src","remove_version_query",9999,"includes\u002Fhardening\u002Fhide-wp-version.php",{"type":201,"name":377,"callback":373,"priority":374,"file":375,"line":353},"script_loader_src",{"type":150,"name":379,"callback":380,"file":381,"line":296},"template_redirect","block_author_queries","includes\u002Fhardening\u002Fprevent-user-enum.php",{"type":150,"name":383,"callback":384,"file":385,"line":46},"send_headers","securelywp_add_csp_header","includes\u002Fheaders\u002Fcsp.php",{"type":150,"name":383,"callback":387,"file":388,"line":46},"securelywp_add_hsts_header","includes\u002Fheaders\u002Fhsts.php",{"type":150,"name":383,"callback":390,"file":391,"line":46},"securelywp_add_permissions_policy_header","includes\u002Fheaders\u002Fpermissions-policy.php",{"type":150,"name":383,"callback":393,"file":394,"line":46},"securelywp_add_referrer_policy_header","includes\u002Fheaders\u002Freferrer-policy.php",{"type":150,"name":383,"callback":396,"file":397,"line":46},"securelywp_add_x_content_type_options_header","includes\u002Fheaders\u002Fx-content-type-options.php",{"type":150,"name":383,"callback":399,"file":400,"line":46},"securelywp_add_x_frame_options_header","includes\u002Fheaders\u002Fx-frame-options.php",{"type":150,"name":180,"callback":176,"file":402,"line":166},"includes\u002Ftwo-factor\u002Frender.php",{"type":201,"name":301,"callback":176,"priority":24,"file":402,"line":56},{"type":150,"name":161,"callback":405,"file":406,"line":407},"enqueue_assets","securelywp.php",53,{"type":150,"name":151,"callback":409,"file":406,"line":410},"register_admin_menus",54,{"type":150,"name":175,"callback":176,"file":406,"line":412},217,[414,419,422],{"action":415,"nopriv":416,"callback":417,"hasNonce":418,"hasCapCheck":418,"file":153,"line":166},"securelywp_get_dashboard_status",false,"ajax_get_dashboard_status",true,{"action":420,"nopriv":416,"callback":421,"hasNonce":418,"hasCapCheck":418,"file":158,"line":11},"securelywp_purge_cache","ajax_purge_cache",{"action":423,"nopriv":416,"callback":176,"hasNonce":416,"hasCapCheck":416,"file":402,"line":424},"securelywp_reset_2fa",165,[],[],[],{"dangerousFunctions":429,"sqlUsage":430,"outputEscaping":433,"fileOperations":13,"externalRequests":30,"nonceChecks":441,"capabilityChecks":441,"bundledLibraries":442},[],{"prepared":431,"raw":13,"locations":432},4,[],{"escaped":434,"rawEcho":57,"locations":435},473,[436,440],{"file":437,"line":438,"context":439},"admin\u002Fsettings-pages\u002Fheaders-settings.php",171,"raw output",{"file":295,"line":349,"context":439},11,[],[444,463,471,481,489,506,517,529,537],{"entryPoint":445,"graph":446,"unsanitizedCount":13,"severity":462},"securelywp_captcha_settings_page (admin\u002Fsettings-pages\u002Fcaptcha-settings.php:18)",{"nodes":447,"edges":460},[448,454],{"id":449,"type":450,"label":451,"file":452,"line":453},"n0","source","$_POST","admin\u002Fsettings-pages\u002Fcaptcha-settings.php",49,{"id":455,"type":456,"label":457,"file":452,"line":458,"wp_function":459},"n1","sink","update_option() [Settings Manipulation]",52,"update_option",[461],{"from":449,"to":455,"sanitized":418},"low",{"entryPoint":464,"graph":465,"unsanitizedCount":13,"severity":462},"\u003Ccaptcha-settings> (admin\u002Fsettings-pages\u002Fcaptcha-settings.php:0)",{"nodes":466,"edges":469},[467,468],{"id":449,"type":450,"label":451,"file":452,"line":453},{"id":455,"type":456,"label":457,"file":452,"line":458,"wp_function":459},[470],{"from":449,"to":455,"sanitized":418},{"entryPoint":472,"graph":473,"unsanitizedCount":13,"severity":462},"securelywp_hardening_settings_page (admin\u002Fsettings-pages\u002Fhardening-settings.php:20)",{"nodes":474,"edges":479},[475,478],{"id":449,"type":450,"label":451,"file":476,"line":477},"admin\u002Fsettings-pages\u002Fhardening-settings.php",51,{"id":455,"type":456,"label":457,"file":476,"line":407,"wp_function":459},[480],{"from":449,"to":455,"sanitized":418},{"entryPoint":482,"graph":483,"unsanitizedCount":13,"severity":462},"\u003Chardening-settings> (admin\u002Fsettings-pages\u002Fhardening-settings.php:0)",{"nodes":484,"edges":487},[485,486],{"id":449,"type":450,"label":451,"file":476,"line":477},{"id":455,"type":456,"label":457,"file":476,"line":407,"wp_function":459},[488],{"from":449,"to":455,"sanitized":418},{"entryPoint":490,"graph":491,"unsanitizedCount":13,"severity":462},"securelywp_headers_settings_page (admin\u002Fsettings-pages\u002Fheaders-settings.php:20)",{"nodes":492,"edges":503},[493,495,496,499],{"id":449,"type":450,"label":451,"file":437,"line":494},69,{"id":455,"type":456,"label":457,"file":437,"line":178,"wp_function":459},{"id":497,"type":450,"label":498,"file":437,"line":494},"n2","$_POST (x6)",{"id":500,"type":456,"label":501,"file":437,"line":220,"wp_function":502},"n3","echo() [XSS]","echo",[504,505],{"from":449,"to":455,"sanitized":418},{"from":497,"to":500,"sanitized":418},{"entryPoint":507,"graph":508,"unsanitizedCount":13,"severity":462},"\u003Cheaders-settings> (admin\u002Fsettings-pages\u002Fheaders-settings.php:0)",{"nodes":509,"edges":514},[510,511,512,513],{"id":449,"type":450,"label":451,"file":437,"line":494},{"id":455,"type":456,"label":457,"file":437,"line":178,"wp_function":459},{"id":497,"type":450,"label":498,"file":437,"line":494},{"id":500,"type":456,"label":501,"file":437,"line":220,"wp_function":502},[515,516],{"from":449,"to":455,"sanitized":418},{"from":497,"to":500,"sanitized":418},{"entryPoint":518,"graph":519,"unsanitizedCount":13,"severity":462},"securelywp_system_details_page (admin\u002Fsettings-pages\u002Fsystem-details.php:20)",{"nodes":520,"edges":527},[521,525],{"id":449,"type":450,"label":522,"file":523,"line":524},"$_SERVER (x3)","admin\u002Fsettings-pages\u002Fsystem-details.php",36,{"id":455,"type":456,"label":501,"file":523,"line":526,"wp_function":502},136,[528],{"from":449,"to":455,"sanitized":418},{"entryPoint":530,"graph":531,"unsanitizedCount":13,"severity":462},"\u003Csystem-details> (admin\u002Fsettings-pages\u002Fsystem-details.php:0)",{"nodes":532,"edges":535},[533,534],{"id":449,"type":450,"label":522,"file":523,"line":524},{"id":455,"type":456,"label":501,"file":523,"line":526,"wp_function":502},[536],{"from":449,"to":455,"sanitized":418},{"entryPoint":538,"graph":539,"unsanitizedCount":13,"severity":462},"\u003Crender> (includes\u002Ftwo-factor\u002Frender.php:0)",{"nodes":540,"edges":545},[541,543],{"id":449,"type":450,"label":451,"file":402,"line":542},65,{"id":455,"type":456,"label":501,"file":402,"line":544,"wp_function":502},83,[546],{"from":449,"to":455,"sanitized":418},{"summary":548,"deductions":549},"The \"securelywp\" plugin v1.0.10 exhibits a generally good security posture, with strong adherence to best practices like using prepared statements for all SQL queries and properly escaping all output. The absence of any recorded vulnerabilities or CVEs in its history is a significant positive indicator. The plugin also demonstrates robust use of nonce and capability checks, suggesting a deliberate effort to secure its functionality.  However, the presence of three AJAX handlers, one of which lacks authentication checks, represents a notable area of concern and a potential entry point for attackers. While the taint analysis shows no critical or high-severity unsanitized flows, the unprotected AJAX endpoint could be exploited if it handles sensitive data or performs critical actions without proper authorization.",[550],{"reason":551,"points":552},"Unprotected AJAX handler",7,"2026-04-16T11:31:50.227Z",{"wat":555,"direct":566},{"assetPaths":556,"generatorPatterns":559,"scriptPaths":560,"versionParams":562},[557,558],"\u002Fwp-content\u002Fplugins\u002Fsecurelywp\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsecurelywp\u002Fassets\u002Ftwo-factor\u002Fjs\u002Fqrcode.js",[],[561,558],"\u002Fwp-content\u002Fplugins\u002Fsecurelywp\u002Fassets\u002Fjs\u002Fjquery-ui-dialog.js",[563,564,565],"securelywp\u002Fassets\u002Fcss\u002Fadmin.css?ver=","securelywp\u002Fassets\u002Fjs\u002Fjquery-ui-dialog.js?ver=","securelywp\u002Fassets\u002Ftwo-factor\u002Fjs\u002Fqrcode.js?ver=",{"cssClasses":567,"htmlComments":568,"htmlAttributes":569,"restEndpoints":571,"jsGlobals":572,"shortcodeOutput":574},[],[],[570],"securelywp_2fa_nonce",[],[573],"securelywp_2fa",[],{"error":418,"url":576,"statusCode":577,"statusMessage":578,"message":578},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsecurelywp\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":441,"versions":580},[581,586,593,600,607,614,621,628,635,642,649],{"version":6,"download_url":23,"svn_tag_url":582,"released_at":25,"has_diff":416,"diff_files_changed":583,"diff_lines":25,"trac_diff_url":584,"vulnerabilities":585,"is_current":418},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.9&new_path=%2Fsecurelywp%2Ftags%2F1.0.10",[],{"version":587,"download_url":588,"svn_tag_url":589,"released_at":25,"has_diff":416,"diff_files_changed":590,"diff_lines":25,"trac_diff_url":591,"vulnerabilities":592,"is_current":416},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.8&new_path=%2Fsecurelywp%2Ftags%2F1.0.9",[],{"version":594,"download_url":595,"svn_tag_url":596,"released_at":25,"has_diff":416,"diff_files_changed":597,"diff_lines":25,"trac_diff_url":598,"vulnerabilities":599,"is_current":416},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.7&new_path=%2Fsecurelywp%2Ftags%2F1.0.8",[],{"version":601,"download_url":602,"svn_tag_url":603,"released_at":25,"has_diff":416,"diff_files_changed":604,"diff_lines":25,"trac_diff_url":605,"vulnerabilities":606,"is_current":416},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.6&new_path=%2Fsecurelywp%2Ftags%2F1.0.7",[],{"version":608,"download_url":609,"svn_tag_url":610,"released_at":25,"has_diff":416,"diff_files_changed":611,"diff_lines":25,"trac_diff_url":612,"vulnerabilities":613,"is_current":416},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.5&new_path=%2Fsecurelywp%2Ftags%2F1.0.6",[],{"version":615,"download_url":616,"svn_tag_url":617,"released_at":25,"has_diff":416,"diff_files_changed":618,"diff_lines":25,"trac_diff_url":619,"vulnerabilities":620,"is_current":416},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.4&new_path=%2Fsecurelywp%2Ftags%2F1.0.5",[],{"version":622,"download_url":623,"svn_tag_url":624,"released_at":25,"has_diff":416,"diff_files_changed":625,"diff_lines":25,"trac_diff_url":626,"vulnerabilities":627,"is_current":416},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.3&new_path=%2Fsecurelywp%2Ftags%2F1.0.4",[],{"version":629,"download_url":630,"svn_tag_url":631,"released_at":25,"has_diff":416,"diff_files_changed":632,"diff_lines":25,"trac_diff_url":633,"vulnerabilities":634,"is_current":416},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.2&new_path=%2Fsecurelywp%2Ftags%2F1.0.3",[],{"version":636,"download_url":637,"svn_tag_url":638,"released_at":25,"has_diff":416,"diff_files_changed":639,"diff_lines":25,"trac_diff_url":640,"vulnerabilities":641,"is_current":416},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.1&new_path=%2Fsecurelywp%2Ftags%2F1.0.2",[],{"version":643,"download_url":644,"svn_tag_url":645,"released_at":25,"has_diff":416,"diff_files_changed":646,"diff_lines":25,"trac_diff_url":647,"vulnerabilities":648,"is_current":416},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurelywp%2Ftags%2F1.0.0&new_path=%2Fsecurelywp%2Ftags%2F1.0.1",[],{"version":650,"download_url":651,"svn_tag_url":652,"released_at":25,"has_diff":416,"diff_files_changed":653,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":654,"is_current":416},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurelywp.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurelywp\u002Ftags\u002F1.0.0\u002F",[],[]]