[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fa1LV1Wow7nwZQ4BE4X1iLvHqz-FvphNXiGPukpZlWxM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":121,"fingerprints":179},"spam-comment-remover","Spam Comment Remover","4.0","Sahil Dadwal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsahildadwal\u002F","\u003Cp>Spam Comment Remover is a lightweight, zero-setup WordPress plugin that automatically stops spam comments and silently removes them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal spam detection engine  \u003C\u002Fli>\n\u003Cli>Blocks hidden links, disguised URLs, BBCode, anchor tags  \u003C\u002Fli>\n\u003Cli>Blocks gibberish, AI-generated text patterns, random strings  \u003C\u002Fli>\n\u003Cli>Auto-deletes \u003Cem>pending\u003C\u002Fem> and \u003Cem>spam\u003C\u002Fem> comments after activation  \u003C\u002Fli>\n\u003Cli>Keeps admin-approved comments safe  \u003C\u002Fli>\n\u003Cli>No conflict with any plugin or theme  \u003C\u002Fli>\n\u003Cli>Removes “Website” field from the comment form  \u003C\u002Fli>\n\u003Cli>Fully automated system — no settings required  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for bloggers, businesses, portfolio sites, and WooCommerce stores.\u003C\u002Fp>\n","Automatically remove spam comments without Akismet. Universal spam detection that blocks junk, hidden links, fake names, gibberish, and automated subm &hellip;",70,1464,100,1,"2025-12-08T18:11:00.000Z","6.9.4","5.0","8.0",[20,21,22,23,24],"anti-spam","cleaner","comments","security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspam-comment-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-comment-remover.4.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sahildadwal",30,94,"2026-04-04T15:24:31.365Z",[37,55,72,91,106],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":47,"tags":50,"homepage":52,"download_link":53,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":54},"back-list","Back List","0.5","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Adds Whitelist and Blacklist options for Trackbacks and Pingbacks as well as the option to auto-accept Trackbacks from your own blog. These options can be found on the Discussion Options page.\u003C\u002Fp>\n","Adds Whitelist and Blacklist options for Trackbacks and Pingbacks",10,2230,"","3.0.5","3.0",[20,51,22,23],"blacklist","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fback-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-list.zip","2026-03-15T10:48:56.248Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":45,"downloaded":63,"rating":27,"num_ratings":27,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":47,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-mail-validator","WP-Mail-Validator","0.6.5","kimpenhaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimpenhaus\u002F","\u003Cp>WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>syntax of mail-addresses\u003C\u002Fli>\n\u003Cli>mailserver host\u003C\u002Fli>\n\u003Cli>mx-record of mailserver\u003C\u002Fli>\n\u003Cli>user-defined blacklist\u003C\u002Fli>\n\u003Cli>trashmail services\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the plugin identifies a mail-address to be non existing on the mailserver or being on the blacklist or\u003Cbr \u002F>\nfrom trashmail service, any comment being made is moved to the spam area awaiting moderation from the blog owner.\u003C\u002Fp>\n\u003Ch3>Theme-Modification\u003C\u002Fh3>\n\u003Cp>WP-Mail-Validator comes with 3 theme functions that can be used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>wp_mail_validator_info_label()\u003C\u002Fcode>: shows a protected by info label\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_version()\u003C\u002Fcode>: shows the current plugin version\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_fended_spam_attack_count()\u003C\u002Fcode>: shows the count of spam attackes fended\u003C\u002Fli>\n\u003C\u002Fol>\n","WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:",3191,"2020-04-13T17:37:00.000Z","5.4.19","5.2.0",[20,51,22,23,68],"trashmail","https:\u002F\u002Fgithub.com\u002Fkimpenhaus\u002Fwp-mail-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-validator.0.6.5.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":27,"downloaded":80,"rating":13,"num_ratings":14,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":89,"download_link":90,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"comments-firewall","Comments Firewall","1.0.2","korchix","https:\u002F\u002Fprofiles.wordpress.org\u002Fkorchix\u002F","\u003Cp>Comments Firewall is a powerful anti-spam plugin that provides enterprise-grade firewall protection for your WordPress comments. It blocks spam before it reaches your database, eliminating the need for manual moderation while maintaining full compatibility with your theme and existing comment system.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Remove Website Field\u003C\u002Fstrong>: Completely eliminates the website field from comment forms to prevent URL submissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Link Blocking\u003C\u002Fstrong>: Two-mode protection system (Balanced\u002FStrict) blocks HTTP\u002FHTTPS links with advanced pattern detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author Name Protection\u003C\u002Fstrong>: Blocks links in commenter names to prevent sophisticated spam attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Control\u003C\u002Fstrong>: Granular control over comment submission methods (Form, REST API, XML-RPC)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force URL Clearing\u003C\u002Fstrong>: Ensures all author URLs are cleared on submission, regardless of input method\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Statistics Dashboard\u003C\u002Fstrong>: Real-time tracking of blocked spam comments with visual dashboard widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual Ready\u003C\u002Fstrong>: Full translations in 5 languages (English, Spanish, French, German, Arabic with RTL support)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional Branding Badge\u003C\u002Fstrong>: Customizable “Protected by Comments Firewall” badge for your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Compatible\u003C\u002Fstrong>: Works with any theme using standard WordPress comment hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Secure\u003C\u002Fstrong>: Zero performance impact with admin-only security controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin operates on multiple levels to ensure comprehensive spam protection:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Form Level\u003C\u002Fstrong>: Removes website fields from comment forms via WordPress hooks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation Level\u003C\u002Fstrong>: Blocks submissions containing HTTP\u002FHTTPS patterns before they’re saved\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Method Level\u003C\u002Fstrong>: Controls which submission methods (form, API, XML-RPC) are allowed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Site owners experiencing backlink spam in comments\u003C\u002Fli>\n\u003Cli>Site owners wanting to avoid the hassle of manually managing spam comments\u003C\u002Fli>\n\u003Cli>Sites that want to maintain existing comments while preventing new spam\u003C\u002Fli>\n\u003Cli>Anyone looking for a plugin that blocks all comments containing a link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin maintains full backward compatibility and won’t disrupt your existing comment workflow or database structure.\u003C\u002Fp>\n","Firewall protection for comments. Blocks spam before it reaches your database with automatic link filtering and zero manual moderation.",173,"2025-10-23T12:12:00.000Z","6.8.5","6.0","7.4",[20,86,87,88,23],"antispam","disable-comments","firewall","https:\u002F\u002Fkorchix.com\u002Fcomments-firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-firewall.1.0.2.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":27,"downloaded":99,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":100,"requires_at_least":101,"requires_php":47,"tags":102,"homepage":104,"download_link":105,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":54},"ninja-spam-protection","Ninja Spam Protection","1.0.0","randomoutputs","https:\u002F\u002Fprofiles.wordpress.org\u002Frandomoutputs\u002F","\u003Cp>The quickest and GDPR-compliant Anti-Spam Protection plugin to prevent bot spam comments in the Default Commenting System of WordPress.\u003C\u002Fp>\n\u003Ch4>Features of Ninja Spam Protection\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>100% effective.\u003C\u002Fli>\n\u003Cli>No settings are required at all.\u003C\u002Fli>\n\u003Cli>Non-Captcha solution.\u003C\u002Fli>\n\u003Cli>Fully Automatic.\u003C\u002Fli>\n\u003Cli>100% GDPR Compliant.\u003C\u002Fli>\n\u003Cli>Fastest Spam Protection like a Ninja.\u003C\u002Fli>\n\u003Cli>Compatible with all page caching and performance optimization plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How Does Ninja Spam Protection Works?\u003C\u002Fh4>\n\u003Cp>To prevent spamming of comments, the default action path (wp-comments-post.php) is blocked for users and clickable over a unique hash key when a visitor scrolls to leave a comment. Doing so prevents comment spamming that can be done by bots.\u003C\u002Fp>\n\u003Ch3>Installation of Ninja Spam Protection\u003C\u002Fh3>\n\u003Cp>Install “Ninja Spam Protection” Plugin Manually\u003C\u002Fp>\n\u003Col>\n\u003Cli>Download the “Ninja Spam Protection” Plugin\u003C\u002Fli>\n\u003Cli>Upload \u003Ccode>Ninja Spam Protection\u003C\u002Fcode> to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>If you are using any page cache plugin, make sure to purge\u002Fclear the cache.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Install Ninja Spam Protection Plugin from WordPress Dashboard\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to Plugins menu > Add new\u003C\u002Fli>\n\u003Cli>Search for “Ninja Spam Protection”\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>If you are using any page cache plugin, make sure to purge\u002Fclear the cache.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Changelog of Ninja Spam Protection\u003C\u002Fh3>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial Release\u003C\u002Fli>\n\u003C\u002Ful>\n","The ultimate solution to prevent spam comments like a ninja on the default commenting system for WordPress in WordPress.",781,"5.9.13","4.5",[20,22,103,23,24],"gdpr","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-spam-protection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninja-spam-protection.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":27,"downloaded":114,"rating":27,"num_ratings":27,"last_updated":115,"tested_up_to":16,"requires_at_least":116,"requires_php":84,"tags":117,"homepage":47,"download_link":120,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"tiny-comment-spam-blocker","Tiny Comment Spam Blocker","1.4.0","Kasuga","https:\u002F\u002Fprofiles.wordpress.org\u002Fkasuga16\u002F","\u003Cp>Tiny Comment Spam Blocker is a lightweight yet powerful plugin designed to protect your WordPress comments from spam. It employs five different techniques to detect and block unwanted comments:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Ensures that the comment form submission is genuine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Submission Time Check\u003C\u002Fstrong> – Blocks comments submitted too quickly to prevent bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Field\u003C\u002Fstrong> – Hidden field that traps automated spam bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Agent Validation\u003C\u002Fstrong> – Detects suspicious User-Agent strings and blocks them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Word Filtering\u003C\u002Fstrong> – Blocks submissions containing words or phrases from a configurable list within the \u003Cstrong>comment body, email address, or IP address.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript-Based Human Interaction Detection\u003C\u002Fstrong> – Sets a verification token when mouse movement, scrolling, or touch interaction is detected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>(Option) Block Non-Japanese Comments\u003C\u002Fstrong> – Blocks comments that do not contain Japanese characters (Hiragana, Katakana, or Han\u002FKanji), primarily targeting machine-translated or foreign spam.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>These filters are applied in order: if a comment passes the first check, it proceeds to the second, and so on, until all checks are applied or the comment is blocked.\u003C\u002Fp>\n\u003Cp>Additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to log detected spam in a local log file (up to 1.0 MB).\u003C\u002Fli>\n\u003Cli>Optional email notifications when spam is detected.\u003C\u002Fli>\n\u003Cli>Easy settings page in the WordPress admin panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The plugin provides the following settings in the WordPress admin panel:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable Spam Protection\u003C\u002Fstrong> – Toggle the spam protection on or off. When disabled, all anti-spam checks are skipped.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Spam Detection Log\u003C\u002Fstrong> – Enable or disable logging of detected spam. Logs are saved in a local file up to 1.0 MB within the WordPress uploads directory.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notification Email Address\u003C\u002Fstrong> – Enter an email address to receive notifications when spam is detected. Leave blank to disable email notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Submission Time (seconds)\u003C\u002Fstrong> – Set the minimum allowed time between loading the comment form and submitting a comment. Comments submitted faster than this threshold are considered spam.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forbidden Words List\u003C\u002Fstrong> – Enter one forbidden word, phrase, or IP address per line. Submissions containing these entries in the comment body, \u003Cstrong>email address\u003C\u002Fstrong>, or \u003Cstrong>IP address\u003C\u002Fstrong> will be blocked. \u003Cstrong>Case is insensitive.\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Example:\u003C\u002Fstrong>\u003Cbr \u002F>\nviagra\u003Cbr \u002F>\nonline pharmacy\u003Cbr \u002F>\nspam@email.com\u003Cbr \u002F>\n164.138.205.72\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block No Japanese Comments\u003C\u002Fstrong> – If enabled, this becomes the final check: Comments that contain Japanese characters (Hiragana, Katakana, or Kanji) will be automatically accepted after passing other security checks. \u003Cstrong>Comments without Japanese characters will be blocked.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary Section\u003C\u002Fh3>\n\u003Cp>This plugin is designed to be lightweight and fast, ensuring minimal impact on site performance while providing robust protection against comment spam.\u003C\u002Fp>\n","A simple and lightweight yet rock-solid plugin that blocks comment spam using multiple automatic detection methods.",411,"2026-01-30T09:21:00.000Z","6.3",[20,22,118,23,119],"honeypot","spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-comment-spam-blocker.1.4.0.zip",{"attackSurface":122,"codeSignals":161,"taintFlows":171,"riskAssessment":172,"analyzedAt":178},{"hooks":123,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":27,"unprotectedCount":27},[124,131,134,138,143,146,149,153],{"type":125,"name":126,"callback":127,"priority":128,"file":129,"line":130},"filter","comment_form_default_fields","scr_remove_website_field",999,"spam-comment-remover.php",27,{"type":125,"name":132,"callback":127,"priority":128,"file":129,"line":133},"comment_form_fields",28,{"type":125,"name":135,"callback":136,"priority":128,"file":129,"line":137},"pre_comment_approved","closure",84,{"type":139,"name":140,"callback":141,"file":129,"line":142},"action","init","scr_auto_cleanup_comments",121,{"type":139,"name":144,"callback":141,"file":129,"line":145},"wp_loaded",122,{"type":139,"name":147,"callback":141,"file":129,"line":148},"admin_init",123,{"type":139,"name":150,"callback":151,"file":129,"line":152},"admin_notices","scr_admin_notice",142,{"type":125,"name":154,"callback":155,"priority":45,"file":129,"line":156},"plugin_row_meta","scr_plugin_links",153,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":168,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":170},[],{"prepared":27,"raw":14,"locations":164},[165],{"file":129,"line":166,"context":167},111,"$wpdb->get_col() with variable interpolation",{"escaped":27,"rawEcho":27,"locations":169},[],[],[],{"summary":173,"deductions":174},"The \"spam-comment-remover\" v4.0 plugin exhibits a remarkably clean security posture based on the provided static analysis.  The absence of any identified attack surface entry points, dangerous functions, file operations, or external HTTP requests is a significant strength.  Furthermore, all observed output is properly escaped, mitigating common cross-site scripting (XSS) vulnerabilities. The complete lack of known CVEs and a clean vulnerability history indicate a well-maintained and secure plugin.  However, a single SQL query is present and does not utilize prepared statements, representing a potential, albeit currently unexploited, weakness.  The lack of any taint analysis flows is also noteworthy, suggesting that the analyzed code paths either do not handle user-supplied data in a way that would create such flows or that the analysis itself was limited in scope.  Overall, this plugin appears to be very secure, with the only minor concern being the non-prepared SQL query.",[175],{"reason":176,"points":177},"SQL query not using prepared statements",7,"2026-03-16T21:36:51.325Z",{"wat":180,"direct":185},{"assetPaths":181,"generatorPatterns":182,"scriptPaths":183,"versionParams":184},[],[],[],[],{"cssClasses":186,"htmlComments":187,"htmlAttributes":188,"restEndpoints":189,"jsGlobals":190,"shortcodeOutput":191},[],[],[],[],[],[192],"\u003Cdiv style=\"text-align:center;padding:50px;\">\n\t\t\t\t\u003Ch2>Spam Detected\u003C\u002Fh2>\n\t\t\t\t\u003Cp>Your comment cannot be accepted.\u003C\u002Fp>\n\t\t\t\u003C\u002Fdiv>"]