[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVi4Fwm_kVqcOaY_Dbg9g7iTJ4Uv-52PvbR4OBpE_Uns":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":14,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":54,"analysis":155,"fingerprints":930},"security-ninja","Security Ninja – WordPress Security Plugin & Firewall","5.272","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> that helps protect your site from common attacks and security mistakes — without turning your dashboard into a cockpit.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free includes a basic Web Application Firewall (WAF)\u003C\u002Fstrong> (based on the 8G ruleset) to block common malicious requests, plus 50+ security checks, a full vulnerability scanner, and a core integrity scanner to spot risky settings and unexpected file changes.\u003C\u002Fp>\n\u003Cp>Upgrade to Pro if you need deeper protection like advanced malware scanning\u002Fcleanup, stronger WAF controls (e.g. country blocking), and more automation\u002Falerting.\u003C\u002Fp>\n\u003Cp>This plugin can be downloaded for free without any paid subscription from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja\u002F\" rel=\"ugc\">the official WordPress repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Included for free\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Basic Firewall (8G-based)\u003C\u002Fstrong> – Blocks common malicious requests and bot noise before it becomes a problem.\u003Cbr \u002F>\n– \u003Cstrong>50+ Security Tests\u003C\u002Fstrong> – Fast audit of common WordPress security misconfigurations.\u003Cbr \u002F>\n– \u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Highlights known issues in plugins\u002Fthemes so you can patch faster.\u003Cbr \u002F>\n– \u003Cstrong>Core Scanner\u003C\u002Fstrong> – Detect modified or unexpected files in WordPress core folders.\u003Cbr \u002F>\n– \u003Cstrong>Basic Events Logger\u003C\u002Fstrong> – Logs \u003Cstrong>firewall events\u003C\u002Fstrong> and \u003Cstrong>login attempts (successful\u002Ffailed)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro adds\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Advanced Malware Scanner\u003C\u002Fstrong> – Detect and clean malicious code and suspicious files.\u003Cbr \u002F>\n– \u003Cstrong>Advanced Firewall\u002FWAF controls\u003C\u002Fstrong> – e.g. country blocking, stronger rules and automation.\u003Cbr \u002F>\n– \u003Cstrong>Secure Login & 2FA\u003C\u002Fstrong> – Add stronger authentication and login protections.\u003Cbr \u002F>\n– \u003Cstrong>Automation & reporting\u003C\u002Fstrong> – Scheduled scans, reports, and advanced tracking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is a lightweight \u003Cstrong>WordPress firewall plugin\u003C\u002Fstrong> and security toolkit designed to protect your website from hackers, malware, brute-force attacks, and known vulnerabilities — without slowing it down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Comprehensive WordPress Security Testing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs 50+ advanced security tests to identify vulnerabilities before hackers exploit them. This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute-force protection\u003C\u002Fstrong> – Blocks unauthorized login attempts to prevent forced entry.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File integrity monitoring\u003C\u002Fstrong> – Detects unauthorized changes to WordPress core files, themes, and plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database security checks\u003C\u002Fstrong> – Identifies weak database permissions and potential SQL injection threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role audits\u003C\u002Fstrong> – Ensures no unauthorized administrator accounts exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security misconfiguration scans\u003C\u002Fstrong> – Identifies and fixes weak settings that could compromise security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Enhanced Vulnerability Scanner\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stay Ahead of Threats\u003C\u002Fstrong> – Our vulnerability scanner proactively alerts you to known vulnerabilities, allowing you to address potential threats before they exploit your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Protection\u003C\u002Fstrong> – Security Ninja not only checks and warns for common issues but also checks for known vulnerabilities in plugins and themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Peace of Mind\u003C\u002Fstrong> – Knowing your site is monitored for the latest vulnerabilities means you can focus on what matters most, growing your business and creating content, worry-free.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Core Scanner – Comprehensive Protection for Your WordPress Installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Core Scanner module adds a critical layer of security by ensuring your WordPress installation remains untampered and free of unauthorized files.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full Core File Integrity Check\u003C\u002Fstrong>: Every file in your core WordPress folders is scanned to ensure it hasn’t been modified or compromised.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detection of Unknown Files\u003C\u002Fstrong>: The scanner flags any extra or unknown files in your core WordPress directories, alerting you to potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in File Viewer\u003C\u002Fstrong>: Review flagged files directly within your WordPress dashboard using the integrated file viewer for a clear and easy inspection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restore Core Files\u003C\u002Fstrong>: If a core WordPress file has been altered, you can quickly restore it with a single click, ensuring your site is running the official version.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy File Management\u003C\u002Fstrong>: For unknown or suspicious files, you have the option to delete them right from the interface, keeping your WordPress installation clean and secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Malware Scanner – Detect & Remove Malware Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a high-performance malware scanner that automatically checks your WordPress core, plugins and themes for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malicious scripts and backdoors\u003C\u002Fstrong> – Identifies hidden malware and harmful injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trojan and virus detection\u003C\u002Fstrong> – Scans for suspicious PHP and JavaScript entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click malware removal\u003C\u002Fstrong> – Instantly quarantine and delete infected files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Firewall & Real-Time Threat Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic firewall for free\u003C\u002Fstrong> (8G-based) to block common malicious requests. Upgrade to Pro for more advanced WAF controls.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic protection (Free)\u003C\u002Fstrong> – Blocks common exploit patterns and bad requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced protection (Pro)\u003C\u002Fstrong> – Country blocking, stronger controls, and additional intelligence\u002Fautomation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force & bot mitigation\u003C\u002Fstrong> – Reduce noisy and abusive traffic hitting WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Login Security & Two-Factor Authentication (2FA) (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Your WordPress login page is a primary target for hackers. Security Ninja enhances login security with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Requires additional verification for safer logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force attack protection\u003C\u002Fstrong> – Limits failed login attempts to block unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rename login\u003C\u002Fstrong> – Getting a lot of requests to your login form? Hide it for spammers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>One-Click Security Fixes & WordPress Hardening (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Manually fixing security issues is time-consuming. Security Ninja provides one-click hardening to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Disable XML-RPC\u003C\u002Fstrong> – Blocks common DDoS attacks and brute-force exploits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict file editing\u003C\u002Fstrong> – Prevents unauthorized theme and plugin modifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide PHP error messages\u003C\u002Fstrong> – Stops hackers from exploiting sensitive error details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And many more fixes to harden your WordPress security!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Events Logger \u002F Activity Tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja includes a \u003Cstrong>basic events logger for free\u003C\u002Fstrong> so you can see what’s happening on your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free:\u003C\u002Fstrong> firewall events + login attempts (successful\u002Ffailed).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro:\u003C\u002Fstrong> deeper tracking, alerting, and reporting.\u003C\u002Fli>\n\u003Cli>Export security logs for audits and compliance reports.\u003C\u002Fli>\n\u003Cli>Includes webhook functionality so you can integrate with other services (e.g. Slack\u002FDiscord\u002Fwebhooks).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Automated Security Scans & Reports (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja performs scheduled security scans and sends reports directly to your inbox.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up daily, weekly, or monthly security scans.\u003C\u002Fli>\n\u003Cli>Receive email alerts about vulnerabilities and malware infections.\u003C\u002Fli>\n\u003Cli>Analyze detailed reports to keep your website secure.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Block Spam & Malicious Bots Instantly (PRO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Hackers and spammers use bots to exploit WordPress websites. Security Ninja prevents:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fake registrations and spam comments\u003C\u002Fstrong> – Stops bots from even getting to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malicious bot attacks\u003C\u002Fstrong> – Blocks scripts attempting to hack your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unwanted traffic\u003C\u002Fstrong> – Reduces server load by preventing unnecessary bot access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Join thousands of satisfied users who trust Security Ninja to keep their websites safe. Start protecting your online presence today and help yourself to peace of mind.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Security Ninja is Best WordPress Security Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security Ninja is the best WordPress security plugin because it provides a comprehensive, lightweight, and easy-to-use solution to protect your website from hackers, malware, and vulnerabilities. With 50+ security tests, an advanced malware scanner, a firewall, and two-factor authentication (2FA), it ensures complete website protection without slowing down performance.\u003C\u002Fp>\n\u003Cp>Unlike bloated security plugins, Security Ninja is optimized for speed and efficiency. It offers one-click security fixes, automated scans, real-time threat detection, and login protection, making it ideal for beginners and advanced users alike. Trusted since 2011, it keeps thousands of websites secure while offering proactive protection against cyber threats.\u003C\u002Fp>\n\u003Ch3>Extensions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>MainWP – The MainWP Dashboard allows administrators to manage many WordPress websites from a central location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Install the \u003Cstrong>FREE \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\" rel=\"ugc\">Security Ninja for MainWP Extension\u003C\u002Fa>\u003C\u002Fstrong> to get an overview of all websites you have installed Security Ninja on!\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-ninja-for-mainwp\u002F\u003C\u002Fp>\n\u003Ch3>Security Tests for your website\u003C\u002Fh3>\n\u003Cp>Security Ninja – Your WordPress Guardian\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immediate Vulnerability Alerts\u003C\u002Fstrong>: Get instant notifications about vulnerabilities to keep your website safe and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Comprehensive One-click Security Audit\u003C\u002Fstrong>: With just one click, perform over 50+ detailed security checks that scrutinize every corner of your site for security vulnerabilities and performance issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>You’re in Command\u003C\u002Fstrong>: Security Ninja respects your autonomy, providing insights and recommendations without making unsolicited changes to your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Holistic Security Evaluation\u003C\u002Fstrong>: Comprehensive checks on everything from the WordPress core, plugins, and themes to ensure they are up-to-date and secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Proactive Defense Strategies\u003C\u002Fstrong>: Equip yourself with the tools and knowledge to prevent attacks before they happen, safeguarding your site from potential threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Optimization Beyond Security\u003C\u002Fstrong>: Improve your site’s performance with database optimization tips, ensuring a seamless experience for your users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Knowledge\u003C\u002Fstrong>: Each test comes with an easy-to-understand explanation, documentation, and actionable steps to fix identified issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customized Security Insights\u003C\u002Fstrong>: Tailored security assessments to check critical updates and configurations specific to your WordPress setup for a personalized protection strategy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Future-Proof Your Site\u003C\u002Fstrong>: Stay ahead with tests that include the latest WordPress features and best practices for site security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent Unauthorized Access\u003C\u002Fstrong>: Strengthen your defenses with checks designed to prevent weak passwords and unauthorized file access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Secure Configuration Checks\u003C\u002Fstrong>: Ensure your website is configured according to security best practices, from file permissions to security headers, for comprehensive protection against threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Enhance your website’s security, performance, and user experience with Security Ninja – your trusted partner in WordPress protection.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Security Ninja Pro\u003C\u002Fstrong> has extra features: Firewall, Filter Suspicious Queries, Country Blocking, Core Scanner, Malware Scanner, Auto Fixer for some of the tests, Events Logger & Scheduled Scans.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>An all-in-one security solution for any site. With premium support and continuous updates Security Ninja \u003Cstrong>Pro\u003C\u002Fstrong> is a perfect tool to keep your site safe. \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=see-what-pro-offers\" rel=\"nofollow ugc\">See what the PRO version offers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Automatically block \u003Cstrong>600+ million bad IPs\u003C\u002Fstrong> with one click! \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=cloud-firewall\" rel=\"nofollow ugc\">Security Ninja Pro Firewall\u003C\u002Fa> will help you stay one step ahead of bad guys by using the collective know-how of millions of attacked sites, and ban bad guys before they even open your site.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Read more about Pro features on the \u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002F?utm_source=wordpressorg&utm_medium=content&utm_campaign=readme&utm_content=readmoreaboutpro\" rel=\"nofollow ugc\">Security Ninja website\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What others say about the plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmayor.com\u002Fsecurity-ninja-review-wordpress-security-plugin\u002F\" rel=\"nofollow ugc\">WP Mayor: “Easy-to-Use WordPress Security Plugin”\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwplift.com\u002Fsecurity-ninja-review\" rel=\"nofollow ugc\">WPLift\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpexplorer.com\u002Fwordpress-security-can-security-ninja-keep-your-site-safe\u002F\" rel=\"nofollow ugc\">WPExplorer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwploop.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">WP Loop\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.bitcatcha.com\u002Fblog\u002Fsecurity-ninja-plugin-review\u002F\" rel=\"nofollow ugc\">Bitcatcha.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.webhostingsecretrevealed.net\u002Fblog\u002Fwordpress-blog\u002F10-actionable-wordpress-security-tips\u002F\" rel=\"nofollow ugc\">WebHostingSecretRevealed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ravisinghblog.in\u002Fwp-security-ninja-review\u002F\" rel=\"nofollow ugc\">Ravi Singh\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftutorials7.com\u002Fsecurity-ninja-review.html\" rel=\"nofollow ugc\">Tutorials 7\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.onlinedecoded.com\u002Fsecurity-ninja-review\u002F\" rel=\"nofollow ugc\">onlinedecoded.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Tests\u003C\u002Fstrong>\u003Cbr \u002F>\n* The tests include:\u003Cbr \u002F>\n  * brute-force attack on user accounts to test password strength\u003Cbr \u002F>\n  * numerous installation parameters tests\u003Cbr \u002F>\n  * file permissions\u003Cbr \u002F>\n  * version hiding\u003Cbr \u002F>\n  * 0-day exploits tests\u003Cbr \u002F>\n  * debug and auto-update modes tests\u003Cbr \u002F>\n  * database configuration tests\u003Cbr \u002F>\n  * Apache and PHP related tests\u003Cbr \u002F>\n  * WP options tests\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Complete list of tests:\n\u003Cul>\n\u003Cli>Check if Application Passwords feature is enabled (new to WP 5.6)\u003C\u002Fli>\n\u003Cli>Check if WordPress core is up to date\u003C\u002Fli>\n\u003Cli>Check if automatic WordPress core updates are enabled\u003C\u002Fli>\n\u003Cli>Check if plugins are up to date\u003C\u002Fli>\n\u003Cli>Check if there are deactivated plugins\u003C\u002Fli>\n\u003Cli>Check if active plugins have been updated in the last 12 months\u003C\u002Fli>\n\u003Cli>Check if active plugins are compatible with your version of WP\u003C\u002Fli>\n\u003Cli>Check if themes are up to date\u003C\u002Fli>\n\u003Cli>Check if there are any deactivated themes\u003C\u002Fli>\n\u003Cli>Check if full WordPress version info is revealed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check if REST API links are displayed in page’s meta data\u003C\u002Fli>\n\u003Cli>Check the PHP version is up to date\u003C\u002Fli>\n\u003Cli>Check the MySQL version\u003C\u002Fli>\n\u003Cli>Check if server response headers contain detailed PHP version info\u003C\u002Fli>\n\u003Cli>Check if expose_php PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if user with username “admin” and administrator privileges exists\u003C\u002Fli>\n\u003Cli>Check if “anyone can register” option is enabled\u003C\u002Fli>\n\u003Cli>Check user’s password strength with a brute-force attack\u003C\u002Fli>\n\u003Cli>Check for display of unnecessary information on failed login attempts\u003C\u002Fli>\n\u003Cli>Check if database table prefix is the default one\u003C\u002Fli>\n\u003Cli>Check if security keys and salts have proper values\u003C\u002Fli>\n\u003Cli>Check the age of security keys and salts\u003C\u002Fli>\n\u003Cli>Test the strength of WordPress database password\u003C\u002Fli>\n\u003Cli>Check if general debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if the debug.log file exists\u003C\u002Fli>\n\u003Cli>Check if database debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if JavaScript debug mode is enabled\u003C\u002Fli>\n\u003Cli>Check if display_errors PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if WordPress installation address is the same as the site address\u003C\u002Fli>\n\u003Cli>Check if wp-config.php file has the right permissions (chmod) set\u003C\u002Fli>\n\u003Cli>Check if register_globals PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if PHP safe mode is disabled\u003C\u002Fli>\n\u003Cli>Check if allow_url_include PHP directive is turned off\u003C\u002Fli>\n\u003Cli>Check if plugins\u002Fthemes file editor is enabled\u003C\u002Fli>\n\u003Cli>Check if uploads folder is browsable by browsers\u003C\u002Fli>\n\u003Cli>Test if user with ID 1 and administrator role exists\u003C\u002Fli>\n\u003Cli>Check if Windows Live Writer link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if wp-config.php is present on the default location\u003C\u002Fli>\n\u003Cli>Check if MySQL server is connectable from outside with the WP user\u003C\u002Fli>\n\u003Cli>Check if EditURI link is present in pages’ header data\u003C\u002Fli>\n\u003Cli>Check if TimThumb script is used in the active theme\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #6271\u003C\u002Fli>\n\u003Cli>Check if the server is vulnerable to the Shellshock bug #7169\u003C\u002Fli>\n\u003Cli>Check if admin interface is delivered via SSL\u003C\u002Fli>\n\u003Cli>Check if MySQL account used by WordPress has too many permissions\u003C\u002Fli>\n\u003Cli>Test if a list of usernames can be fetched by looping through user IDs on http:\u002F\u002Fsiteurl.com\u002F?author={ID} (also called username enumeration)\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Frame-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Referrer-Policy\u003C\u002Fli>\n\u003Cli>Check if server response headers contain Feature-Policy\u003C\u002Fli>\n\u003Cli>Check for unwanted files in your root folder you should remove\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>License info\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcarhartl\u002Fjquery-cookie\" rel=\"nofollow ugc\">jQuery Cookie Plugin, Copyright 2013 Klaus Hartl\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The vulnerability scanner uses data from the \u003Ca href=\"https:\u002F\u002Fnvd.nist.gov\u002F\" rel=\"nofollow ugc\">National Vulnerability Database – NVD\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This product includes IP2Location LITE data available from \u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Flite.ip2location.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcollizo4sky\u002Fpersist-admin-notices-dismissal\" rel=\"nofollow ugc\">Persist Admin notice Dismissals\u003C\u002Fa> by Collins Agbonghama @collizo4sky\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Firewall rules are based on 8G Firewall by Jeff Starr – https:\u002F\u002Fperishablepress.com\u002F8g-blacklist\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How can I report security bugs?\u003C\u002Fh4>\n\u003Cp>You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fsecurity-ninja\" rel=\"nofollow ugc\">Report a security vulnerability.\u003C\u002Fa>\u003C\u002Fp>\n","WordPress security plugin with free basic firewall\u002FWAF, vulnerability scanning, and 50+ core integrity checks.",7000,846284,92,99,"2026-03-04T22:31:00.000Z","6.9.4","4.7","7.4",[20,21,22,23,24],"firewall","malware","security","vulnerability","waf","https:\u002F\u002Fwpsecurityninja.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-ninja.5.272.zip",1,0,"2025-07-23 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":27},"CVE-2025-8009","security-ninja-secure-firewall-secure-malware-scanner-authenticated-administrator-arbitrary-file-read","Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read","The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.",null,">=5.201 \u003C=5.242","5.243","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Absolute Path Traversal","2025-07-24 07:22:14",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F51ee45f8-9978-48ec-8f87-229dc82938a8?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},3,17000,82,269,66,"2026-04-05T16:32:43.010Z",[55,77,98,113,133],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":16,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":28,"last_vuln_date":76,"fetched_at":30},"security-malware-firewall","Login Security, FireWall, Malware removal by CleanTalk","2.174","CleanTalk Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleantalk\u002F","\u003Cp>Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.\u003C\u002Fp>\n\u003Ch3>SECURITY PLUGIN BY CLEANTALK (SPBCT)\u003C\u002Fh3>\n\u003Cp>We focus on eliminating the most common security threats for WordPress. At the same time, we strive to ensure that \u003Cstrong>site performance remains unaffected\u003C\u002Fstrong>. To achieve this, each release goes through automated and expert-driven testing pipelines. We also verify performance using Google PageSpeed Insights and GTMetrix. Typically, we release a new version twice a month to keep features up to date and protection strong.\u003C\u002Fp>\n\u003Ch4>SECURITY FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts and rate limits for logins.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom wp-login URL (wp-login.php)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login Default Login Page\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable or Stop User Enumeration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute force protection for WordPress accounts and passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Protection for WordPress login form\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security FireWall by IP, Networks or Countries\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time traffic monitor (Visitors per pages, IPs, Countires and hits counts per page)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware scanner with auto-cure function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Daily auto malware scan\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities scanner among installed plugins and themes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security weekly reports to email\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notifications of login events to your website\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FREE TRIAL THEN $9 PER YEAR\u003C\u002Fh4>\n\u003Cp>CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security.\u003C\u002Fp>\n\u003Cp>We believe the most honest approach is when every user pays a small fee for using the service, rather than relying on a freemium model where some users subsidize others. The fee is as low as price of a good cup of coffee! So, the security plugin does not have a PRO version-it is completely free and works in combination with our premium Cloud security service at cleantalk.org. Every user has full access to all features of both the service and the plugin. Also, please take a note about \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fdetailed-plugin-guidelines\u002F#6-software-as-a-service-is-permitted\" rel=\"nofollow ugc\">WordPress.org policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>BRUTE FORCE PROTECTION\u003C\u002Fh3>\n\u003Cp>Our default anti–brute-force policy works as follows,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For any failed login attempt to the WordPress admin area, the plugin introduces a brief delay of a few seconds.\u003C\u002Fli>\n\u003Cli>The plugin reviews the security audit log every hour. If any IP address records 10 or more login attempts in that period, it will be blocked for 24 hours.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ALL BRUTE FORCE PROTECTION FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Maximum failed attemtps to login before ban (default is 5).\u003C\u002Fstrong> A failed attempt happens when either the login or password is incorrect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time frame to count login attempts (default is 15 minutes).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ban to login time frame from 2 minutes to 24 hours (default is 1 hour).\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-factor authentication (2FA) with abillity to apply policy to specific users roles.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of login on password reset error.\u003C\u002Fstrong> The option exclude the info about the login existing on password change error. Error message will be replaced with followed text: “If the user with the specified credentials exists, check your email for the password reset confirmation link. Then visit login page.”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Audit Log.\u003C\u002Fstrong> Keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two Factor Authentication (2FA).\u003C\u002Fstrong> It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change the URL of the wp-login page.\u003C\u002Fstrong> This option helps you change the default wp-login URL (wp-login.php). Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked password check.\u003C\u002Fstrong> This feature enhances your website’s security by continuously monitoring users’ passwords for potential exposure in known data breaches and on the dark web. It works in the background and requires no action from users unless a leak is detected.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SECURITY FIREWALL\u003C\u002Fh3>\n\u003Cp>To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP\u002FHTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.\u003C\u002Fp>\n\u003Cp>Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.\u003C\u002Fp>\n\u003Ch4>LIST OF FIREWALL FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blocks or bypass visitors by IP, IP Network. Country blocking.\u003C\u002Fstrong> It also has option to avoid blocking hits from major search engines like Google, Bing, Yahoo, Baidu, Yandex and etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Traffic control.\u003C\u002Fstrong> CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts.\u003C\u002Fstrong> Limit Login Attempts – is a part of brute-force protection and security firewall.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application FireWall (WAF) for WordPress Security Plugin\u003C\u002Fstrong>. The main purpose of Web Application FireWall (WAF) is real-time protection from unauthorized access, even if there are critical known\u002Funknown vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include,\n\u003Cul>\n\u003Cli>SQL Injection,\u003C\u002Fli>\n\u003Cli>Cross Site Scripting (XSS),\u003C\u002Fli>\n\u003Cli>uploading files from non-authorised users,\u003C\u002Fli>\n\u003Cli>PHP constructions\u002Fcode,\u003C\u002Fli>\n\u003Cli>the presence of malicious code in the downloaded files.\u003Cbr \u002F>\nIn addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information.\u003C\u002Fli>\n\u003Cli>You can see your Cleantalk Security Logs in your \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fmy\u002Flogs_firewall\" rel=\"nofollow ugc\">Dashboard\u003C\u002Fa> CleanTalk’s research team updates WAF database each time as we find a vulnerability, it means plugin’s users get protection even against unpublished vulnurebilites.\u003C\u002Fli>\n\u003Cli>Learn more how to set up and test \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Fsecurity-waf\" title=\"About Web Application Firewall\" rel=\"nofollow ugc\">About Security Web Application Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications when administrators or users are logged in.\u003C\u002Fstrong> We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard. Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MALWARE SCANNER WITH AUTO-CURE FUNCTION\u003C\u002Fh3>\n\u003Cp>Scans WordPress files for hacker files or code for hacker code. Performs antivirus functions. Security Malware Scanner runs manually by users requests or automaticaly by WordPress cron. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.\u003C\u002Fp>\n\u003Cp>If you are unsure how to identify, remove, or clean malware using the plugin, you can book a \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fwordpress-malware-removal\" rel=\"nofollow ugc\">malware removal service\u003C\u002Fa> with our Security & Pentest team.\u003C\u002Fp>\n\u003Ch4>LIST OF MALWARE SCANNER, ANTIVIRUS FUNCTIONS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware autoscanning.\u003C\u002Fstrong> Scans the website automatically at intervals ranging from once every 12 hours to once every 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cure malware.\u003C\u002Fstrong> It cures infected files automatically if the scanner knows cure methods for these specific cases. If the option is disabled then when the scanning process ends you will be presented with several actions you can do to the found files,\n\u003Cul>\n\u003Cli>\u003Cstrong>Cure.\u003C\u002Fstrong> Malicious code will be removed from the file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Replace.\u003C\u002Fstrong> The file will be replaced with the original file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delete.\u003C\u002Fstrong> The file will be put in quarantine. Do nothing.\u003Cbr \u002F>\nBefore any action is chosen, backups of the files will be created and if the cure is unsuccessful it’s possible to restore each file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware Heuristic Check\u003C\u002Fstrong>. This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Malware scanner to find SQL Injections.\u003C\u002Fstrong> The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Operating system cron tasks analysis.\u003C\u002Fstrong> This functional provides an overview of scheduled cron jobs on server that perform automated tasks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DB Trigger analysis.\u003C\u002Fstrong> Will search for known malicious signatures in database triggers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>List unknown files.\u003C\u002Fstrong> Shows the list of found unknown files in the malware scanner report. Unknown files do not have known virus signatures and do not have suspicious code. Meanwhile, unknown files do not belong to the public plugins and themes at wordpress.org.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File System Watcher.\u003C\u002Fstrong> File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Feedback System.\u003C\u002Fstrong> If you don’t have programming experience and don’t know, is there security issue or not, you send some files to CleanTalk Cloud and we check them for malware code. After checking we send you an email notification with results, is there viruses or not. Please, look at our guide How malware file analysis works \u003Ca href=\"https:\u002F\u002Fcleantalk.org\u002Fhelp\u002Ffiles-analysis\" title=\"About Scanner Feedback System\" rel=\"nofollow ugc\">About Scanner Feedback System\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LIST OF THE MOST ACTIVE MALWARES BY FILENAMES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>radio.php\u003C\u002Fli>\n\u003Cli>admin-ajax.php\u003C\u002Fli>\n\u003Cli>.1235512.css\u003C\u002Fli>\n\u003Cli>8sjdakSJ3.php\u003C\u002Fli>\n\u003Cli>wso.php\u003C\u002Fli>\n\u003Cli>cmd.php\u003C\u002Fli>\n\u003Cli>shell.php\u003C\u002Fli>\n\u003Cli>reverse_shell.php\u003C\u002Fli>\n\u003Cli>admin.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is actual on July 15th, 2025. The latest data is the article \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002Fmajor-signs-of-malware-on-an-infected-wordpress-site\u002F\" rel=\"nofollow ugc\">Is my site infected?\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>VULNERABILITIES SCANNER AMONG INSTALLED PLUGINS AND THEMES\u003C\u002Fh3>\n\u003Cp>Plugin checks installed plugins and themes for known (published) vulnerabilities. If finds vulnerable plugin\u002Ftheme, it sends an Email notification and shows data in the \u003Cem>Critical updates\u003C\u002Fem> tab.\u003C\u002Fp>\n\u003Cp>List of the most recent vulnerabilities found and published by CleanTalk Research team,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CVE-2025-5921 – SureForms – Unauthenticated XSS – POC, 200k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-3582 – Newsletter – Stored XSS to JS Backdoor Creation – POC, 300k+ installs.\u003C\u002Fli>\n\u003Cli>CVE-2025-2560 – Ninja Forms – Stored XSS to JS Backdoor Creation – POC, 700k+ installs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The list is effective on July 18th, 2025. Updates are avaible on \u003Ca href=\"https:\u002F\u002Fresearch.cleantalk.org\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fresearch.cleantalk.org\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>MISCELLANEOUS SECURITY OPTIONS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Send additional HTTP headers option.\u003C\u002Fstrong> There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:\n\u003Cul>\n\u003Cli>“X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.\u003C\u002Fli>\n\u003Cli>“X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.\u003C\u002Fli>\n\u003Cli>“Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.\u003C\u002Fli>\n\u003Cli>“Referrer-Policy” make the \u003Ccode>Referer\u003C\u002Fcode> http-header transferring more strictly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Collect and send PHP logs.\u003C\u002Fstrong> Collect and send PHP error logs to your CleanTalk Dashboard where you can list them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of authors logins.\u003C\u002Fstrong> Prevent visitors from collecting logins of the content authors from the website links (like example.com\u002F?author=1). Also this function known as Stop User Enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent collecting of user login on password reset.\u003C\u002Fstrong> The password reset error will not contain the data about selected username does not exist.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable REST API for non-authenticated users.\u003C\u002Fstrong> Turn this on to deny access to WordPress REST API for non-authenticated users. Denied requests will get a 401 HTTP Code (Unauthorized).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable the WordPress endpoint “users” REST API.\u003C\u002Fstrong> Disables access to \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers and \u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F”id_user”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable File Editor.\u003C\u002Fstrong> By prohibiting file editing, you protect the site from malicious attacks that may try to change the code and gain access to the site or steal confidential information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TRANSLATE INTO YOUR LANGUAGE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thank you for helping translate the plugin!\u003C\u002Fli>\n\u003Cli>感谢您帮助翻译这个插件！ (Gǎnxiè nín bāngzhù fānyì zhège chājìan!)\u003C\u002Fli>\n\u003Cli>प्लगइन का अनुवाद करने में मदद के लिए धन्यवाद! (Plugin ka anuvaad karne mein madad ke liye dhanyavaad!)\u003C\u002Fli>\n\u003Cli>¡Gracias por ayudar a traducir el complemento!\u003C\u002Fli>\n\u003Cli>Merci d’avoir aidé à traduire le plugin !\u003C\u002Fli>\n\u003Cli>شكرًا لمساعدتك في ترجمة الإضافة! (Shukran limusaa’adatika fi tarjamat al-idafa!)\u003C\u002Fli>\n\u003Cli>প্লাগইন অনুবাদে সাহায্য করার জন্য ধন্যবাদ! (Plug-in onubade shahajjo korar jonno dhonnobad!)\u003C\u002Fli>\n\u003Cli>Спасибо за помощь в переводе плагина! (Spasibo za pomoshch v perevode plagina!)\u003C\u002Fli>\n\u003Cli>Obrigado por ajudar a traduzir o plugin! (Obrigada if female)\u003C\u002Fli>\n\u003Cli>پلگ ان کا ترجمہ کرنے میں مدد کرنے کا شکریہ! (Plug-in ka tarjuma karne mein madad karne ka shukriya!)\u003C\u002Fli>\n\u003Cli>Terima kasih telah membantu menerjemahkan plugin!\u003C\u002Fli>\n\u003Cli>Danke, dass du beim Übersetzen des Plugins geholfen hast!\u003C\u002Fli>\n\u003Cli>プラグインの翻訳を手伝ってくれてありがとうございます！ (Puraguin no hon’yaku o tetsudatte kurete arigatou gozaimasu!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-malware-firewall\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.",30000,2575884,96,378,"2026-03-02T10:49:00.000Z","5.0","7.2",[20,71,21,22,24],"login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-malware-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-malware-firewall.2.174.zip",86,5,"2025-12-08 16:28:49",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":95,"download_link":96,"security_score":14,"vuln_count":27,"unpatched_count":28,"last_vuln_date":97,"fetched_at":30},"bitfire","BitFire Security – Firewall, WAF, Bot\u002FSpam Blocker, Login Security","4.8.2","Cory Marsh","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitslip6\u002F","\u003Ch3>Real-Time Security for WordPress\u003C\u002Fh3>\n\u003Cp>BitFire protects your website from bots, hackers, malware, and critical vulnerabilities – before they can cause damage.\u003C\u002Fp>\n\u003Cp>This plugin brings advanced security technology used by large enterprises to your WordPress site, now available in a free version. Whether you manage a business website, blog, or WooCommerce store, BitFire gives you powerful protection and visibility into your traffic.\u003C\u002Fp>\n\u003Ch3>Smarter Protection with AI\u003C\u002Fh3>\n\u003Cp>Most security plugins wait for updates to detect new threats. BitFire takes a different approach: it uses artificial intelligence and real-time request analysis to \u003Cstrong>stop zero-day attacks\u003C\u002Fstrong>, bots, and malicious users \u003Cstrong>before\u003C\u002Fstrong> they get access to your site.\u003C\u002Fp>\n\u003Cp>Our AI learns what normal traffic looks like for your site and blocks anything suspicious – without you needing to configure endless rules.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Unlike traditional firewalls that allow everything by default and react to known threats, BitFire only allows verified traffic – stopping new and unknown attacks instantly.”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>🔐 Security Highlights (Free & Pro)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stop Bots Automatically\u003C\u002Fstrong> – Block fake users, spam bots, and scanners (no captchas needed).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Scan your site for infected or unknown files using a fast hash-based scanner.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Traffic Monitor\u003C\u002Fstrong> – See who’s visiting your site, including IP, city, browser, request rate, and referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Protection\u003C\u002Fstrong> – Block bots from abusing your login page, detect phishing attacks, and stop brute-force attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Human \u002F Bot Detection\u003C\u002Fstrong> – BitFire can tell the difference between real users and fake browsers with 99.7% accuracy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Reputation\u003C\u002Fstrong> – Block over 300,000 known malicious IPs with real-time threat intelligence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Built for Speed\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>BitFire logs traffic in \u003Cstrong>under 2ms per request\u003C\u002Fstrong>, thanks to a high-performance binary logging engine.\u003C\u002Fli>\n\u003Cli>Unlike bulky WAFs that rely on large rule sets, BitFire looks at the \u003Cstrong>intent\u003C\u002Fstrong> behind every request – giving you \u003Cstrong>faster speeds\u003C\u002Fstrong> and fewer false positives.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔍 Live Traffic Monitoring\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Track every visitor request in real time  \u003C\u002Fli>\n\u003Cli>Remove blind spots and gain confidence in your site security\u003C\u002Fli>\n\u003Cli>Filter traffic by IP, URL, response code, or user-agent  \u003C\u002Fli>\n\u003Cli>View bot fingerprints from over 3,000 known bots and 180 real browsers  \u003C\u002Fli>\n\u003Cli>See what was blocked and why\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛡 Runtime Protection (PRO)\u003C\u002Fh4>\n\u003Cp>BitFire includes WordPress’s first Runtime Application Self Protection (RASP) firewall.\u003C\u002Fp>\n\u003Cp>This means BitFire watches what your plugins and code are doing in real time and blocks anything suspicious – including:\u003Cbr \u002F>\n– Unauthorized file modifications (File RASP)\u003Cbr \u002F>\n– Suspicious database queries (Database RASP)\u003Cbr \u002F>\n– Unauthorized account creation or privilege escalation (Authentication RASP)\u003Cbr \u002F>\n– Dangerous outbound network requests (Network RASP)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“It’s like a bodyguard inside your WordPress server – watching every move and stopping threats before they execute.”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>What’s Included in the Free Version?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Traffic logger (current day only)\u003C\u002Fli>\n\u003Cli>Real-time bot and malware detection\u003C\u002Fli>\n\u003Cli>File scanner with fast hash matching\u003C\u002Fli>\n\u003Cli>Block plugin and theme enumeration tools\u003C\u002Fli>\n\u003Cli>Live IP and user-agent request viewer\u003C\u002Fli>\n\u003Cli>Block hacking tools like WPScan, Nmap, Nikto, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What’s in BitFire Pro?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Web Firewall rated A+ by cloudbric with real-time updates\u003C\u002Fli>\n\u003Cli>Full Runtime Self Protection engine (File, Database, Account, and Network protection)\u003C\u002Fli>\n\u003Cli>Advanced login protection and phishing detection\u003C\u002Fli>\n\u003Cli>Malware scanner with 14 million+ clean file hashes\u003C\u002Fli>\n\u003Cli>Automatic browser fingerprinting and allowlists\u003C\u002Fli>\n\u003Cli>Auto-configured CSP and security headers (A+ rating)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Increased traffic logging and historical view to 30 days\u003C\u002Fp>\n\u003Cp>** Independent WAF testing by Cloudbric https:\u002F\u002Flabs.cloudbric.com\u002Fwafer **\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>BitFire [PRO] – 🇦  (94%)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>MalCare [PRO] – 🇫  (34%)\u003C\u002Fli>\n\u003Cli>WordFence [PRO] – 🇩  (41%)\u003C\u002Fli>\n\u003Cli>iThemes Security – 🇫  (2%)\u003C\u002Fli>\n\u003Cli>Ninja Firewall [PRO] – 🇩  (67%)\u003C\u002Fli>\n\u003Cli>Site Ground Security – 🇫  (2%)\u003C\u002Fli>\n\u003Cli>Shield Security [PRO] – 🇫  (2%)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Trusted by Enterprises, Now Available to You\u003C\u002Fh3>\n\u003Cp>BitFire is used by major organizations on our managed enterprise platform and developed by a veteran security architect with over 20 years of experience defending Fortune 500s and critical infrastructure.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This free release brings our best bot detection and traffic logging features to the WordPress community – at no cost.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Learn More\u003C\u002Fh3>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fbitfire.co\" rel=\"nofollow ugc\">https:\u002F\u002Fbitfire.co\u003C\u002Fa> for:\u003Cbr \u002F>\n– Full product comparison\u003Cbr \u002F>\n– Malware removal services\u003Cbr \u002F>\n– Pro pricing\u003Cbr \u002F>\n– Support\u003C\u002Fp>\n\u003Ch3>Privacy \u002F Monitoring \u002F Data Collection\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Privacy.  We take privacy very seriously. BitFire inspects all traffic going to the webserver and takes care to filter out any potentially sensitive information by replacing it with \u003Cstrong>\u003Cem>redacted\u003C\u002Fem>\u003C\u002Fstrong>. The config.ini file includes a list of common sensitive field names under the “filtered_logging” section. You can add additional fields to filter in the config file by adding a line “filtered_logging[field_name] = true” and replacing “field_name” with the name of the desired parameter to filter.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>BitFire includes an error handler which monitors it’s operation. In the event an error is detected in the BitFire software; including during install, an alert can be sent to BitFire’s developer team. The development team monitors these errors in real time and includes fixes for any detected errors in each new release.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Malware scanner. BitFire sends tiny 64bit hashes (signatures, or fingerprints) of every file to our hash database. For instance, index.php may hash to the number: 812612388126487. The database is many gigabytes and centrally located on our servers. BitFire uses that information to determine if a file has been modified or is a known good file and sends the results back to your site. Client hashes are never stored off your server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Log data and configuration data is stored locally on the filesystem in the wp-content\u002Fuploads\u002Fbitfire_RANDOM directory. This directory is unique and hidden from the Internet and protected by an .htaccess file. Web servers that are configured to allow directory listings will want to ensure that the file wp-content\u002Fuploads\u002Findex.php is present to prevent directory listings. The random directory name is 12 characters long and is generated on install. The directory is not accessible from the Internet and is protected by a .htaccess file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Real-time firewall that stops bots, malware, and hackers with real AI, file protection, and traffic analytics without slowing down your site",300,13786,100,7,"2025-09-21T22:57:00.000Z","6.8.5","6.1",[93,20,94,22,24],"activity-log","malware-scanner","https:\u002F\u002Fbitfire.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitfire.4.8.2.zip","2025-08-01 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":28,"downloaded":106,"rating":28,"num_ratings":28,"last_updated":107,"tested_up_to":16,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":111,"download_link":112,"security_score":87,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"atomic-edge-security","Atomic Edge Security","2.5.1","shift8","https:\u002F\u002Fprofiles.wordpress.org\u002Fshift8\u002F","\u003Cp>Atomic Edge Security connects your WordPress site to the Atomic Edge WAF\u002FCDN service, providing enterprise-grade security protection without the complexity.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHP_EiWLtuZE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Protect WordPress logins with TOTP authenticator apps (Google Authenticator, Authy, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA Enforcement Policies\u003C\u002Fstrong> – Require 2FA for specific user roles with configurable grace periods\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA Audit Logging\u003C\u002Fstrong> – Complete security audit trail for all 2FA events\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adaptive Defense\u003C\u002Fstrong> – AI-powered threat detection that automatically identifies and blocks malicious actors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong> – Block SQL injection, XSS, and other attacks with OWASP Core Rules\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Delivery Network (CDN)\u003C\u002Fstrong> – Serve static assets from global edge servers for faster page loads\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Analytics\u003C\u002Fstrong> – Monitor traffic, blocked threats, and security events in real-time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Access Control\u003C\u002Fstrong> – Easily whitelist or blacklist IP addresses and CIDR ranges\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geographic Blocking\u003C\u002Fstrong> – Block or allow access based on visitor country\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Scan WordPress files for modifications and suspicious code patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Check WordPress core, plugins, and themes for known vulnerabilities (requires Atomic Edge connection)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WAF Log Viewer\u003C\u002Fstrong> – See exactly what threats are being blocked\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration\u003C\u002Fstrong> – Run security scans from the command line\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Sign up for an Atomic Edge account at \u003Ca href=\"https:\u002F\u002Fatomicedge.io\" rel=\"nofollow ugc\">atomicedge.io\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Add your site to Atomic Edge and get your API key\u003C\u002Fli>\n\u003Cli>Install this plugin and enter your API key\u003C\u002Fli>\n\u003Cli>Manage your security settings directly from WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Vulnerability scanning is available when connected and uses Atomic Edge’s vulnerability data feed.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.8 or higher\u003C\u002Fli>\n\u003Cli>An Atomic Edge account (free tier available)\u003C\u002Fli>\n\u003Cli>OpenSSL PHP extension\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services provided by Atomic Edge to deliver WAF, CDN, and security features. Below is a detailed explanation of each service, what data is transmitted, and when.\u003C\u002Fp>\n\u003Ch4>Atomic Edge API\u003C\u002Fh4>\n\u003Cp>The primary external service this plugin connects to is the Atomic Edge API at \u003Ccode>https:\u002F\u002Fdashboard.atomicedge.io\u002Fapi\u002Fv1\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Manages your site’s Web Application Firewall (WAF) settings\u003Cbr \u002F>\n* Retrieves real-time analytics and traffic data\u003Cbr \u002F>\n* Fetches WAF security logs showing blocked threats\u003Cbr \u002F>\n* Manages IP whitelist\u002Fblacklist and geographic access controls\u003Cbr \u002F>\n* Retrieves CDN configuration and status\u003Cbr \u002F>\n* Provides vulnerability scanning data for WordPress core, plugins, and themes\u003Cbr \u002F>\n* Powers the Adaptive Defense AI-powered threat detection system\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Your site’s API key (for authentication)\u003Cbr \u002F>\n* IP addresses you add to whitelist\u002Fblacklist\u003Cbr \u002F>\n* Country codes for geographic blocking rules\u003Cbr \u002F>\n* CDN optimization settings (asset types, minification preferences)\u003Cbr \u002F>\n* Site URL and domain information\u003Cbr \u002F>\n* Adaptive Defense settings and blocked IP information\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* When you save settings in the plugin admin pages\u003Cbr \u002F>\n* When you view analytics or WAF logs (to fetch data)\u003Cbr \u002F>\n* When you run a vulnerability scan\u003Cbr \u002F>\n* When you manage IP access control rules\u003Cbr \u002F>\n* When Adaptive Defense checks or updates threat status\u003Cbr \u002F>\n* Background sync of CDN settings (when CDN is enabled)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service links:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service website: \u003Ca href=\"https:\u002F\u002Fatomicedge.io\" rel=\"nofollow ugc\">https:\u002F\u002Fatomicedge.io\u003C\u002Fa>\u003Cbr \u002F>\n* Terms of Service: \u003Ca href=\"https:\u002F\u002Fatomicedge.io\u002Fterms-of-service\" rel=\"nofollow ugc\">https:\u002F\u002Fatomicedge.io\u002Fterms-of-service\u003C\u002Fa>\u003Cbr \u002F>\n* Privacy Policy: \u003Ca href=\"https:\u002F\u002Fatomicedge.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">https:\u002F\u002Fatomicedge.io\u002Fprivacy-policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Malware Signature API\u003C\u002Fh4>\n\u003Cp>The malware scanner fetches signature patterns from a public API endpoint.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Provides up-to-date malware detection signatures\u003Cbr \u002F>\n* Allows scanning without requiring an API key\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* No personal or site-specific data is sent\u003Cbr \u002F>\n* Only a GET request to retrieve signature patterns\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong>\u003Cbr \u002F>\n* When you initiate a malware scan (if cached signatures have expired)\u003Cbr \u002F>\n* Signatures are cached locally for 24 hours\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service links:\u003C\u002Fstrong>\u003Cbr \u002F>\n* This service is provided by Atomic Edge (same terms and privacy policy as above)\u003C\u002Fp>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cp>All API responses are cached locally using WordPress transients to minimize external requests. Malware signature data is cached for 24 hours. Analytics data is fetched fresh on each page load but displayed quickly via JavaScript pagination.\u003C\u002Fp>\n","Connect your WordPress site to Atomic Edge for enterprise-grade WAF protection, real-time analytics, and advanced security tools.",634,"2026-03-14T01:31:00.000Z","5.8",[110,20,94,22,24],"2fa","https:\u002F\u002Fatomicedge.io\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatomic-edge-security.2.5.1.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":16,"requires_at_least":17,"requires_php":126,"tags":127,"homepage":129,"download_link":130,"security_score":65,"vuln_count":131,"unpatched_count":28,"last_vuln_date":132,"fetched_at":30},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","7.0",[110,20,21,128,22],"scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",12,"2022-09-06 00:00:00",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":123,"num_ratings":143,"last_updated":144,"tested_up_to":16,"requires_at_least":68,"requires_php":145,"tags":146,"homepage":150,"download_link":151,"security_score":152,"vuln_count":153,"unpatched_count":28,"last_vuln_date":154,"fetched_at":30},"all-in-one-wp-security-and-firewall","All-In-One Security (AIOS) – Security and Firewall","5.4.6","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Ch3>THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios&utm_creative_format=description\" rel=\"nofollow ugc\">All-in-One Security (AIOS)\u003C\u002Fa> is a WordPress security plugin from the same, trusted team that brought you UpdraftPlus.\u003C\u002Fp>\n\u003Cp>It’s called ‘All-In-One’ because it’s packed full of ways to keep your WordPress website(s) safe and secure.\u003C\u002Fp>\n\u003Cp>It includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login security features\u003C\u002Fstrong> keep bots at bay. Lock out users based on a configurable number of login attempts, get two-factor authentication and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File and database security.\u003C\u002Fstrong> Get notified of file changes that occur outside of normal operations. Block access to key files and scan files and folders to spot insecure permissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall.\u003C\u002Fstrong> Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam prevention.\u003C\u002Fstrong> Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit log.\u003C\u002Fstrong> View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated and more.\u003C\u002Fp>\n\u003Ch4>WHY ALL-IN-ONE SECURITY?\u003C\u002Fh4>\n\u003Cp>AIOS has a near-perfect \u003Cstrong>4.7 \u002F 5-star user rating\u003C\u002Fstrong> across more than 1 million installs.\u003C\u002Fp>\n\u003Cp>Great for beginners and experts alike. AIOS guides you logically and clearly through each of its features which are all clearly explained. Security features are marked as basic, intermediate and advanced. Each step increases your security score. Turn them on and watch your protection grow!\u003C\u002Fp>\n\u003Cp>We have a large support team of software developers. That means we have the availability and the skillset to help you with the trickiest of queries.\u003C\u002Fp>\n\u003Cp>We comb the WordPress plugin directory for support tickets daily – most queries are responded to within 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Excellent plugin with numerous well-thought-out options for making a website more secure. I have been using it for years and am very happy with it. I recently had a small problem setting up a website and – even as a non-premium user – I received support very quickly. Highly recommended!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>For even more ways to stay safe and secure, upgrade to \u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002Fpricing?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios_premium&utm_creative_format=description\" rel=\"nofollow ugc\">AIOS Premium\u003C\u002Fa> – it packs a punch security-wise, whilst being \u003Cstrong>extremely cost-competitive\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>LOGIN SECURITY\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication (TFA)\u003C\u002Fstrong> – Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detect and manage ‘admin’ usernames\u003C\u002Fstrong> – Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify and correct identical login and display names\u003C\u002Fstrong> – Detect cases where the display name matches the username and provide guidance to improve login security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent user enumeration\u003C\u002Fstrong> – Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control login attempts\u003C\u002Fstrong> – Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lockout durations, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force user logout\u003C\u002Fstrong> – Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually approve new registrations\u003C\u002Fstrong> – Review and approve new user registrations to prevent spam and fake sign-ups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance WordPress salt security\u003C\u002Fstrong> – Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002F\u003Cbr \u002F>\n\u003Cstrong>Monitor and manage active sessions\u003C\u002Fstrong> – If a user is logged in who shouldn’t be, log them out or add them to a blacklist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SPAM PREVENTION\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block spam coming from bots\u003C\u002Fstrong> – Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor spam IP addresses\u003C\u002Fstrong> – Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block based on a configurable number of comments left.\u003C\u002Fp>\n\u003Ch4>FILE \u002F DATABASE Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Scan and fix file permissions\u003C\u002Fstrong> – Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable PHP file editing\u003C\u002Fstrong> – Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect sensitive files\u003C\u002Fstrong> – Prevent access to files like readme.html that might reveal information about your WordPress installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File change scanner\u003C\u002Fstrong> – Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent image hotlinking\u003C\u002Fstrong> – Prevent other websites from displaying your images via hotlinking and protect server bandwidth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure database backups\u003C\u002Fstrong> – Perform a database backup via UpdraftPlus from AIOS. Change the default ‘wp_’ prefix to hide your WordPress database from hackers.\u003C\u002Fp>\n\u003Ch4>FIREWALL\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Get .htaccess firewall rules\u003C\u002Fstrong> – Deny access to the .htaccess and wp-config.php files. Disable the server signature and limit file uploads to a configurable size.**\u003C\u002Fp>\n\u003Cp>Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get PHP firewall rules\u003C\u002Fstrong> – PHP firewall rules prevent malicious users from exploiting well-known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and Atom feeds and avoid cross-site scripting (XSS) attacks.\u003Cbr \u002F>\nBlock fake Google bots and POST requests made by bots – Block fake Google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Utilise 6G firewall rules\u003C\u002Fstrong> – Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>And more\u003C\u002Fstrong> – Blacklist (and whitelist) IP ranges and user agents and block unauthorized access to data by disabling REST API access for non-logged-in requests.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION ENHANCED [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong> is included in the free plugin. Upgrade to Premium if you’d like to:\u003Cbr \u002F>\nRequire TFA after a set time period – Mandate TFA for all admins or other roles after their accounts reach a specified age.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control how often TFA is required\u003C\u002Fstrong> – Set TFA to be required after a certain number of days on trusted devices instead of every login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customise design layout\u003C\u002Fstrong> – Adjust the TFA design to match your website’s existing layout and branding.\u003Cbr \u002F>\nEmergency codes – Generate one-time use emergency codes to regain access if you lose your TFA device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Multisite Compatible\u003C\u002Fstrong> – Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with login forms\u003C\u002Fstrong> – Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme My Login’ without additional coding.\u003C\u002Fp>\n\u003Ch4>SMART 404 BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block IPs based on 404 errors\u003C\u002Fstrong> – Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 Configuration\u003C\u002Fstrong> – Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g., 10 errors within 10 minutes).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 block by URL string\u003C\u002Fstrong> – Instantly block an IP address if a 404 event includes a specific URL string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 whitelisting\u003C\u002Fstrong> – Prevent particular IP addresses from being permanently blocked due to 404 events.\u003C\u002Fp>\n\u003Ch4>COUNTRY BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block traffic to the entire site or to specific pages or posts\u003C\u002Fstrong> – Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelist some users from blocked countries\u003C\u002Fstrong> – Whitelist IP addresses or IP ranges even if they are part of a blocked country.\u003C\u002Fp>\n\u003Ch4>MALWARE SCANNING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Automatic malware scanning\u003C\u002Fstrong> – Detect and protect against the latest malware, trojans, and spyware.\u003Cbr \u002F>\nAlerts you to blacklisting by search engines – Monitor your site for blacklisting by search engines due to malicious code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response time monitoring\u003C\u002Fstrong> – Keep track of your website’s response time to identify and address any performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Uptime monitoring\u003C\u002Fstrong> – Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advice and malware removal\u003C\u002Fstrong> – Need hands-on advice and support for malware removal? Our team of genuine cybersecurity experts is here to help.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notification if something’s amiss\u003C\u002Fstrong> – Receive notifications about any issues with your site so you can address problems before they escalate.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cp>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you are a developer and you need some extra hooks or filters for this plugin then let us know.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All-In-One Security plugin can be translated to any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently available translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Hungarian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.\u003C\u002Fp>\n\u003Cp>The collected information is stored on your server. No information is transmitted to third parties or remote server locations.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n","Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.",1000000,36139406,1693,"2026-01-28T22:15:00.000Z","5.6",[20,147,148,22,149],"login-security","malware-scanning","two-factor-authentication","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-security-and-firewall.5.4.6.zip",93,26,"2024-02-08 00:00:00",{"attackSurface":156,"codeSignals":517,"taintFlows":789,"riskAssessment":919,"analyzedAt":929},{"hooks":157,"ajaxHandlers":416,"restRoutes":497,"shortcodes":498,"cronEvents":499,"entryPointCount":516,"unprotectedCount":303},[158,164,168,173,176,180,185,189,193,197,201,204,209,212,216,218,220,222,226,227,230,233,236,238,242,245,247,248,252,257,262,266,269,272,276,278,280,284,288,291,295,299,302,305,307,308,312,315,317,319,321,323,326,328,331,335,339,343,347,351,355,358,362,365,367,371,373,375,378,381,384,387,391,395,399,401,404,407,409,413],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","admin_notices","closure","includes\\class-wf-sn-utils.php",309,{"type":159,"name":165,"callback":166,"file":167,"line":74},"woocommerce_geoip_updater","update_database","modules\\cloud-firewall\\class-sn-geolocation.php",{"type":159,"name":169,"callback":170,"priority":27,"file":171,"line":172},"template_redirect","check_visitor","modules\\cloud-firewall\\cloud-firewall.php",29,{"type":159,"name":174,"callback":170,"priority":27,"file":171,"line":175},"login_head",30,{"type":159,"name":177,"callback":178,"priority":27,"file":171,"line":179},"init","do_init_action",32,{"type":159,"name":181,"callback":182,"priority":183,"file":171,"line":184},"wp_login","log_successful_login",10,34,{"type":159,"name":186,"callback":187,"file":171,"line":188},"wp_login_failed","failed_login",40,{"type":190,"name":191,"callback":191,"file":171,"line":192},"filter","sn_tabs",43,{"type":159,"name":194,"callback":195,"file":171,"line":196},"admin_init","register_settings",45,{"type":159,"name":198,"callback":199,"file":171,"line":200},"admin_enqueue_scripts","enqueue_scripts",53,{"type":159,"name":202,"callback":177,"file":171,"line":203},"plugins_loaded",3906,{"type":159,"name":205,"callback":206,"file":207,"line":208},"secnin_run_core_scanner","do_action_secnin_run_core_scanner","modules\\core-scanner\\core-scanner.php",60,{"type":159,"name":177,"callback":210,"file":207,"line":211},"schedule_cron_jobs",61,{"type":159,"name":213,"callback":214,"file":207,"line":215},"admin_post_sn_core_scan_report","render_scan_report",62,{"type":190,"name":191,"callback":191,"file":207,"line":217},64,{"type":159,"name":198,"callback":199,"file":207,"line":219},65,{"type":159,"name":202,"callback":177,"file":207,"line":221},1311,{"type":159,"name":223,"callback":224,"file":225,"line":172},"wp_dashboard_setup","add_dashboard_widgets","modules\\dashboard-widget\\class-wf-sn-dashboard-widget.php",{"type":159,"name":198,"callback":198,"file":225,"line":175},{"type":159,"name":228,"callback":229,"priority":183,"file":225,"line":179},"upgrader_process_complete","clear_updates_cache",{"type":159,"name":231,"callback":229,"file":225,"line":232},"wp_update_themes",38,{"type":159,"name":234,"callback":229,"file":225,"line":235},"wp_update_plugins",39,{"type":159,"name":194,"callback":195,"file":237,"line":172},"modules\\events-logger\\events-logger.php",{"type":159,"name":239,"callback":240,"file":237,"line":241},"user_register","monitor_new_admin_creation",33,{"type":159,"name":243,"callback":244,"file":237,"line":232},"secnin_check_direct_admin_creation","check_direct_admin_creation",{"type":190,"name":191,"callback":191,"file":237,"line":246},44,{"type":159,"name":198,"callback":199,"file":237,"line":196},{"type":159,"name":249,"callback":250,"file":237,"line":251},"secnin_prune_logs_cron","do_cron_prune_logs",47,{"type":159,"name":253,"callback":254,"priority":255,"file":237,"line":256},"all","watch_actions",9,49,{"type":190,"name":258,"callback":259,"priority":260,"file":237,"line":261},"rest_authentication_errors","rest_log_auth_errors",999,58,{"type":190,"name":263,"callback":264,"priority":14,"file":237,"line":265},"determine_current_user","rest_log_determine_user",59,{"type":190,"name":267,"callback":268,"priority":260,"file":237,"line":208},"rest_pre_dispatch","rest_log_pre_dispatch",{"type":190,"name":270,"callback":271,"priority":260,"file":237,"line":52},"rest_post_dispatch","rest_log_post_dispatch",{"type":190,"name":273,"callback":274,"file":237,"line":275},"wp_mail_content_type","sn_set_html_mail_content_type",271,{"type":190,"name":273,"callback":274,"file":237,"line":277},1266,{"type":159,"name":202,"callback":177,"file":237,"line":279},2043,{"type":159,"name":281,"callback":282,"file":283,"line":251},"admin_menu","register_view_file_page","modules\\file-viewer\\class-secnin-file-viewer.php",{"type":159,"name":285,"callback":286,"file":283,"line":287},"admin_post_sn_view_file","view_file_page",48,{"type":159,"name":289,"callback":290,"file":283,"line":256},"admin_head","hide_admin_interface",{"type":159,"name":292,"callback":293,"file":283,"line":294},"after_setup_theme","remove_admin_bar",50,{"type":190,"name":296,"callback":297,"file":283,"line":298},"show_admin_bar","__return_false",83,{"type":159,"name":194,"callback":194,"file":300,"line":301},"modules\\vulnerabilities\\class-wf-sn-vu.php",27,{"type":190,"name":191,"callback":191,"priority":303,"file":300,"line":304},2,28,{"type":159,"name":160,"callback":306,"file":300,"line":172},"admin_notice_vulnerabilities",{"type":159,"name":177,"callback":210,"file":300,"line":175},{"type":159,"name":309,"callback":310,"file":300,"line":311},"secnin_update_vuln_list","update_vuln_list",31,{"type":159,"name":313,"callback":314,"file":300,"line":179},"secnin_daily_vulnerability_warning_check","daily_vulnerability_check",{"type":159,"name":228,"callback":316,"priority":183,"file":300,"line":241},"do_action_upgrader_process_complete",{"type":159,"name":318,"callback":316,"file":300,"line":235},"delete_theme",{"type":159,"name":320,"callback":316,"file":300,"line":188},"delete_plugin",{"type":159,"name":198,"callback":322,"file":300,"line":196},"enqueue_admin_scripts",{"type":190,"name":273,"callback":324,"file":300,"line":325},"set_html_content_type",972,{"type":159,"name":202,"callback":177,"file":300,"line":327},2606,{"type":159,"name":194,"callback":177,"file":329,"line":330},"security-ninja.php",184,{"type":190,"name":332,"callback":333,"priority":183,"file":329,"line":334},"mainwp_child_extra_execution","do_filter_mainwp_child_extra_execution",190,{"type":190,"name":336,"callback":337,"priority":183,"file":329,"line":338},"mainwp_site_sync_others_data","do_filter_mainwp_site_sync_others_data",196,{"type":159,"name":340,"callback":341,"file":329,"line":342},"secnin_run_tests_event","do_event_run_tests",202,{"type":190,"name":344,"callback":345,"file":329,"line":346},"permission_list","add_freemius_extra_permission",207,{"type":190,"name":348,"callback":349,"priority":183,"file":329,"line":350},"show_admin_notice","do_filter_show_admin_notice",208,{"type":190,"name":352,"callback":353,"file":329,"line":354},"checkout\u002Fparameters","extra_modern_checkout_parameters",214,{"type":159,"name":194,"callback":356,"file":329,"line":357},"secnin_fs_license_key_migration",215,{"type":190,"name":359,"callback":360,"file":329,"line":361},"plugin_icon","secnin_fs_custom_icon",216,{"type":190,"name":191,"callback":363,"file":329,"line":364},"return_tabs",218,{"type":159,"name":281,"callback":281,"file":329,"line":366},224,{"type":159,"name":368,"callback":369,"priority":183,"file":329,"line":370},"activated_plugin","do_action_activated_plugin",225,{"type":159,"name":198,"callback":199,"file":329,"line":372},231,{"type":159,"name":194,"callback":195,"file":329,"line":374},232,{"type":159,"name":194,"callback":376,"file":329,"line":377},"do_action_admin_init",233,{"type":159,"name":194,"callback":379,"priority":27,"file":329,"line":380},"maybe_upgrade_db",234,{"type":159,"name":160,"callback":382,"file":329,"line":383},"do_admin_notices",239,{"type":159,"name":385,"callback":385,"file":329,"line":386},"admin_footer",241,{"type":159,"name":388,"callback":389,"file":329,"line":390},"secnin_signup_to_newsletter","signup_to_newsletter",242,{"type":190,"name":392,"callback":393,"file":329,"line":394},"manage_users_columns","add_user_last_login_column",243,{"type":190,"name":396,"callback":397,"priority":183,"file":329,"line":398},"manage_users_custom_column","return_last_login_column",244,{"type":159,"name":160,"callback":161,"file":329,"line":400},354,{"type":159,"name":402,"callback":402,"file":329,"line":403},"admin_print_footer_scripts",625,{"type":159,"name":177,"callback":405,"priority":27,"file":329,"line":406},"load_textdomain",1888,{"type":159,"name":177,"callback":177,"file":329,"line":408},1889,{"type":159,"name":410,"callback":411,"file":329,"line":412},"wpmu_new_blog","handle_new_site",1892,{"type":159,"name":414,"callback":411,"file":329,"line":415},"wp_insert_site",1893,[417,422,425,428,431,435,438,442,446,450,454,458,461,464,468,472,474,478,482,486,490,494],{"action":418,"nopriv":419,"callback":420,"hasNonce":421,"hasCapCheck":421,"file":171,"line":251},"sn_enable_firewall",false,"ajax_enable_firewall",true,{"action":423,"nopriv":419,"callback":424,"hasNonce":419,"hasCapCheck":419,"file":171,"line":287},"sn_disable_firewall","ajax_disable_firewall",{"action":426,"nopriv":419,"callback":427,"hasNonce":421,"hasCapCheck":421,"file":171,"line":256},"sn_test_ip","ajax_test_ip",{"action":429,"nopriv":419,"callback":430,"hasNonce":421,"hasCapCheck":421,"file":171,"line":294},"sn_clear_blacklist","ajax_clear_blacklist",{"action":432,"nopriv":419,"callback":433,"hasNonce":421,"hasCapCheck":421,"file":171,"line":434},"sn_send_unblock_email","ajax_send_unblock_email",51,{"action":436,"nopriv":419,"callback":437,"hasNonce":421,"hasCapCheck":421,"file":207,"line":52},"sn_core_get_file_source","get_file_source",{"action":439,"nopriv":419,"callback":440,"hasNonce":421,"hasCapCheck":421,"file":207,"line":441},"sn_core_delete_file_do","delete_file",67,{"action":443,"nopriv":419,"callback":444,"hasNonce":421,"hasCapCheck":421,"file":207,"line":445},"sn_core_restore_file_do","restore_file",68,{"action":447,"nopriv":419,"callback":448,"hasNonce":421,"hasCapCheck":421,"file":207,"line":449},"sn_core_run_scan","do_action_core_run_scan",69,{"action":451,"nopriv":419,"callback":452,"hasNonce":421,"hasCapCheck":421,"file":207,"line":453},"sn_core_get_cached_results","get_cached_results",70,{"action":455,"nopriv":419,"callback":456,"hasNonce":421,"hasCapCheck":421,"file":207,"line":457},"sn_core_delete_all_unknowns","do_action_delete_all_unknowns",71,{"action":459,"nopriv":419,"callback":460,"hasNonce":421,"hasCapCheck":421,"file":237,"line":175},"get_events_data","ajax_get_events_data",{"action":462,"nopriv":419,"callback":463,"hasNonce":421,"hasCapCheck":421,"file":237,"line":311},"get_events_actions","ajax_get_events_actions",{"action":465,"nopriv":419,"callback":466,"hasNonce":421,"hasCapCheck":421,"file":237,"line":467},"sn_el_truncate_log","ajax_truncate_log",46,{"action":469,"nopriv":419,"callback":470,"hasNonce":421,"hasCapCheck":421,"file":300,"line":471},"secnin_manual_vuln_scan","handle_manual_vuln_scan",42,{"action":469,"nopriv":421,"callback":473,"hasNonce":419,"hasCapCheck":419,"file":300,"line":192},"handle_manual_vuln_scan_denied",{"action":475,"nopriv":419,"callback":476,"hasNonce":421,"hasCapCheck":421,"file":300,"line":477},"secnin_download_all_vuln_files","handle_download_all_vuln_files",212,{"action":479,"nopriv":419,"callback":480,"hasNonce":421,"hasCapCheck":421,"file":329,"line":481},"sn_run_single_test","run_single_test",235,{"action":483,"nopriv":419,"callback":484,"hasNonce":421,"hasCapCheck":421,"file":329,"line":485},"sn_get_single_test_details","get_single_test_details",236,{"action":487,"nopriv":419,"callback":488,"hasNonce":421,"hasCapCheck":421,"file":329,"line":489},"sn_run_tests","run_tests",237,{"action":491,"nopriv":419,"callback":492,"hasNonce":421,"hasCapCheck":421,"file":329,"line":493},"sn_reset_secret_url","reset_secret_url",238,{"action":495,"nopriv":419,"callback":495,"hasNonce":421,"hasCapCheck":421,"file":329,"line":496},"wf_sn_dismiss_review",240,[],[],[500,501,503,505,507,509,510,512,514],{"hook":205,"callback":205,"file":207,"line":380},{"hook":243,"callback":243,"file":237,"line":502},36,{"hook":249,"callback":249,"file":237,"line":504},74,{"hook":313,"callback":313,"file":300,"line":506},223,{"hook":309,"callback":309,"file":300,"line":508},228,{"hook":309,"callback":309,"file":300,"line":377},{"hook":309,"callback":309,"file":300,"line":511},1197,{"hook":309,"callback":309,"file":300,"line":513},1820,{"hook":309,"callback":309,"file":300,"line":515},2210,22,{"dangerousFunctions":518,"sqlUsage":527,"outputEscaping":561,"fileOperations":777,"externalRequests":516,"nonceChecks":172,"capabilityChecks":172,"bundledLibraries":778},[519,524],{"fn":520,"file":521,"line":522,"context":523},"proc_open","class-wf-sn-tests.php",2659,"$process = @proc_open( 'bash -c \"echo Test\"', $desc, $pipes, null, $env );",{"fn":520,"file":521,"line":525,"context":526},2713,"$process = @proc_open( \"rm -f echo; env 'x=() { (a)=>\\' bash -c \\\"echo date +%Y\\\"; cat echo\", $desc,",{"prepared":246,"raw":528,"locations":529},13,[530,533,536,538,540,542,545,547,550,552,555,557,559],{"file":171,"line":531,"context":532},1441,"$wpdb->get_var() with variable interpolation",{"file":171,"line":534,"context":535},1496,"$wpdb->query() with variable interpolation",{"file":171,"line":537,"context":535},1497,{"file":237,"line":539,"context":532},410,{"file":237,"line":541,"context":532},412,{"file":237,"line":543,"context":544},555,"$wpdb->get_col() with variable interpolation",{"file":237,"line":546,"context":535},1103,{"file":237,"line":548,"context":549},1195,"$wpdb->get_results() with variable interpolation",{"file":237,"line":551,"context":535},2034,{"file":553,"line":554,"context":535},"modules\\events-logger\\sn-el-modules.php",983,{"file":329,"line":556,"context":549},1026,{"file":329,"line":558,"context":549},1080,{"file":329,"line":560,"context":535},1811,{"escaped":562,"rawEcho":563,"locations":564},801,116,[565,568,570,572,574,576,578,580,582,584,586,588,590,592,594,596,598,601,602,604,606,607,609,611,613,615,617,619,621,623,625,627,628,629,631,633,635,637,639,640,642,643,644,646,648,650,652,654,656,658,660,662,664,666,668,669,671,673,675,677,679,681,683,685,687,689,692,694,696,697,698,700,701,702,703,704,706,708,709,711,713,715,717,719,721,723,724,726,727,728,730,732,734,736,738,740,741,743,745,746,748,750,752,754,756,758,759,760,762,764,766,767,769,771,773,775],{"file":162,"line":566,"context":567},310,"raw output",{"file":171,"line":569,"context":567},3228,{"file":171,"line":571,"context":567},3229,{"file":171,"line":573,"context":567},3230,{"file":171,"line":575,"context":567},3231,{"file":171,"line":577,"context":567},3232,{"file":171,"line":579,"context":567},3233,{"file":171,"line":581,"context":567},3234,{"file":171,"line":583,"context":567},3408,{"file":171,"line":585,"context":567},3414,{"file":171,"line":587,"context":567},3416,{"file":171,"line":589,"context":567},3423,{"file":171,"line":591,"context":567},3428,{"file":171,"line":593,"context":567},3430,{"file":171,"line":595,"context":567},3431,{"file":171,"line":597,"context":567},3845,{"file":599,"line":600,"context":567},"modules\\cloud-firewall\\tabs\\login-protection.php",37,{"file":599,"line":232,"context":567},{"file":599,"line":603,"context":567},54,{"file":599,"line":605,"context":567},55,{"file":599,"line":261,"context":567},{"file":599,"line":608,"context":567},131,{"file":599,"line":610,"context":567},133,{"file":599,"line":612,"context":567},158,{"file":599,"line":614,"context":567},160,{"file":599,"line":616,"context":567},162,{"file":599,"line":618,"context":567},178,{"file":599,"line":620,"context":567},179,{"file":599,"line":622,"context":567},194,{"file":599,"line":624,"context":567},195,{"file":599,"line":626,"context":567},211,{"file":599,"line":477,"context":567},{"file":599,"line":357,"context":567},{"file":599,"line":630,"context":567},305,{"file":599,"line":632,"context":567},318,{"file":599,"line":634,"context":567},320,{"file":636,"line":188,"context":567},"modules\\cloud-firewall\\tabs\\settings.php",{"file":636,"line":638,"context":567},41,{"file":636,"line":471,"context":567},{"file":636,"line":641,"context":567},182,{"file":636,"line":481,"context":567},{"file":636,"line":489,"context":567},{"file":636,"line":645,"context":567},246,{"file":636,"line":647,"context":567},247,{"file":207,"line":649,"context":567},1016,{"file":207,"line":651,"context":567},1051,{"file":207,"line":653,"context":567},1058,{"file":207,"line":655,"context":567},1066,{"file":207,"line":657,"context":567},1082,{"file":225,"line":659,"context":567},152,{"file":225,"line":661,"context":567},175,{"file":225,"line":663,"context":567},314,{"file":225,"line":665,"context":567},453,{"file":283,"line":667,"context":567},268,{"file":283,"line":275,"context":567},{"file":283,"line":670,"context":567},275,{"file":283,"line":672,"context":567},276,{"file":283,"line":674,"context":567},277,{"file":283,"line":676,"context":567},278,{"file":283,"line":678,"context":567},332,{"file":283,"line":680,"context":567},335,{"file":283,"line":682,"context":567},339,{"file":283,"line":684,"context":567},340,{"file":283,"line":686,"context":567},341,{"file":283,"line":688,"context":567},342,{"file":690,"line":691,"context":567},"modules\\overview\\class-wf-sn-overview-tab.php",23,{"file":690,"line":693,"context":567},24,{"file":690,"line":695,"context":567},25,{"file":690,"line":175,"context":567},{"file":690,"line":311,"context":567},{"file":690,"line":699,"context":567},35,{"file":690,"line":294,"context":567},{"file":690,"line":605,"context":567},{"file":690,"line":208,"context":567},{"file":690,"line":217,"context":567},{"file":690,"line":705,"context":567},108,{"file":690,"line":707,"context":567},109,{"file":690,"line":563,"context":567},{"file":690,"line":710,"context":567},117,{"file":690,"line":712,"context":567},122,{"file":690,"line":714,"context":567},123,{"file":690,"line":716,"context":567},126,{"file":690,"line":718,"context":567},144,{"file":690,"line":720,"context":567},147,{"file":690,"line":722,"context":567},164,{"file":690,"line":338,"context":567},{"file":690,"line":725,"context":567},213,{"file":690,"line":380,"context":567},{"file":690,"line":390,"context":567},{"file":690,"line":729,"context":567},245,{"file":690,"line":731,"context":567},283,{"file":690,"line":733,"context":567},286,{"file":690,"line":735,"context":567},287,{"file":690,"line":737,"context":567},289,{"file":690,"line":739,"context":567},294,{"file":690,"line":85,"context":567},{"file":690,"line":742,"context":567},311,{"file":690,"line":744,"context":567},316,{"file":690,"line":632,"context":567},{"file":690,"line":747,"context":567},322,{"file":690,"line":749,"context":567},324,{"file":690,"line":751,"context":567},328,{"file":690,"line":753,"context":567},330,{"file":690,"line":755,"context":567},334,{"file":690,"line":757,"context":567},336,{"file":690,"line":684,"context":567},{"file":690,"line":688,"context":567},{"file":690,"line":761,"context":567},346,{"file":690,"line":763,"context":567},348,{"file":690,"line":765,"context":567},352,{"file":690,"line":400,"context":567},{"file":690,"line":768,"context":567},358,{"file":690,"line":770,"context":567},360,{"file":690,"line":772,"context":567},392,{"file":300,"line":774,"context":567},1614,{"file":329,"line":776,"context":567},355,11,[779,782,785],{"name":780,"version":37,"knownCves":781},"Select2",[],{"name":783,"version":37,"knownCves":784},"DataTables",[],{"name":786,"version":787,"knownCves":788},"Freemius","1.0",[],[790,808,820,828,840,857,870,889,901,911],{"entryPoint":791,"graph":792,"unsanitizedCount":28,"severity":807},"\u003Ccloud-firewall> (modules\\cloud-firewall\\cloud-firewall.php:0)",{"nodes":793,"edges":805},[794,799],{"id":795,"type":796,"label":797,"file":171,"line":798},"n0","source","$_POST",1745,{"id":800,"type":801,"label":802,"file":171,"line":803,"wp_function":804},"n1","sink","get_var() [SQLi]",2594,"get_var",[806],{"from":795,"to":800,"sanitized":421},"low",{"entryPoint":809,"graph":810,"unsanitizedCount":28,"severity":807},"get_file_source (modules\\core-scanner\\core-scanner.php:349)",{"nodes":811,"edges":818},[812,814],{"id":795,"type":796,"label":797,"file":207,"line":813},361,{"id":800,"type":801,"label":815,"file":207,"line":816,"wp_function":817},"file_get_contents() [SSRF\u002FLFI]",380,"file_get_contents",[819],{"from":795,"to":800,"sanitized":421},{"entryPoint":821,"graph":822,"unsanitizedCount":28,"severity":807},"\u003Ccore-scanner> (modules\\core-scanner\\core-scanner.php:0)",{"nodes":823,"edges":826},[824,825],{"id":795,"type":796,"label":797,"file":207,"line":813},{"id":800,"type":801,"label":815,"file":207,"line":816,"wp_function":817},[827],{"from":795,"to":800,"sanitized":421},{"entryPoint":829,"graph":830,"unsanitizedCount":28,"severity":807},"ajax_get_events_data (modules\\events-logger\\events-logger.php:378)",{"nodes":831,"edges":838},[832,834],{"id":795,"type":796,"label":797,"file":237,"line":833},391,{"id":800,"type":801,"label":835,"file":237,"line":836,"wp_function":837},"get_results() [SQLi]",438,"get_results",[839],{"from":795,"to":800,"sanitized":421},{"entryPoint":841,"graph":842,"unsanitizedCount":28,"severity":807},"\u003Cevents-logger> (modules\\events-logger\\events-logger.php:0)",{"nodes":843,"edges":854},[844,845,846,849],{"id":795,"type":796,"label":797,"file":237,"line":833},{"id":800,"type":801,"label":835,"file":237,"line":836,"wp_function":837},{"id":847,"type":796,"label":848,"file":237,"line":833},"n2","$_POST (x2)",{"id":850,"type":801,"label":851,"file":237,"line":852,"wp_function":853},"n3","query() [SQLi]",1149,"query",[855,856],{"from":795,"to":800,"sanitized":421},{"from":847,"to":850,"sanitized":421},{"entryPoint":858,"graph":859,"unsanitizedCount":28,"severity":807},"view_file_page (modules\\file-viewer\\class-secnin-file-viewer.php:224)",{"nodes":860,"edges":868},[861,864],{"id":795,"type":796,"label":862,"file":283,"line":863},"$_GET",249,{"id":800,"type":801,"label":865,"file":283,"line":866,"wp_function":867},"call_user_func() [RCE]",251,"call_user_func",[869],{"from":795,"to":800,"sanitized":421},{"entryPoint":871,"graph":872,"unsanitizedCount":28,"severity":807},"\u003Cclass-secnin-file-viewer> (modules\\file-viewer\\class-secnin-file-viewer.php:0)",{"nodes":873,"edges":885},[874,875,876,878,881,883],{"id":795,"type":796,"label":862,"file":283,"line":863},{"id":800,"type":801,"label":865,"file":283,"line":866,"wp_function":867},{"id":847,"type":796,"label":877,"file":283,"line":863},"$_GET (x13)",{"id":850,"type":801,"label":879,"file":283,"line":667,"wp_function":880},"echo() [XSS]","echo",{"id":882,"type":796,"label":862,"file":283,"line":863},"n4",{"id":884,"type":801,"label":815,"file":283,"line":744,"wp_function":817},"n5",[886,887,888],{"from":795,"to":800,"sanitized":421},{"from":847,"to":850,"sanitized":421},{"from":882,"to":884,"sanitized":421},{"entryPoint":890,"graph":891,"unsanitizedCount":28,"severity":807},"get_single_test_details (security-ninja.php:1262)",{"nodes":892,"edges":899},[893,895],{"id":795,"type":796,"label":797,"file":329,"line":894},1272,{"id":800,"type":801,"label":896,"file":329,"line":897,"wp_function":898},"get_row() [SQLi]",1278,"get_row",[900],{"from":795,"to":800,"sanitized":421},{"entryPoint":902,"graph":903,"unsanitizedCount":28,"severity":807},"run_single_test (security-ninja.php:1299)",{"nodes":904,"edges":909},[905,907],{"id":795,"type":796,"label":797,"file":329,"line":906},1314,{"id":800,"type":801,"label":896,"file":329,"line":908,"wp_function":898},1353,[910],{"from":795,"to":800,"sanitized":421},{"entryPoint":912,"graph":913,"unsanitizedCount":28,"severity":807},"\u003Csecurity-ninja> (security-ninja.php:0)",{"nodes":914,"edges":917},[915,916],{"id":795,"type":796,"label":848,"file":329,"line":894},{"id":800,"type":801,"label":896,"file":329,"line":897,"wp_function":898},[918],{"from":795,"to":800,"sanitized":421},{"summary":920,"deductions":921},"The Security Ninja plugin exhibits a mixed security posture. While it demonstrates several good security practices, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could be exploited by unauthenticated users. The use of the `proc_open` function, a potentially dangerous function, warrants careful scrutiny to ensure it is not being used in a way that could lead to code execution vulnerabilities.  The plugin's vulnerability history, while currently showing no unpatched CVEs, does indicate a past medium-severity vulnerability related to Absolute Path Traversal, suggesting that robust path handling and sanitization remain important areas of focus.  Overall, the plugin has strengths in code sanitization but needs to address its unprotected entry points and the responsible use of dangerous functions.",[922,924,926],{"reason":923,"points":183},"Unprotected AJAX handlers",{"reason":925,"points":75},"Use of dangerous function 'proc_open'",{"reason":927,"points":928},"Medium severity vulnerability in history",8,"2026-03-16T17:59:09.663Z",{"wat":931,"direct":971},{"assetPaths":932,"generatorPatterns":960,"scriptPaths":961,"versionParams":962},[933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953,954,955,956,957,958,959],"\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fanimate.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fbootstrap-theme.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fflag-icon.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fjquery.jscrollpane.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fjquery.mCustomScrollbar.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fmaterial-design-iconic-font.min.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fowl.carousel.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fowl.theme.default.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fanimate.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fchart.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fdatatables.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Feditor.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fjquery.easing.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fjquery.jscrollpane.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fjquery.mCustomScrollbar.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fjquery.min.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fowl.carousel.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fmodules\u002Fcloud-firewall\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fmodules\u002Foverview\u002Fassets\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fsecurity-ninja\u002Fmodules\u002Fvulnerabilities\u002Fassets\u002Fjs\u002Fscript.js",[],[956,957,958,959],[963,964,965,966,967,968,969,970],"security-ninja\u002Fstyle.css?ver=","security-ninja\u002Fassets\u002Fcss\u002Fbootstrap.min.css?ver=","security-ninja\u002Fassets\u002Fcss\u002Fstyle.css?ver=","security-ninja\u002Fassets\u002Fjs\u002Fbootstrap.min.js?ver=","security-ninja\u002Fassets\u002Fjs\u002Fscript.js?ver=","security-ninja\u002Fmodules\u002Fcloud-firewall\u002Fassets\u002Fjs\u002Fscript.js?ver=","security-ninja\u002Fmodules\u002Foverview\u002Fassets\u002Fjs\u002Fscript.js?ver=","security-ninja\u002Fmodules\u002Fvulnerabilities\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":972,"htmlComments":984,"htmlAttributes":990,"restEndpoints":995,"jsGlobals":998,"shortcodeOutput":1001},[973,974,975,976,977,978,979,980,981,982,983],"sn-btn","sn-btn-lg","sn-btn-secondary","sn-btn-primary","sn-table","sn-table-striped","sn-table-bordered","sn-wizard-step","sn-wizard-steps","sn-welcome-wrapper","security-ninja-wrapper",[985,986,987,988,989],"\u003C!-- Security Ninja settings-->","\u003C!-- Security Ninja Dashboard Widget -->","\u003C!-- Security Ninja Core Scanner -->","\u003C!-- Security Ninja Cloud Firewall -->","\u003C!-- Security Ninja events -->",[991,992,993,994],"data-wizard-current-step","data-tab","data-action","data-nonce",[996,997],"\u002Fwp-json\u002Fsecurity-ninja\u002Fv1\u002Fscan","\u002Fwp-json\u002Fsecurity-ninja\u002Fv1\u002Fsettings",[999,1000],"security_ninja_ajax_object","sn_vars",[]]