[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_DNXVddN2hjqUjL5e9uEt4S24qJOHsE523rt1yK8TY8":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":132,"fingerprints":166},"security-txt","1.0.6","tstokes8040","https:\u002F\u002Fprofiles.wordpress.org\u002Ftstokes8040\u002F","\u003Cp>This plugin creates a security.txt file in the WordPress installation root.\u003C\u002Fp>\n\u003Cp>You can edit\u002Fadd to this file within the WordPress SecurityTXT settings page.\u003C\u002Fp>\n\u003Cp>The purpose of the security.txt file is to allow users to properly disclose security vulnerabilities or bugs to you.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fsecuritytxt.org\u002F\" rel=\"nofollow ugc\">security.txt\u003C\u002Fa> file is currently a draft “standard”. This file is similar to the robots.txt file but for security. Large companies have already started to adopt this standard including Google, Facebook, GitHub, just to name a few.\u003C\u002Fp>\n\u003Cp>We welcome development to make this plugin even better! Create your \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftstokes8040\u002Fsecurity-txt\" rel=\"nofollow ugc\">pull request\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftstokes8040\u002Fsecurity-txt\" rel=\"nofollow ugc\">submit a bug here\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin for serving 'security.txt' in WordPress 6.1.1+.",10,2362,0,"2023-06-15T15:22:00.000Z","6.2.9","5.0","7.0",[18,19,20,21,4],"disclosure","infosec","netsec","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-txt.1.0.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":29,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T21:12:01.067Z",[34,51,70,86,110],{"slug":35,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":29,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":16,"tags":47,"homepage":49,"download_link":50,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"wp-security-txt","1.0.0","securitytext.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecuritytxt\u002F","\u003Cp>The purpose of this project is to create a set-it-and-forget-it plugin that can be installed without much effort to get a WordPress site compliant with the current \u003Ca href=\"https:\u002F\u002Fsecuritytxt.org\u002F\" rel=\"nofollow ugc\">\u003Ccode>security.txt\u003C\u002Fcode>\u003C\u002Fa> spec. It is therefore highly opinionated but built for configuration. It will automatically configure itself but you are encouraged to visit the plugin settings page after activating it.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecuritytxt\" rel=\"nofollow ugc\">\u003Ccode>security.txt\u003C\u002Fcode>\u003C\u002Fa> is a \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Fdraft-foudil-securitytxt-00\" rel=\"nofollow ugc\">draft\u003C\u002Fa> “standard” which allows websites to define security policies. This “standard” sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of \u003Ccode>robots.txt\u003C\u002Fcode>, but for security issues.\u003C\u002Fp>\n\u003Cp>There is a help page built into the plugin if you need help configuring it. For developers, there is \u003Ca href=\"https:\u002F\u002Faustinheap.github.io\u002Fwordpress-security-txt\u002F\" rel=\"nofollow ugc\">documentation for \u003Ccode>wordpress-security-txt\u003C\u002Fcode> online\u003C\u002Fa>, the source of which is in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt\u002Ftree\u002Fmaster\u002Fdocs\" rel=\"nofollow ugc\">\u003Ccode>docs\u002F\u003C\u002Fcode>\u003C\u002Fa> directory. The most logical place to start are the \u003Ca href=\"https:\u002F\u002Faustinheap.github.io\u002Fwordpress-security-txt\u002Fpackages\u002FWordPress.Security.Txt.html\" rel=\"nofollow ugc\">docs for the \u003Ccode>WordPress_Security_Txt\u003C\u002Fcode> class\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The \u003Ccode>security.txt\u003C\u002Fcode> for WordPress plugin includes translations for the following 17 languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Arabic (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-ar_AR.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Bengali (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-bn_BN.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Catalan (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-ca_ES.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Chinese (Simplified) (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-zh_CN.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Chinese (Traditional) (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-zh_TW.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>English (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-en_EN.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>English (AU) (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-en_AU.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>English (US) (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-en_US.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>French (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-fr_FR.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>German (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-de_DE.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Hindi (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-hi_IN.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Italian (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-it_IT.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Portuguese (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-pt_PT.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Portuguese (BR) (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-pt_BR.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Romanian (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-ro_RO.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Russian (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-ru_RU.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Spanish (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\u002Fblob\u002Fmaster\u002Fwordpress-security-txt-es_ES.po\" rel=\"nofollow ugc\">PO file\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you would like to contribute a new languge or you spotted in error in one of the translation files, please feel free to contribute directly to the \u003Ca href=\"https:\u002F\u002Fpoeditor.com\u002Fjoin\u002Fproject\u002FutTvBn327C\" rel=\"nofollow ugc\">public \u003Ccode>wordpress-security-txt\u003C\u002Fcode> POEditor project\u003C\u002Fa>. Once accepted additions\u002Fmodifications are automagically built by POEditor to PO\u002FMO files and published to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt-translations\" rel=\"nofollow ugc\">wordpress-security-txt-translation\u003C\u002Fa> repository.\u003C\u002Fp>\n\u003Cp>The translations repository is included in builds submitted to the WordPress plugin directory. Users with the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fafragen\u002Fgithub-updater\" rel=\"nofollow ugc\">GitHub Updater Plugin\u003C\u002Fa> don’t have to wait for builds to the WordPress plugin directory — they can get updated translations as soon as they’re published to the repository by POEditor.\u003C\u002Fp>\n\u003Ch3>Anonymous Statistics (Opt-in)\u003C\u002Fh3>\n\u003Cp>This plugin has an option — that is \u003Cstrong>disabled\u003C\u002Fstrong> by default and \u003Cem>can only be enabled by explicilty opt-ing in\u003C\u002Fem> on the \u003Ccode>security.txt\u003C\u002Fcode> Settings page — to collect anonymous statistics to help better understand how this plugin is used and how people are implementing their \u003Ccode>security.txt\u003C\u002Fcode> documents. The goal of collecting this data is to aid in research and design of the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Fdraft-foudil-securitytxt-00\" rel=\"nofollow ugc\">specification\u003C\u002Fa>, the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fphp-security-txt\" rel=\"nofollow ugc\">PHP library\u003C\u002Fa>, the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt\" rel=\"nofollow ugc\">plugin\u003C\u002Fa> itself, and to help us create a better experience for all users.\u003C\u002Fp>\n\u003Cp>For example, one function of anonymous statistics is to send your \u003Ccode>security.txt\u003C\u002Fcode> document to our servers. This allows us to track what percent of users are implementing the specification according to the draft RFC, and how it might differ from the explicit definitions submitted to the \u003Ca href=\"https:\u002F\u002Fwww.ietf.org\u002F\" rel=\"nofollow ugc\">Internet Engineering Task Force (IETF)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>We respect your privacy and are happy to clarify on any aspect of the statistics collection and analysis. More importantly, you can \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt\u002Ftree\u002Fmaster\u002Ftrunk\" rel=\"nofollow ugc\">verify this in the code for yourself on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>We do not track \u003Cstrong>any\u003C\u002Fstrong> personally-identifiable information and we are committed to protecting your privacy. With regards to performance, the tracking is implemented in such a way so as to not impact of your WordPress site at all.\u003C\u002Fp>\n\u003Ch3>Badges\u003C\u002Fh3>\n\u003Cp>All the badges!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt\u002Freleases\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpackagist.org\u002Fpackages\u002Faustinheap\u002Fwordpress-security-txt\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Faustinheap\u002Fwordpress-security-txt\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgemnasium.com\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fscrutinizer-ci.com\u002Fg\u002Faustinheap\u002Fwordpress-security-txt\u002F?branch=master\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fstyleci.io\u002Frepos\u002F111479243\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodeclimate.com\u002Fgithub\u002Faustinheap\u002Fwordpress-security-txt\u002Fmaintainability\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodeclimate.com\u002Fgithub\u002Faustinheap\u002Fwordpress-security-txt\u002Ftest_coverage\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Finsight.sensiolabs.com\u002Fprojects\u002F5d9ed5a0-dbd0-45be-a92c-6d827483e742\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","A plugin for serving 'security.txt' in WordPress 4.9+, based on configuration settings.",60,1882,100,"2017-11-22T23:45:00.000Z","4.9.29","4.9",[19,20,48,21,4],"responsible-disclosure","https:\u002F\u002Fgithub.com\u002Faustinheap\u002Fwordpress-security-txt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-security-txt.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":43,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":43,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"security-txt-manager","Security.txt Manager","1.1","handyplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fhandyplugins\u002F","\u003Cp>This powerful yet user-friendly WordPress plugin enables you to create, edit, and manage your “security.txt” file directly from the WordPress dashboard. As one of the most critical files on any site, the “security.txt” file communicates your security policy and contact information to security researchers.\u003C\u002Fp>\n\u003Ch3>What is security.txt?\u003C\u002Fh3>\n\u003Cp>A proposed standard which allows websites to define security policies.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.rfc-editor.org\u002Frfc\u002Frfc9116\" rel=\"nofollow ugc\">Read the RFC\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Can I use this with multisite?\u003C\u002Fh3>\n\u003Cp>Yes! However, if you are using a subfolder installation it will only work for the main site. This is because you can only have one \u003Ccode>security.txt\u003C\u002Fcode> for a given domain or subdomain per the \u003Ca href=\"https:\u002F\u002Fwww.rfc-editor.org\u002Frfc\u002Frfc9116#section-3.1\" rel=\"nofollow ugc\">security.txt spec\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Technical Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Requires PHP 7.2+.\u003C\u002Fli>\n\u003Cli>Requires WordPress 5.7+.\u003C\u002Fli>\n\u003Cli>Rewrites need to be enabled. Without rewrites, WordPress cannot know to supply \u003Ccode>\u002Fsecurity.txt\u003C\u002Fcode> when requested.\u003C\u002Fli>\n\u003Cli>Your site URL must not contain a path (e.g. \u003Ccode>https:\u002F\u002Fexample.com\u002Fsite\u002F\u003C\u002Fcode> or path-based multisite installs). \u003Ca href=\"https:\u002F\u002Fwww.rfc-editor.org\u002Frfc\u002Frfc9116#section-3.1\" rel=\"nofollow ugc\">Learn more on spec\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributing & Bug Report\u003C\u002Fh4>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHandyPlugins\u002Fsecurity-txt-manager\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you like Security.txt Manager, then consider checking out our other projects:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fmagic-login-pro\u002F\" rel=\"friend nofollow ugc\">Magic Login Pro\u003C\u002Fa> – Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Feasy-text-to-speech\u002F\" rel=\"friend nofollow ugc\">Easy Text-to-Speech for WordPress\u003C\u002Fa> – Transform your textual content into high-quality synthesized speech with Amazon Polly.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fhandywriter\u002F\" rel=\"friend nofollow ugc\">Handywriter\u003C\u002Fa> – AI-powered writing assistant that can help you create content for your WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fpaddlepress-pro\u002F\" rel=\"friend nofollow ugc\">PaddlePress PRO\u003C\u002Fa> – Paddle Plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpoweredcache.com\u002F\" rel=\"friend nofollow ugc\">Powered Cache\u003C\u002Fa> – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhandyplugins.co\u002Fwp-accessibility-toolkit\u002F\" rel=\"friend nofollow ugc\">WP Accessibility Toolkit\u003C\u002Fa> – A collection of tools to help you make your WordPress more accessible.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create and manage your security.txt from within WordPress. The easiest way to manage security policy.",500,6294,2,"2025-11-22T10:43:00.000Z","6.9.4","5.7","7.2",[67,48,21,4],"bug-bounty","https:\u002F\u002Fgithub.com\u002FHandyPlugins\u002Fsecurity-txt-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-txt-manager.1.1.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":43,"num_ratings":29,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":22,"tags":83,"homepage":84,"download_link":85,"security_score":43,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"generate-security-txt","Generate Security.txt","1.0.10","verenigingvanregistrars","https:\u002F\u002Fprofiles.wordpress.org\u002Fverenigingvanregistrars\u002F","\u003Cp>Security.txt is an open standard (RFC 9116) that allows ethical hackers and security researchers to contact you when they have found a vulnerability on your website.\u003C\u002Fp>\n\u003Cp>The principle is simple and effective: contact information is put into a txt file and placed in a fixed location in your website’s directory structure (well-known folder). In this way, contact can easily be made.\u003C\u002Fp>\n\u003Cp>This plugin helps you to create and place the security.txt file without any knowledge of the open standard. This makes you easily accessible in case something is wrong with your website.\u003C\u002Fp>\n","With a security.txt file, ethical hackers can easily send you a notification when they have found a vulnerability on your website.",400,3667,"2025-11-04T14:54:00.000Z","6.8.5","6.3",[48,21,4],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgenerate-security-txt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgenerate-security-txt.1.0.10.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":63,"requires_at_least":99,"requires_php":16,"tags":100,"homepage":105,"download_link":106,"security_score":107,"vuln_count":108,"unpatched_count":12,"last_vuln_date":109,"fetched_at":26},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","4.7",[101,102,103,104,21],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":41,"num_ratings":120,"last_updated":121,"tested_up_to":63,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":128,"download_link":129,"security_score":130,"vuln_count":29,"unpatched_count":12,"last_vuln_date":131,"fetched_at":26},"hostinger","Hostinger Tools","3.0.59","Hostinger","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostinger\u002F","\u003Cp>Hostinger Tools is an all-in-one plugin designed to streamline essential tasks for WordPress site administrators. This plugin offers a range of features to help you manage your site’s information, maintenance mode, security, and redirects effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Basic Info\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the current WordPress version with automatic update checks.\u003C\u002Fli>\n\u003Cli>Shows the current PHP version with automatic update checks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Maintenance Mode\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable or disable maintenance mode for your site.\u003C\u002Fli>\n\u003Cli>Provide a URL to bypass maintenance mode for selected users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Security\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable XML-RPC requests to enhance your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable Authorize application page to enhance your site’s security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Redirects\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force all URLs to use HTTPS for secure browsing.\u003C\u002Fli>\n\u003Cli>Force all URLs to use WWW to ensure consistency in site access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>LLMs.txt Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically generate a structured LLMs.txt file in Markdown format.\u003C\u002Fli>\n\u003Cli>Include website title, description, posts, pages, and products (if WooCommerce is active).\u003C\u002Fli>\n\u003Cli>Keep the file updated when content changes or new content is published.\u003C\u002Fli>\n\u003Cli>Help AI-powered tools better understand and interact with your website content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hostinger Tools is the new version of the previous Hostinger plugin, offering an updated and enhanced experience.\u003Cbr \u002F>\nThe Onboarding assistant and the Learning section previously included in this plugin were moved to the separate plugin Hostinger Easy Onboarding.\u003C\u002Fp>\n","Simplified WordPress management. Manage site info, maintenance, security, & redirects.",3000000,16730722,25,"2026-03-03T11:48:00.000Z","5.5","8.1",[111,125,126,21,127],"https","maintenance","tools","https:\u002F\u002Fhostinger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostinger.3.0.59.zip",99,"2024-01-05 00:00:00",{"attackSurface":133,"codeSignals":153,"taintFlows":161,"riskAssessment":162,"analyzedAt":165},{"hooks":134,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":12,"unprotectedCount":12},[135,141,145],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","sdottxt_menu_item","security-txt.php",79,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_init","register_securitytxt_settings",82,{"type":136,"name":146,"callback":147,"file":139,"line":148},"update_option_sdottxt_content","sdottxt_create_update_file",116,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":157,"fileOperations":158,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":160},[],{"prepared":12,"raw":12,"locations":156},[],{"escaped":158,"rawEcho":12,"locations":159},3,[],[],[],{"summary":163,"deductions":164},"The 'security-txt' plugin v1.0.6 exhibits a very strong security posture based on the provided static analysis and vulnerability history. The absence of any identified attack surface points, dangerous functions, or unsanitized taint flows is a significant positive indicator. Furthermore, the exclusive use of prepared statements for SQL queries and proper output escaping demonstrates a commitment to secure coding practices in these critical areas.\n\nThe plugin's history is equally commendable, with no known CVEs, patched or unpatched. This lack of historical vulnerabilities suggests either a very robust development process or a less appealing target for attackers, though the former is more likely given the other positive indicators. The limited file operations and lack of external HTTP requests also contribute to a reduced attack surface.\n\nWhile the plugin's current state appears highly secure, it's worth noting the complete absence of nonces and capability checks. For a plugin with zero entry points and no external interactions, this might not pose an immediate risk. However, as plugins evolve or their intended functionality expands, these could become crucial for maintaining security. Overall, 'security-txt' v1.0.6 demonstrates excellent security practices, with minimal to no immediate security concerns identified in the provided data.",[],"2026-03-17T01:04:41.066Z",{"wat":167,"direct":172},{"assetPaths":168,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[],[],[],[],{"cssClasses":173,"htmlComments":175,"htmlAttributes":179,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":186},[174],"securitytxt_form_func",[176,177,178],"Security TXT is free software: you can redistribute it and\u002For modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 2 of the License, or\nany later version.","Security TXT is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.","You should have received a copy of the GNU General Public License\nalong with Security TXT. If not, see https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.en.html.",[180,181,182,183],"name=\"sdottxt_content\"","name=\"sdottxt_delete_data\"","value=\"Yes\"","value=\"No\"",[],[],[]]