[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6GumwEO1rGqqkScYqWuZKXgPvO4SOwFmlIEFcsW4I_4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":146,"fingerprints":235},"simple-wp-vulnerability-watcher","Simple WP Vulnerability Watcher","1.4.0","MΛCHINΣ CØDΣ","https:\u002F\u002Fprofiles.wordpress.org\u002Ffstab\u002F","\u003Cp>Simple WP Vulnerability Watcher scans installed plugins, themes, and WordPress core for known vulnerabilities, providing real-time security monitoring with minimal impact on performance. It alerts you to potential risks and helps keep your site secure.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automated scanning of plugins, themes, and WordPress core\u003C\u002Fli>\n\u003Cli>Real-time results with instant insight\u003C\u002Fli>\n\u003Cli>Easy-to-use interface in the WordPress admin dashboard\u003C\u002Fli>\n\u003Cli>Notifications and alerts for detected vulnerabilities\u003C\u002Fli>\n\u003Cli>Minimal performance impact\u003C\u002Fli>\n\u003Cli>Uses WP Vulnerability API (read-only; no data sent from your site)\u003C\u002Fli>\n\u003Cli>Supports donations via \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fmachinecode\" rel=\"nofollow ugc\">Ko-fi\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002Fmchncd\" rel=\"nofollow ugc\">Buy Me a Coffee\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is distributed under the GNU General Public License v2.0 or later. See the \u003Ccode>license.txt\u003C\u002Fcode> file for details.\u003C\u002Fp>\n","Real-time monitoring of WordPress core, themes, and plugins for known vulnerabilities.",20,797,100,2,"2025-11-10T03:20:00.000Z","6.8.5","5.0","7.4",[20,21,22,23,24],"plugin-vulnerability","security","vulnerabilities","vulnerability-scan","vulnerability-scanner","https:\u002F\u002Fsimplecode.cz\u002Fwordpress\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-wp-vulnerability-watcher.1.4.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"fstab",220,30,94,"2026-04-04T01:06:59.067Z",[38,63,87,109,125],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":27,"last_vuln_date":62,"fetched_at":29},"wp-malware-removal","Malcure Malware Shield — Removal, Repair, Monitor","19.8","Malcure Web Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fmalcure\u002F","\u003Cp>Is your website acting strangely? Seeing ‘Deceptive Site Ahead’ warnings, Japanese spam, SEO spam, or random redirects? Time to fix and monitor your site with \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Malcure Malware Shield: The Powerful Antivirus\u003C\u002Fh3>\n\u003Cp>Just as your computer requires antivirus, your website demands specialized \u003Cstrong>antivirus-grade protection\u003C\u002Fstrong>. Malcure Malware Shield delivers comprehensive, \u003Cstrong>antivirus-style\u003C\u002Fstrong> detection with advanced signatures to identify viruses, trojans, backdoors, adware, and ransomware. Unlike basic security plugins, it operates with the precision of an antivirus engine, scanning every layer of your site—from core files to the database—to ensure your website remains virus-free and secure.\u003C\u002Fp>\n\u003Ch3>Malware Removal, Hack Repair & SEO Spam Cleanup\u003C\u002Fh3>\n\u003Cp>Malware attacks are evolving. Standard scanners often miss hidden backdoors and database infections. If your current security plugin says “All Clear” but your site is still broken, you need \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong> is the intelligent, lightweight security solution. We believe security should be simple on the surface but deep under the hood. No complex settings. No bloat. Just activate and scan.\u003C\u002Fp>\n\u003Cp>Lightweight, API-driven scanning runs only on demand or on scheduled scans — no persistent background processes.\u003C\u002Fp>\n\u003Cp>Unlike scanners that delay new malware definitions for days, Malcure delivers real-time threat intelligence to every user so you’re protected against the latest threats as soon as they emerge.\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cp>Quotes are verbatim from WordPress.org support reviews, except for bracketed edits (for example, competitor names removed).\u003C\u002Fp>\n\u003Ch4>Best by far, better than [competitor name removed] and other giants\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“You can see it is a bunch of geeks that created this, with skill and visual creativity at that. I spent hours trying to find a plugin like this. So many options and such bad results until now. Great job guys. You deserve it. Simple and effective. (Disclaimer to other potential readers: there are many types of hacks\u002Fmalware out there, every scenario is different, but start with the Malcure scan and see how it goes. 9\u002F10 you won’t be disappointed, my guess)” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-by-far-better-than-wordfence-and-other-giants\u002F\" rel=\"ugc\">@dalingzaf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>The ONLY plugin that scans files…\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I am a web developer and have tried many malware removal plugins, including popular ones [competitor names removed]. However, none of them detected some unusual files that were actually malware causing regular attacks. Some of these files were in JPG format.” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-plugin-that-scans-files-in-real-time-2\u002F\" rel=\"ugc\">@devzeeshanx\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Best Malware Removal Plugin in just few minutes\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Most security plugins that are free only scan the code, but Malcure Malware Removal Plugin scans the wordpress database and the code files in few minutes. Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers. Thank You Team Malcure” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-malware-removal-plugin-in-just-few-minutes\u002F\" rel=\"ugc\">@s3630\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>It’s not just a “teaser”\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“This plugin really found the malware, and removed it. Really for free. Thanks guys, I’m going to donate now!” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fits-not-just-a-teaser\u002F\" rel=\"ugc\">@halucska\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Malware Removal & Hack Repair\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Checksum Verification:\u003C\u002Fstrong> We verify core, plugin, and theme file integrity against the official repository checksums served by our SaaS API endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Scan:\u003C\u002Fstrong> If checksums fail, Malcure runs a full scan against malware detection signatures detecting estimated 50,000+ variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inspect & Repair:\u003C\u002Fstrong> Inspect infected database records and files. Assists in cleaning compromised files and database entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Specialist:\u003C\u002Fstrong> Detects and removes the notorious “Japanese Keyword Hack” and pharma spam from your files and database, helping restore your Google rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Virus Scanner & Threat Detection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Database Scan:\u003C\u002Fstrong> Scans database tables for malicious injections and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors and obfuscated code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Detection:\u003C\u002Fstrong> Checks your core, plugins, and themes for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DeepScan™ Technology:\u003C\u002Fstrong> Scans backups, archives, images, and hidden files where malware hides.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultra-High Precision:\u003C\u002Fstrong> Uses intelligent checksum verification (comparing your files to official core\u002Fplugin\u002Ftheme checksums) to dramatically reduce false alarms compared to heuristic-only scanners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Intelligent Health Monitor\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Always-On Guard:\u003C\u002Fstrong> Continuous monitoring via \u003Cstrong>Scheduled Scans\u003C\u002Fstrong> (daily\u002Fweekly\u002Fmonthly) configurable cadence.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Alerts:\u003C\u002Fstrong> Every time a scheduled scan completes, you get an instant email report telling you if your site is clean or infected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event Log:\u003C\u002Fstrong> Track the events leading up to a malware incident for faster root-cause analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Powered by Malcure API: Real-Time Threat Intelligence\u003C\u002Fh3>\n\u003Cp>Hackers don’t sleep, and neither do we. Malcure Malware Shield connects to our real-time API to fetch the latest threat definitions.\u003C\u002Fp>\n\u003Cp>This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Data Transmission:\u003C\u002Fstrong> To perform scans, the plugin sends file checksums and your site’s domain to Malcure servers. No sensitive user data is transmitted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms & Privacy:\u003C\u002Fstrong> Use of the API is subject to our \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=1720&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=3&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Day Alerts:\u003C\u002Fstrong> Our API serves new threat-intelligence in real-time, ensuring the site is scanned against the latest vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Checksums:\u003C\u002Fstrong> We verify your core files, themes, and plugins against the official repository checksums using our API, ensuring absolute integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> The scanner only uses minimum resources to keep your server fast and responsive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Keep Malcure Malware Shield Installed?\u003C\u002Fh3>\n\u003Ch4>Reinfection Risk & Continuous Monitoring\u003C\u002Fh4>\n\u003Cp>Malware cleanup is not a one-and-done task. New vulnerabilities and reinfections can appear without warning, so continuous monitoring and scheduled scans help catch issues early—before SEO damage, blacklists, or downtime. You get email notification with the results to rest assured that the site is clean or when immediate action is required.\u003C\u002Fp>\n\u003Cp>Cleaning your site is just step one. Malcure is your anti-malware health monitor.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Continuous Monitoring:\u003C\u002Fstrong> Scheduled scans watch your site for changes so you don’t have to.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Event Log:\u003C\u002Fstrong> See exactly what’s happening on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Early Warning:\u003C\u002Fstrong> Catch new infections before Google blacklists you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Prevention:\u003C\u002Fstrong> Scheduled scans and integrity checks catch reinfections before they spread.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Bloat:\u003C\u002Fstrong> Designed to run on-demand or as per schedule without slowing down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Who This Plugin Is For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site owners\u003C\u002Fstrong> who want clear, actionable results (what was flagged and where).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & developers\u003C\u002Fstrong> who need fast triage across multiple sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce \u002F membership \u002F lead-gen sites\u003C\u002Fstrong> where downtime, SEO brand-reputation damage are expensive.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants a scanner that cuts through the noise to focus on \u003Cem>signal\u003C\u002Fem>—real threats with practical remediation paths.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works (Scan \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Review \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clean \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Monitor)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Scan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Malcure Scanner\u003C\u002Fstrong> in your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Run a scan to check your files and database for vulnerabilities, malware, backdoors, suspicious code, and integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Malcure reports findings with clear locations (file paths \u002F database records) so you can verify what changed and why it was flagged.\u003C\u002Fli>\n\u003Cli>Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean & Recover\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The free edition helps you identify issues, inspect data and understand what needs fixing.\u003C\u002Fli>\n\u003Cli>The Advanced Edition adds Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Monitor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up scheduled scans to keep your site continuously monitored.\u003C\u002Fli>\n\u003Cli>Get email alerts for new infections or integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Is It Free?\u003C\u002Fh4>\n\u003Cp>We believe in 100% transparency.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Professional-grade Detection (Knowledge). You see every infected file and database row (exact file path & line number), so you can clean it yourself for free.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Real-time Threat Intelligence & Monitoring.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro Upgrade:\u003C\u002Fstrong> Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You are never forced to pay to \u003Cem>find\u003C\u002Fem> a hack.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEbSbxiTOc8k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Core Features (Free Forever)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deep Malware Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and your entire database for vulnerabilities, viruses, trojans, backdoors, and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">malicious redirects\u003C\u002Fa>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Files:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors, shells including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database:\u003C\u002Fstrong> Scans database tables for malicious injections, recurring malware and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Detection:\u003C\u002Fstrong> Specifically checks page titles and database records for “Japanese Keyword Hack”, “Pharma Hack” and other SEO spam symptoms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> Checks your installed plugins and themes against our real-time database of known security vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Checksum Verification:\u003C\u002Fstrong> Automatically verifies your core files, themes, and plugins against the official checksums. If a file has been tampered with, we know instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uncompromising Detection:\u003C\u002Fstrong> Detects variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack Surface Hardening & Firewall:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Path Traversal:\u003C\u002Fstrong> Stops attackers from accessing sensitive system files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block PHP Uploads:\u003C\u002Fstrong> Prevents malicious scripts from being uploaded to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop User Enumeration:\u003C\u002Fstrong> Blocks bots from fishing for your username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Protection:\u003C\u002Fstrong> Prevents user data leakage via the WP REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1622&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Security Hardening\u003C\u002Fa>:\u003C\u002Fstrong> Learn more about securing your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Watchdog (Background Monitor):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set it and forget it:\u003C\u002Fstrong> Malcure runs silently in the background using scheduled scans (configurable cadence) + integrity baseline to monitor changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stay Ahead:\u003C\u002Fstrong> Automatically catch new infections before they spread or damage your SEO rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Incident Response Toolkit:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Nuke User Sessions:\u003C\u002Fstrong> Instantly force-logout every user on the site to kick out intruders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Salt Shuffler:\u003C\u002Fstrong> One-click rotation of \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">security keys (salts)\u003C\u002Fa> to invalidate all browser cookies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forensic Flight Recorder (Event Log):\u003C\u002Fstrong> Track every security event. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>how\u003C\u002Fem> a breach might have occurred with our 100-day event log.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Search Console Integration:\u003C\u002Fstrong> Connect directly to Google to fetch security warnings and blacklist status in real-time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time API Updates:\u003C\u002Fstrong> Connects to the Malcure Cloud to fetch the latest threats and vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Advanced Edition\u003C\u002Fh4>\n\u003Cp>For mission-critical websites that demand comprehensive protection and recovery tools.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>1-Click Surgical Repair:\u003C\u002Fstrong> Inspect, Delete, or Repair infected files instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Whitelisting:\u003C\u002Fstrong> Stop false alarms. Supports files, folders, and \u003Cstrong>Database Records\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration:\u003C\u002Fstrong> Complete command-line control for automated scanning and reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Definition Updates:\u003C\u002Fstrong> Definitions update automatically in the background.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>On-Demand Background Scans:\u003C\u002Fstrong> Trigger deep scans immediately without keeping your browser open.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Scan Filters:\u003C\u002Fstrong> For when you are specifically looking for something in the files or database or want to include, exclude specific files & directories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Operations:\u003C\u002Fstrong> Critical file operations like deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Client-Servicing Features:\u003C\u002Fstrong> Like copying scan results to generate report for clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Background Scan:\u003C\u002Fstrong> For when you want to trigger a scan and forget it. The scan continues and emails you upon completion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support (Expertise):\u003C\u002Fstrong> When you want to consult or want to exploit advanced features or need help troubleshooting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Priority Support:\u003C\u002Fstrong> Direct access to our security analysts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Get Malcure Advanced Edition\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Additional Resources for Malware Removal\u003C\u002Fh4>\n\u003Cp>Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1540&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">A step by step guide to remove the malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=13946&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Japanese Keyword Hack: How to Remove SEO Spam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5728&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">What is the Pharma Hack & How to fix it\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14143&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix Google Ads Disapproved for Malicious Software\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14477&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent SQL Injection Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5265&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Live Malware Infection Removal & Analysis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=7207&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix “This Site May Harm Your Computer” Warning\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Comprehensive Guide to Removing JavaScript Redirect Malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5699&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix a Blank WP-Admin Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=9102&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure WP CLI Integration & Cheatsheet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14375&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent Brute Force Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Change Salt Keys\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Expert Malware Removal Service\u003C\u002Fh4>\n\u003Cp>In over your head? Our security analysts are on standby. We offer a complete \u003Cstrong>Malware Removal Service\u003C\u002Fstrong> that includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Removal Guarantee:\u003C\u002Fstrong> We guarantee to remove all malware from your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Same Day Service:\u003C\u002Fstrong> Fast turnaround time to get your business back online.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Inspection:\u003C\u002Fstrong> Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Removal:\u003C\u002Fstrong> We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening:\u003C\u002Fstrong> We identify the root cause and patch vulnerabilities to prevent future infections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>15-Day Cover:\u003C\u002Fstrong> Security analysts available 24\u002F7\u002F365 to ensure your site stays clean.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Book Expert Malware Removal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Some files are detected by Malcure Malware Shield as “suspicious”. What gives?\u003C\u002Fh4>\n\u003Cp>Malcure’s DeepScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could potentially do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.\u003C\u002Fp>\n\u003Ch4>I can’t get Malcure Malware Shield to work. It hangs \u002F doesn’t complete the scan \u002F breaks for some reason.\u003C\u002Fh4>\n\u003Cp>If you think that the plugin is broken, \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Malcure Malware Shield (or for that matter other plugins) may break on malware affected \u002F broken websites. \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure Advanced Edition\u003C\u002Fa> integrates with WP CLI and allows you to complete the scan from WP CLI even when the site is blocked by the webhost or when you are unable to login to the website.\u003C\u002Fp>\n\u003Ch4>My site is infected however Malcure Malware Shield doesn’t detect the infection.\u003C\u002Fh4>\n\u003Cp>Malware keeps evolving. If you come across malware that Malcure Malware Shield is not able to identify, you may \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The scan gets stuck midway. What should I do?\u003C\u002Fh4>\n\u003Cp>In case of such an event, please file a support request with us and we’ll be more than happy to troubleshoot the issue.\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I cleaned my site but it got infected again. What should I do?\u003C\u002Fh4>\n\u003Cp>Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection and monitor for recurrence. How was someone able to infect your website? Have you plugged in that security hole?\u003C\u002Fp>\n\u003Cp>Please read \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002Fblog\u002Fsecurity\u002Fwhy-do-wordpress-websites-get-hacked\u002F?utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Why Do Websites Get Hacked\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do?\u003C\u002Fh4>\n\u003Cp>First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You’ll need to force or refresh the scan. You can also file a request with us to \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">get your site off any blacklists\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I found a suspicious file, what now?\u003C\u002Fh4>\n\u003Cp>If Malcure flags it, it’s likely malicious. You can inspect the file content using our built-in inspector. If you’re unsure, consider our \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Expert Malware Removal Service\u003C\u002Fa>.\u003C\u002Fp>\n","Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.",10000,605372,88,69,"2026-02-13T05:45:00.000Z","6.9.4","3.7.4","5.6",[55,56,21,57,24],"antivirus","malware-scanner","virus","https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=plugin-header&utm_medium=web&utm_campaign=wpmr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-malware-removal.19.8.zip",96,3,"2025-09-03 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":51,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":83,"download_link":84,"security_score":85,"vuln_count":14,"unpatched_count":27,"last_vuln_date":86,"fetched_at":29},"sitelock","SiteLock Security – WP Hardening, Login Security & Malware Scans","5.1.0","SiteLock","https:\u002F\u002Fprofiles.wordpress.org\u002Fsitelocksecurity\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>🌟 Completely redesigned in Version 5.0 — now even stronger with 2FA in 5.1 🌟\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The SiteLock WordPress plugin was recently rebuilt with three goals: make it faster, make it clearer and move the heavy work to the cloud. We built a cloudfirst architecture, modernized UI, expanded security controls and stripped out everything that didn’t need to be there. Our latest 5.1 release builds on that foundation with TwoFactor Authentication (2FA) to strengthen login security and give you tighter control over access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The big changes:\u003C\u002Fstrong>\u003Cbr \u002F>\n  – 🔒 Enhanced WordPress-specific hardening and login security controls\u003Cbr \u002F>\n  – ☁️ Cloud-powered scanning architecture for zero performance impact\u003Cbr \u002F>\n  – 🩺 New Site Health interface that shows you what matters in one view\u003Cbr \u002F>\n  – ⚡ Streamlined controls (fewer clicks to get protected)\u003Cbr \u002F>\n  – ✨ Modern codebase built for the WordPress you’re actually using today\u003Cbr \u002F>\n  – 🔢 Two-Factor Authentication (2FA) now available for stronger login protection\u003C\u002Fp>\n\u003Cp>If you used the old plugin: this is a different tool. If you’re new: you’re starting with the cleanest, fastest version of the plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Your website deserves protection that’s simple, fast and built for WordPress. SiteLock WordPress Security focuses on the everyday controls that matter most and helps you establish a secure baseline in minutes — WordPress-specific hardening, login protection with Two-Factor Authentication (2FA) and a clear Site Health dashboard that keeps you in control without slowing your site down. It’s lightweight, action-first protection that complements your host defenses: essential safeguards run inside WordPress while deeper checks happen securely in the SiteLock cloud. Skip heavy on-server scans and alert fatigue — run on-demand checks when you need extra assurance, so you can ship updates with confidence.\u003C\u002Fp>\n\u003Ch4>Security that grows with you\u003C\u002Fh4>\n\u003Cp>Our goal is straightforward: maintain a strong baseline with minimal overhead while giving you clear visibility and room to grow as your needs evolve.\u003Cbr \u002F>\nAnd because security is never static, this plugin keeps pace. Two-Factor Authentication (2FA) is now available to strengthen login security with an extra layer of protection.\u003C\u002Fp>\n\u003Ch4>Commercial plugin\u003C\u002Fh4>\n\u003Cp>This plugin is free but offers additional paid commercial upgrades or support.\u003C\u002Fp>\n\u003Ch3>What’s included\u003C\u002Fh3>\n\u003Ch4>WordPress Hardening: Cut common attack paths in just a few clicks\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable directory listing\u003C\u002Fli>\n\u003Cli>Restrict PHP execution in upload folders\u003C\u002Fli>\n\u003Cli>Limit unsafe script types\u003C\u002Fli>\n\u003Cli>Force strong configuration defaults to close risky gaps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>All options are toggle-based and reversible — safe to enable, easy to test and lightweight on performance.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Login Security: Protect what matters most — your access\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>: Add a second layer of verification to protect admin access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-force defense\u003C\u002Fstrong>: Blocks repeated failed logins and temporarily locks abusive IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password policy prompts\u003C\u002Fstrong>: Encourage stronger credentials without breaking workflows\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session timeouts\u003C\u002Fstrong>: Automatically end idle sessions to prevent account hijacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity awareness\u003C\u002Fstrong>: View recent logins and admin changes in the \u003Cstrong>Activity Log\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Site Health & Cloud Checks: Clarity without noise\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site Health Dashboard\u003C\u002Fstrong>: Surface key signals in one view — WordPress hardening status, last scan timestamp and actionable indicators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud Checks\u003C\u002Fstrong>: Connect your free SiteLock account to enable recurring off-server checks (Webpage Scan, SSL Verification, Email Reputation and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Now\u003C\u002Fstrong>: Run on-demand checks after updates or changes for instant assurance — no heavy, always-on local scanners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Track what’s happening across your WordPress admin. See admin\u002Flogin events at a glance making it easy to spot anomalies early and keep accountability clear\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose SiteLock WordPress Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight by design\u003C\u002Fstrong>: All high-impact protections, no unnecessary load\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real visibility\u003C\u002Fstrong>: Know your security posture in seconds with Site Health\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud-powered assurance\u003C\u002Fstrong>: Checks run off-server, protecting performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible setup\u003C\u002Fstrong>: Use standalone or connect a SiteLock account for added layers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strong login protection\u003C\u002Fstrong>: Two-Factor Authentication (2FA) alongside brute-force defense and session controls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted heritage\u003C\u002Fstrong>: From the global leader in SMB website security backed by continuous innovation and research\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Aligned to WordPress\u003C\u002Fstrong>: Designed to stay out of your way and keep performance priorities intact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Who It’s For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Small businesses & startups\u003C\u002Fli>\n\u003Cli>Portfolio & personal brand sites\u003C\u002Fli>\n\u003Cli>WooCommerce shops & small e-commerce\u003C\u002Fli>\n\u003Cli>Agencies & website maintenance services\u003C\u002Fli>\n\u003Cli>Freelance developers & web designers\u003C\u002Fli>\n\u003Cli>Bloggers, creators & publishers\u003C\u002Fli>\n\u003Cli>Community & membership sites\u003C\u002Fli>\n\u003Cli>Nonprofits & educational sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>If you manage a WordPress website, SiteLock gives you confidence and control whether you run one site or hundreds.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Can I Fix an Already-Infected Site with This Plugin?\u003C\u002Fh4>\n\u003Cp>The plugin focuses on prevention, posture and visibility — not full malware removal. It isn’t designed to fully clean up sites that were infected before it was active.\u003Cbr \u002F>\nIf your site is already compromised, act quickly, we recommend:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Restoring from a clean backup if available\u003C\u002Fli>\n\u003Cli>Remove malicious files manually or with professional help\u003C\u002Fli>\n\u003Cli>For urgent assistance, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fproducts\u002Ffix-hacked-site\u002F\" rel=\"nofollow ugc\">SiteLock 911 – Emergency Malware Removal\u003C\u002Fa> for rapid cleanup\u003C\u002Fli>\n\u003Cli>For ongoing defense, consider \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">choosing a comprehensive SiteLock plan\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Don’t Know Where To Start? Try This\u003C\u002Fh4>\n\u003Cp>Here are common first moves teams take with SiteLock. Order isn’t enforced — choose what fits your site and workflow:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable WordPress hardening that matches your hosting and theme setup\u003C\u002Fli>\n\u003Cli>Turn on Login Security controls: brute-force lockouts, session timeouts, and password-hygiene prompts\u003C\u002Fli>\n\u003Cli>Connect a free SiteLock account, then use Scan Now to run an on-demand check after plugin\u002Ftheme updates\u003C\u002Fli>\n\u003Cli>Review the Activity Log after major changes to spot unexpected admin\u002Flogin events quickly\u003Cbr \u002F>\nMake one change at a time, validate and roll back any toggle that conflicts with your stack.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Need Help with Setup or Fixes?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F?topics=wordpress-plugin\" rel=\"nofollow ugc\">Help Center – WordPress\u003C\u002Fa> for plugin specific help\u003C\u002Fli>\n\u003Cli>For broader topics explore the \u003Ca href=\"https:\u002F\u002Fwww.sitelock.com\u002Fhelp-center\u002F\" rel=\"nofollow ugc\">SiteLock Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Protecting our customers and systems is a top priority, and we take security very seriously. If you believe you’ve found a security vulnerability in the SiteLock WordPress plugin, please let us know at vuln-reporting@sitelock.com before sharing any details publicly.\u003C\u002Fp>\n","Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.",1000,48458,68,14,"2026-02-26T21:50:00.000Z","3.8","8.0",[79,80,81,24,82],"login-security","malware-scan","site-health","wordpress-security","https:\u002F\u002Fwww.sitelock.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsitelock.5.1.0.zip",98,"2026-01-25 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":27,"num_ratings":27,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":106,"download_link":107,"security_score":108,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bravo-security","Bravo WP security Plugin","1.1","Technoyer","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechnoyer\u002F","\u003Cp>Bravo WP Security Plugin, Is a plugin helps you to hide wordpress side by side Bravo wordpress firewall, wordpress antivirus (wordpress malware scanner),wordpress brute force protection, WP config security, wordpress google reCAPTCHA, error logs and more features. You can find more by visiting the next link\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbravo.technoyer.com\" rel=\"nofollow ugc\">http:\u002F\u002Fbravo.technoyer.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>+35 WordPress Security Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hide WordPress\u003C\u002Fstrong>: Hide version from all scripts and styles call inside the pages source.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide wp-login.php\u003C\u002Fstrong>: Create new login link and a 404 error will appear to the default login link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide wp-admin\u003C\u002Fstrong>: Only the login link can redirect you to the wp-admin dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent Proxy\u003C\u002Fstrong>: wp-admin Dashboard will allow real connections only.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow Custom Connections\u003C\u002Fstrong>: wp-admin Dashboard will allow some whitelist countries or\u002Fand IPs only.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Firewall\u003C\u002Fstrong>: ‘Firewall profiles’ is advanced option, You are able to choose High, Medium or Low Level of security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2-Step Verification\u003C\u002Fstrong>:  You are able to choose from many options when you decide to enable 2-Step Verification. Available options: Two factor authentication, Facebook Verification, Four numbers pin code and Security question.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>reCAPTCHA\u003C\u002Fstrong>: reCAPTCHA is important to save your host resources and your WordPress safe from spam, You can add it to guest comments, login, register or\u002Fand reset password forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Housekeeping\u003C\u002Fstrong>: Clean your WordPress, Just delete unused files, comments, revisions, trashes, transient feed or\u002Fand relationships.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Backups\u003C\u002Fstrong>: Manually or Scheduling Database backups, both options are available.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Antivirus\u003C\u002Fstrong>: Malware scanner, PHPMussel scanner, File Change Detection, Google Safe Browsing Checker, DB scanner and Spam Lisiting checker.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Scan Attachments\u003C\u002Fstrong>: Attachments will be scanned while it is being uploading.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan New Plugins & Themes\u003C\u002Fstrong>: After you activate your new plugin or theme, Bravo will create a new antivirus process to scan the new files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong>: The complete security for your and users’ passwords by activating Bravo brute force protection options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Usernames\u003C\u002Fstrong>: Prevent some usernames from register or log in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist email provider\u003C\u002Fstrong>: Prevent some email hosting from register like e.g: mail.ru.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Min & Max Usernames Length\u003C\u002Fstrong>: Minimum and Maximum chars for registered usernames.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Moderate New Members\u003C\u002Fstrong>: New members will be need admin approval before they can use their dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accounts Protection\u003C\u002Fstrong>: You are able to define the login method (email only or username only or both as default), No weak passwords, Maximum Login Attempts and Whitelist IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Who is Online (Live Tracker)\u003C\u002Fstrong>: Watch your online visitors and what are they doing?!, You will be able to see all their browsing details and block\u002Funblock Ips.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inline Visitors Blocking\u003C\u002Fstrong>: Watch your visitors activity using the traffic tracker module and you can block and IP or country when you see unusual activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cronjobs (Events Schedules)\u003C\u002Fstrong>: You have full control to set what is the appropriate time to run your events.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DB Prefix Wizard\u003C\u002Fstrong>: A wizard was designed to change WP database prefix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development & Maintenance Mode\u003C\u002Fstrong>: There two modes in order to close your site, Development mode will allow some roles to view site as usual as they know it, but Maintenance mode will close site for all.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bandwidth Saver\u003C\u002Fstrong>: Bravo lets you prevent ‘Hotlinking & iFrames’, Your hosted images will not show at other websites, and your website will be not shown in iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Self Protection\u003C\u002Fstrong>: You can set password and choose some management roles to give them ability to manage Bravo.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Idle Logout\u003C\u002Fstrong>: The plugin will clear the current sessions for logged in users if they hold their accounts without using after (n) seconds, you will choose the duration before forcing them to log in again.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mail Watching\u003C\u002Fstrong>: This tool designed for watching outbound email messages in WordPress. It can help if someone using backdoor in your blog to send spam emails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error Pages\u003C\u002Fstrong>: Continuing our efforts to hide WordPress, We designed this tool to use our 404 templates instead of your theme 404 pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Log Watching\u003C\u002Fstrong>: If you set the firewall to ‘High’ and disable WordPress debug, You can watch the error log using or tool.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>To unlock the Pro features please get the premium version \u003Ca href=\"http:\u002F\u002Fbravo.technoyer.com\u002Fpro.php\" rel=\"nofollow ugc\">click here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation is available \u003Ca href=\"http:\u002F\u002Fbravo.technoyer.com\u002Fwiki\u002Findex\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Bravo WP Security Plugin, Is a plugin helps you to hide wordpress side by side Bravo wordpress firewall, wordpress antivirus (wordpress malware scanne &hellip;",10,1898,"2017-12-11T06:22:00.000Z","4.9.29","4.7","",[102,103,82,104,105],"best-wordpress-security-plugin","wordpress-malware-removal","wordpress-vulnerability-scanner","wp-security","http:\u002F\u002Fbravo-security.technoyer.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbravo-security.1.1.zip",85,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":27,"downloaded":117,"rating":27,"num_ratings":27,"last_updated":118,"tested_up_to":51,"requires_at_least":119,"requires_php":18,"tags":120,"homepage":100,"download_link":124,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"resilience-compliance-manager","Resilience Compliance Manager","1.2.12","bean1352","https:\u002F\u002Fprofiles.wordpress.org\u002Fbean1352\u002F","\u003Cp>If you sell a WordPress plugin or theme to anyone in the EU, the EU Cyber Resilience Act (Regulation 2024\u002F2847) applies to you. It does not matter where you are based or whether your product is free. Agencies distributing custom plugins or themes to EU clients are also in scope.\u003C\u002Fp>\n\u003Cp>From September 11, 2026, you need a documented vulnerability reporting process, the required security documents, and a way to monitor your products for known vulnerabilities. ResilienceWP is built for WordPress developers — plugin developers, theme developers, and agencies — to cover all of that in one place.\u003C\u002Fp>\n\u003Cp>Non-compliance carries fines up to EUR 15 million or 2.5% of global annual turnover. Authorities can also force non-compliant products off the EU market.\u003C\u002Fp>\n\u003Cp>The free plan covers the paperwork side of compliance: checklist, five document templates, and the CRA education guide. Paid plans add automated vulnerability scanning, email alerts, the Incident Center for ENISA notification management, and downloadable compliance reports, all directly inside your WordPress admin. Pro plans also include webhook integrations for CI\u002FCD pipelines and external tools — get real-time notifications when scans complete or vulnerabilities are found.\u003C\u002Fp>\n\u003Cp>For pricing, documentation, and more details visit \u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\" rel=\"nofollow ugc\">resiliencewp.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compliance Checklist (Free)\u003C\u002Fh4>\n\u003Cp>26 actionable items, each mapped to a specific CRA article. Five categories cover everything the regulation requires:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Risk Assessment: documenting threats, attack surfaces, and mitigations\u003C\u002Fli>\n\u003Cli>Secure Development: secure defaults, no known exploitable vulnerabilities at release\u003C\u002Fli>\n\u003Cli>Vulnerability Handling: disclosure policy, coordinated reporting, user notification\u003C\u002Fli>\n\u003Cli>Required Documentation: SBOM, Declaration of Conformity, technical file\u003C\u002Fli>\n\u003Cli>Post-Market Obligations: ongoing monitoring, security updates, end-of-life policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Every item has a plain-English explanation of what it means and why it matters. Check items off as you complete them. Progress saves automatically.\u003C\u002Fp>\n\u003Ch4>Document Generator (Free)\u003C\u002Fh4>\n\u003Cp>Generate the five documents the CRA requires before you can legally place a product on the EU market:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vulnerability Disclosure Policy (Article 13(6)): your public process for receiving and handling security reports from researchers\u003C\u002Fli>\n\u003Cli>Incident Response Plan: your internal procedure when a vulnerability is discovered or actively exploited\u003C\u002Fli>\n\u003Cli>EU Declaration of Conformity: the formal self-declaration that your product meets CRA essential requirements\u003C\u002Fli>\n\u003Cli>Software Bill of Materials (SBOM) (Article 13): a structured inventory of your plugin’s components, dependencies, and third-party libraries\u003C\u002Fli>\n\u003Cli>security.txt: the machine-readable contact file security researchers use to reach you, placed at \u002F.well-known\u002Fsecurity.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fill in your plugin name, contact details, and a few specifics. Download in text or markdown format. No starting from scratch, no lawyer needed for the first draft.\u003C\u002Fp>\n\u003Ch4>CRA Education Centre (Free)\u003C\u002Fh4>\n\u003Cp>An article-by-article breakdown of Regulation (EU) 2024\u002F2847, written for developers rather than legal teams. Understand what each obligation actually requires: what counts as “active exploitation,” what an SBOM needs to contain, what the 24-hour reporting window really means.\u003C\u002Fp>\n\u003Ch4>Vulnerability Scanner (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>Connect your account to ResilienceWP and it monitors your plugins against the WPScan vulnerability database on a regular schedule. Weekly on Basic, daily on Pro.\u003C\u002Fp>\n\u003Cp>You can monitor any plugin by its WordPress.org slug, not just the plugins currently installed on your site. If your plugin depends on WooCommerce, ACF, or any other third-party plugin, you can add those slugs directly and track vulnerabilities in your dependencies. Plugins can also be added directly from your installed plugins list.\u003C\u002Fp>\n\u003Cp>The moment a new vulnerability is found, you get an email with the severity rating, CVE ID, affected version range, and fix version if one is available. Back in your WordPress admin, vulnerabilities are grouped by plugin and sorted by date discovered, so you can see at a glance which plugins have open issues and how old they are.\u003C\u002Fp>\n\u003Cp>Each vulnerability card shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Severity (Critical \u002F High \u002F Medium \u002F Low \u002F Info) with colour coding\u003C\u002Fli>\n\u003Cli>CVE identifier linked directly to the NVD entry\u003C\u002Fli>\n\u003Cli>The fix version (or “no fix available yet”)\u003C\u002Fli>\n\u003Cli>An action hint: whether to update, acknowledge, or open an incident\u003C\u002Fli>\n\u003Cli>A button to report the incident directly to the Incident Center\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Status tracking lets you mark vulnerabilities as Open, Acknowledged, In Progress, Resolved, or False Positive. Export the full vulnerability list as CSV for your compliance records.\u003C\u002Fp>\n\u003Ch4>Incident Center (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>When a vulnerability in your plugin is being actively exploited, the CRA requires you to notify ENISA within 24 hours. The Incident Center tracks that deadline from the moment you log first awareness and guides you through the complete regulatory workflow.\u003C\u002Fp>\n\u003Cp>Creating a new incident logs the discovery timestamp and starts all three countdown timers simultaneously:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Early Warning: due within 24 hours of first awareness\u003C\u002Fli>\n\u003Cli>Vulnerability Notification: due within 72 hours, with full technical details\u003C\u002Fli>\n\u003Cli>Final Report: due within 14 days, including root cause and remediation steps\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The case view shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live countdown timers for each notification deadline, turning amber at 6 hours and red when overdue\u003C\u002Fli>\n\u003Cli>A completeness score on your incident report so you know exactly what information is still missing\u003C\u002Fli>\n\u003Cli>A “Where to Submit” section with direct links to ENISA’s reporting portal, the EU CSIRT network directory, and the CVE Programme at MITRE\u003C\u002Fli>\n\u003Cli>A full audit log recording every action taken, every field updated, and every notification submitted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On Pro, you can export the full incident case including all notifications and the complete audit log, formatted for submission to regulators or for your compliance archive.\u003C\u002Fp>\n\u003Ch4>Dashboard and Compliance Score\u003C\u002Fh4>\n\u003Cp>The dashboard gives you a live compliance score (0-100) with a transparent breakdown:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>-15 points per open critical vulnerability\u003C\u002Fli>\n\u003Cli>-7 points per open high vulnerability\u003C\u002Fli>\n\u003Cli>-3 points per open medium vulnerability\u003C\u002Fli>\n\u003Cli>-20 points per overdue incident (past the 24-hour ENISA deadline)\u003C\u002Fli>\n\u003Cli>-5 points per active open incident\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is not a vanity metric. It is a working indicator of where you stand against your CRA obligations at any point in time, with the exact deductions shown so you know what to fix first.\u003C\u002Fp>\n\u003Ch4>Compliance Reports and SBOM Export (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>Generate a PDF compliance report for auditors or regulators covering your vulnerability history, resolution timeline, and document status. Export your Software Bill of Materials in standard format, as required by CRA Article 13.\u003C\u002Fp>\n\u003Ch4>Webhook Integrations (Pro)\u003C\u002Fh4>\n\u003Cp>Connect ResilienceWP to your CI\u002FCD pipeline, Slack, or any external tool with webhook callbacks. Configure webhook endpoints in Settings and receive real-time HTTP POST notifications with HMAC-SHA256 signed payloads when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A scheduled or manual scan completes\u003C\u002Fli>\n\u003Cli>A new vulnerability is found in one of your monitored plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each webhook delivery is logged with status codes and response data, so you can debug integration issues directly from your WordPress admin. Manage up to 5 webhook endpoints per account, toggle them on and off, and filter by event type.\u003C\u002Fp>\n\u003Ch4>Who needs to comply\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Commercial plugin developers: selling to EU customers through any channel (your site, Envato, direct) makes you the manufacturer under the CRA\u003C\u002Fli>\n\u003Cli>WordPress agencies: distributing custom-built plugins to EU clients, even for a single client, counts as placing a product on the market\u003C\u002Fli>\n\u003Cli>Freemium developers: having a free version does not exempt you; any commercial activity tied to the product brings you in scope\u003C\u002Fli>\n\u003Cli>Theme developers: themes with shortcodes, API integrations, or custom post types may qualify as “products with digital elements”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key dates\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>10 December 2024: CRA entered into force. Transition period began.\u003C\u002Fli>\n\u003Cli>11 September 2026: Vulnerability and incident reporting obligations apply.\u003C\u002Fli>\n\u003Cli>11 December 2027: Full CRA application. All requirements in effect.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Source Code\u003C\u002Fh4>\n\u003Cp>The admin dashboard is built with React and compiled using Vite. The uncompiled source is included in the plugin ZIP under admin\u002Fsrc\u002F. To rebuild from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install Node.js 20+ and pnpm 10+\u003C\u002Fli>\n\u003Cli>Run \u003Ccode>pnpm install\u003C\u002Fcode> in the plugin directory\u003C\u002Fli>\n\u003Cli>Run \u003Ccode>pnpm build\u003C\u002Fcode> to recompile the admin dashboard\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>External Services\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>ResilienceWP API\u003C\u002Fstrong> (https:\u002F\u002Fapi.resiliencewp.com)\u003Cbr \u002F>\nUsed for API key verification, vulnerability scanning, incident management, and report generation. Data sent: API key, WordPress site URL, plugin slugs and versions.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WPScan\u003C\u002Fstrong> (via ResilienceWP API)\u003Cbr \u002F>\nPlugin vulnerability data is sourced from the WPScan database. Plugin slugs are sent through the ResilienceWP API. No personal data is sent from your WordPress installation directly to WPScan.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fterms\" rel=\"nofollow ugc\">WPScan Terms\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fprivacy\" rel=\"nofollow ugc\">WPScan Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Paddle\u003C\u002Fstrong> (payments)\u003Cbr \u002F>\nSubscription payments are processed by Paddle as merchant of record. Payment data is handled entirely by Paddle and never passes through our servers.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fterms\" rel=\"nofollow ugc\">Paddle Terms\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Paddle Privacy\u003C\u002Fa>\u003C\u002Fp>\n","CRA compliance for WordPress developers. Checklist, document generator, vulnerability scanner, and incident reporting for the 2026 EU deadline.",567,"2026-03-11T17:21:00.000Z","6.0",[121,122,123,21,24],"audit","compliance","gdpr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresilience-compliance-manager.1.2.12.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":85,"num_ratings":135,"last_updated":136,"tested_up_to":51,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":142,"download_link":143,"security_score":144,"vuln_count":14,"unpatched_count":27,"last_vuln_date":145,"fetched_at":29},"really-simple-ssl","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)","9.5.8","Really Simple Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Freallysimpleplugins\u002F","\u003Cp>Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.\u003C\u002Fp>\n\u003Ch3>Really simple, Effective and Performant WordPress Security\u003C\u002Fh3>\n\u003Cp>Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features.\u003C\u002Fp>\n\u003Cp>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy-to-use:\u003C\u002Fstrong> 1-minute configuration with short onboarding setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Ch4>Easy SSL Migration\u003C\u002Fh4>\n\u003Cp>Migrates your website to HTTPS and enforces SSL in just one click.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>301 redirect via PHP or .htaccess\u003C\u002Fli>\n\u003Cli>Secure cookies\u003C\u002Fli>\n\u003Cli>Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.\u003C\u002Fli>\n\u003Cli>Server Health Check: Your server configuration is every bit as important for your website security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Hardening\u003C\u002Fh4>\n\u003Cp>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent code execution in the uploads folder\u003C\u002Fli>\n\u003Cli>Prevent login feedback and disable user enumeration\u003C\u002Fli>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Username restrictions (block ‘admin’ and public names)\u003C\u002Fli>\n\u003Cli>and much more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Detection\u003C\u002Fh4>\n\u003Cp>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.\u003C\u002Fp>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email.\u003C\u002Fp>\n\u003Ch3>Improve Security with Really Simple Security Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002F\" rel=\"nofollow ugc\">Protect your site with all essential security features by upgrading to Really Simple Security Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Advanced SSL enforcement\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end.\u003C\u002Fli>\n\u003Cli>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Firewall\u003C\u002Fh4>\n\u003Cp>Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors.\u003C\u002Fli>\n\u003Cli>Region blocking – Only allow\u002Fblock access to your site from specific regions.\u003C\u002Fli>\n\u003Cli>Automated and customisable Firewall rules.\u003C\u002Fli>\n\u003Cli>IP blocklist and allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers\u003C\u002Fh4>\n\u003Cp>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.\u003C\u002Fli>\n\u003Cli>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.\u003C\u002Fli>\n\u003Cli>Automatically generate your WordPress-tailored Content Security Policy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Measures\u003C\u002Fh4>\n\u003Cp>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.\u003C\u002Fli>\n\u003Cli>Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Site Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose a custom login URL\u003C\u002Fli>\n\u003Cli>Automated File Permissions check and fixer\u003C\u002Fli>\n\u003Cli>Rename and randomize your database prefix\u003C\u002Fli>\n\u003Cli>Change the debug.log file location to a non-public folder\u003C\u002Fli>\n\u003Cli>Disable application passwords\u003C\u002Fli>\n\u003Cli>Control admin creation\u003C\u002Fli>\n\u003Cli>Disable HTTP methods, reducing HTTP requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Secure your website’s login process and user accounts with powerful security measures.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Step verification (Email login)\u003C\u002Fli>\n\u003Cli>2FA (two factor authentication) with TOTP\u003C\u002Fli>\n\u003Cli>Passwordless login with passkey login\u003C\u002Fli>\n\u003Cli>Enforce strong passwords and frequent password change\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)\u003C\u002Fp>\n\u003Ch4>Access Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict access to your site for specific regions.\u003C\u002Fli>\n\u003Cli>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Useful Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fknowledge-base-overview\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fdefinitions\u002F\" rel=\"nofollow ugc\">Security Definitions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">Translate Really Simple Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Fissues\" rel=\"nofollow ugc\">Issues & pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Flabels\u002Ffeature%20request\" rel=\"nofollow ugc\">Feature requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Love Really Simple Security?\u003C\u002Fh3>\n\u003Cp>If you want to support the continuing development of this plugin, please consider buying \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Really Simple Security Pro\u003C\u002Fa>, which includes some excellent security features and premium support.\u003C\u002Fp>\n\u003Ch3>About Really Simple Plugins\u003C\u002Fh3>\n\u003Cp>Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fabout-us\" rel=\"nofollow ugc\">Really Simple Plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For generating SSL certificates, Really Simple Security uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffbett\u002Fle-acme2-php\u002F\" rel=\"nofollow ugc\">le acme2 PHP\u003C\u002Fa> Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Freally-simple-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> as well!\u003C\u002Fp>\n","Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.",3000000,205655178,8803,"2026-02-26T10:57:00.000Z","6.6",[139,140,21,141,22],"2fa","https","two-factor","https:\u002F\u002Freally-simple-ssl.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.8.zip",99,"2025-01-24 00:00:00",{"attackSurface":147,"codeSignals":201,"taintFlows":225,"riskAssessment":226,"analyzedAt":234},{"hooks":148,"ajaxHandlers":191,"restRoutes":197,"shortcodes":198,"cronEvents":199,"entryPointCount":200,"unprotectedCount":27},[149,155,159,163,165,169,173,177,181,186],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_menu","wpcv_menu","includes\\wpcv-functions.php",8,{"type":150,"name":156,"callback":157,"file":153,"line":158},"admin_notices","wpcv_display_admin_notice",9,{"type":150,"name":160,"callback":161,"priority":162,"file":153,"line":95},"admin_bar_menu","wpcv_admin_bar_menu",999,{"type":150,"name":151,"callback":164,"file":153,"line":74},"wpcv_vulnerability_check_trigger",{"type":150,"name":166,"callback":167,"priority":95,"file":153,"line":168},"upgrader_process_complete","wpcv_check_vulnerabilities_on_upgrade",15,{"type":150,"name":170,"callback":171,"priority":95,"file":153,"line":172},"activated_plugin","wpcv_check_vulnerabilities_on_activation",16,{"type":150,"name":174,"callback":175,"file":153,"line":176},"switch_theme","wpcv_check_vulnerabilities_on_theme_switch",17,{"type":150,"name":178,"callback":179,"priority":95,"file":153,"line":180},"delete_theme","wpcv_check_vulnerabilities_on_theme_delete",18,{"type":150,"name":182,"callback":183,"file":184,"line":185},"admin_enqueue_scripts","wpcv_enqueue_admin_assets","wp-check-vulnerability.php",38,{"type":187,"name":188,"callback":189,"priority":95,"file":184,"line":190},"filter","plugin_row_meta","wpcv_add_meta_links",76,[192],{"action":193,"nopriv":194,"callback":193,"hasNonce":195,"hasCapCheck":194,"file":153,"line":196},"wpcv_dismiss_notice",false,true,11,[],[],[],1,{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":27,"externalRequests":200,"nonceChecks":200,"capabilityChecks":27,"bundledLibraries":224},[],{"prepared":27,"raw":27,"locations":204},[],{"escaped":154,"rawEcho":154,"locations":206},[207,210,212,214,216,218,220,222],{"file":153,"line":208,"context":209},159,"raw output",{"file":153,"line":211,"context":209},160,{"file":153,"line":213,"context":209},163,{"file":153,"line":215,"context":209},164,{"file":153,"line":217,"context":209},165,{"file":153,"line":219,"context":209},167,{"file":153,"line":221,"context":209},170,{"file":153,"line":223,"context":209},195,[],[],{"summary":227,"deductions":228},"The simple-wp-vulnerability-watcher plugin version 1.4.0 exhibits a generally strong security posture, largely due to its minimal attack surface and adherence to several good coding practices. The static analysis indicates a single AJAX handler, which is protected by authentication checks, and a complete absence of unprotected entry points, shortcodes, or cron events. Furthermore, the plugin exclusively uses prepared statements for its SQL queries and includes nonce checks, which are crucial for preventing common web vulnerabilities. The lack of any recorded vulnerabilities or CVEs in its history is a positive indicator of its current security maturity.\n\nHowever, a notable concern arises from the output escaping. With 16 total outputs and only 50% properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. This means that user-supplied data, if not handled carefully by the plugin, could be injected into the output and executed in the browser of other users. The presence of one external HTTP request also warrants careful monitoring, as it represents a potential vector for supply chain attacks if the external resource is compromised or misbehaves.\n\nIn conclusion, while the plugin demonstrates a commendable effort in securing its entry points and database interactions, the insufficient output escaping represents a tangible security weakness. The absence of historical vulnerabilities is encouraging, but the identified output escaping issue needs to be addressed to mitigate the risk of XSS attacks.",[229,232],{"reason":230,"points":231},"Half of output is not properly escaped",6,{"reason":233,"points":14},"One external HTTP request present","2026-03-16T23:08:24.612Z",{"wat":236,"direct":246},{"assetPaths":237,"generatorPatterns":240,"scriptPaths":241,"versionParams":243},[238,239],"\u002Fwp-content\u002Fplugins\u002Fsimple-wp-vulnerability-watcher\u002Fcss\u002Fadmin-styles.css","\u002Fwp-content\u002Fplugins\u002Fsimple-wp-vulnerability-watcher\u002Fjs\u002Fadmin-scripts.js",[],[242],"wp-content\u002Fplugins\u002Fsimple-wp-vulnerability-watcher\u002Fjs\u002Fadmin-scripts.js",[244,245],"simple-wp-vulnerability-watcher\u002Fcss\u002Fadmin-styles.css?ver=","simple-wp-vulnerability-watcher\u002Fjs\u002Fadmin-scripts.js?ver=",{"cssClasses":247,"htmlComments":250,"htmlAttributes":251,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":255},[248,249],"update-plugins","plugin-count",[],[],[],[254],"wpcv_vars",[]]