[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFOOoB5vkQ25G_mRTFjF6Blt-6kJ0e1MI3dxqn06Vuog":3,"$f5rwscZjazS5fuB1_Uv8vgdZs8aU1omAcKqTTXRrlUVc":207},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":130,"fingerprints":192},"server-security-scan","Server Security Scan","1.0.1","wputils","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressutils\u002F","\u003Cp>♦ Check your server’s overall security\u003Cbr \u002F>\n♦ Detect unsafe PHP settings\u003Cbr \u002F>\n♦ Detect unsafe PHP functions\u003Cbr \u002F>\n♦ Check for security modules\u003Cbr \u002F>\n♦ Detect unwanted write permissions\u003Cbr \u002F>\n♦ Detect all errors and error levels\u003C\u002Fp>\n\u003Cp>Server Security Scan identifies possible vulnerabilities and loopholes in your sever by inspecting various PHP configurations and settings, checking write permissions of directories, checking for presence of security modules and by detecting the presence of any unsafe PHP functions. Thus it helps to protect your server from various possible web site hacks such as variable injection, code injection and SQL injection etc.\u003C\u002Fp>\n\u003Ch4>Unsafe PHP configuration scan\u003C\u002Fh4>\n\u003Cp>Server Security Scan checks for certain PHP configurations in your server to identify whether they are configured safely so as to safeguard your server from hackers. The scanner suggests possible issues of wrongly configuring these settings as well as the criticality level of misconfiguring these settings.\u003C\u002Fp>\n\u003Ch4>Unsafe PHP function scan\u003C\u002Fh4>\n\u003Cp>Hackers may misuse some of the PHP functions which you do not use in your applications. Often these functions might be enabled by default in most of the servers. The Server Security Scanner detects whether such functions are enabled in your server and suggests the criticality level and issues related to those functions.\u003C\u002Fp>\n\u003Ch4>Directory permission scan\u003C\u002Fh4>\n\u003Cp>It is unsafe to leave your web accessible directories with write permission. The Server Security Scanner detects all writable folder permissions and reports them.\u003C\u002Fp>\n\u003Ch4>Security module scan\u003C\u002Fh4>\n\u003Cp>There are certain PHP extensions which can be used to enhance the security of your PHP installation. The Server Security Scan detects whther such modules are installed on your server and reprts the same.\u003C\u002Fp>\n\u003Cp>The Server Security Scan detects various possiblities of hacking your server and reports them. The items are reported with criticality of each of the detection. You may contact your host to get the issues rectified if you are not familiar with updating server configurations.\u003C\u002Fp>\n\u003Ch4>About\u003C\u002Fh4>\n\u003Cp>Server Security Scan is developed and maintained by \u003Ca href=\"http:\u002F\u002Fwordpressutils.com\u002F\" title=\"wordpressutils.com\" rel=\"nofollow ugc\">wordpressutils\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Ch4>Troubleshooting\u003C\u002Fh4>\n\u003Cp>Please read the FAQ first if you are having problems.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>WordPress 2.8+\nPHP 5+\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Scans wordpress website server security for detecting possible vulnerabilities and hacks.",20,5986,0,"2013-08-23T16:21:00.000Z","3.6.1","2.8","",[19,20,21,22,23],"security","security-check","security-scan","server-scan","server-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-security-scan.1.0.1.zip",85,null,"2026-04-06T09:54:40.288Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"wordpressutils",1,30,84,"2026-04-08T08:49:46.135Z",[36,57,76,96,112],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":31,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"security-ninja-for-mainwp","Security Ninja For MainWP","2.0.18","Lars Koudal","https:\u002F\u002Fprofiles.wordpress.org\u002Flkoudal\u002F","\u003Cp>Security Ninja helps you identify vulnerabilities and harden the security of your WordPress websites. Paired with MainWP, you can now manage and monitor all your connected sites from one central location.\u003C\u002Fp>\n\u003Cp>This MainWP extension brings Security Ninja into your MainWP dashboard so you can manage and monitor all connected sites from one place.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Free version:\u003C\u002Fstrong> Run Security Ninja’s Security Tests and Core Scanner remotely on one or more child sites. View results for all connected sites: vulnerabilities (plugins and themes), Security Tests table, Core Scanner summary, and Malware Scanner summary (last run and count when scans are available on the child site). The Security Ninja column in the MainWP Sites table shows test score and vulnerability count. The extension main page includes an All Events tab (with a Pro upsell message for free users) and a Settings tab.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro version:\u003C\u002Fstrong> Everything in Free, plus: remote Malware Scanner (included when you use “Run all security scans” or dedicated malware scan actions, on Pro child sites); unified events log with filters and search; full malware scan file list on the per-site tab; White Label bulk action to manage child site settings; Update database tables (bulk and per-site); Pro Reports tokens for Security Ninja data. Event logs and full malware details require Security Ninja Pro on child sites.\u003C\u002Fp>\n\u003Cp>Note:\u003Cbr \u002F>\nTo view event logs and scan data, your child sites must have Security Ninja Pro installed. You can still monitor free sites from the MainWP dashboard, but features like event logging only work if those sites also have premium features enabled. The “Update database tables” action requires Security Ninja 5.271 or newer on the child site.\u003C\u002Fp>\n\u003Cp>This extension helps you save time, stay in control, and manage security across all your sites—whether you’re handling a handful or hundreds.\u003C\u002Fp>\n\u003Cp>MainWP is an invaluable tool for those who manage multiple WordPress websites.\u003C\u002Fp>\n\u003Cp>To combine the two, you need to install this extension on your master MainWP website.\u003C\u002Fp>\n\u003Ch3>Links and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002Fmainwp\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=SecNin&utm_content=plugin+repo\" rel=\"nofollow ugc\">Security Ninja for MainWP Extension Page\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpsecurityninja.com\u002Fdocs\u002Fmainwp\u002Fget-started-mainwp\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=SecNin&utm_content=plugin+repo\" rel=\"nofollow ugc\">Get Started with MainWP and Security Ninja\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Install the Security Ninja MainWP extension from within the MainWP dashboard\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to your MainWP dashboard\u003C\u002Fli>\n\u003Cli>Navigate to WP > Plugins\u003C\u002Fli>\n\u003Cli>Search for ‘Security Ninja MainWP’\u003C\u002Fli>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the Security Ninja MainWP extension manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin\u003C\u002Fli>\n\u003Cli>Login to your MainWP dashboard\u003C\u002Fli>\n\u003Cli>Navigate to WP > Plugins\u003C\u002Fli>\n\u003Cli>Click Add New and then Upload Plugin\u003C\u002Fli>\n\u003Cli>Browse to the file, select it and click Install Now\u003C\u002Fli>\n\u003Cli>Click Activate Plugin once prompted.\u003C\u002Fli>\n\u003C\u002Fol>\n","See Security Ninja vulnerabilities and security test results in your MainWP dashboard.",500,18029,100,"2026-03-05T21:47:00.000Z","6.9.4","5.4","7.4",[52,53,19,21,54],"mainwp","malware","vulnerability","https:\u002F\u002Fwpsecurityninja.com\u002Fmainwp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-ninja-for-mainwp.2.0.18.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":46,"downloaded":65,"rating":46,"num_ratings":66,"last_updated":67,"tested_up_to":48,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":74,"download_link":75,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"dessky-security","Dessky Security","1.3","dessky","https:\u002F\u002Fprofiles.wordpress.org\u002Fdessky\u002F","\u003Cp>Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website. Once you enable all major security measures your input is no longer required. Features include upload directory restriction, disabling of plugin\u002Ftheme editor, admin username check and more.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Fdessky.com\u002F\" rel=\"nofollow ugc\">Dessky Team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Dessky Team does not provide support for the Dessky Security on the WordPress.org forums. In order to get support or make a suggestion from a Dessky Team you will have to Join Our Open Community and \u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">Start a Discussion\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">DISCUSS WITH THE DESSKY TEAM\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">JOIN OUR OPEN COMMUNITY\u003C\u002Fa>: The purpose of this open community is to have a collective place where the community can help each other, and we can get some feedback to improve Dessky Security as well. Joining the community is also a great way to connect with like-minded people and share your experience.\u003C\u002Fp>\n\u003Cp>You can also \u003Ca href=\"https:\u002F\u002Fdessky.me\u002F\" rel=\"nofollow ugc\">GET THE PREMIUM SUPPORT\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdessky.org\u002F\" rel=\"nofollow ugc\">User Documentation\u003C\u002Fa>: Although Dessky Security is already easy to set up, we’ve put together tutorials, guides, and some knowledge bases to help you set up and get started with it.\u003C\u002Fp>\n\u003Cp>I have further questions, how do I contact you?\u003C\u002Fp>\n\u003Cp>Please fill up the \u003Ca href=\"https:\u002F\u002Fdessky.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact form\u003C\u002Fa> and we would be more than happy to assist.\u003C\u002Fp>\n\u003Cp>Credits: Dessky Security is based on the ‘Sucuri WordPress Security’ plugin developed by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fddsucurinet\u002F\" rel=\"nofollow ugc\">Daniel Cid\u003C\u002Fa>.\u003C\u002Fp>\n","Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website.",6043,2,"2025-12-03T15:19:00.000Z","3.2",[70,19,71,72,73],"hardening","site-hardening","wordpress-hardening","wordpress-security-check","https:\u002F\u002Fdessky.com\u002Fplugin\u002Fdessky-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdessky-security.1.3.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":46,"downloaded":84,"rating":46,"num_ratings":31,"last_updated":85,"tested_up_to":48,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":94,"download_link":95,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"free-php-version-info","WPLifeCycle – Free PHP Version Info & Website Manager","4.0","Funlus Oy","https:\u002F\u002Fprofiles.wordpress.org\u002Ffunlus\u002F","\u003Cp>WPLifeCycle gives WordPress admins a single dashboard to see \u003Cstrong>exactly\u003C\u002Fstrong> which PHP version a site is running, how long it will stay in active\u002Fsecurity support, and what to fix before anything breaks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>PHP version badge\u003C\u002Fem> with active- and security-support countdowns  \u003C\u002Fli>\n\u003Cli>\u003Cem>Multi-site monitoring\u003C\u002Fem> — push data to your free WPLifeCycle cloud account  \u003C\u002Fli>\n\u003Cli>\u003Cem>SEO audit\u003C\u002Fem> – on-page checks and scoring (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>OWASP-based security scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Performance scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Secure Admin Link\u003C\u002Fem> generator – creates a random, time-boxed \u002Fwp-admin URL (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Hooks scanner & tester\u003C\u002Fem> – lists add_action \u002F add_filter calls, flags conflicts (v 3.1+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Plugins monitor\u003C\u002Fem> – tracks version for every active plugin (v 3.1+)\u003C\u002Fli>\n\u003Cli>\u003Cem>Admin user Log monitor\u003C\u002Fem> – tracks all admin visits (v 3.2+)\u003C\u002Fli>\n\u003Cli>Core, theme, and plugin updater – manage and trigger updates directly via WPLifeCycle (v3.3+)\u003C\u002Fli>\n\u003Cli>Improved API interface – faster and more reliable data sync between your site and WPLifeCycle.com (v3.3+)\u003C\u002Fli>\n\u003Cli>One-Click Auto Updates for WordPress Core, Plugins, and Themes (v 4.0+)\u003C\u002Fli>\n\u003Cli>Dashboard improvements and enhanced access control (v 4.0+)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Built for real-world workflows: minimal setup, async scans that respect server load, and .po\u002F.mo files for quick translation.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Open \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> WPLifeCycle\u003C\u002Fstrong> to view PHP version details and run scans.  \u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Generate Secure Admin Link\u003C\u002Fstrong> to create a one-off login URL.  \u003C\u002Fli>\n\u003Cli>Use the \u003Cstrong>Send to API\u003C\u002Fstrong> toggle if you want this site monitored centrally.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuDcyZEi3-Kg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin shows your current PHP version, its lifecycle security support days, and can send version data to the WPLifeCycle for proactive planning.",2871,"2026-02-23T10:30:00.000Z","5.0","5.5",[89,90,91,92,93],"performance-scanner","php-version","security-scanner","version-management","wplifecycle","http:\u002F\u002Fwww.wplifecycle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-php-version-info.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":46,"downloaded":104,"rating":46,"num_ratings":66,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":110,"download_link":111,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"website-security-check","Website Security Check","1.2.00","John Darrel","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohndarrel\u002F","\u003Cp>\u003Cstrong>Website Security Check\u003C\u002Fstrong> detects if your WordPress website has vulnerabilities and security flaws.  Get a full security report for your website.\u003C\u002Fp>\n\u003Cp>Check your website with our \u003Ca href=\"https:\u002F\u002Fwpplugins.tips\u002Fwordpress-vulnerability-detector\u002F\" rel=\"nofollow ugc\">Free Website Security Check\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Why is Your WordPress CMS Security Check Important​\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>55.9%\u003C\u002Fstrong> of vulnerabilities came from plugins.\u003C\u002Fli>\n\u003Cli>Over \u003Cstrong>90,978 attacks\u003C\u002Fstrong> happening per minute on both big and small WordPress sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>84% of all security vulnerabilities\u003C\u002Fstrong> on the internet are the result of Cross-Site Scripting or XSS attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>Most of the casual bloggers start thinking about site security only after they get into first problems and majority of websites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.\u003C\u002Fp>\n\u003Cp>The majority of hacking attempts are made by bots, and you may be able to prevent hacker bots attacks by hiding your WordPress paths: wp-content, wp-include, plugins, themes, etc.\u003C\u002Fp>\n\u003Cp>Just by changing the main paths, you may be able to protect your website against things like brute-force attacks, SQL-injection, and requests to your PHP files.\u003C\u002Fp>\n\u003Cp>The test includes checking for updated plugins, themes and different files and functions which are known to hold security breaches.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Is WordPress CMS Vulnerable?​\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress is one of the most popular CMS (Content Management System) options on the Internet these days.\u003C\u002Fli>\n\u003Cli>Around 33% of websites are made with WordPress.\u003C\u002Fli>\n\u003Cli>Even if WordPress is known for being a secure CMS, sometimes hackers do find vulnerabilities. Most site owners don’t know that the biggest risk comes from the installed plugins and themes. You obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What happens if wp-login page is visible\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>wp-login page\u003C\u002Fstrong> is certainly one of the most vulnerable pages on your website.\u003C\u002Fli>\n\u003Cli>If this path is visible means that an authentication path is visible and hackers can \u003Cstrong>perform brute force login attempts\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>A successful brute force attack can give hackers access to your admin area. An unsuccessful one can slow down your website or crush your server.\u003C\u002Fli>\n\u003Cli>There are many strategies for dealing with this problem. The simplest one is to \u003Cstrong>hide WordPress login page\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What happens if WordPress XML-RPC is visible\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>XML-RPC is an API that allows anyone to interact with your WordPress website.\u003C\u002Fli>\n\u003Cli>XML-RPC is also a way to manage your site without having to login manually via the wp-login page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Why hackers try to access your WordPress website using xmlrpc.php file?\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instead of 100 login attempts, the hackers could reduce their login attempts to 10 or less and still try 100 or even thousands of passwords to each request.\u003C\u002Fli>\n\u003Cli>XML-RPC service is always at high risk for WordPress websites. For your safety, you should disable this service.\u003C\u002Fli>\n\u003Cli>By disabling xml-rpc you can protect your website from DDoS attacks, brute force attacks, malicious pingback response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>If you like Website Security Check please help us and write us a positive review.\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwebsite-security-check\u002Freviews\u002F#new-post\u003C\u002Fp>\n\u003Cp>Try also our security plugin: \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-my-wp\u002F\" rel=\"ugc\">Hide My Wp Ghost Free\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Website Security Check detects if your WordPress website has vulnerabilities and security flaws. You get a full report with the list of security issue …",5102,"2020-08-27T07:57:00.000Z","5.5.18","4.3","5.6",[19,20,97,73],"http:\u002F\u002Fwebsite-security-check","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-security-check.zip",{"slug":113,"name":114,"version":6,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":46,"num_ratings":31,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":129},"safe-sites","Safe Sites","Hidayat Mahetar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhidayatsafewp\u002F","\u003Cp>Safe Sites provides advanced security features to help keep your WordPress website safe from threats. With real-time monitoring, detailed security insights, and easy-to-use permission management, you can ensure your site is always protected.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Secure your login with TOTP-based 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart File Permission Control\u003C\u002Fstrong> – Easily manage file permissions based on your server type (Windows\u002FLinux).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual File Permissions Map\u003C\u002Fstrong> – See a color-coded structure of your site’s file security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Analyze your domain, URLs, and HTML security headers for vulnerabilities via VirusTotal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Dashboard\u003C\u002Fstrong> – View a complete overview of your site’s security health.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin & Theme Security\u003C\u002Fstrong> – Detect vulnerabilities in plugins and themes and receive alerts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login & User Security\u003C\u002Fstrong> – Monitor login attempts and manage user sessions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Hardening\u003C\u002Fstrong> – Apply recommended security tweaks to your WordPress installation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Signing\u003C\u002Fstrong> – Verify the integrity of your plugin files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Detailed Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>General Security & Server Health:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>SSL Status\u003C\u002Fstrong> – Check if SSL is active for secure connections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Health & Server Info\u003C\u002Fstrong> – Displays PHP version, database version, and server details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Panic Mode\u003C\u002Fstrong> – Quickly lock down your site in case of an emergency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Access & User Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>TOTP Support\u003C\u002Fstrong> – Use Google Authenticator, Authy, or any TOTP app.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable for All Roles\u003C\u002Fstrong> – Require 2FA for specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate backup codes for emergency access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Monitoring\u003C\u002Fstrong> – Track failed login attempts and monitor user activity.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Monitoring & Protection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>File Permissions Management:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Windows Servers\u003C\u002Fstrong> – Show file read\u002Fwrite permissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Linux Servers\u003C\u002Fstrong> – Display numeric file permissions along with current and recommended settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fix Permissions\u003C\u002Fstrong> – Select files and fix incorrect permissions directly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual File Permission Map\u003C\u002Fstrong> – Interactive file structure with security indicators.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardening\u003C\u002Fstrong> – One-click security hardening for common WP vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Signing\u003C\u002Fstrong> – Ensure plugin files haven’t been tampered with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Malware & Security Scanner:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain & URL Analysis\u003C\u002Fstrong> – Scan domain and URLs for malware using VirusTotal API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Header & DNS Scan\u003C\u002Fstrong> – Check security headers and DNS settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Alert System\u003C\u002Fstrong> – Receive alerts for detected threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Management & Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Plugin & Theme Security:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Check for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inactive Plugin Alerts\u003C\u002Fstrong> – Warns about inactive components that pose risks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Dashboard\u003C\u002Fstrong> – A centralized panel for all security settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services Used\u003C\u002Fh3>\n\u003Cp>Safe Sites relies on the following third-party services for security analysis and malware detection. Below is a detailed breakdown of what each service does, what data is sent, and where you can review their policies:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1. VirusTotal API\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to scan domain, URLs, and file hashes for malware detection and security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent & when?\u003C\u002Fstrong>\u003Cbr \u002F>\n– When a user initiates a manual malware or URL scan, the plugin sends the target URL or domain to VirusTotal for analysis.\u003Cbr \u002F>\n– No user private data is sent—only the target URLs\u002Fdomains or hash values of files are transmitted.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.virustotal.com\u002Fterms-of-service\" rel=\"nofollow ugc\">VirusTotal Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.virustotal.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">VirusTotal Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Safe Sites is a WordPress security plugin offering real-time monitoring, file permission control, malware scanning, and plugin & theme security.",574,"2026-03-13T07:52:00.000Z","6.7.5","6.0","8.0",[53,19,91,125,126],"site-protection","wp-security","https:\u002F\u002Fhaliyadwala.com\u002Fsafe-sites","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-sites.1.0.1.zip","2026-03-15T15:16:48.613Z",{"attackSurface":131,"codeSignals":143,"taintFlows":180,"riskAssessment":181,"analyzedAt":191},{"hooks":132,"ajaxHandlers":139,"restRoutes":140,"shortcodes":141,"cronEvents":142,"entryPointCount":13,"unprotectedCount":13},[133],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","wpu_ssc_menu","security.php",31,[],[],[],[],{"dangerousFunctions":144,"sqlUsage":145,"outputEscaping":147,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":179},[],{"prepared":13,"raw":13,"locations":146},[],{"escaped":13,"rawEcho":148,"locations":149},16,[150,154,155,157,159,161,162,164,166,168,169,171,173,175,176,178],{"file":151,"line":152,"context":153},"check.php",102,"raw output",{"file":151,"line":152,"context":153},{"file":151,"line":156,"context":153},119,{"file":151,"line":158,"context":153},121,{"file":151,"line":160,"context":153},130,{"file":151,"line":160,"context":153},{"file":151,"line":163,"context":153},131,{"file":151,"line":165,"context":153},132,{"file":151,"line":167,"context":153},139,{"file":151,"line":167,"context":153},{"file":151,"line":170,"context":153},140,{"file":151,"line":172,"context":153},141,{"file":151,"line":174,"context":153},147,{"file":151,"line":174,"context":153},{"file":151,"line":177,"context":153},151,{"file":151,"line":177,"context":153},[],[],{"summary":182,"deductions":183},"Based on the provided static analysis and vulnerability history, the \"server-security-scan\" v1.0.1 plugin presents a mixed security posture.  On the positive side, the plugin demonstrates a strong awareness of secure coding practices by having zero known CVEs, no unpatched vulnerabilities, and no dangerous functions identified. The complete absence of SQL queries without prepared statements is also a significant strength, mitigating common injection risks.  Furthermore, the lack of file operations, external HTTP requests, and bundled libraries reduces potential attack vectors.",[184,186,189],{"reason":185,"points":148},"All outputs are unescaped",{"reason":187,"points":188},"No nonce checks implemented",5,{"reason":190,"points":188},"No capability checks implemented","2026-03-16T22:48:16.319Z",{"wat":193,"direct":200},{"assetPaths":194,"generatorPatterns":196,"scriptPaths":197,"versionParams":198},[195],"\u002Fwp-content\u002Fplugins\u002Fserver-security-scan\u002Fstyle.css",[],[],[199],"server-security-scan\u002Fstyle.css?ver=",{"cssClasses":201,"htmlComments":202,"htmlAttributes":203,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":206},[],[],[],[],[],[],{"slug":4,"current_version":6,"total_versions":66,"versions":208},[209,216],{"version":6,"download_url":24,"svn_tag_url":210,"released_at":26,"has_diff":211,"diff_files_changed":212,"diff_lines":26,"trac_diff_url":213,"vulnerabilities":214,"is_current":215},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fserver-security-scan\u002Ftags\u002F1.0.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fserver-security-scan%2Ftags%2F1.0.0&new_path=%2Fserver-security-scan%2Ftags%2F1.0.1",[],true,{"version":217,"download_url":218,"svn_tag_url":219,"released_at":26,"has_diff":211,"diff_files_changed":220,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":221,"is_current":211},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-security-scan.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fserver-security-scan\u002Ftags\u002F1.0.0\u002F",[],[]]