[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqu17gd_AfeQEXL13ZeIKuhZo9VtK5paJyTPLPqM6zuo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":147,"fingerprints":216},"shift8-ip-intel","Shift8 IP Intel","1.06","shift8","https:\u002F\u002Fprofiles.wordpress.org\u002Fshift8\u002F","\u003Cp>Plugin that establishes an IP Address reputation score from \u003Ca href=\"https:\u002F\u002Fgetipintel.net\" rel=\"nofollow ugc\">getipintel.net\u003C\u002Fa>. IP Reputation data is encrypted using OpenSSL and stored in a _SESSION variable. You can read more about how the GetIPIntel service works by reading the \u003Ca href=\"http:\u002F\u002Fgetipintel.net\u002F#API\" rel=\"nofollow ugc\">API Documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Want to see the plugin in action?\u003C\u002Fh3>\n\u003Cp>You can view two example sites where this plugin is live :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Example Site 1 : \u003Ca href=\"https:\u002F\u002Fwww.stackstar.com\" title=\"Wordpress Hosting\" rel=\"nofollow ugc\">WordPress Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Example Site 2 : \u003Ca href=\"https:\u002F\u002Fwww.shift8web.ca\" title=\"Web Design in Toronto\" rel=\"nofollow ugc\">Web Design in Toronto\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Encrypted cookie session containing the IP Intel reputation score from https:\u002F\u002Fgetipintel.net\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Flexible yet simple defined rules for actions to be taken based on score thresholds\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin that establishes an IP Address reputation score from getipintel.net. IP Reputation data is encrypted using OpenSSL and stored in a _SESSION var &hellip;",0,1261,100,1,"2019-07-17T16:22:00.000Z","5.2.24","3.0.1","",[20,21,22,23,24],"getipintel","ip-address","proxy","reputation","security","https:\u002F\u002Fgithub.com\u002Fstardothosting\u002Fshift8-ipintel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshift8-ip-intel.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},11,980,93,30,89,"2026-04-03T19:20:03.961Z",[39,64,87,106,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":34,"vuln_count":62,"unpatched_count":11,"last_vuln_date":63,"fetched_at":29},"ip2location-country-blocker","IP2Location Country Blocker","2.41.2","IP2Location","https:\u002F\u002Fprofiles.wordpress.org\u002Fip2location\u002F","\u003Cp>\u003Cem>This plugin will NOT work if any cache plugin is enabled.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin enables user to block unwanted traffic from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers. It helps to reduce spam and unwanted sign ups easily by preventing unwanted visitors from browsing a particular page or entire website.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow you to block the access from multiple countries.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by country grouping, such as EU, APAC, and so on.\u003C\u002Fli>\n\u003Cli>Allow you to block the access from anonymous proxies.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by IP ranges.\u003C\u002Fli>\n\u003Cli>Allow you to whitelist the crawler, for example, Google, Bing, Yandex, and so on, to index your pages (SEO friendly).\u003C\u002Fli>\n\u003Cli>Supports IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>Default to 403 error (Permission Denied) display\u003C\u002Fli>\n\u003Cli>Allow you to customize your own 403 page.\u003C\u002Fli>\n\u003Cli>Send you an email notification if some one is trying to access your admin area.\u003C\u002Fli>\n\u003Cli>Provide you statistical report of traffics blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin supports both IP2Location BIN data and web service for IP geolocation lookup. If you would like to use the IP2Location geolocation BIN data, you can easily download and update the BIN data via the plugin settings page. Alternatively, you can also download and update the BIN data file manually using the below links:\u003C\u002Fp>\n\u003Cp>IP Geolocation file download:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" title=\"IP2Location LITE database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy LITE database (Free)\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fip2location.com\" title=\"IP2Location commercial database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy Commercial database (Comprehensive)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To use the IP2Location IP geolocation web service (REST API) for geolocation, you’ll need to register an account at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.io\" title=\"IP2Location.io IP Geolocation API\" rel=\"nofollow ugc\">IP2Location.io IP Geolocation API\u003C\u002Fa>. A free plan is available.\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Please visit us at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"https:\u002F\u002Fwww.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.ip2location.com\u003C\u002Fa>\u003C\u002Fp>\n","Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.",30000,1626215,84,124,"2025-12-03T07:19:00.000Z","6.9.4","4.6","7.4",[56,57,21,58,59],"block-country","block-proxy","ip2location","redirection","https:\u002F\u002Fip2location.com\u002Fresources\u002Fwordpress-ip2location-country-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip2location-country-blocker.2.41.2.zip",9,"2025-02-21 19:56:54",{"slug":65,"name":66,"version":67,"author":66,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":52,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":83,"download_link":84,"security_score":85,"vuln_count":14,"unpatched_count":11,"last_vuln_date":86,"fetched_at":29},"proxy-vpn-blocker","Proxy & VPN Blocker","3.5.8","https:\u002F\u002Fprofiles.wordpress.org\u002Frickstermuk\u002F","\u003Ch4>Block VPNs, Proxies, Tor & Spam – Strengthen Your WordPress Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Proxy & VPN Blocker\u003C\u002Fstrong> is a complete \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> designed to protect your site from anonymous and abusive traffic.\u003Cbr \u002F>\nIt functions as a powerful \u003Cstrong>VPN blocker\u003C\u002Fstrong>, \u003Cstrong>proxy blocker\u003C\u002Fstrong>, and \u003Cstrong>Tor blocker\u003C\u002Fstrong>, preventing unwanted visitors, spam bots, and fake users from accessing your site.\u003C\u002Fp>\n\u003Cp>Using the trusted \u003Ca href=\"https:\u002F\u002Fproxycheck.io\" rel=\"nofollow ugc\">proxycheck.io\u003C\u002Fa> API, it detects connections from VPNs, open proxies, Tor nodes, and compromised servers — giving you real-time protection without slowing down your site.\u003C\u002Fp>\n\u003Cp>Perfect for login, registration, comments, or any page you want to secure, Proxy & VPN Blocker also includes smart \u003Cstrong>spam protection\u003C\u002Fstrong>, geoblocking, and IP logging to help you stay in control of who can access your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re running a blog, store, or membership site, this plugin helps keep out fake users, block risky regions, and stop automated spam attempts before they start.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful WordPress security plugin – blocks VPNs, proxies, Tor, Mysterium nodes, and compromised servers in real time  \u003C\u002Fli>\n\u003Cli>Country blocking & geoblocking – allow or deny traffic by country or region with flexible IP-based controls  \u003C\u002Fli>\n\u003Cli>Supports IP ranges, CIDRs, specific IPs, and ASNs for precise network-level blocking  \u003C\u002Fli>\n\u003Cli>Optionally use proxycheck.io’s Risk Score for smarter VPN and proxy detection decisions  \u003C\u002Fli>\n\u003Cli>Built-in API Key Statistics with live usage graphs and daily query totals  \u003C\u002Fli>\n\u003Cli>Visitor Action Log – view blocked IPs, detection reason, and plugin response directly in your dashboard  \u003C\u002Fli>\n\u003Cli>Caches known good IPs to reduce API usage and improve performance  \u003C\u002Fli>\n\u003Cli>Works seamlessly with both IPv4 and IPv6 addresses  \u003C\u002Fli>\n\u003Cli>Compatible with Cloudflare and other CDN headers for accurate IP detection  \u003C\u002Fli>\n\u003Cli>Block access to Login, Registration, Admin, Comments, or any page\u002Fpost easily  \u003C\u002Fli>\n\u003Cli>Customize the “Access Denied” message or redirect visitors to a specific page  \u003C\u002Fli>\n\u003Cli>Log registration and recent login IPs in the Users list and profile – linked to proxycheck.io’s Threats page  \u003C\u002Fli>\n\u003Cli>Manage proxycheck.io Whitelist and Blacklist directly from WordPress  \u003C\u002Fli>\n\u003Cli>Simple integration via WordPress Editor and Toolbar for page-level protection  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built to complement other security plugins  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And much more available in \u003Ca href=\"https:\u002F\u002Fproxyvpnblocker.com\u002Fpremium\" rel=\"nofollow ugc\">Proxy & VPN Blocker Premium\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>The proxycheck.io API\u003C\u002Fh4>\n\u003Cp>This Plugin can be used without a proxycheck.io API key, but it will be limited to 100 daily queries to the API. To enhance the capabilities, you can obtain a free API key from proxycheck.io, which allows for 1,000 free daily queries, making it suitable for small WordPress sites.\u003C\u002Fp>\n\u003Cp>Here’s an overview of the free and paid API options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Without an API key (100 queries\u002Fday)\u003C\u002Fli>\n\u003Cli>With a free API key (1,000 queries\u002Fday – ideal for small sites)\u003C\u002Fli>\n\u003Cli>With a paid API key (10,000 to over 10 million queries\u002Fday)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your API key can be used across all of your sites and apps, you only need a proxycheck.io plan that fits your overall needs.\u003C\u002Fp>\n\u003Ch4>User IP Logging Feature\u003C\u002Fh4>\n\u003Cp>Proxy & VPN Blocker allows for local logging of user registration IP addresses. The IP addresses are displayed next to each user in the Users list and on their profile pages, visible to administrators. The Plugin also logs the most recent login IP address for each user, which is also displayed in the User’s list and profile page, with the IP address linked to the proxycheck.io Threats page.\u003C\u002Fp>\n\u003Ch4>Caching Plugin Notice\u003C\u002Fh4>\n\u003Cp>If you’re using caching plugins (like WP Rocket or WP Super Cache), IP-based page blocking might not function correctly due to static caching. A DONOTCACHEPAGE option is available to help mitigate this issue.\u003C\u002Fp>\n\u003Ch4>Privacy & GDPR Compliance\u003C\u002Fh4>\n\u003Cp>To check IP addresses, the plugin sends them to the proxycheck.io API. No personally identifiable information (PII) beyond the IP is transmitted. For details, refer to proxycheck.io’s \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fprivacy\" rel=\"nofollow ugc\">privacy notice\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fgdpr\" rel=\"nofollow ugc\">GDPR Compliance\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This Plugin is \u003Cem>not developed by proxycheck.io\u003C\u002Fem> despite being recommended by them.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For plugin-related support, please use the WordPress.org support forum.\u003C\u002Fli>\n\u003Cli>For API or account questions, contact proxycheck.io directly.\u003C\u002Fli>\n\u003Cli>The proxycheck.io logo is used with express permission.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.",1000,127298,74,32,"2026-03-05T20:02:00.000Z","4.9","7.2",[79,24,80,81,82],"proxy-blocker","spam-protection","tor-blocker","vpn-blocker","https:\u002F\u002Fproxyvpnblocker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-vpn-blocker.3.5.8.zip",99,"2026-01-09 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":11,"num_ratings":11,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"proxy-ip-addresses-for-cloudfront-with-wordfence","Proxy IP Addresses for Cloudfront with Wordfence","1.1","emfluence interactive marketing","https:\u002F\u002Fprofiles.wordpress.org\u002Femfluencekc\u002F","\u003Cp>If you have Cloudfront in front of WordPress and are using Wordfence, this plugin is for you.\u003C\u002Fp>\n\u003Cp>If you don’t provide Cloudfront’s IP addresses to Wordfence, any bad behavior out there can get Cloudfront itself blocked by Wordfence – and then no one will be able to access your site.\u003C\u002Fp>\n\u003Cp>This plugin downloads Cloudfront’s IP address list directly from Amazon Web Services (AWS). Then it adds and automatically updates the proxy IP addresses for Cloudfront in Wordfence, so that Wordfence can correctly identify the end user’s IP address.\u003C\u002Fp>\n\u003Cp>AWS updates its list of IP addresses every now and then. Don’t manually add IP addresses, and then try to keep track of Cloudfront IP address changes. Just install this plugin and stop worrying!\u003C\u002Fp>\n\u003Cp>Want to change how this plugin works, or add to it? Fork it on GitHub!\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Femfluencekc\u002FWordfence-Cloudfront-IPs\u003C\u002Fp>\n\u003Cp>Documentation, privacy, terms of use, and the list of IP addresses that are used by this plugin can be found here:\u003Cbr \u002F>\nhttps:\u002F\u002Fdocs.aws.amazon.com\u002FAmazonCloudFront\u002Flatest\u002FDeveloperGuide\u002FLocationsOfEdgeServers.html\u003C\u002Fp>\n","Automatically update Wordfence's list of proxy IP addresses with Cloudfront IP addresses",20,7567,"2024-03-19T21:40:00.000Z","6.4.8","5.0","5.6",[102,22,24,103],"cloudfront","wordfence","https:\u002F\u002Fgithub.com\u002Femfluencekc\u002FWordfence-Cloudfront-IPs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-ip-addresses-for-cloudfront-with-wordfence.1.1.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":11,"num_ratings":11,"last_updated":115,"tested_up_to":52,"requires_at_least":116,"requires_php":54,"tags":117,"homepage":122,"download_link":123,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29},"ipintel-ai-firewall","IPIntel AI Firewall","0.4.0","ipintelai","https:\u002F\u002Fprofiles.wordpress.org\u002Fipintelai\u002F","\u003Cp>IPIntel AI Firewall (WAF) integrates AI-powered IP reputation analysis into WordPress\u003Cbr \u002F>\nto help site owners detect and mitigate automated abuse, scanners, and malicious traffic.\u003C\u002Fp>\n\u003Cp>Incoming requests are evaluated using external reputation signals and risk scoring.\u003Cbr \u002F>\nBased on the assessed risk level, traffic may be allowed, challenged for human verification,\u003Cbr \u002F>\nor blocked automatically.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be easy to use and does not require custom code or\u003Cbr \u002F>\ninfrastructure management.\u003C\u002Fp>\n\u003Cp>Project website:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AI-powered IP reputation and risk scoring\u003C\u002Fli>\n\u003Cli>Automatic allow, challenge, or block decisions\u003C\u002Fli>\n\u003Cli>Human verification challenge for suspicious traffic\u003C\u002Fli>\n\u003Cli>Compatible with aggressive caching environments (one-time manual configuration required)\u003C\u002Fli>\n\u003Cli>Optional visual security badge\u003C\u002Fli>\n\u003Cli>Simple configuration for non-technical users\u003C\u002Fli>\n\u003Cli>Free API key available with daily request limits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>This plugin connects to the IPIntel.ai API to analyze visitor IP addresses\u003Cbr \u002F>\nfor security and threat detection purposes.\u003C\u002Fp>\n\u003Cp>Data transmitted to the external service:\u003Cbr \u002F>\n– Visitor IP address\u003Cbr \u002F>\n– API key (used solely for request authentication)\u003C\u002Fp>\n\u003Cp>No WordPress user account data, cookies, or User-Agent information are transmitted.\u003C\u002Fp>\n\u003Cp>The external service is used exclusively to determine whether a request\u003Cbr \u002F>\nshould be allowed, challenged, or blocked.\u003C\u002Fp>\n\u003Cp>A free API key is available with a daily request limit.\u003C\u002Fp>\n\u003Cp>Get API key:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fdashboard\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fdashboard\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Higher request limits require an upgrade.\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fterms\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fipintel.ai\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fipintel.ai\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Page Cache Compatibility\u003C\u002Fh3>\n\u003Cp>IPIntel AI Firewall relies on per-visitor verification.\u003C\u002Fp>\n\u003Cp>When full-page caching is enabled, the cache must vary by the\u003Cbr \u002F>\nverification cookie in order for challenges to work correctly.\u003C\u002Fp>\n\u003Cp>For LiteSpeed Cache:\u003Cbr \u002F>\n– Go to LiteSpeed Cache \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cache \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Vary\u003Cbr \u002F>\n– Add the following cookie:\u003Cbr \u002F>\n  ipintel_human_ok\u003Cbr \u002F>\n– Save changes and purge the cache\u003C\u002Fp>\n\u003Cp>This is a one-time configuration step.\u003C\u002Fp>\n\u003Cp>Without cache variation, it is technically impossible for any WordPress\u003Cbr \u002F>\nplugin to reliably challenge unverified visitors.\u003C\u002Fp>\n\u003Ch3>Optional Footer Badge\u003C\u002Fh3>\n\u003Cp>The plugin includes an optional footer badge that can be enabled\u003Cbr \u002F>\nfrom the settings page.\u003C\u002Fp>\n\u003Cp>When enabled, the badge displays a small visual indicator showing\u003Cbr \u002F>\nthat the site is protected by IPIntel.ai.\u003C\u002Fp>\n\u003Cp>The badge does not collect data, perform tracking,\u003Cbr \u002F>\nor load external resources.\u003C\u002Fp>\n\u003Cp>The footer badge is disabled by default and can be turned on or off at any time.\u003C\u002Fp>\n","IP reputation firewall (WAF) for WordPress using AI-powered threat analysis and automatic request verification.",88,"2026-01-06T22:19:00.000Z","6.0",[118,119,120,24,121],"bot-protection","firewall","ip-reputation","waf","https:\u002F\u002Fipintel.ai\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipintel-ai-firewall.0.4.0.zip",{"slug":103,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":52,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":142,"download_link":143,"security_score":144,"vuln_count":145,"unpatched_count":11,"last_vuln_date":146,"fetched_at":29},"Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","4.7","7.0",[139,119,140,141,24],"2fa","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"attackSurface":148,"codeSignals":184,"taintFlows":203,"riskAssessment":204,"analyzedAt":215},{"hooks":149,"ajaxHandlers":174,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":14,"unprotectedCount":11},[150,156,161,166,169],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_enqueue_scripts","load_shift8_ipintel_wp_admin_style","components\\enqueuing.php",13,{"type":151,"name":157,"callback":158,"priority":14,"file":159,"line":160},"init","shift8_ipintel_init","components\\functions.php",101,{"type":151,"name":162,"callback":163,"file":164,"line":165},"admin_menu","shift8_ipintel_create_menu","components\\settings.php",4,{"type":151,"name":167,"callback":168,"file":164,"line":145},"admin_init","register_shift8_ipintel_settings",{"type":151,"name":170,"callback":171,"priority":14,"file":172,"line":173},"wp_footer","add_shift8_ipintel_menu","shift8-ipintel.php",144,[175],{"action":176,"nopriv":177,"callback":178,"hasNonce":179,"hasCapCheck":177,"file":159,"line":180},"shift8_ipintel_response",false,"shift8_ipintel_ajax_process_request",true,26,[],[],[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":188,"fileOperations":11,"externalRequests":14,"nonceChecks":14,"capabilityChecks":11,"bundledLibraries":202},[],{"prepared":11,"raw":11,"locations":187},[],{"escaped":189,"rawEcho":190,"locations":191},42,5,[192,194,196,198,200],{"file":159,"line":95,"context":193},"raw output",{"file":172,"line":195,"context":193},86,{"file":172,"line":197,"context":193},102,{"file":172,"line":199,"context":193},129,{"file":172,"line":201,"context":193},130,[],[],{"summary":205,"deductions":206},"The 'shift8-ip-intel' plugin version 1.06 exhibits a generally strong security posture based on the provided static analysis and vulnerability history.  The plugin demonstrates good practices by having no SQL queries that are not properly prepared, and a high percentage of its outputs are correctly escaped.  The attack surface is minimal and appears to be well-protected, with all identified entry points seemingly requiring authentication.  The absence of any recorded vulnerabilities, including CVEs and taint analysis findings, further reinforces this positive assessment, indicating a well-maintained and secure codebase.",[207,209,212],{"reason":208,"points":190},"No capability checks on entry points",{"reason":210,"points":211},"Potential for insecure external HTTP requests",3,{"reason":213,"points":214},"Minor percentage of unescaped output",2,"2026-03-17T06:19:00.496Z",{"wat":217,"direct":224},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fshift8-ip-intel\u002Fcss\u002Fshift8_ipintel_admin.css","\u002Fwp-content\u002Fplugins\u002Fshift8-ip-intel\u002Fjs\u002Fshift8_ipintel_admin.js",[],[],[],{"cssClasses":225,"htmlComments":231,"htmlAttributes":232,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":237},[226,227,228,229,230],"shift8-ipintel-table","shift8-ipintel-notice","switch","slider","round",[],[233],"data-nonce",[],[236],"the_ajax_script",[]]