[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f47xw1KXyXC281sbqGw4fSltSTLVe98Kmai2gYBu2m4E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":131,"fingerprints":756},"sf-move-login","SP Move Login","2.6","SecuPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecupress\u002F","\u003Ch4>Move Your Login Page\u003C\u002Fh4>\n\u003Cp>Tired of bots finding your WordPress login page? SP Move Login allows you to change your login URL to protect it from automated attacks and brute force attempts.\u003C\u002Fp>\n\u003Cp>This plugin contains the \u003Cstrong>Move Login\u003C\u002Fstrong> module from \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002F\" rel=\"nofollow ugc\">SecuPress\u003C\u002Fa>, a comprehensive WordPress security plugin. While this plugin focuses solely on moving your login page, the full SecuPress version includes many other security features such as:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why move your login page?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, WordPress login pages are located at \u003Ccode>\u002Fwp-login.php\u003C\u002Fcode> and \u003Ccode>\u002Fwp-admin\u002F\u003C\u002Fcode>, making them easy targets for bots and attackers. SP Move Login allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change your login URL to a custom slug\u003C\u002Fli>\n\u003Cli>Protect your registration page (if enabled)\u003C\u002Fli>\n\u003Cli>Block access to the default login pages\u003C\u002Fli>\n\u003Cli>Display custom error messages or redirect to a custom page when someone tries to access the old login URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple and easy to use\u003C\u002Fli>\n\u003Cli>Change your login URL with just a few clicks\u003C\u002Fli>\n\u003Cli>Works with pretty permalinks\u003C\u002Fli>\n\u003Cli>Compatible with multisite installations (includes Single Sign-On support)\u003C\u002Fli>\n\u003Cli>Custom error messages for blocked access\u003C\u002Fli>\n\u003Cli>Redirect to custom page option\u003C\u002Fli>\n\u003Cli>Lightweight – focused solely on moving your login page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin requires pretty permalinks to be enabled. You can activate them in Settings > Permalinks.\u003C\u002Fp>\n\u003Cp>For more advanced security features, check out the \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002F\" rel=\"nofollow ugc\">full SecuPress version\u003C\u002Fa>.\u003C\u002Fp>\n","Move your WordPress login page to protect it from bots. This plugin contains the Move Login module from SecuPress. Other security modules are availabl &hellip;",7000,147210,86,43,"2025-12-02T15:31:00.000Z","6.9.4","6.7","8.0",[20,21,22,23,24],"login","move-login","security","security-plugin","wordpress-security","https:\u002F\u002Fsecupress.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsf-move-login.2.6.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"secupress",2,47000,97,177,77,"2026-04-04T01:08:10.498Z",[41,59,75,93,114],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":27,"downloaded":49,"rating":28,"num_ratings":28,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"virus-finder","Virus Finder","1.0.36","wphospital.hu","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressvirusremoval\u002F","\u003Cp>Find viruses in your website with wphospital.hu. The plugin analyze all files, and shows the suspicious and virus files.\u003Cbr \u002F>\nAfter you can check it manually, and you can solve the problem!\u003C\u002Fp>\n","Find viruses in your WordPress easily. Virus scan, malware finder.",12182,"2026-01-16T09:17:00.000Z","7.0","2.8","",[55,56,22,23,24],"login-security","secure","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvirus-finder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirus-finder.1.0.36.zip",{"slug":33,"name":60,"version":6,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":16,"requires_at_least":68,"requires_php":51,"tags":69,"homepage":25,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":28,"last_vuln_date":74,"fetched_at":30},"SecuPress with Simple SSL – Simple and Performant Security","\u003Ch4>Test it now!\u003C\u002Fh4>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fsecupress\u002F\" rel=\"nofollow ugc\">test SecuPress Free now\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>YOU MADE IT, WE KEEP IT SAFE!\u003C\u002Fh4>\n\u003Cp>The most advanced WordPress Protection on the market. SecuPress is focused on WordPress attacks and Malwares, not just “usual web protections” like many.\u003C\u002Fp>\n\u003Cp>Protect your WordPress with malware scans ; block bots & suspicious IPs. Get a complete \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002F\" rel=\"nofollow ugc\">WordPress security toolkit\u003C\u002Fa> for free or as a pro plugin. SecuPress is GDPR compliant.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s the difference between free and pro version?\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002F\" rel=\"nofollow ugc\">SecuPress pro\u003C\u002Fa> is the way to go. Our plugin takes care of everything with automated tasks.\u003C\u002Fp>\n\u003Ch4>Here are some of our most popular features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Brute Force Login Protection\u003C\u002Fli>\n\u003Cli>Password Spraying Protection\u003C\u002Fli>\n\u003Cli>Firewall features\u003C\u002Fli>\n\u003Cli>Security alerts (1)\u003C\u002Fli>\n\u003Cli>Malware Scanner (1)\u003C\u002Fli>\n\u003Cli>Block country by geolocation (1)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>We have included some features you won’t find in most WordPress security plugins:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protection of Security Keys\u003C\u002Fli>\n\u003Cli>Block visits from Bad Bots\u003C\u002Fli>\n\u003Cli>Vulnerable Plugins & Themes detection (1)\u003C\u002Fli>\n\u003Cli>Security Reports in PDF format (1)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can check out \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002Ffaq\u002F\" rel=\"nofollow ugc\">Frequently Asked Questions\u003C\u002Fa> or get in touch with our \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002Fsupport\u002F\" rel=\"nofollow ugc\">support\u003C\u002Fa>. Want to know all about SecuPress? You can read our documentation here: \u003Ca href=\"https:\u002F\u002Fdocs.secupress.me\" rel=\"nofollow ugc\">docs.secupress.me\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How will you know it works?\u003C\u002Fstrong>\u003Cbr \u002F>\nWell, we have a dedicated security scanner that will give you a clear security grade and report for your website. This way, you’ll know exactly what to fix.\u003C\u002Fp>\n\u003Ch4>WordPress Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Security Audit\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress is the only plugin with a full scanner able to fix the issues for you. And when it requires a decision from you, it will ask you before proceeding. With this feature, you can check 35 security points in 5 minutes and let us take care of the rest.\u003C\u002Fp>\n\u003Cp>Once done, you get a security grade that gives you a clear idea of what your security level is. You can export this analysis in PDF format to share with others (clients or colleagues) (1).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Users & Login\u003C\u002Fstrong>\u003Cbr \u002F>\nThis feature is the easiest way to make sure your users’ data is protected and to keep their accounts from being compromised. With this feature you can limit the number of bad login attempts, ban non-existing usernames login attempts and set a non-login time slot. SecuPress also makes sure you control the sessions of your users.\u003C\u002Fp>\n\u003Cp>SecuPress also adds a \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002Fblog\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">2FA\u003C\u002Fa> (Two Factor Authentication) because it’s almost a mandatory feature when it comes to WordPress security!\u003C\u002Fp>\n\u003Cp>The plugin also gives you greater user and password control as you can set:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Password lifetimes for your users.\u003C\u002Fli>\n\u003Cli>Enforce strong password use.\u003C\u002Fli>\n\u003Cli>Forbid the use of vague usernames like www or admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tired of bots finding your WordPress login page? Finally, don’t let bots find your login page, just move it with the famous Move Login plugin, now included in SecuPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugins and Themes\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress helps you detect themes and plugins that are vulnerable or that have been tampered with to include malicious code. If you install one of these, your security module will send out an email alert and give you a warning in WordPress.\u003C\u002Fp>\n\u003Cp>SecuPress takes security further by limiting plugin activation, deactivation, installation and removal in your production (live) website. Plugin and theme uploads via .zip files will be on lockdown as well to block off this easy hacking route.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Core\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress reinforces the WordPress Core to keep it safe. The security plugin optimizes what’s under the hood to secure the config file by setting the proper parameters.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sensitive Data\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress secures content in many ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin secures WordPress Endpoints and APIs by blocking bad requests for XML-RPC or REST API.\u003C\u002Fli>\n\u003Cli>It blocks bad bots with its Robots Blackhole feature.\u003C\u002Fli>\n\u003Cli>It provides an anti-hotlink feature to preserve your bandwidth.\u003C\u002Fli>\n\u003Cli>The plugin packs 7 anti-disclose security modules to make sure no precious information is available to hackers in your PHP or WordPress itself.\u003C\u002Fli>\n\u003Cli>Profile and SecuPress settings pages are password protected to keep sensitive information away from prying eyes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SecuPress is one of the most efficient WordPress bouncer you’ll ever see!\u003C\u002Fli>\n\u003Cli>The plugin blocks malicious incoming requests.\u003C\u002Fli>\n\u003Cli>It blocks bad User Agents (no bad crawlers allowed).\u003C\u002Fli>\n\u003Cli>Bad requests methods also get the boot in a single click.\u003C\u002Fli>\n\u003Cli>URLs are kept in check: no bad URL contents.\u003C\u002Fli>\n\u003Cli>SQL injection scanners are kept out as well.\u003C\u002Fli>\n\u003Cli>Brute force attempts are stopped in their tracks.\u003C\u002Fli>\n\u003Cli>GeoIP Blocking by country gives you more control over your traffic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Malware Scan\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress has a unique malware scan developed by our security experts. It hunts down bad files and provides you with an easy step-by-step report that lets you take action. It looks into:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bad files in your FTP.\u003C\u002Fli>\n\u003Cli>Your uploads folder for dangerous files.\u003C\u002Fli>\n\u003Cli>Potential phishing attempts via \u003Ccode>index.php\u003C\u002Fcode> loads.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Backups\u003C\u002Fstrong>\u003Cbr \u002F>\nWe know firsthand how painful it is to pick up the pieces after an attack damages your WordPress. SecuPress preserves your data to help you avoid lost content or settings if your website comes under attack. The plugin backs up your database and files and lets you download them to guarantee you peace of mind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Anti Spam\u003C\u002Fstrong>\u003Cbr \u002F>\nDid you know that 60% of the traffic on the Internet is generated by bots? Most of them happen to be spam bots. We developed our own anti-spam system that works quietly in the background. Just activate it and enjoy a spam free experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Alerts\u003C\u002Fstrong>\u003Cbr \u002F>\nAlerts are an essential tool when your website is under attack. When something important happens on your website, SecuPress will send you an alert via email. We’re working on alerts via SMS, Slack & Twitter as well.\u003C\u002Fp>\n\u003Cp>You also receive a daily report that provides a debrief of the attempted attack and all the activities blocked by SecuPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Security Tasks\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress can run 3 separate scheduled tasks for you. It’s like having a security patrol on your WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Scanner:\u003C\u002Fstrong> SecuPress scans your website to detect any issues. After the scan is complete, you get a report in your inbox outlining any actions you have to take to protect your website.\u003Cbr \u002F>\n\u003Cstrong>Scheduled Backup:\u003C\u002Fstrong> our team knows that everyone at one time or another forgets to back things up. We made it an automatic task to help ensure you always can recover from an attack with your content safe.\u003Cbr \u002F>\n\u003Cstrong>Scheduled Malware Scan:\u003C\u002Fstrong> this security feature scans your website at regular intervals to hunt down any malware that may have gotten into your WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nSecuPress will keep a log of important security activities and 404 pages triggered by users, bots or even Chuck Norris. This lets you keep an eye on what’s going on in your WordPress at any time. You can also control banned IPs from this option.\u003C\u002Fp>\n\u003Cp>\u003Cem>(1) Available in the \u003Ca href=\"https:\u002F\u002Fsecupress.me\u002Ffeatures\u002F\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cem>(SecuPress est une extension de sécurité WordPress française)\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Create a trust score for each non WP file and displays it\u003Cbr \u002F>\nCreate a “suspicious” status for alerts\u003Cbr \u002F>\nRevamp alerts\u003Cbr \u002F>\nRevamp logs\u003Cbr \u002F>\nAdd http logs\u003Cbr \u002F>\nPHP 8.O min\u003Cbr \u002F>\nreplace %s by ###USERNAME### in emails\u003Cbr \u002F>\n.htaccess scanner\u003Cbr \u002F>\nlogin rest disclose scanner\u003Cbr \u002F>\nmove EDD updater+white label into a mu to allow upgrade+rollback even with plugin deactivated\u003Cbr \u002F>\ngive possibility to rename logins\u003Cbr \u002F>\ntarget=”_blank” on doc links\u003Cbr \u002F>\nAI Scanner\u003Cbr \u002F>\nImprove malware scanner, again\u003C\u002Fp>\n","Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.",40000,1194523,82,108,"2026-01-16T10:56:00.000Z","5.4",[70,22,23,24],"malware","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecupress.2.6.zip",94,6,"2025-04-28 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":16,"requires_at_least":52,"requires_php":53,"tags":88,"homepage":91,"download_link":92,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cwis-antivirus-malware-detected","WebDefender Security – Protection & AntiSpam","5.0.2.1","CobWeb Security Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fcwis\u002F","\u003Ch4>A Professional Security Protection Plugin for WP\u003C\u002Fh4>\n\u003Cp>The WebDefender was developed by a team of security experts and it incorporates professional security tools for the best all around WordPress website protection and prevention of threats. Includes GDPR compline module.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Protection \u002F Website Hide Function (Prevent Hacker Attack \u002F Security) \u002F Anti-Spam Protection \u002F Brute Force Bot Attack Prevention \u002F Smart Firewall\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detection \u002F Antivirus Scanner \u002F Database Malware \u002F Adware, Spyware, Spam Links\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Diagnostic \u002F Vulnerabilities Detection \u002F Blacklist Monitoring\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Malware Removal Tool \u002F Security Cleaning Tool\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening \u002F Hosting Hardening Check \u002F Automatic Updating Function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Tools \u002F GDPR Compliance Function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these solution make the WebDefender one of the best all around security protection tools for your WordPress resource.\u003C\u002Fp>\n\u003Ch3>The WebDefender offers the following tools and protection measures\u003C\u002Fh3>\n\u003Ch4>Primary Protection Function\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Website Hide function\u003C\u002Fstrong> that hides your WP site from crawlers spiders and bots.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hides website from bots, hides the core WP website components, plugins and themes.\u003C\u002Fli>\n\u003Cli>Fully automatic encryption of your website components.\u003C\u002Fli>\n\u003Cli>Coding website without use of the .htaccess file.\u003C\u002Fli>\n\u003Cli>One click installation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Protection Functions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Firewall\u003C\u002Fstrong> that detects and blocks bot traffic. This is a perfect and powerful prevention tool.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anti-Bot Protection\u003C\u002Fstrong> – Monitors web traffic, filters out, and blocks bad bot traffic to a website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anti-SPAM Protection\u003C\u002Fstrong> – Automatic detection of all comments insert by bots and their filtration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Bot Attack Prevention\u003C\u002Fstrong> – Bots detection system to prevent attempts to crack a password (login security).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Antivirus Security Scanner\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>A professional \u003Cstrong>Antivirus Scanner\u003C\u002Fstrong> that will scan your website from external threats. Designed to detect adware and malware, backdoors, exploits, phishing code, trojans and viruses, include built-in \u003Cstrong>malware removal tool\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Malware Scanning\u003C\u002Fstrong> – A unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adware, Spyware and SPAM links detection\u003C\u002Fstrong> – Protect you website from attached code attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities Detection\u003C\u002Fstrong> – Plugins and themes security vulnerabilities, SQL, XSS injections, vulnerable and insecure scripts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Monitoring\u003C\u002Fstrong> – Check your website reputation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Updater\u003C\u002Fstrong> – an automatic functional tool for updating your WordPress Core versions, plugins and themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardening\u003C\u002Fstrong> – Detect the hosting configuration security parameter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Malware Removal Tool\u003C\u002Fh4>\n\u003Cp>Built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection.\u003C\u002Fp>\n\u003Ch4>GDPR Compliance Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>GDPR Consent management\u003C\u002Fli>\n\u003Cli>Cookies and data collection privacy management\u003C\u002Fli>\n\u003Cli>User data management\u003C\u002Fli>\n\u003Cli>Privacy information should we provide to user\u003C\u002Fli>\n\u003Cli>Personal data breaches\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25, 2018. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.\u003C\u002Fp>\n\u003Cp>Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.\u003C\u002Fp>\n\u003Cp>This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> Installing this plugin does not guarantee a full compliment with the GDPR. Please contact a GDPR consultant or a law firm to assess the necessary measures.\u003C\u002Fp>\n\u003Ch3>Technical Description\u003C\u002Fh3>\n\u003Ch4>Hide Function – Perfect Security and Protection solution\u003C\u002Fh4>\n\u003Cp>A passive security mechanism for hack protection against crawlers spiders and bots. A fullprof function – one click and your website will become hidden from bots.\u003C\u002Fp>\n\u003Cp>The Hider algorithm encrypts all layers of a website, thus hiding it from hackers by making existing vulnerabilities and other security risks invisible when searched and does not require manual configuration. Our encoding algorithm does not use the .htaccess file therefore there is no disruption to the operation of your website. This function will make your WordPress website totally invisible! A crucial step in improving your website security.\u003C\u002Fp>\n\u003Ch4>Smart Protection\u003C\u002Fh4>\n\u003Cp>A web application firewall filters, monitors, and blocks bad bot traffic to a website. It is deployed in “front” of a website and analyzes traffic – detecting and blocking anything malicious.\u003C\u002Fp>\n\u003Ch4>Anti SPAM\u003C\u002Fh4>\n\u003Cp>WebDefender includes a unique automatic algorithm for diagnosing the text entered on your website (forum, forms, comments and etc,) where made by a human or a bot. Bots won’t be allowed to enter text on your website. This is a unique algorithm, providing a unique solution to our clients.\u003Cbr \u002F>\nThe crisis is a time when almost every site is faced with a flurry of unwanted emails from reverse forms, posts and comments. Robots literally attack corporate e-mails, because of which sometimes valuable applications can be missed. But putting a captcha on the site you risk losing customer loyalty, as poorly readable images annoy 90% of users. Therefore, we offer a solution developed by WEbdefender specialists to protect the site from spam robots .\u003C\u002Fp>\n\u003Ch4>Brute Force Attack Protection\u003C\u002Fh4>\n\u003Cp>Hackers frequently use automatic bot systems to Brute force a website. Our algorithm detects those bots and prevents attempts of a password crack.\u003C\u002Fp>\n\u003Ch4>The “WebDefender” Antivirus Scanner\u003C\u002Fh4>\n\u003Cp>The builtin professional and multi-functional antivirus scanner offers top of the line security features and advanced functions for viruses and vulnerabilities detection. The scanner incorporates a user friendly malware removal tool. The diagnostic is performed by using a known database of virus signatures as well as Cobweb-Security’s Heuristic algorithm that can detected previously unknown virus signatures and zero-day vulnerabilities thus providing enterprise-level security capabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WebDefender Antivirus Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Virus and malware antivirus scanner\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database security scanning (exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ZIP file scanning (exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adware, Spyware and SPAM links detection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful and easy to use malware removal tool\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security hardening analytics and recommendations\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates (Professional or Premium)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scanner scheduler’s settings (Professional or Premium)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Database Malware Scanning\u003C\u002Fh4>\n\u003Cp>An unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.\u003C\u002Fp>\n\u003Ch4>Adware, Spyware and SPAM links detection\u003C\u002Fh4>\n\u003Cp>The WebDefender Scanner successfully detects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SEO & SPAM links\u003C\u002Fli>\n\u003Cli>Doorway pages (SEO)\u003C\u002Fli>\n\u003Cli>iFrame injections\u003C\u002Fli>\n\u003Cli>Black-hat SEO infections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerabilities Detection\u003C\u002Fh4>\n\u003Cp>One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That’s why a well-timed diagnosis and update are vital for hardening the protection of the website.\u003C\u002Fp>\n\u003Cp>Our security scanner is able to find:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugins and themes vulnerabilities\u003C\u002Fli>\n\u003Cli>SQL, XSS malicious injections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Blacklist Monitoring\u003C\u002Fh4>\n\u003Cp>The WebDefenders’ Blacklist Monitoring scanner checks IP addresses and website domains in the 10  most popular security blacklists and safe browsing databases.\u003C\u002Fp>\n\u003Cp>Real-time Blacklists or Blackhole lists – also called DNS-based Blackhole Lists – are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these security blacklists.\u003C\u002Fp>\n\u003Cp>Leading email systems like Gmail, Yahoo and Hotmail also use security blacklists to filter emails by addresses. If your network’s IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.\u003C\u002Fp>\n\u003Cp>WebDefender Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.\u003C\u002Fp>\n\u003Ch4>The Updater – WP Core, plugin and theme automatic update\u003C\u002Fh4>\n\u003Cp>The importance of using the latest updated version of the WP core, plugins and themes is understandable to everyone and not only for the increase in functionality but in no small degree for the security of the website.\u003C\u002Fp>\n\u003Cp>To make it easier to keep track of update releases for WordPress Core, plugins and themes and installing them automatically, CobWeb-Security has introduced the Security Updater to the functionality of the WebDefender plugin.\u003C\u002Fp>\n\u003Cp>The Updater will enable you to keep track of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Core Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Plugin Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Theme Updates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Updater has three separate blocks for managing themes, plugins, and WordPress core settings.\u003C\u002Fp>\n\u003Cp>You can choose to update only individual plugins or themes or you can choose to update all of the installed themes and plugins. The Updater will also mark with different colors the importance of an update ( red to green)\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>This function detects the hosting configuration security parameters.\u003C\u002Fp>\n\u003Ch4>Malware Removal Tool, Powerful & Easy To Use\u003C\u002Fh4>\n\u003Cp>The WebDefender Security Scanner will not only help you find all of the viruses and malicious code on your website but we will also help you remove the malware easily. Our built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection. The cleaning process is fairly simple, but it requires some knowledge in coding.\u003C\u002Fp>\n\u003Ch4>Preparing you website for the General Data Protection Regulation (GDPR)\u003C\u002Fh4>\n\u003Cp>This extension for our security plugin helps the website owner or company Data Protection Officer (DPO), Controller, Data Processor employees to fit the web application with the obligations and rights enacted under the GDPR requirement.\u003C\u002Fp>\n\u003Ch4>Professional Upgrade\u003C\u002Fh4>\n\u003Cp>Enhance the security of your website with our Professional upgrade. The Professional package will provide our clients with these additional features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>FireWall:\n\u003Cul>\n\u003Cli>Real-time firewall rules updates\u003C\u002Fli>\n\u003Cli>Real-time IP Blacklists\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Hide Function:\n\u003Cul>\n\u003Cli>New mask codes for updating the Hide function online\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Scanner:\n\u003Cul>\n\u003Cli>Real-time malware signature updates\u003C\u002Fli>\n\u003Cli>Scanner scheduler settings (Professional or Premium)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Premium Program\u003C\u002Fh4>\n\u003Cp>We also offer a Professional WebDefender key that will give you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Scanner scheduler’s settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Upgrade to Premium support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database malware scan (WebDefender exclusive function)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scanner report export function\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A 100% protection – your website’s security in our hands. Our team will monitor your website online 24\u002F7, in case of a hacker attack or malware injection, we will clean and repair you website.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"http:\u002F\u002Fcobweb-security.com\u002Four-product\u002F\" title=\"Fix and protect your site\" rel=\"nofollow ugc\">click here to sign-up\u003C\u002Fa> for WebDefender Professional or Premium now.\u003C\u002Fp>\n\u003Ch4>Cookies set by the Plugin and WordPress\u003C\u002Fh4>\n\u003Cp>This plugin keeps track of user consent by saving them to the database. We can only do that for logged in users. For visitors, however, we track their concent by creating a cookie and storing their preferences there. The same logic applies for cookies. We set a cookie named \u003Cstrong>gdpr\u003C\u002Fstrong> that stores that information.\u003C\u002Fp>\n\u003Cp>WordPress also stores cookies on log in or commenting on a post. You can learn more about \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FWordPress_Cookies\" rel=\"nofollow ugc\">WordPress cookies here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to several external services provided by Cobweb Security in order to deliver antivirus and malware scanning functionality.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Version Check Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fupdate.cobweb-security.com\u002Freleases\u002Fversion.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to check the latest plugin version and update information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Only the plugin version installed is sent.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Licensing API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fclients.cobweb-security.com\u002Fmodules\u002Fservers\u002Fcwislicensing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Validates the plugin license and ensures legitimate usage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Plugin license key and site domain.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Host Check Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fcheck.cobweb-security.com\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Performs security checks and retrieves signature updates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Site domain and plugin environment info.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CWIS Signature Updates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> https:\u002F\u002Fupdate.cobweb-security.com\u002Freleases\u002Fcwis-signatures.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Retrieves malware signature updates for scanning.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> No personal data is sent; only plugin requests for the latest signatures.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.cobweb-security.com\u002Fprivacy\" rel=\"nofollow ugc\">Cobweb Security Terms & Privacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These services are necessary for the proper operation of the plugin. No sensitive user data is sent without consent, and all external connections are limited to the above services.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fdownload\u002F\" title=\"Download WordPress\" rel=\"ugc\">WordPress\u003C\u002Fa> version \u003Cstrong>2.8\u003C\u002Fstrong> or higher\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsecure.php.net\u002F\" title=\"PHP scripting language\" rel=\"nofollow ugc\">PHP\u003C\u002Fa> version \u003Cstrong>4.1.0\u003C\u002Fstrong> or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Final Notes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>We’re greatly appreciate for any references in the social networks, forums or blogs to our security scanner \u003Ca href=\"https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F\" title=\"CobWeb Security Ltd.\" rel=\"nofollow ugc\">https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you have any suggestions, ideas, or comments, or if you found a bug, write us \u003Ca href=\"mailto:cwis@cobweb-security.com\" title=\"Email us\" rel=\"nofollow ugc\">cwis@cobweb-security.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","PRO Security – Antivirus Scanner, 2-Layer Protection Hide Security, Brute Force Security  & Antispam, Security Website and Security Hardening.",1000,273166,80,18,"2026-01-20T06:00:00.000Z",[89,90,22,23,24],"malware-scanner","protection","https:\u002F\u002Fcobweb-security.com\u002Fpages\u002Ffree-website-antivirus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcwis-antivirus-malware-detected.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":83,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":16,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":34,"unpatched_count":28,"last_vuln_date":113,"fetched_at":30},"sitelock","SiteLock Security – WP Hardening, Login Security & Malware Scans","5.1.0","SiteLock","https:\u002F\u002Fprofiles.wordpress.org\u002Fsitelocksecurity\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>🌟 Completely redesigned in Version 5.0 — now even stronger with 2FA in 5.1 🌟\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The SiteLock WordPress plugin was recently rebuilt with three goals: make it faster, make it clearer and move the heavy work to the cloud. We built a cloudfirst architecture, modernized UI, expanded security controls and stripped out everything that didn’t need to be there. Our latest 5.1 release builds on that foundation with TwoFactor Authentication (2FA) to strengthen login security and give you tighter control over access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The big changes:\u003C\u002Fstrong>\u003Cbr \u002F>\n  – 🔒 Enhanced WordPress-specific hardening and login security controls\u003Cbr \u002F>\n  – ☁️ Cloud-powered scanning architecture for zero performance impact\u003Cbr \u002F>\n  – 🩺 New Site Health interface that shows you what matters in one view\u003Cbr \u002F>\n  – ⚡ Streamlined controls (fewer clicks to get protected)\u003Cbr \u002F>\n  – ✨ Modern codebase built for the WordPress you’re actually using today\u003Cbr \u002F>\n  – 🔢 Two-Factor Authentication (2FA) now available for stronger login protection\u003C\u002Fp>\n\u003Cp>If you used the old plugin: this is a different tool. If you’re new: you’re starting with the cleanest, fastest version of the plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Your website deserves protection that’s simple, fast and built for WordPress. SiteLock WordPress Security focuses on the everyday controls that matter most and helps you establish a secure baseline in minutes — WordPress-specific hardening, login protection with Two-Factor Authentication (2FA) and a clear Site Health dashboard that keeps you in control without slowing your site down. It’s lightweight, action-first protection that complements your host defenses: essential safeguards run inside WordPress while deeper checks happen securely in the SiteLock cloud. Skip heavy on-server scans and alert fatigue — run on-demand checks when you need extra assurance, so you can ship updates with confidence.\u003C\u002Fp>\n\u003Ch4>Security that grows with you\u003C\u002Fh4>\n\u003Cp>Our goal is straightforward: maintain a strong baseline with minimal overhead while giving you clear visibility and room to grow as your needs evolve.\u003Cbr \u002F>\nAnd because security is never static, this plugin keeps pace. Two-Factor Authentication (2FA) is now available to strengthen login security with an extra layer of protection.\u003C\u002Fp>\n\u003Ch4>Commercial plugin\u003C\u002Fh4>\n\u003Cp>This plugin is free but offers additional paid commercial upgrades or support.\u003C\u002Fp>\n\u003Ch3>What’s included\u003C\u002Fh3>\n\u003Ch4>WordPress Hardening: Cut common attack paths in just a few clicks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable directory listing\u003C\u002Fli>\n\u003Cli>Restrict PHP execution in upload folders\u003C\u002Fli>\n\u003Cli>Limit unsafe script types\u003C\u002Fli>\n\u003Cli>Force strong configuration defaults to close risky gaps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>All options are toggle-based and reversible — safe to enable, easy to test and lightweight on performance.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Login Security: Protect what matters most — your access\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>: Add a second layer of verification to protect admin access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force defense\u003C\u002Fstrong>: Blocks repeated failed logins and temporarily locks abusive IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password policy prompts\u003C\u002Fstrong>: Encourage stronger credentials without breaking workflows\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session timeouts\u003C\u002Fstrong>: Automatically end idle sessions to prevent account hijacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity awareness\u003C\u002Fstrong>: View recent logins and admin changes in the \u003Cstrong>Activity Log\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Site Health & Cloud Checks: Clarity without noise\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site Health Dashboard\u003C\u002Fstrong>: Surface key signals in one view — WordPress hardening status, last scan timestamp and actionable indicators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud Checks\u003C\u002Fstrong>: Connect your free SiteLock account to enable recurring off-server checks (Webpage Scan, SSL Verification, Email Reputation and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Now\u003C\u002Fstrong>: Run on-demand checks after updates or changes for instant assurance — no heavy, always-on local scanners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Track what’s happening across your WordPress admin. See admin\u002Flogin events at a glance making it easy to spot anomalies early and keep accountability clear\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose SiteLock WordPress Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight by design\u003C\u002Fstrong>: All high-impact protections, no unnecessary load\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real visibility\u003C\u002Fstrong>: Know your security posture in seconds with Site Health\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud-powered assurance\u003C\u002Fstrong>: Checks run off-server, protecting performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible setup\u003C\u002Fstrong>: Use standalone or connect a SiteLock account for added layers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strong login protection\u003C\u002Fstrong>: Two-Factor Authentication (2FA) alongside brute-force defense and session controls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted heritage\u003C\u002Fstrong>: From the global leader in SMB website security backed by continuous innovation and research\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Aligned to WordPress\u003C\u002Fstrong>: Designed to stay out of your way and keep performance priorities intact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Who It’s For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Small businesses & startups\u003C\u002Fli>\n\u003Cli>Portfolio & personal brand sites\u003C\u002Fli>\n\u003Cli>WooCommerce shops & small e-commerce\u003C\u002Fli>\n\u003Cli>Agencies & website maintenance services\u003C\u002Fli>\n\u003Cli>Freelance developers & web designers\u003C\u002Fli>\n\u003Cli>Bloggers, creators & publishers\u003C\u002Fli>\n\u003Cli>Community & membership sites\u003C\u002Fli>\n\u003Cli>Nonprofits & educational sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>If you manage a WordPress website, SiteLock gives you confidence and control whether you run one site or hundreds.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Can I Fix an Already-Infected Site with This Plugin?\u003C\u002Fh4>\n\u003Cp>The plugin focuses on prevention, posture and visibility — not full malware removal. It isn’t designed to fully clean up sites that were infected before it was active.\u003Cbr \u002F>\nIf your site is already compromised, act quickly, we recommend:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Restoring from a clean backup if available\u003C\u002Fli>\n\u003Cli>Remove malicious files manually or with professional help\u003C\u002Fli>\n\u003Cli>For urgent assistance, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fproducts\u002Ffix-hacked-site\u002F\" rel=\"nofollow ugc\">SiteLock 911 – Emergency Malware Removal\u003C\u002Fa> for rapid cleanup\u003C\u002Fli>\n\u003Cli>For ongoing defense, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">choosing a comprehensive SiteLock plan\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Don’t Know Where To Start? Try This\u003C\u002Fh4>\n\u003Cp>Here are common first moves teams take with SiteLock. Order isn’t enforced — choose what fits your site and workflow:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable WordPress hardening that matches your hosting and theme setup\u003C\u002Fli>\n\u003Cli>Turn on Login Security controls: brute-force lockouts, session timeouts, and password-hygiene prompts\u003C\u002Fli>\n\u003Cli>Connect a free SiteLock account, then use Scan Now to run an on-demand check after plugin\u002Ftheme updates\u003C\u002Fli>\n\u003Cli>Review the Activity Log after major changes to spot unexpected admin\u002Flogin events quickly\u003Cbr \u002F>\nMake one change at a time, validate and roll back any toggle that conflicts with your stack.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Need Help with Setup or Fixes?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F?topics=wordpress-plugin\" rel=\"nofollow ugc\">Help Center – WordPress\u003C\u002Fa> for plugin specific help\u003C\u002Fli>\n\u003Cli>For broader topics explore the \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F\" rel=\"nofollow ugc\">SiteLock Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Protecting our customers and systems is a top priority, and we take security very seriously. If you believe you’ve found a security vulnerability in the SiteLock WordPress plugin, please let us know at vuln-reporting@sitelock.com before sharing any details publicly.\u003C\u002Fp>\n","Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.",48458,68,14,"2026-02-26T21:50:00.000Z","3.8",[55,107,108,109,24],"malware-scan","site-health","vulnerability-scanner","https:\u002F\u002Fwww.sitelock.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsitelock.5.1.0.zip",98,"2026-01-25 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":83,"downloaded":122,"rating":85,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"user-name-security","SX User Name Security","2.4","Daniel Roch","https:\u002F\u002Fprofiles.wordpress.org\u002Fconfridin\u002F","\u003Cp>WordPress show your WordPress login and ID in several places. It’s time to fix this !\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress automaticaly uses “User login” to fill in the “User Display Name”.\u003C\u002Fli>\n\u003Cli>WordPress also allows everyone to use the same value for Nickname, Display Name and Login.\u003C\u002Fli>\n\u003Cli>The body_class function also shows to everyone your User ID and Login on author pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A hacker can easily see then use your “NickName” or “Display Name” to find your real login. Once activated, SX User Name Security will prevent WordPress from showing those informations, and will warn you if you need to fix old users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Features\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Body_class function:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Removes User ID from body_class function (front-end users pages)\u003C\u002Fli>\n\u003Cli>Removes User Nicename from body_class function (front-end users pages)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Current User informations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin changes “Display Name” and “Nickname” to a random value (like ‘Ticibe T. Aduvoguripe’, ‘Lagubo N. Agigerovibe’ or ‘Datela N. Orejadavino’) if they are identiqual to user login\u003C\u002Fli>\n\u003Cli>If not, it changes “Display Name” to “Nickname” or “Nickname” to “Display Name” if one of them is identiqual to user login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>New Registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display Name and Nickname are changed to random value during user registration.\u003C\u002Fli>\n\u003Cli>Nicename is also changed (it’s used to generate the user permalink on the front-end). For previous user, a notice has been added to use another plugin to safely change old nicenames.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Other information:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All functions are translated into french and english.\u003C\u002Fp>\n\u003Cp>You can find me here on \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\" rel=\"nofollow ugc\">SeoMix\u003C\u002Fa>, and here is the official french post about this plugin \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Find here our other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fseo-key\u002F\" rel=\"nofollow ugc\">SEOKEY WordPress SEO plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fsecupress\u002F\" rel=\"nofollow ugc\">SecuPress Security plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di &hellip;",19435,13,"2025-04-24T15:26:00.000Z","6.8.5","4.6","5.2.4",[56,22,23,24],"https:\u002F\u002Fwww.seomix.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-name-security.zip",{"attackSurface":132,"codeSignals":321,"taintFlows":667,"riskAssessment":745,"analyzedAt":755},{"hooks":133,"ajaxHandlers":312,"restRoutes":318,"shortcodes":319,"cronEvents":320,"entryPointCount":156,"unprotectedCount":28},[134,141,146,150,153,158,163,168,172,177,181,186,190,195,198,203,207,212,216,220,222,226,231,235,239,243,247,251,255,259,263,267,270,273,277,281,285,288,293,297,302,305,308],{"type":135,"name":136,"callback":137,"priority":138,"file":139,"line":140},"filter","admin_page_access_denied","movelogin_is_jarvis",9,"free\\admin\\admin.php",8,{"type":142,"name":143,"callback":144,"file":139,"line":145},"action","movelogin.loaded","movelogin_been_first",26,{"type":135,"name":147,"callback":148,"file":139,"line":149},"movelogin.settings.help","__return_empty_string",65,{"type":135,"name":151,"callback":148,"file":139,"line":152},"movelogin.settings.description",66,{"type":135,"name":154,"callback":155,"priority":156,"file":139,"line":157},"pre_http_request","movelogin_filter_remote_url",1,70,{"type":135,"name":159,"callback":160,"priority":161,"file":139,"line":162},"manage_plugins_custom_column","movelogin_add_malware_detection_column_content",10,85,{"type":142,"name":164,"callback":165,"file":166,"line":167},"admin_post_nopriv_movelogin_unlock_admin","movelogin_unlock_admin_ajax_post_cb","free\\admin\\ajax-post-callbacks.php",42,{"type":142,"name":169,"callback":170,"file":166,"line":171},"admin_post_nopriv_movelogin_deactivate_module","movelogin_deactivate_module_admin_post_cb",111,{"type":142,"name":173,"callback":174,"file":175,"line":176},"admin_enqueue_scripts","anonymous","free\\admin\\functions\\admin.php",19,{"type":142,"name":178,"callback":179,"file":175,"line":180},"admin_notices","movelogin_check_default_login_slug_notice",122,{"type":142,"name":182,"callback":183,"file":184,"line":185},"admin_footer","movelogin_pre_check_php_version","free\\admin\\functions\\scan-fix.php",202,{"type":142,"name":187,"callback":188,"file":189,"line":140},"admin_init","movelogin_register_all_settings","free\\admin\\options.php",{"type":142,"name":191,"callback":192,"priority":193,"file":194,"line":140},"doing_dark_mode","movelogin_add_settings_scripts_for_dark_mode",11,"free\\admin\\settings.php",{"type":142,"name":173,"callback":196,"priority":161,"file":194,"line":197},"movelogin_add_settings_scripts",22,{"type":142,"name":199,"callback":200,"file":201,"line":202},"movelogin.first_install","movelogin_install_users_login_module","free\\admin\\upgrader.php",79,{"type":142,"name":182,"callback":204,"file":205,"line":206},"movelogin_pro_enqueue_wplink_dialog","free\\classes\\settings\\class-movelogin-settings.php",619,{"type":135,"name":208,"callback":209,"file":210,"line":211},"wp_login_errors","movelogin_display_relogin_message","free\\functions\\common.php",2408,{"type":142,"name":213,"callback":214,"file":215,"line":73},"wp","movelogin_late_robots_check","free\\functions\\hotfixes.php",{"type":135,"name":217,"callback":218,"file":215,"line":219},"wp_robots","wp_robots_noindex_embeds",17,{"type":135,"name":217,"callback":221,"file":215,"line":86},"wp_robots_noindex_search",{"type":135,"name":223,"callback":224,"priority":161,"file":215,"line":225},"doing_it_wrong_trigger_error","movelogin_remove_fking_warning_from_wp67",21,{"type":135,"name":227,"callback":228,"priority":161,"file":229,"line":230},"site_url","movelogin_move_login_site_url","free\\modules\\users-login\\plugins\\move-login.php",103,{"type":135,"name":232,"callback":233,"priority":161,"file":229,"line":234},"network_site_url","movelogin_move_login_network_site_url",135,{"type":135,"name":236,"callback":237,"priority":156,"file":229,"line":238},"logout_url","movelogin_move_login_logout_url",159,{"type":135,"name":240,"callback":241,"priority":156,"file":229,"line":242},"lostpassword_url","movelogin_move_login_lostpassword_url",175,{"type":135,"name":244,"callback":245,"priority":161,"file":229,"line":246},"wp_redirect","movelogin_move_login_redirect",191,{"type":135,"name":248,"callback":249,"priority":161,"file":229,"line":250},"update_welcome_email","movelogin_move_login_update_welcome_email",235,{"type":142,"name":252,"callback":253,"file":229,"line":254},"login_head","movelogin_hack_global_error",345,{"type":135,"name":256,"callback":257,"priority":156,"file":229,"line":258},"user_request_action_email_content","movelogin_user_request_action_email_content_move_login_url",360,{"type":135,"name":260,"callback":261,"file":229,"line":262},"rewrite_rules_array","movelogin_move_login_remove_rewrite_rules",395,{"type":142,"name":264,"callback":265,"priority":28,"file":229,"line":266},"login_init","movelogin_move_login_maybe_deny_login_page",418,{"type":142,"name":268,"callback":265,"priority":28,"file":229,"line":269},"secure_auth_redirect",419,{"type":142,"name":213,"callback":271,"priority":28,"file":229,"line":272},"movelogin_fallback_slug_redirect",501,{"type":142,"name":274,"callback":275,"priority":156,"file":229,"line":276},"setup_theme","movelogin_set_wp_lang_early",549,{"type":135,"name":278,"callback":279,"file":229,"line":280},"determine_locale","movelogin_set_wp_lang",561,{"type":135,"name":282,"callback":283,"file":229,"line":284},"register_url","movelogin_register_url_redirect",580,{"type":135,"name":208,"callback":286,"file":229,"line":287},"movelogin_register_errors",601,{"type":142,"name":289,"callback":290,"file":291,"line":292},"pre_get_users","filter_fake_users","free\\modules\\users-login\\tools.php",307,{"type":135,"name":294,"callback":295,"priority":28,"file":291,"line":296},"authenticate","movelogin_force_strong_encryption_remove_blind_password",449,{"type":142,"name":298,"callback":299,"priority":28,"file":300,"line":301},"init","movelogin_init_i18n","sf-move-login.php",58,{"type":142,"name":303,"callback":304,"priority":28,"file":300,"line":157},"plugins_loaded","movelogin_init",{"type":142,"name":143,"callback":306,"file":300,"line":307},"movelogin_load_plugins",118,{"type":135,"name":309,"callback":310,"priority":161,"file":300,"line":311},"load_textdomain_mofile","movelogin_load_own_i18n",376,[313],{"action":314,"nopriv":315,"callback":316,"hasNonce":317,"hasCapCheck":315,"file":166,"line":140},"sanitize_move_login_slug",false,"movelogin_sanitize_move_login_slug_ajax_post_cb",true,[],[],[],{"dangerousFunctions":322,"sqlUsage":323,"outputEscaping":346,"fileOperations":176,"externalRequests":664,"nonceChecks":665,"capabilityChecks":73,"bundledLibraries":666},[],{"prepared":219,"raw":140,"locations":324},[325,328,332,336,338,340,342,344],{"file":205,"line":326,"context":327},966,"$wpdb->get_col() with variable interpolation",{"file":329,"line":330,"context":331},"free\\functions\\files.php",1019,"$wpdb->get_var() with variable interpolation",{"file":333,"line":334,"context":335},"free\\functions\\modules.php",859,"$wpdb->get_results() with variable interpolation",{"file":333,"line":337,"context":335},861,{"file":291,"line":339,"context":327},260,{"file":291,"line":341,"context":327},266,{"file":291,"line":343,"context":327},270,{"file":291,"line":345,"context":327},293,{"escaped":347,"rawEcho":348,"locations":349},144,172,[350,353,356,358,360,362,364,366,367,369,371,373,374,376,378,380,382,384,386,388,389,390,392,393,395,397,399,401,403,405,407,409,411,413,415,417,418,420,422,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,502,504,506,507,509,511,513,515,517,519,521,523,524,526,528,530,532,533,534,536,538,540,542,544,546,548,550,551,552,553,555,556,557,559,561,563,565,567,569,571,573,575,576,578,579,580,581,582,584,586,588,589,590,591,592,594,596,598,599,601,602,603,604,605,607,609,610,611,613,615,617,618,620,622,624,626,628,630,632,634,636,638,640,642,644,646,648,650,652,654,656,658,660,662],{"file":139,"line":351,"context":352},117,"raw output",{"file":354,"line":355,"context":352},"free\\admin\\notices.php",53,{"file":354,"line":357,"context":352},56,{"file":194,"line":359,"context":352},259,{"file":194,"line":361,"context":352},263,{"file":194,"line":363,"context":352},276,{"file":194,"line":365,"context":352},300,{"file":194,"line":292,"context":352},{"file":194,"line":368,"context":352},309,{"file":194,"line":370,"context":352},347,{"file":194,"line":372,"context":352},353,{"file":194,"line":372,"context":352},{"file":194,"line":375,"context":352},373,{"file":194,"line":377,"context":352},375,{"file":194,"line":379,"context":352},444,{"file":194,"line":381,"context":352},457,{"file":194,"line":383,"context":352},466,{"file":194,"line":385,"context":352},481,{"file":194,"line":387,"context":352},550,{"file":194,"line":387,"context":352},{"file":194,"line":387,"context":352},{"file":194,"line":391,"context":352},551,{"file":194,"line":391,"context":352},{"file":194,"line":394,"context":352},553,{"file":194,"line":396,"context":352},672,{"file":194,"line":398,"context":352},676,{"file":194,"line":400,"context":352},682,{"file":194,"line":402,"context":352},684,{"file":194,"line":404,"context":352},701,{"file":194,"line":406,"context":352},719,{"file":194,"line":408,"context":352},720,{"file":194,"line":410,"context":352},739,{"file":194,"line":412,"context":352},740,{"file":194,"line":414,"context":352},741,{"file":416,"line":351,"context":352},"free\\classes\\settings\\class-movelogin-settings-global.php",{"file":416,"line":351,"context":352},{"file":416,"line":419,"context":352},132,{"file":416,"line":421,"context":352},133,{"file":423,"line":424,"context":352},"free\\classes\\settings\\class-movelogin-settings-modules.php",238,{"file":423,"line":426,"context":352},242,{"file":423,"line":428,"context":352},252,{"file":423,"line":430,"context":352},278,{"file":423,"line":432,"context":352},279,{"file":423,"line":434,"context":352},283,{"file":423,"line":436,"context":352},287,{"file":423,"line":438,"context":352},314,{"file":423,"line":440,"context":352},349,{"file":423,"line":442,"context":352},400,{"file":423,"line":444,"context":352},402,{"file":423,"line":446,"context":352},403,{"file":423,"line":448,"context":352},417,{"file":423,"line":450,"context":352},433,{"file":423,"line":452,"context":352},469,{"file":423,"line":454,"context":352},480,{"file":423,"line":456,"context":352},491,{"file":423,"line":458,"context":352},513,{"file":423,"line":460,"context":352},514,{"file":423,"line":462,"context":352},516,{"file":423,"line":464,"context":352},534,{"file":423,"line":466,"context":352},535,{"file":423,"line":468,"context":352},537,{"file":423,"line":470,"context":352},539,{"file":423,"line":472,"context":352},552,{"file":423,"line":474,"context":352},569,{"file":423,"line":476,"context":352},573,{"file":423,"line":478,"context":352},581,{"file":423,"line":480,"context":352},584,{"file":423,"line":482,"context":352},610,{"file":423,"line":484,"context":352},611,{"file":423,"line":486,"context":352},613,{"file":423,"line":488,"context":352},631,{"file":423,"line":490,"context":352},632,{"file":423,"line":492,"context":352},634,{"file":423,"line":494,"context":352},636,{"file":423,"line":496,"context":352},649,{"file":423,"line":498,"context":352},664,{"file":423,"line":500,"context":352},668,{"file":423,"line":398,"context":352},{"file":423,"line":503,"context":352},679,{"file":423,"line":505,"context":352},769,{"file":423,"line":505,"context":352},{"file":423,"line":508,"context":352},779,{"file":423,"line":510,"context":352},794,{"file":423,"line":512,"context":352},796,{"file":423,"line":514,"context":352},806,{"file":423,"line":516,"context":352},811,{"file":423,"line":518,"context":352},823,{"file":205,"line":520,"context":352},337,{"file":205,"line":522,"context":352},377,{"file":205,"line":448,"context":352},{"file":205,"line":525,"context":352},600,{"file":205,"line":527,"context":352},603,{"file":205,"line":529,"context":352},627,{"file":205,"line":531,"context":352},630,{"file":205,"line":488,"context":352},{"file":205,"line":490,"context":352},{"file":205,"line":535,"context":352},635,{"file":205,"line":537,"context":352},654,{"file":205,"line":539,"context":352},657,{"file":205,"line":541,"context":352},659,{"file":205,"line":543,"context":352},663,{"file":205,"line":545,"context":352},666,{"file":205,"line":547,"context":352},674,{"file":205,"line":549,"context":352},677,{"file":205,"line":503,"context":352},{"file":205,"line":503,"context":352},{"file":205,"line":503,"context":352},{"file":205,"line":554,"context":352},688,{"file":205,"line":554,"context":352},{"file":205,"line":554,"context":352},{"file":205,"line":558,"context":352},694,{"file":205,"line":560,"context":352},697,{"file":205,"line":562,"context":352},706,{"file":205,"line":564,"context":352},708,{"file":205,"line":566,"context":352},709,{"file":205,"line":568,"context":352},710,{"file":205,"line":570,"context":352},712,{"file":205,"line":572,"context":352},732,{"file":205,"line":574,"context":352},752,{"file":205,"line":574,"context":352},{"file":205,"line":577,"context":352},754,{"file":205,"line":577,"context":352},{"file":205,"line":577,"context":352},{"file":205,"line":577,"context":352},{"file":205,"line":577,"context":352},{"file":205,"line":583,"context":352},755,{"file":205,"line":585,"context":352},784,{"file":205,"line":587,"context":352},786,{"file":205,"line":587,"context":352},{"file":205,"line":587,"context":352},{"file":205,"line":587,"context":352},{"file":205,"line":587,"context":352},{"file":205,"line":593,"context":352},787,{"file":205,"line":595,"context":352},814,{"file":205,"line":597,"context":352},817,{"file":205,"line":597,"context":352},{"file":205,"line":600,"context":352},820,{"file":205,"line":600,"context":352},{"file":205,"line":600,"context":352},{"file":205,"line":600,"context":352},{"file":205,"line":600,"context":352},{"file":205,"line":606,"context":352},822,{"file":205,"line":608,"context":352},838,{"file":205,"line":608,"context":352},{"file":205,"line":608,"context":352},{"file":205,"line":612,"context":352},839,{"file":205,"line":614,"context":352},845,{"file":205,"line":616,"context":352},851,{"file":205,"line":616,"context":352},{"file":205,"line":619,"context":352},857,{"file":205,"line":621,"context":352},862,{"file":205,"line":623,"context":352},918,{"file":205,"line":625,"context":352},955,{"file":205,"line":627,"context":352},994,{"file":205,"line":629,"context":352},1014,{"file":205,"line":631,"context":352},1027,{"file":205,"line":633,"context":352},1028,{"file":205,"line":635,"context":352},1029,{"file":205,"line":637,"context":352},1033,{"file":205,"line":639,"context":352},1097,{"file":205,"line":641,"context":352},1100,{"file":205,"line":643,"context":352},1177,{"file":205,"line":645,"context":352},1187,{"file":205,"line":647,"context":352},1327,{"file":205,"line":649,"context":352},1338,{"file":205,"line":651,"context":352},1339,{"file":205,"line":653,"context":352},1341,{"file":205,"line":655,"context":352},1350,{"file":205,"line":657,"context":352},1372,{"file":205,"line":659,"context":352},1489,{"file":205,"line":661,"context":352},1565,{"file":663,"line":73,"context":352},"free\\modules\\generic-settings.php",5,3,[],[668,686,694,707,717,727,735],{"entryPoint":669,"graph":670,"unsanitizedCount":156,"severity":685},"movelogin_scanit_async (free\\admin\\functions\\scan-fix.php:91)",{"nodes":671,"edges":683},[672,677],{"id":673,"type":674,"label":675,"file":184,"line":676},"n0","source","$_COOKIE",95,{"id":678,"type":679,"label":680,"file":184,"line":681,"wp_function":682},"n1","sink","wp_remote_get() [SSRF]",105,"wp_remote_get",[684],{"from":673,"to":678,"sanitized":315},"medium",{"entryPoint":687,"graph":688,"unsanitizedCount":156,"severity":685},"\u003Cscan-fix> (free\\admin\\functions\\scan-fix.php:0)",{"nodes":689,"edges":692},[690,691],{"id":673,"type":674,"label":675,"file":184,"line":676},{"id":678,"type":679,"label":680,"file":184,"line":681,"wp_function":682},[693],{"from":673,"to":678,"sanitized":315},{"entryPoint":695,"graph":696,"unsanitizedCount":34,"severity":685},"blacklist_ips (free\\classes\\settings\\class-movelogin-settings-modules.php:501)",{"nodes":697,"edges":705},[698,701],{"id":673,"type":674,"label":699,"file":423,"line":700},"$_POST (x2)",521,{"id":678,"type":679,"label":702,"file":423,"line":703,"wp_function":704},"echo() [XSS]",536,"echo",[706],{"from":673,"to":678,"sanitized":315},{"entryPoint":708,"graph":709,"unsanitizedCount":34,"severity":685},"whitelist_ips (free\\classes\\settings\\class-movelogin-settings-modules.php:598)",{"nodes":710,"edges":715},[711,713],{"id":673,"type":674,"label":699,"file":423,"line":712},618,{"id":678,"type":679,"label":702,"file":423,"line":714,"wp_function":704},633,[716],{"from":673,"to":678,"sanitized":315},{"entryPoint":718,"graph":719,"unsanitizedCount":156,"severity":685},"movelogin_wpconfig_success_in_sandbox (free\\functions\\files.php:616)",{"nodes":720,"edges":725},[721,723],{"id":673,"type":674,"label":675,"file":329,"line":722},656,{"id":678,"type":679,"label":680,"file":329,"line":724,"wp_function":682},667,[726],{"from":673,"to":678,"sanitized":315},{"entryPoint":728,"graph":729,"unsanitizedCount":156,"severity":685},"\u003Cfiles> (free\\functions\\files.php:0)",{"nodes":730,"edges":733},[731,732],{"id":673,"type":674,"label":675,"file":329,"line":722},{"id":678,"type":679,"label":680,"file":329,"line":724,"wp_function":682},[734],{"from":673,"to":678,"sanitized":315},{"entryPoint":736,"graph":737,"unsanitizedCount":28,"severity":744},"\u003Cclass-movelogin-settings-modules> (free\\classes\\settings\\class-movelogin-settings-modules.php:0)",{"nodes":738,"edges":742},[739,741],{"id":673,"type":674,"label":740,"file":423,"line":700},"$_POST (x4)",{"id":678,"type":679,"label":702,"file":423,"line":703,"wp_function":704},[743],{"from":673,"to":678,"sanitized":317},"low",{"summary":746,"deductions":747},"The sf-move-login plugin v2.6 presents a generally positive security posture based on the provided static analysis.  The plugin has a minimal attack surface, with only one AJAX handler, and importantly, this handler appears to be protected.  The absence of known vulnerabilities in its history is a significant strength, suggesting a history of responsible development and patching.  Furthermore, the presence of capability checks and a reasonable number of nonce checks on its entry points are good security practices.\n\nHowever, there are areas of concern that warrant attention.  The output escaping is a notable weakness, with less than half of all outputs being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. Additionally, the taint analysis revealed six flows with unsanitized paths. While no critical or high severity issues were flagged in the taint analysis, unsanitized paths are a precursor to potential vulnerabilities, especially when combined with the output escaping issue.  The SQL query practice, while generally using prepared statements, still has a significant portion that doesn't, which could pose a risk if these queries are exposed to user input.\n\nIn conclusion, while sf-move-login v2.6 benefits from a small attack surface and a clean vulnerability history, the significant percentage of unescaped output and the presence of unsanitized paths in the taint analysis indicate potential risks.  Addressing these specific code-level concerns will be crucial for further strengthening its security.",[748,751,753],{"reason":749,"points":750},"Unsanitized paths in taint analysis",12,{"reason":752,"points":140},"Low percentage of properly escaped output",{"reason":754,"points":664},"SQL queries not using prepared statements","2026-03-16T18:00:34.935Z",{"wat":757,"direct":774},{"assetPaths":758,"generatorPatterns":765,"scriptPaths":766,"versionParams":767},[759,760,761,762,763,764],"\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Ffree\u002Ffront\u002Fcss\u002Fmove-login.css","\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Ffree\u002Ffront\u002Fjs\u002Fmove-login.js","\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Fassets\u002Fadmin\u002Fcss\u002Fadmin-bar.css","\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Fassets\u002Fadmin\u002Fcss\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Fassets\u002Fadmin\u002Fjs\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Fsf-move-login\u002Fassets\u002Fadmin\u002Fjs\u002Fmove-login.js",[],[760,763,764],[768,769,770,771,772,773],"sf-move-login\u002Ffree\u002Ffront\u002Fcss\u002Fmove-login.css?ver=","sf-move-login\u002Ffree\u002Ffront\u002Fjs\u002Fmove-login.js?ver=","sf-move-login\u002Fassets\u002Fadmin\u002Fcss\u002Fadmin-bar.css?ver=","sf-move-login\u002Fassets\u002Fadmin\u002Fcss\u002Fsettings.css?ver=","sf-move-login\u002Fassets\u002Fadmin\u002Fjs\u002Fsettings.js?ver=","sf-move-login\u002Fassets\u002Fadmin\u002Fjs\u002Fmove-login.js?ver=",{"cssClasses":775,"htmlComments":778,"htmlAttributes":779,"restEndpoints":781,"jsGlobals":782,"shortcodeOutput":784},[776,777],"movelogin-settings","move-login-content",[],[780],"data-movelogin-activation",[],[783],"movelogin_vars",[]]