[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD4KSvDy7ruNpMvyQcCYxLxlEUQ7NRdmvd-GLraL1XXA":3,"$fDlvyANqmNB0r_aFM6jcukmnWYhXuPTeP8_itIWerCAQ":276,"$fNeT7-0l3jw7NkS9t4Y26RgaFvHrpCjUm0H6cZCGcc-o":281},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":124,"fingerprints":252},"security-hardener","Security Hardener","2.2.0","Marc Armengou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarc4\u002F","\u003Cp>\u003Cstrong>Security Hardener\u003C\u002Fstrong> applies WordPress security best practices based on the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fhardening\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration \u002F Security \u002F Hardening\u003C\u002Fa> documentation and widely accepted hardening measures. It uses WordPress core functions and follows best practices without modifying core files.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable file editor in WordPress admin\u003Cbr \u002F>\n* Optionally disable all file modifications (blocks updates – use with caution)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable XML-RPC completely (enabled by default)\u003Cbr \u002F>\n* Remove pingback methods when XML-RPC is enabled\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pingback Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable self-pingbacks\u003Cbr \u002F>\n* Remove X-Pingback header\u003Cbr \u002F>\n* Block incoming pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block \u003Ccode>\u002F?author=N\u003C\u002Fcode> queries (returns 404)\u003Cbr \u002F>\n* Secure REST API user endpoints (require authentication)\u003Cbr \u002F>\n* Remove users from XML sitemaps\u003Cbr \u002F>\n* Prevent canonical redirects that expose usernames\u003Cbr \u002F>\n* Optionally block author feed pages (\u003Ccode>\u002Fauthor\u002Fusername\u002Ffeed\u002F\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generic error messages (no username\u002Fpassword hints)\u003Cbr \u002F>\n* Login honeypot — silently blocks bots before any credential check\u003Cbr \u002F>\n* IP-based rate limiting with configurable thresholds\u003Cbr \u002F>\n* Security event logging (last 100 events)\u003Cbr \u002F>\n* Automatic blocking after failed attempts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> (clickjacking protection)\u003Cbr \u002F>\n* \u003Ccode>X-Content-Type-Options: nosniff\u003C\u002Fcode> (MIME sniffing protection)\u003Cbr \u002F>\n* \u003Ccode>Referrer-Policy: strict-origin-when-cross-origin\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>Permissions-Policy\u003C\u002Fcode> (restricts geolocation, microphone, camera)\u003Cbr \u002F>\n* Optional HSTS (HTTP Strict Transport Security) for HTTPS sites — max-age set to 1 year\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Hardening:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Hide WordPress version (meta generator tag and asset query strings)\u003Cbr \u002F>\n* Remove obsolete wp_head items (RSD, WLW manifest, shortlink, emoji scripts)\u003Cbr \u002F>\n* Security event logging system\u003Cbr \u002F>\n* Optionally disable Application Passwords for API authentication\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong> Always test security settings in a staging environment first. Some features may affect third-party integrations or plugins.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> This plugin does not send data to external services and does not create custom database tables. It stores plugin settings and a security event log in the WordPress options table, and uses transients for temporary login attempt tracking. All data is preserved on uninstall by default and only deleted if the “Delete all data on uninstall” option is explicitly enabled.\u003C\u002Fp>\n","Basic hardening: secure headers, login honeypot, user enumeration blocking, generic login errors, rate limiting, and more.",200,990,0,"2026-04-02T19:24:00.000Z","6.9.4","6.9","8.2",[19,20,21,22,23],"brute-force","hardening","headers","login-protection","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-hardener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.2.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"marc4",5,280,30,94,"2026-05-20T08:21:57.174Z",[39,55,69,88,107],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":13,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"srworks-armorlite","SRWorks ArmorPro Lite","1.0.25","SRWorks LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrworks\u002F","\u003Cp>\u003Cstrong>ArmorLite\u003C\u002Fstrong> is a free, lightweight WordPress security plugin built for performance. Firewall with 600+ built-in patterns, brute force protection, bot detection, security headers, and login monitoring. No bloat, no unnecessary database queries, no external API calls during normal operation.\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Firewall\u003C\u002Fstrong> — Pure PHP string-matching firewall with 600+ built-in patterns covering SQL injection, XSS, path traversal, shell access, and more. Five categories (Request URI, Query String, User Agent, Referrer, IP Address). Three matching modes: contains, ends-with, and path-only. Pattern manager with per-pattern toggle and hit counts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> — Session-based login tracking with automatic IP lockouts after configurable failed attempts. Login activity log with IP, location, status badges, and usernames tried. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Protection\u003C\u002Fstrong> — Automated bot detection for login, registration, and password reset forms using honeypot fields, timestamp validation, and JavaScript token verification. Blocks bots before they can attempt brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Headers\u003C\u002Fstrong> — Four managed headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection) with dual delivery via PHP and .htaccess. Header probe system avoids duplicates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelist\u003C\u002Fstrong> — Whitelist trusted IPs to bypass all security checks including brute force lockouts and firewall blocking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscation\u003C\u002Fstrong> — Author slug randomization to prevent user enumeration and email obfuscation to protect addresses from scrapers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard\u003C\u002Fstrong> — Real-time stats, blocks over time chart, protection status cards, and WordPress dashboard widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC & REST API Protection\u003C\u002Fstrong> — Disable XML-RPC and protect the REST API from user enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Log\u003C\u002Fstrong> — View blocked requests with IP, matched rule, request URI, and timestamps. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tools\u003C\u002Fstrong> — Health checks with database integrity verification, one-click table repair, and debug mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to ArmorPro\u003C\u002Fh4>\n\u003Cp>Need more protection? \u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">ArmorPro\u003C\u002Fa> adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Engine (blocks attacks before WordPress loads)\u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (TOTP) with backup codes\u003C\u002Fli>\n\u003Cli>Passkey Authentication (Face ID, Touch ID, Windows Hello)\u003C\u002Fli>\n\u003Cli>Custom Login URL (hide wp-login.php)\u003C\u002Fli>\n\u003Cli>IP Blacklist with auto-blacklist for repeat offenders\u003C\u002Fli>\n\u003Cli>Country Blocking with GeoIP\u003C\u002Fli>\n\u003Cli>HSTS, Content-Security-Policy, and Permissions-Policy headers\u003C\u002Fli>\n\u003Cli>Email Notifications and digest summaries\u003C\u002Fli>\n\u003Cli>Extended log retention (90 days)\u003C\u002Fli>\n\u003Cli>Custom firewall patterns\u003C\u002Fli>\n\u003Cli>Export\u002Fimport settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">Learn more about ArmorPro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external third-party services in the following situations:\u003C\u002Fp>\n\u003Ch4>Anonymous Usage Data (Optional)\u003C\u002Fh4>\n\u003Cp>This plugin can optionally share anonymous usage data to help improve ArmorLite. This is disabled by default and requires explicit opt-in from the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When it is called: Daily heartbeat (if opted in)\u003C\u002Fli>\n\u003Cli>Data sent: WordPress version, PHP version, active plugin features (no personal data)\u003C\u002Fli>\n\u003Cli>Service: https:\u002F\u002Fapi.srworks.co\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fsrworks.co\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personal data is collected or stored by this service.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>ArmorLite stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses of visitors who trigger security rules or attempt to log in\u003C\u002Fli>\n\u003Cli>Timestamps of security events\u003C\u002Fli>\n\u003Cli>Usernames used in login attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is stored to help you monitor and protect your website. You can clear all logs at any time from the Tools tab. When the plugin is uninstalled, all data is automatically deleted.\u003C\u002Fp>\n\u003Cp>No visitor data is sent to external services during normal operation. Anonymous usage data sharing is optional and disabled by default.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help with ArmorLite? Have a feature request or found a bug?\u003C\u002Fp>\n\u003Cp>Visit our support page: https:\u002F\u002Fsrworks.co\u002Fcontact\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Firewall patterns inspired by the work of Jeff Starr at Perishable Press (https:\u002F\u002Fperishablepress.com). Used under GPLv2.\u003C\u002Fp>\n\u003Cp>Charts powered by Chart.js (https:\u002F\u002Fwww.chartjs.org), MIT License.\u003C\u002Fp>\n\u003Cp>Tooltips powered by Tippy.js (https:\u002F\u002Fatomiks.github.io\u002Ftippyjs), MIT License.\u003C\u002Fp>\n","Free WordPress security with firewall, brute force protection, bot detection, security headers, IP whitelist, and login monitoring. No bloat.",235,"2026-04-08T20:47:00.000Z","5.3","7.4",[19,52,21,22,23],"firewall","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsrworks-armorlite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsrworks-armorlite.1.0.25.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":15,"requires_at_least":65,"requires_php":50,"tags":66,"homepage":67,"download_link":68,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"vigiguard-security","VigiGuard Security","1.0.0","Kashif Ahmed Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fkashifahmedkhan\u002F","\u003Cp>VigiGuard Security provides essential WordPress protection without complexity. One-click hardening, brute force protection, and file integrity monitoring – all with zero configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Fix\u003C\u002Fstrong> – Secure your site instantly with one button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> – Blocks repeated login attempts automatically  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Health Score\u003C\u002Fstrong> – Visual A-F grade showing your security status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Integrity Monitor\u003C\u002Fstrong> – Scans 3,000+ WordPress core files weekly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging\u003C\u002Fstrong> – Track all security events and login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong> – Disables XML-RPC, hides WP version, blocks user enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Small business owners who need security without the hassle\u003C\u002Fli>\n\u003Cli>Bloggers who want “set and forget” protection\u003C\u002Fli>\n\u003Cli>Freelancers managing multiple client sites\u003C\u002Fli>\n\u003Cli>Anyone who finds other security plugins too complicated\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple one-click WordPress security. Protect your site in 30 seconds.",176,"2026-02-22T16:09:00.000Z","5.8",[19,52,20,22,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvigiguard-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigiguard-security.1.0.0.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":26,"downloaded":77,"rating":78,"num_ratings":79,"last_updated":80,"tested_up_to":81,"requires_at_least":49,"requires_php":82,"tags":83,"homepage":85,"download_link":86,"security_score":87,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"secure-http-headers","Secure HTTP Headers","1.0","shasha310","https:\u002F\u002Fprofiles.wordpress.org\u002Fshasha310\u002F","\u003Cp>Harden your web applications.\u003C\u002Fp>\n\u003Cp>HTTP header fields are components of the header section of request and response messages. The headers define the operating parameters of an HTTP transaction.\u003C\u002Fp>\n\u003Cp>Securing HTTP headers will improve the resilience of your web application against many common attacks including those that are on the OWASP top 10 list.\u003C\u002Fp>\n\u003Cp>Securing headers can also improve your SEO rank and in addition to preventing websites from being marked as dangerous by browsers and antivirus applications.\u003C\u002Fp>\n\u003Cp>Protect sensitive user information and be compliant with privacy regulations. Defend users from stealing private data by protecting website cookies. Use the proper directive such as “secure”, “httponly” and “samesite”, all of those will be applied automatically by “Secure HTTP Headers” plugin.\u003C\u002Fp>\n\u003Cp>Secure HTTP Headers will automatically analyze any website and will build up secure headers directives, by the latest best practice.\u003C\u002Fp>\n\u003Cp>In addition, Secure HTTP Headers offers fully configurable options, apply or skip any header directive as needed.\u003C\u002Fp>\n\u003Cp>Install and activate Secure HTTP Headers with full confidence, the deactivation of this plugin will return your website header directives to their original state.\u003C\u002Fp>\n\u003Ch3>Main plugin functionality\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>HTTP Strict Transport Security – helps to protect websites against man-in-the-middle attacks and cookie hijacking\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>X-Frame-Options – helps to protect users against ClickJacking attacks\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>X-Content-Type-Options  – helps to prevent the browser from MIME-sniffing\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Referrer-Policy – helps to control how much referrer information should be included with requests\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Clear-Site-Data – helps to ensure that data is deleted from the browser if the user logs out\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>X-Download-Options – helps to control how IE 8 will handle downloaded HTML files\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Access-Control-Allow-Origin – helps to ensure whether the response can be shared with requesting code from the given origin\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cross-Origin-Embedder-Policy – helps to prevent a document from loading any cross-origin resources that don’t explicitly grant the document permission\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Permissions-Policy – helps to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cross-Origin-Opener-Policy – helps to protect websites against a set of cross-origin attacks dubbed XS-Leaks\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cross-Origin-Resource-Policy – helps to protect websites against speculative side-channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>X-Permitted-Cross-Domain-Policies – helps to control how cross-domain requests from Flash and PDF documents are handled\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cookie Http-Only flag – helps to protect websites against Cross-Site Scripting, or XSS attacks\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cookie Secure flag – helps to ensure that cookie is sent over a secure connection\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cookie Samesite Lax flag – helps to protect websites against CSRF and XSSI attacks\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Expect-CT – helps to prevent the use of misissued certificates for a website. Note: The Expect-CT will likely become obsolete in June 2021\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>What are the optional extras?\u003C\u002Fh3>\n\u003Cp>Magnisec is offering “Secure HTTP Headers enhanced”\u003C\u002Fp>\n\u003Cp>A plugin that contains, in addition, an engine that watches and builds in any website changes a CSP – Content Security Policy that is best practice and recommended by all professional securities experts, that mitigate XSS -Cross site Scripting, one of the most common and destructive attacks.\u003C\u002Fp>\n\u003Cp>Price: 50$ \u002Fyear for a domain.\u003C\u002Fp>\n\u003Cp>More details and installation \u003Ca href=\"https:\u002F\u002Fmagnisec.com\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Secure HTTP headers - Essential, and easy.",2608,60,2,"2021-04-13T08:27:00.000Z","5.7.15","7.2",[84,20,21,23],"cookies","https:\u002F\u002Fmagnisec.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-http-headers.1.0.zip",85,{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":105,"download_link":106,"security_score":87,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"anti-brute-force-login-fraud-detector","Anti-Brute Force, Login Fraud Detector WordPress plugin","1.0.3","aispera31","https:\u002F\u002Fprofiles.wordpress.org\u002Faispera31\u002F","\u003Cp>Anti-Brute Force, Login Fraud Detector WordPress plugin is a security plugin that detects and blocks malicious IP addresses attempting to log into WordPress sites with real-time intelligence data from Criminal IP.\u003Cbr \u002F>\nHackers attempting brute-force attacks on WordPress sites do not use normal IP addresses. Rather, they use VPN, Proxy, Tor, Hosting IP, etc. to avoid tracking. Criminal IP is an IP address-based intelligence search engine platform that scans worldwide IP addresses daily and collects such malicious information.\u003Cbr \u002F>\nThe number of detectable login attempts varies depending on the plan being used by the connected Criminal IP account. Users of the Free membership plan can use up to 500 login IP detections per month for free.\u003C\u002Fp>\n\u003Ch4>Block Login IP Address Options\u003C\u002Fh4>\n\u003Cp>VPN IP – When attempting to log in using a VPN\u003Cbr \u002F>\nTor IP – When attempting to log in from a Tor browser\u003Cbr \u002F>\nProxy IP – When attempting to log in using Proxy\u003Cbr \u002F>\nHosting IP – When attempting to log in from the IP address of a hosting server\u003C\u002Fp>\n\u003Ch4>Additional Features\u003C\u002Fh4>\n\u003Cp>Whitelist: Specific IP addresses can be added to the whitelist to allow login.\u003Cbr \u002F>\nLogin Wait Time: Users who are eventually restricted from logging in can try again after the set login wait time.\u003Cbr \u002F>\nBlocked IP List: Allows you to view a list of all IP addresses subject to login restrictions. The items that may be seen are as follows.\u003Cbr \u002F>\nIP address\u003Cbr \u002F>\nGeographic Information (Country)\u003Cbr \u002F>\nReason for Login Restriction (Tor\u002FVPN\u002FProxy\u002FHosting)\u003Cbr \u002F>\nDetected Date and Time\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Cp>Installing the Criminal IP Anti-Brute Force, Login Fraud Detector plug-in is very simple.\u003Cbr \u002F>\n1. Go to the ‘Plugin’ menu on the WordPress dashboard.\u003Cbr \u002F>\n2. Search ‘Criminal IP’ or ‘Criminal IP Brute Force’ in the search window.\u003Cbr \u002F>\n3. Click the ‘Install and activate’ button.\u003Cbr \u002F>\n4. When the plugin is activated, an icon with the Criminal IP logo will be displayed on the WordPress dashboard sidebar. Click the icon to go to the dashboard and click the ‘Issue API Key’ button to go to Criminal IP.\u003Cbr \u002F>\n5. Create a Criminal IP account, log in, and create an API key in My Page.\u003Cbr \u002F>\n6. Copy and paste the issued API key into the ‘Criminal IP API key’ input column on the plugin settings tab.\u003Cbr \u002F>\n7. On the Settings tab, set the login limit target and login wait time. Click ‘Save Changes’ to finish setting up the plugin.\u003Cbr \u002F>\nPlease report any new features or bugs of the plugin through Criminal IP’s Customer Support. You can also contact support@aispera.com.\u003C\u002Fp>\n","Anti-Brute Force, Login Fraud Detector Wordpress plugin is a security plugin that detects and blocks malicious IP addresses attempting to log into Wor &hellip;",40,1684,"2023-10-20T09:40:00.000Z","6.3.8","5.7","5.6",[19,103,104,22,23],"brute-force-protection","limit-login","https:\u002F\u002Fcriminalip.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-brute-force-login-fraud-detector.1.0.3.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":118,"requires_at_least":65,"requires_php":50,"tags":119,"homepage":122,"download_link":123,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"basecloud-security-manager","BaseCloud Security Manager","1.0.26","BaseCloud","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasecloud\u002F","\u003Cp>\u003Cstrong>Transform your WordPress site into a security fortress in under 2 minutes.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BaseCloud Security Manager delivers enterprise-level security protection through advanced HTTP security headers – the same technology used by Fortune 500 companies to protect their websites. No technical expertise required.\u003C\u002Fp>\n\u003Cp>🎯 \u003Cstrong>Why Security Headers Matter:\u003C\u002Fstrong>\u003Cbr \u002F>\nSecurity headers are your website’s first line of defense, instructing browsers on how to handle your content safely. Without them, your site is vulnerable to:\u003Cbr \u002F>\n• Cross-Site Scripting (XSS) attacks – \u003Cstrong>87% of websites are vulnerable\u003C\u002Fstrong>\u003Cbr \u002F>\n• Clickjacking attacks that steal user credentials\u003Cbr \u002F>\n• Data theft through insecure connections\u003Cbr \u002F>\n• Privacy violations through referrer leaks\u003Cbr \u002F>\n• Malicious code injection\u003C\u002Fp>\n\u003Cp>✨ \u003Cstrong>What Makes BaseCloud Different:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>One-Click Protection\u003C\u002Fstrong> – Enable military-grade security with a single click\u003Cbr \u002F>\n🔒 \u003Cstrong>Zero Configuration Required\u003C\u002Fstrong> – Smart defaults protect you instantly\u003Cbr \u002F>\n⚡ \u003Cstrong>Lightning Fast\u003C\u002Fstrong> – No performance impact on your site\u003Cbr \u002F>\n🎛️ \u003Cstrong>Full Control\u003C\u002Fstrong> – Advanced users can customize every setting\u003Cbr \u002F>\n🛠️ \u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Clean, well-documented code\u003Cbr \u002F>\n🔧 \u003Cstrong>No Server Changes\u003C\u002Fstrong> – Works on any hosting provider\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Complete Security Arsenal:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎯 Master Security Switch\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable all protections instantly – perfect for non-technical users who want maximum security without complexity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔐 Force SSL\u002FHTTPS Everywhere\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically redirect all HTTP traffic to HTTPS, ensuring all data transmission is encrypted. Protects against man-in-the-middle attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Content Security Policy (CSP)\u003C\u002Fstrong>\u003Cbr \u002F>\nThe gold standard of XSS protection. Controls exactly which scripts, styles, and resources can run on your site. Includes smart defaults that work with 99% of WordPress themes and plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔒 HTTP Strict Transport Security (HSTS)\u003C\u002Fstrong>\u003Cbr \u002F>\nForces browsers to communicate exclusively over HTTPS, preventing SSL stripping attacks. Includes preload support for maximum protection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🕵️ Advanced Referrer Policy\u003C\u002Fstrong>\u003Cbr \u002F>\nProtects user privacy by controlling what information is shared when visitors click links, preventing data leaks to third parties.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎤 Permissions Policy (Feature Policy)\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock unauthorized access to sensitive browser features like camera, microphone, geolocation, and payment APIs – preventing malicious sites from accessing these features.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🍪 Secure Cookie Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically applies HttpOnly and Secure flags to session cookies, preventing JavaScript access and ensuring cookies are only sent over HTTPS.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>👻 Server Fingerprinting Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nRemoves server signatures and version information that hackers use to identify vulnerabilities in your hosting setup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Essential Security Headers Included:\u003C\u002Fstrong>\u003Cbr \u002F>\n• X-Frame-Options: SAMEORIGIN (prevents clickjacking)\u003Cbr \u002F>\n• X-Content-Type-Options: nosniff (prevents MIME-type confusion attacks)\u003Cbr \u002F>\n• X-XSS-Protection: 1; mode=block (legacy XSS protection for older browsers)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>💼 Perfect For:\u003C\u002Fstrong>\u003Cbr \u002F>\n• Business owners who want enterprise security without technical complexity\u003Cbr \u002F>\n• Developers building secure WordPress applications\u003Cbr \u002F>\n• Agencies managing multiple client sites\u003Cbr \u002F>\n• Anyone serious about website security\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎯 Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n• E-commerce sites handling sensitive customer data\u003Cbr \u002F>\n• Membership sites with user logins\u003Cbr \u002F>\n• Business websites with contact forms\u003Cbr \u002F>\n• Blogs that want to protect visitor privacy\u003Cbr \u002F>\n• Development sites that need security during testing\u003C\u002Fp>\n\u003Cp>BaseCloud Security Manager is lightweight, efficient, and designed to integrate seamlessly into your WordPress admin experience without clutter or intrusive advertising.\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🎯 Why Choose BaseCloud Security Manager?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Instant Protection\u003C\u002Fstrong> – Works immediately after activation\u003Cbr \u002F>\n✅ \u003Cstrong>Zero Learning Curve\u003C\u002Fstrong> – No technical knowledge required\u003Cbr \u002F>\n✅ \u003Cstrong>Enterprise Grade\u003C\u002Fstrong> – Same technology used by Fortune 500 companies\u003Cbr \u002F>\n✅ \u003Cstrong>Fully Customizable\u003C\u002Fstrong> – Advanced users have complete control\u003Cbr \u002F>\n✅ \u003Cstrong>Regular Updates\u003C\u002Fstrong> – Stay protected against emerging threats\u003Cbr \u002F>\n✅ \u003Cstrong>Expert Support\u003C\u002Fstrong> – Professional team ready to help\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔗 Useful Links:\u003C\u002Fstrong>\u003Cbr \u002F>\n• \u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.basecloudglobal.com\u002Fsecurity-manager-docs\" rel=\"nofollow ugc\">BaseCloud Security Docs\u003C\u002Fa>\u003Cbr \u002F>\n• \u003Cstrong>Support:\u003C\u002Fstrong> support@basecloudglobal.com\u003Cbr \u002F>\n• \u003Cstrong>Security Testing:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fobservatory.mozilla.org\" rel=\"nofollow ugc\">Mozilla Observatory\u003C\u002Fa>\u003Cbr \u002F>\n• \u003Cstrong>Header Verification:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\" rel=\"nofollow ugc\">SecurityHeaders.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🤝 Join Our Community:\u003C\u002Fstrong>\u003Cbr \u002F>\nConnect with other security-conscious WordPress users, get tips, and stay updated on the latest security trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⭐ Love BaseCloud Security Manager?\u003C\u002Fstrong>\u003Cbr \u002F>\nHelp others discover enterprise-grade security by leaving a review. Your feedback helps us improve and helps other users make informed decisions about their website security.\u003C\u002Fp>\n\u003Cp>\u003Cem>Made with ❤️ by the BaseCloud Team – Securing WordPress sites worldwide since 2024\u003C\u002Fem>\u003C\u002Fp>\n","🛡️ Enterprise-grade WordPress security made simple. Implement military-standard HTTP security headers with zero technical knowledge required.",10,994,"2026-02-25T14:45:00.000Z","6.8.5",[20,21,120,23,121],"hsts","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasecloud-security-manager.1.0.26.zip",{"attackSurface":125,"codeSignals":219,"taintFlows":243,"riskAssessment":244,"analyzedAt":251},{"hooks":126,"ajaxHandlers":215,"restRoutes":216,"shortcodes":217,"cronEvents":218,"entryPointCount":13,"unprotectedCount":13},[127,133,137,142,146,150,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","plugins_loaded","init","security-hardener.php",81,{"type":128,"name":134,"callback":135,"file":131,"line":136},"send_headers","send_security_headers",89,{"type":138,"name":139,"callback":140,"file":131,"line":141},"filter","xmlrpc_enabled","__return_false",96,{"type":138,"name":143,"callback":144,"file":131,"line":145},"xmlrpc_methods","remove_xmlrpc_pingback",97,{"type":138,"name":147,"callback":148,"file":131,"line":149},"the_generator","__return_empty_string",102,{"type":128,"name":151,"callback":152,"priority":153,"file":131,"line":154},"template_redirect","prevent_user_enumeration",1,108,{"type":138,"name":156,"callback":157,"priority":115,"file":131,"line":158},"redirect_canonical","prevent_author_redirect",109,{"type":138,"name":160,"callback":161,"file":131,"line":162},"rest_endpoints","secure_user_endpoints",110,{"type":138,"name":164,"callback":165,"priority":115,"file":131,"line":166},"wp_sitemaps_add_provider","remove_users_sitemap",111,{"type":138,"name":168,"callback":169,"file":131,"line":170},"login_errors","generic_login_errors",116,{"type":128,"name":172,"callback":173,"file":131,"line":174},"login_enqueue_scripts","remove_login_hints",117,{"type":138,"name":176,"callback":177,"priority":35,"file":131,"line":178},"authenticate","check_login_rate_limit",122,{"type":128,"name":180,"callback":181,"file":131,"line":182},"wp_login_failed","log_failed_login",123,{"type":128,"name":184,"callback":185,"priority":115,"file":131,"line":186},"wp_login","clear_login_attempts",124,{"type":128,"name":188,"callback":189,"file":131,"line":190},"pre_ping","disable_self_pingbacks",129,{"type":138,"name":192,"callback":193,"file":131,"line":194},"wp_headers","remove_x_pingback",130,{"type":138,"name":196,"callback":140,"priority":197,"file":131,"line":198},"pings_open",9999,131,{"type":128,"name":200,"callback":201,"file":131,"line":202},"admin_menu","add_admin_menu",141,{"type":128,"name":204,"callback":205,"file":131,"line":206},"admin_init","register_settings",142,{"type":128,"name":208,"callback":209,"file":131,"line":210},"admin_notices","show_admin_notices",143,{"type":138,"name":212,"callback":213,"file":131,"line":214},"login_messages","closure",426,[],[],[],[],{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":223,"fileOperations":13,"externalRequests":13,"nonceChecks":153,"capabilityChecks":79,"bundledLibraries":242},[],{"prepared":79,"raw":13,"locations":222},[],{"escaped":224,"rawEcho":225,"locations":226},44,7,[227,230,232,234,236,238,240],{"file":131,"line":228,"context":229},695,"raw output",{"file":131,"line":231,"context":229},708,{"file":131,"line":233,"context":229},721,{"file":131,"line":235,"context":229},734,{"file":131,"line":237,"context":229},775,{"file":131,"line":239,"context":229},791,{"file":131,"line":241,"context":229},793,[],[],{"summary":245,"deductions":246},"The security-hardener plugin v1.0 exhibits a strong security posture based on the provided static analysis. It boasts a zero attack surface, meaning there are no readily accessible entry points like AJAX handlers, REST API routes, shortcodes, or cron events that could be directly exploited. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and having a high percentage of properly escaped output. The presence of nonce and capability checks further solidifies its secure design.  The plugin's vulnerability history is also clear, with no known CVEs recorded, suggesting a well-maintained and secure codebase.\n\nHowever, the static analysis did not provide specific details on the nature or context of the two SQL queries, nor the specific types of outputs that were not properly escaped. While the overall percentage is good, these areas could represent minor potential risks if they involve sensitive data or user-controlled input.  The absence of taint analysis results, while meaning no critical issues were found, also means there's no explicit confirmation of how user input is handled in relation to these SQL queries or unescaped outputs.  In conclusion, the plugin appears to be very secure, with no identified critical vulnerabilities. The minor concerns are related to areas where more detailed analysis would be beneficial to confirm complete sanitization and escaping.",[247,249],{"reason":248,"points":33},"Minor percentage of unescaped output",{"reason":250,"points":79},"SQL queries without detailed context","2026-03-16T20:38:38.879Z",{"wat":253,"direct":266},{"assetPaths":254,"generatorPatterns":257,"scriptPaths":258,"versionParams":261},[255,256],"\u002Fwp-content\u002Fplugins\u002Fsecurity-hardener\u002Fcss\u002F","\u002Fwp-content\u002Fplugins\u002Fsecurity-hardener\u002Fjs\u002F",[],[259,260],"\u002Fwp-content\u002Fplugins\u002Fsecurity-hardener\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-hardener\u002Fjs\u002Flogin.js",[262,263,264,265],"security-hardener\u002Fcss\u002Fadmin.css?ver=","security-hardener\u002Fjs\u002Fadmin.js?ver=","security-hardener\u002Fcss\u002Flogin.css?ver=","security-hardener\u002Fjs\u002Flogin.js?ver=",{"cssClasses":267,"htmlComments":268,"htmlAttributes":269,"restEndpoints":270,"jsGlobals":272,"shortcodeOutput":275},[],[],[],[271],"\u002Fwp-json\u002Fsecurity-hardener\u002Fv1\u002Flogin",[273,274],"WPSHL0","WPSHL1",[],{"error":277,"url":278,"statusCode":279,"statusMessage":280,"message":280},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsecurity-hardener\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":225,"versions":282},[283,289,296,303,310,317,324],{"version":6,"download_url":25,"svn_tag_url":284,"released_at":27,"has_diff":285,"diff_files_changed":286,"diff_lines":27,"trac_diff_url":287,"vulnerabilities":288,"is_current":277},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.2.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F2.1.1&new_path=%2Fsecurity-hardener%2Ftags%2F2.2.0",[],{"version":290,"download_url":291,"svn_tag_url":292,"released_at":27,"has_diff":285,"diff_files_changed":293,"diff_lines":27,"trac_diff_url":294,"vulnerabilities":295,"is_current":285},"2.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F2.1.0&new_path=%2Fsecurity-hardener%2Ftags%2F2.1.1",[],{"version":297,"download_url":298,"svn_tag_url":299,"released_at":27,"has_diff":285,"diff_files_changed":300,"diff_lines":27,"trac_diff_url":301,"vulnerabilities":302,"is_current":285},"2.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F2.0.2&new_path=%2Fsecurity-hardener%2Ftags%2F2.1.0",[],{"version":304,"download_url":305,"svn_tag_url":306,"released_at":27,"has_diff":285,"diff_files_changed":307,"diff_lines":27,"trac_diff_url":308,"vulnerabilities":309,"is_current":285},"2.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F2.0.1&new_path=%2Fsecurity-hardener%2Ftags%2F2.0.2",[],{"version":311,"download_url":312,"svn_tag_url":313,"released_at":27,"has_diff":285,"diff_files_changed":314,"diff_lines":27,"trac_diff_url":315,"vulnerabilities":316,"is_current":285},"2.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F2.0.0&new_path=%2Fsecurity-hardener%2Ftags%2F2.0.1",[],{"version":318,"download_url":319,"svn_tag_url":320,"released_at":27,"has_diff":285,"diff_files_changed":321,"diff_lines":27,"trac_diff_url":322,"vulnerabilities":323,"is_current":285},"2.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fsecurity-hardener%2Ftags%2F1.0&new_path=%2Fsecurity-hardener%2Ftags%2F2.0.0",[],{"version":72,"download_url":325,"svn_tag_url":326,"released_at":27,"has_diff":285,"diff_files_changed":327,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":328,"is_current":285},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsecurity-hardener\u002Ftags\u002F1.0\u002F",[],[]]