[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0F-Y5HsLlOyEv1zuhkNuP0BajkCfJpNlE_0XT3eV8Zc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":149,"fingerprints":273},"simple-header-footer-scripts","Simple Header Footer Scripts","1.0.0","Bharat Mandava","https:\u002F\u002Fprofiles.wordpress.org\u002Fmandava\u002F","\u003Cp>Simple Header Footer Scripts plugin lets you insert code in head and footer of any WordPress theme without editing theme files. Easily add custom CSS, JavaScript, Google Analytics, Facebook Pixel, etc. to your WordPress site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Built to be as simple as possible. Easy to use.\u003C\u002Fli>\n\u003Cli>Insert code or script, including HTML and Javascript\u003C\u002Fli>\n\u003Cli>Insert Google Analytics code in any WordPress theme.\u003C\u002Fli>\n\u003Cli>Add custom CSS and JavaScript in the header or footer.\u003C\u002Fli>\n\u003Cli>Add Facebook Pixel code to wp_head or wp_footer.\u003C\u002Fli>\n\u003Cli>Easily Save, Reset, Import and Export Settings\u003C\u002Fli>\n\u003Cli>Syntax highlight available for the code editor.\u003C\u002Fli>\n\u003Cli>Option to disable insertion of scripts in the frontend.\u003C\u002Fli>\n\u003Cli>Set the execution priority of each hook.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No ads. No paid upgrades.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","Very simple Header Footer Scripts plugin with no ads or paid upgrades.",10,1054,0,"","4.9.29","4.8",[18,19,20,21,22],"head","header","header-code","header-scripts","headers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-header-footer-scripts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-header-footer-scripts.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"mandava",2,20,93,30,89,"2026-04-04T05:52:19.896Z",[38,57,80,104,129],{"slug":39,"name":40,"version":6,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":15,"requires_at_least":47,"requires_php":14,"tags":48,"homepage":14,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"per-page-headers-and-footers-code","Per Page Headers and Footers Code","jabermarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fjabermarketing\u002F","\u003Cp>This plugin allows you to add header and footer code to your wordpress website on a per page basis. You can also add global code which you can then deactivate from specfic pages\u002Fpsots.\u003C\u002Fp>\n","This plugin allows you to add header and footer code to your wordpress website on a per page basis.",977,"2018-04-03T16:57:00.000Z","4.0",[49,50,51,52,53],"per-page-code","per-page-footer-code","per-page-header-code","wordpress-footers","wordpress-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-headers-and-footers-code.zip",85,"2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":78,"download_link":79,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.2.5","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All Free Features\u003C\u002Fstrong>\u003Cbr \u002F>\nThe \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> version includes all the free features.\u003C\u002Fp>\n\u003Cp>We have implemented \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>, using best practices. First, using \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> prevents the browser from including your site in the “cohort calculation” on \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>. This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not “disable” FLoC on the client beyond that scope.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1308613,98,77,"2026-01-18T14:24:00.000Z","6.9.4","4.7","7.4",[74,75,22,76,77],"clickjacking","csp","headers-security","hsts","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.2.5.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":70,"requires_at_least":47,"requires_php":93,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":13,"last_vuln_date":103,"fetched_at":56},"wp-hide-security-enhancer","WP Hide & Security Enhancer","2.8.3","nsp-code","https:\u002F\u002Fprofiles.wordpress.org\u002Fnsp-code\u002F","\u003Cp>Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.\u003C\u002Fp>\n\u003Cp>By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.\u003C\u002Fp>\n\u003Cp>WP-Hide has launched the \u003Cstrong>easiest way to completely hide your WordPress\u003C\u002Fstrong> core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No file and directory change!\u003C\u002Fstrong>\u003Cbr \u002F>\nNo file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real hide of WordPress core files and plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin not only allows you to change default URLs of you WordPress, but it also hides\u002Fblocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.\u003C\u002Fp>\n\u003Cp>You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPJstAU34SlQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Full plugin documentation available at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>When testing with WordPress theme and plugins detector services\u002Fsites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.\u003C\u002Fp>\n\u003Cp>Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.\u003Cbr \u002F>\nStatistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.\u003Cbr \u002F>\nOver 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking bots attacks useless.\u003C\u002Fp>\n\u003Cp>It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.\u003C\u002Fp>\n\u003Cp>Once configured, you need to \u003Cstrong>clear server cache data and\u002For any cache plugins\u003C\u002Fstrong> (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample usage\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F192011678\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main plugin functionality:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customizes Admin URL\u003C\u002Fli>\n\u003Cli>Blocks default admin URL\u003C\u002Fli>\n\u003Cli>Blocks any direct folder access to completely hide the structure\u003C\u002Fli>\n\u003Cli>Customize wp-login.php filename\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Email Verification Code\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Authenticator App\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Recovery Codes\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Shortcode for front-side user settings interface\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – My Account > Account Details – area for 2FA user settings interface\u003C\u002Fli>\n\u003Cli>Google Captcha \u003C\u002Fli>\n\u003Cli>Blocks default wp-login.php\u003C\u002Fli>\n\u003Cli>Blocks default wp-signup.php\u003C\u002Fli>\n\u003Cli>Blocks XML-RPC API\u003C\u002Fli>\n\u003Cli>Creates New XML-RPC paths\u003C\u002Fli>\n\u003Cli>Adjusts theme URL\u003C\u002Fli>\n\u003Cli>Creates New child Theme URL\u003C\u002Fli>\n\u003Cli>Changes theme style file name\u003C\u002Fli>\n\u003Cli>Cleans any headers for theme style file\u003C\u002Fli>\n\u003Cli>Customizes wp-include \u003C\u002Fli>\n\u003Cli>Blocks default wp-include paths\u003C\u002Fli>\n\u003Cli>Blocks default wp-content\u003C\u002Fli>\n\u003Cli>Customizes plugins URL\u003C\u002Fli>\n\u003Cli>Changes Individual plugin URL \u003C\u002Fli>\n\u003Cli>Blocks default plugins paths\u003C\u002Fli>\n\u003Cli>Creates New upload URL\u003C\u002Fli>\n\u003Cli>Blocks default upload URL\u003C\u002Fli>\n\u003Cli>Removes WordPress version\u003C\u002Fli>\n\u003Cli>Blocks Meta Generator\u003C\u002Fli>\n\u003Cli>Disables the emoji and required javascript code\u003C\u002Fli>\n\u003Cli>Removes pingback tag\u003C\u002Fli>\n\u003Cli>Removes wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Removes rsd_link Meta\u003C\u002Fli>\n\u003Cli>Removes wpemoji\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Minifies Html, Css, JavaScript\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Security Headers\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other plugin functionality will be blocked or interfered in any way by WP-Hide\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows to change the default Admin URL from \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>wp-admin\u003C\u002Fstrong> to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all \u003Cstrong>blocked URL\u003C\u002Fstrong> functionalities, without revealing the link existence at all.\u003C\u002Fp>\n\u003Cp>Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com\u002Fwp-content\u002Fplugins\u002Fwoocommerce\u002F into domain.com\u002Fecommerce\u002Fcdn\u002F or anything customized.\u003C\u002Fp>\n\u003Ch4>Plugin Sections\u003C\u002Fh4>\n\u003Cp>**Hide -> Scan\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exhaustive system security examination with analysis and improvements guidance and fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Theme\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Theme Path – Changes default theme path\u003C\u002Fli>\n\u003Cli>New Style File Path – Changes default style file name and path\u003C\u002Fli>\n\u003Cli>Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003Cli>Child – New Theme Path – Changes default child theme path\u003C\u002Fli>\n\u003Cli>Child – New Style File Path – Changes child theme style-sheet file path and name\u003C\u002Fli>\n\u003Cli>Child – Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP includes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Include Path – Changes default wp-include path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-include URL – Blocks default wp-include URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Content Path – Change default wp-content path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-content URL – Blocks the default content URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Plugin Path – Changes default wp-content\u002Fplugins path\u002FURL\u003C\u002Fli>\n\u003Cli>Block plugin URL – Blocks default wp-content\u002Fplugins URL\u003C\u002Fli>\n\u003Cli>New path \u002F URL for Every Active Plugin\u003C\u002Fli>\n\u003Cli>Customize path and name for any active plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Uploads\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Upload Path – Changes default media files path\u002FURL\u003C\u002Fli>\n\u003Cli>Block upload URL – Blocks default media files URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Comments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-comments-post.php Path\u003C\u002Fli>\n\u003Cli>Block wp-comments-post.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Author\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Author Path\u003C\u002Fli>\n\u003Cli>Prevent Access to Author Archives\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Search Path\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > XML-RPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New XML-RPC Path – Changes default XML-RPC path \u002F URL\u003C\u002Fli>\n\u003Cli>Block default xmlrpc.php – Blocks default XML-RPC URL\u003C\u002Fli>\n\u003Cli>Disable XML-RPC authentication – Filters whether XML-RPC methods require authentication\u003C\u002Fli>\n\u003Cli>Remove pingback – Removes pingback link tag from theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > JSON REST\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clean the REST API response\u003C\u002Fli>\n\u003Cli>Disable JSON REST V1 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Disable JSON REST V2 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Block any JSON REST calls – Any call for JSON REST API service will be blocked\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Disable JSON REST WP RSD endpoint from XML-RPC responses\u003C\u002Fli>\n\u003Cli>Disable Sends a Link header for the REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Root Files\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block license.txt – Blocks access to license.txt root file\u003C\u002Fli>\n\u003Cli>Block readme.html – Blocks access to readme.html root file\u003C\u002Fli>\n\u003Cli>Block wp-activate.php – Blocks access to wp-activate.php file\u003C\u002Fli>\n\u003Cli>Block wp-cron.php – Blocks outside access to wp-cron.php file\u003C\u002Fli>\n\u003Cli>Block wp-signup.php – Blocks default wp-signup.php file\u003C\u002Fli>\n\u003Cli>Block other wp-*.php files – Blocks other wp-.php files within WordPress Root\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > URL Slash\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>URL’s add Slash – Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Core\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling Directory Listing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Meta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Other Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Shortlink Meta\u003C\u002Fli>\n\u003Cli>Remove DNS Prefetch\u003C\u002Fli>\n\u003Cli>Remove Resource Hints\u003C\u002Fli>\n\u003Cli>Remove wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Remove feed_links Meta\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Remove rsd_link Meta\u003C\u002Fli>\n\u003Cli>Remove adjacent_posts_rel Meta\u003C\u002Fli>\n\u003Cli>Remove profile link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Block Detectors\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Detectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Emulate CMS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Emulate CMS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Admin Bar\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Admin Bar for specified urser roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Feed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove feed|rdf|rss|rss2|atom links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Robots.txt\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable admin URL within Robots.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Emoji\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Emoji\u003C\u002Fli>\n\u003Cli>Disable TinyMC Emoji\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Styles\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003Cli>Remove ID from link tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Scripts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Oembed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Oembed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Link Header\u003C\u002Fli>\n\u003Cli>Remove X-Powered-By Header\u003C\u002Fli>\n\u003Cli>Remove Server Header\u003C\u002Fli>\n\u003Cli>Remove X-Pingback Header\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove HTML Comments\u003C\u002Fli>\n\u003Cli>Minify Html, CSS, JavaScript\u003C\u002Fli>\n\u003Cli>Remove general classes from body tag\u003C\u002Fli>\n\u003Cli>Remove ID from Menu items\u003C\u002Fli>\n\u003Cli>Remove class from Menu items\u003C\u002Fli>\n\u003Cli>Remove general classes from post\u003C\u002Fli>\n\u003Cli>Remove general classes from images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > User Interactions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Mouse right click\u003C\u002Fli>\n\u003Cli>Disable Text Selection\u003C\u002Fli>\n\u003Cli>Disable Copy\u003C\u002Fli>\n\u003Cli>Disable Cut\u003C\u002Fli>\n\u003Cli>Disable Paste\u003C\u002Fli>\n\u003Cli>Disable Print\u003C\u002Fli>\n\u003Cli>Disable Print Screen\u003C\u002Fli>\n\u003Cli>Disable Developer Tools\u003C\u002Fli>\n\u003Cli>Disable View Source\u003C\u002Fli>\n\u003Cli>Disable Drag \u002F Drop\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > wp-login.php\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-login.php – Maps a new wp-login.php instead of the default one\u003C\u002Fli>\n\u003Cli>Block default wp-login.php – Blocks default wp-login.php file from being accessible\u003C\u002Fli>\n\u003Cli>Customize the default login page Logo image \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > Admin URL\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Admin URL – Creates a new admin URL instead of the default ”\u002Fwp-admin”. This also applies for admin-ajax.php calls\u003C\u002Fli>\n\u003Cli>Disable customized Admin Url redirect to the Login page\u003C\u002Fli>\n\u003Cli>Block default Admin Url – Blocks default admin URL and files from being accessible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable 2FA\u003C\u002Fli>\n\u003Cli>Enable the 2FA for specific roles\u003C\u002Fli>\n\u003Cli>Enforce User to Configure 2FA\u003C\u002Fli>\n\u003Cli>Primary option for Two-Factor\u003C\u002Fli>\n\u003Cli>Disable 2FA when using Temporary Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Email\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Auth App\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate Authenticator app (TOTP)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Recovery Codes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Recovery Codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Captcha\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Captcha V2\u003C\u002Fli>\n\u003Cli>Google Captcha V3\u003C\u002Fli>\n\u003Cli>CloudFlare Turnstile ( PRO )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Settings -> CDN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CDN Url – Sets-up CDN if applied. Some providers replace site assets with custom URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>HTTP Response Headers are a powerful tool to Harden Your Website Security.\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* X-Download-Options\u003Cbr \u002F>\n* X-Frame-Options (XFO)\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* X-XSS-Protection\u003C\u002Fp>\n\u003Cp>This free version works with Apache and IIS server types. For all server types, check with \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a basic version that can hide everything for basic sites, example \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa>. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.\u003C\u002Fp>\n\u003Cp>Anything wrong with this plugin on your site? Just use the forum or get in touch with us at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact\u003C\u002Fa> and we’ll check it out.\u003C\u002Fp>\n\u003Cp>A website example can be found at \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa> or our website \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin homepage at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">Nsp-Code\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Please help and translate this plugin to your language at \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code\u002FWP-Hide or if it helped with your project, why not leave a 5 star review on this board.\u003C\u002Fp>\n","Protect your website by concealing vulnerable WordPress traces, plugins, themes, login\u002Fadmin url. 2FA, Captcha, Firewall, Security Headers etc.",60000,3363758,86,275,"2026-03-06T08:34:00.000Z","5.4",[95,22,96,97,98],"2fa","hide","login","security","https:\u002F\u002Fwp-hide.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-security-enhancer.2.8.3.zip",96,3,"2024-12-05 16:25:18",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":90,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":56},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[120,121,122,105,123],"cors-headers","csp-header","custom-headers","security-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,4,"2023-07-13 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":67,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":14,"tags":143,"homepage":147,"download_link":148,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"unique-headers","Unique Headers","1.9.3","Ryan Hellyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanhellyer\u002F","\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fgeek.hellyer.kiwi\u002Fproducts\u002Funique-headers\u002F\" rel=\"nofollow ugc\">Unique Headers Plugin\u003C\u002Fa> adds a custom header image box to the post\u002Fpage edit screen. You can use this to upload a unique header image for that post, or use another image from your WordPress media library. When you view that page on the front-end of your site, the default header image for your site will be replaced by the unique header you selected.\u003C\u002Fp>\n\u003Cp>This functionality also works with categories and tags.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>You must use a theme which utilizes the built-in custom header functionality of WordPress. If your theme implement it’s own header functionality, then this plugin will not work with it.\u003C\u002Fp>\n\u003Ch4>Paid WordPress development\u003C\u002Fh4>\n\u003Cp>If you would like to pay for assistance, additional features to be added to the plugin or are just looking for general WordPress development services, please contact me via \u003Ca href=\"https:\u002F\u002Fryan.hellyer.kiwi\u002Fcontact\u002F\" rel=\"nofollow ugc\">my contact form\u003C\u002Fa>.\u003C\u002Fp>\n","Adds the ability to use unique custom header images on individual pages, posts or categories or tags.",20000,413649,160,"2023-10-26T12:27:00.000Z","6.4.8","4.3",[144,19,22,145,146],"custom-header","images","page","https:\u002F\u002Fgeek.hellyer.kiwi\u002Fplugins\u002Funique-headers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funique-headers.1.9.3.zip",{"attackSurface":150,"codeSignals":196,"taintFlows":228,"riskAssessment":266,"analyzedAt":272},{"hooks":151,"ajaxHandlers":185,"restRoutes":192,"shortcodes":193,"cronEvents":194,"entryPointCount":195,"unprotectedCount":13},[152,158,161,165,168,172,174,178,182],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","init","init_plugin","admin\\class-shf-admin.php",88,{"type":153,"name":159,"callback":160,"file":156,"line":35},"plugins_loaded","load_textdomain",{"type":153,"name":162,"callback":163,"file":156,"line":164},"admin_menu","register_menu",90,{"type":153,"name":166,"callback":167,"file":156,"line":126},"admin_init","register_settings",{"type":153,"name":169,"callback":170,"file":156,"line":171},"admin_enqueue_scripts","load_scripts",92,{"type":153,"name":173,"callback":173,"file":156,"line":33},"admin_notices",{"type":153,"name":166,"callback":175,"file":176,"line":177},"admin_init_hooks","admin\\class-shf-settings.php",57,{"type":153,"name":179,"callback":180,"file":176,"line":181},"shf_after_options","shf_display_save_reset_settings",58,{"type":153,"name":179,"callback":183,"file":176,"line":184},"shf_display_import_export_settings",59,[186],{"action":187,"nopriv":188,"callback":189,"hasNonce":190,"hasCapCheck":188,"file":156,"line":191},"shf_dismiss_welcome_notice",false,"dismiss_welcome_notice",true,95,[],[],[],1,{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":200,"fileOperations":195,"externalRequests":13,"nonceChecks":127,"capabilityChecks":127,"bundledLibraries":227},[],{"prepared":13,"raw":13,"locations":199},[],{"escaped":201,"rawEcho":201,"locations":202},14,[203,206,207,208,210,212,213,215,217,219,220,221,223,225],{"file":156,"line":204,"context":205},266,"raw output",{"file":156,"line":204,"context":205},{"file":156,"line":204,"context":205},{"file":156,"line":209,"context":205},267,{"file":156,"line":211,"context":205},269,{"file":156,"line":211,"context":205},{"file":156,"line":214,"context":205},270,{"file":156,"line":216,"context":205},273,{"file":156,"line":218,"context":205},274,{"file":156,"line":218,"context":205},{"file":156,"line":218,"context":205},{"file":156,"line":222,"context":205},329,{"file":156,"line":224,"context":205},369,{"file":176,"line":226,"context":205},213,[],[229,255],{"entryPoint":230,"graph":231,"unsanitizedCount":13,"severity":254},"settings_import (admin\\class-shf-settings.php:222)",{"nodes":232,"edges":251},[233,238,244,246],{"id":234,"type":235,"label":236,"file":176,"line":237},"n0","source","$_FILES",244,{"id":239,"type":240,"label":241,"file":176,"line":242,"wp_function":243},"n1","sink","file_get_contents() [SSRF\u002FLFI]",261,"file_get_contents",{"id":245,"type":235,"label":236,"file":176,"line":237},"n2",{"id":247,"type":240,"label":248,"file":176,"line":249,"wp_function":250},"n3","update_option() [Settings Manipulation]",271,"update_option",[252,253],{"from":234,"to":239,"sanitized":190},{"from":245,"to":247,"sanitized":190},"low",{"entryPoint":256,"graph":257,"unsanitizedCount":13,"severity":254},"\u003Cclass-shf-settings> (admin\\class-shf-settings.php:0)",{"nodes":258,"edges":263},[259,260,261,262],{"id":234,"type":235,"label":236,"file":176,"line":237},{"id":239,"type":240,"label":241,"file":176,"line":242,"wp_function":243},{"id":245,"type":235,"label":236,"file":176,"line":237},{"id":247,"type":240,"label":248,"file":176,"line":249,"wp_function":250},[264,265],{"from":234,"to":239,"sanitized":190},{"from":245,"to":247,"sanitized":190},{"summary":267,"deductions":268},"The \"simple-header-footer-scripts\" plugin v1.0.0 exhibits a generally good security posture based on the provided static analysis. The absence of known vulnerabilities, critical taint flows, and dangerous function usage are strong indicators of secure development practices. Furthermore, the plugin utilizes prepared statements for its SQL queries and implements nonce and capability checks for its AJAX handler, which are essential security mechanisms. The presence of only one entry point and no unprotected endpoints further strengthens its security profile.\n\nHowever, there is a notable concern regarding output escaping. With 50% of its outputs not properly escaped, this presents a potential Cross-Site Scripting (XSS) vulnerability. If user-controlled data is ever processed and outputted without proper sanitization, an attacker could inject malicious scripts. While there are no known historical vulnerabilities, this code-level weakness creates a risk that needs to be addressed. The single file operation could also be a point of interest if not handled securely, though no specific risks are identified in the analysis.\n\nIn conclusion, the plugin is well-developed in many areas, particularly in its handling of SQL and access control. The primary weakness lies in its output escaping. Addressing the unescaped outputs should be the top priority to mitigate potential XSS risks and further enhance the plugin's overall security.",[269],{"reason":270,"points":271},"Half of output calls are not properly escaped",12,"2026-03-16T23:22:25.568Z",{"wat":274,"direct":283},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[276,277],"\u002Fwp-content\u002Fplugins\u002Fsimple-header-footer-scripts\u002Fassets\u002Fcss\u002Fshf-admin.css","\u002Fwp-content\u002Fplugins\u002Fsimple-header-footer-scripts\u002Fassets\u002Fjs\u002Fshf-admin.js",[],[277],[281,282],"simple-header-footer-scripts\u002Fassets\u002Fcss\u002Fshf-admin.css?ver=","simple-header-footer-scripts\u002Fassets\u002Fjs\u002Fshf-admin.js?ver=",{"cssClasses":284,"htmlComments":286,"htmlAttributes":287,"restEndpoints":289,"jsGlobals":290,"shortcodeOutput":291},[285],"shf-settings",[],[288],"data-shf-hook-id",[],[],[]]