[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYdifQM155cOu94rmam3uypQ-BKRZVsOvLuHqkOiG2NU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":150,"fingerprints":425},"superadmin-helper","Superadmin Helper","2.0.5","Jan Štětina","https:\u002F\u002Fprofiles.wordpress.org\u002Fzaantar\u002F","\u003Cp>This plug-in currently offers following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Logging of basic events in the network (see FAQ for list)\u003C\u002Fli>\n\u003Cli>Logging all e-mails sent by WordPress\u003C\u002Fli>\n\u003Cli>Changing user’s primary blog ID on user profile page\u003C\u002Fli>\n\u003Cli>Storing user’s last logon time\u003C\u002Fli>\n\u003Cli>Permanently banning IP’s trying to log in as selected users (optional)\u003C\u002Fli>\n\u003Cli>Partially working even on single-site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All logging features make use of the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwordpress-logging-service\u002F\" rel=\"ugc\">WordPress Logging Service\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Requires PHP >= 5.3.\u003C\u002Fp>\n\u003Cp>See Usage and FAQ for more information.\u003C\u002Fp>\n\u003Cp>Plugin support is not guaranteed due to lack of free time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Spanish and Serbian – Ogi Djuraskovic, http:\u002F\u002Ffirstsiteguide.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Set of utilities for managing multisite Wordpress installations. Logging, simple permban, etc.",10,3996,0,"2014-04-15T13:42:00.000Z","3.5.2","3.5","",[19,20,21,22,23],"log","multisite","permban","spam","superadmin","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsuperadmin-helper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuperadmin-helper.2.0.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":26,"computed_at":36},"zaantar",8,200,87,30,"2026-04-05T15:08:24.574Z",[38,64,89,110,133],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":13,"last_vuln_date":63,"fetched_at":28},"wp-mail-logging","WP Mail Logging","1.16.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WP Mail Logging is the most popular plugin for logging emails sent from your WordPress site. Simply activate it and it will work immediately, no extra configuration is needed.\u003C\u002Fp>\n\u003Ch3>Are your WordPress emails not being sent or delivered?\u003C\u002Fh3>\n\u003Cp>Use this plugin to log all outgoing emails from your WordPress site. If there are any errors when sending the email from your site, our email logs will catch that error and display it to you.\u003C\u002Fp>\n\u003Cp>This will allow you to debug and fix your email sending issue.\u003C\u002Fp>\n\u003Ch3>Did a client not receive your email?\u003C\u002Fh3>\n\u003Cp>Our email logs allow you to resend any email that was sent from your site. No more lost emails!\u003C\u002Fp>\n\u003Ch3>Do you just want to keep a record of all emails sent from your site?\u003C\u002Fh3>\n\u003Cp>By default, WordPress and your web host do not log, store or keep track of emails sent from your website.\u003C\u002Fp>\n\u003Cp>This plugin will allow you to do just that. Our email logs will store every email that is sent from your WordPress site.\u003C\u002Fp>\n\u003Cp>You can search and view a particular email log, inspect its content or attachments, and even resend that email.\u003C\u002Fp>\n\u003Ch3>What email information is logged?\u003C\u002Fh3>\n\u003Cp>All emails sent from your WordPress site are logged. And here is the information that is stored:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Subject\u003C\u002Fli>\n\u003Cli>Email Content (HTML or text)\u003C\u002Fli>\n\u003Cli>Email Attachments\u003C\u002Fli>\n\u003Cli>Email Headers (to, from, reply-to, cc, bcc, …)\u003C\u002Fli>\n\u003Cli>Error Message (in case there was an error while attempting to send the email)\u003C\u002Fli>\n\u003Cli>IP Address of originating server (can be enabled in the settings)\u003C\u002Fli>\n\u003Cli>Date and Time of the email\u003C\u002Fli>\n\u003Cli>Receiver (the TO email address)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why are my logged emails still not delivered to the inbox?\u003C\u002Fh3>\n\u003Cp>There are a lot of steps that emails have to make in order to be delivered to the recipient’s inbox.\u003C\u002Fp>\n\u003Cp>When your WordPress site sends an email, there’s no guarantee it will be delivered.\u003C\u002Fp>\n\u003Cp>This is what the email’s journey looks like:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress creates an email\u003C\u002Fli>\n\u003Cli>WordPress passes the email to your website host and that email gets logged by our plugin\u003C\u002Fli>\n\u003Cli>The host server takes the email and sends it (SMTP or Mail Transfer Agent)\u003C\u002Fli>\n\u003Cli>Recipient server receives or blocks the email\u003C\u002Fli>\n\u003Cli>If the email is accepted, the spam filter decides if it goes to the inbox or the spam folder\u003C\u002Fli>\n\u003Cli>Recipients see the email and might open it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin does not track delivery after step 2.\u003C\u002Fp>\n\u003Cp>If you have deliverability issues, we suggest installing the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>WP Mail SMTP fixes WordPress email deliverability problems, you can choose between 12 email providers (Gmail, Outlook, SendLayer, Mailgun, …) to resolve your email sending issue and it’s super easy to set up. WP Mail SMTP is trusted by more than 3 million websites.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The plugin was created and launched in 2014 by \u003Ca href=\"https:\u002F\u002Fno3x.de\u002F\" rel=\"nofollow ugc\">Christian Zöller\u003C\u002Fa>.\u003C\u002Fp>\n","Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.",300000,4360548,94,349,"2026-02-19T07:13:00.000Z","6.9.4","5.3","7.4",[55,56,57,58,22],"deliverability","email","email-log","smtp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-logging\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-logging.1.16.0.zip",89,6,"2026-02-27 17:58:35",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":51,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":17,"download_link":85,"security_score":86,"vuln_count":87,"unpatched_count":13,"last_vuln_date":88,"fetched_at":28},"captcha-code-authentication","Captcha Code","3.3","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>Adds GDPR compatible captcha code anti-spam protection to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,678917,76,34,"2025-12-03T18:21:00.000Z","3.0","5.2",[80,81,82,83,84],"captcha","comments-spam","form-captcha","login-captcha","recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.3.zip",99,2,"2023-11-24 00:00:00",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":72,"downloaded":97,"rating":98,"num_ratings":87,"last_updated":99,"tested_up_to":51,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":108,"download_link":109,"security_score":98,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cloudsecure-wp-security","CloudSecure WP Security","1.4.5","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、管理者にメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、管理者にメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",604268,100,"2026-03-13T05:42:00.000Z","5.3.15","7.1",[103,104,105,106,107],"anti-spam","brute-force","login-lock","security","waf","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.5.zip",{"slug":103,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":51,"requires_at_least":122,"requires_php":53,"tags":123,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":13,"last_vuln_date":132,"fetched_at":28},"Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","5.6",[124,125,126,106,127],"antispam","brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",98,3,"2024-07-11 00:00:00",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":51,"requires_at_least":16,"requires_php":78,"tags":146,"homepage":17,"download_link":149,"security_score":98,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-login-captcha","Simple Login Captcha","1.3.6","Nikolay Nikolov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnnikolov\u002F","\u003Cp>A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.\u003C\u002Fp>\n\u003Cp>The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Simple\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No complicated features\u003C\u002Fli>\n\u003Cli>No settings\u003C\u002Fli>\n\u003Cli>No image generation\u003C\u002Fli>\n\u003Cli>No API\u003C\u002Fli>\n\u003Cli>No sessions\u003C\u002Fli>\n\u003Cli>No cookies\u003C\u002Fli>\n\u003Cli>No IP address detection\u003C\u002Fli>\n\u003Cli>No personal data collection\u003C\u002Fli>\n\u003Cli>No vulnerabilities in the programming code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommendation\u003C\u002Fh4>\n\u003Cp>Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-xml-rpc\u002F\" rel=\"ugc\">Disable XML-RPC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.\u003C\u002Fp>\n","Adds a simple 3-digit number captcha on the login form.",10000,74617,78,17,"2025-12-04T15:24:00.000Z",[80,147,106,148,22],"login","simple","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-captcha.1.3.6.zip",{"attackSurface":151,"codeSignals":336,"taintFlows":382,"riskAssessment":409,"analyzedAt":424},{"hooks":152,"ajaxHandlers":332,"restRoutes":333,"shortcodes":334,"cronEvents":335,"entryPointCount":13,"unprotectedCount":13},[153,159,165,169,173,177,181,185,189,193,197,201,205,209,213,217,221,225,229,233,237,241,245,249,253,257,261,265,269,273,277,281,285,290,294,299,301,305,307,310,314,317,321,325,328],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","plugins_loaded","\\SuperadminHelper\\Compatibility\\db_version_check","includes\\compatibility.php",14,{"type":160,"name":161,"callback":162,"file":163,"line":164},"filter","wp_mail","\\SuperadminHelper\\Logging\\email","includes\\logging.php",11,{"type":154,"name":166,"callback":167,"file":163,"line":168},"profile_update","\\SuperadminHelper\\Logging\\user_profile_update",32,{"type":154,"name":170,"callback":171,"file":163,"line":172},"wp_login","\\SuperadminHelper\\Logging\\login",46,{"type":154,"name":174,"callback":175,"file":163,"line":176},"lostpassword_post","\\SuperadminHelper\\Logging\\lostpassword_post",58,{"type":154,"name":178,"callback":179,"file":163,"line":180},"password_reset","\\SuperadminHelper\\Logging\\password_reset",65,{"type":154,"name":182,"callback":183,"file":163,"line":184},"delete_user","\\SuperadminHelper\\Logging\\delete_user",74,{"type":154,"name":186,"callback":187,"file":163,"line":188},"add_attachment","\\SuperadminHelper\\Logging\\add_attachment",83,{"type":154,"name":190,"callback":191,"file":163,"line":192},"wp_logout","\\SuperadminHelper\\Logging\\wp_logout",93,{"type":154,"name":194,"callback":195,"file":163,"line":196},"user_register","\\SuperadminHelper\\Logging\\user_register",105,{"type":154,"name":198,"callback":199,"file":163,"line":200},"switch_theme","\\SuperadminHelper\\Logging\\switch_theme",115,{"type":154,"name":202,"callback":203,"priority":11,"file":163,"line":204},"activated_plugin","\\SuperadminHelper\\Logging\\activate_plugin",124,{"type":154,"name":206,"callback":207,"priority":11,"file":163,"line":208},"deactivated_plugin","\\SuperadminHelper\\Logging\\deactivate_plugin",136,{"type":154,"name":210,"callback":211,"file":163,"line":212},"deactivate_blog","\\SuperadminHelper\\Logging\\deactivate_blog",149,{"type":154,"name":214,"callback":215,"file":163,"line":216},"activate_blog","\\SuperadminHelper\\Logging\\activate_blog",158,{"type":154,"name":218,"callback":219,"file":163,"line":220},"archive_blog","\\SuperadminHelper\\Logging\\archive_blog",167,{"type":154,"name":222,"callback":223,"file":163,"line":224},"unarchive_blog","\\SuperadminHelper\\Logging\\unarchive_blog",176,{"type":154,"name":226,"callback":227,"file":163,"line":228},"make_spam_blog","\\SuperadminHelper\\Logging\\make_spam_blog",185,{"type":154,"name":230,"callback":231,"file":163,"line":232},"make_ham_blog","\\SuperadminHelper\\Logging\\make_ham_blog",194,{"type":154,"name":234,"callback":235,"file":163,"line":236},"mature_blog","\\SuperadminHelper\\Logging\\mature_blog",203,{"type":154,"name":238,"callback":239,"file":163,"line":240},"unmature_blog","\\SuperadminHelper\\Logging\\unmature_blog",211,{"type":154,"name":242,"callback":243,"priority":11,"file":163,"line":244},"delete_blog","\\SuperadminHelper\\Logging\\delete_blog",220,{"type":154,"name":246,"callback":247,"priority":11,"file":163,"line":248},"add_user_to_blog","\\SuperadminHelper\\Logging\\add_user_to_blog",234,{"type":154,"name":250,"callback":251,"priority":11,"file":163,"line":252},"remove_user_from_blog","\\SuperadminHelper\\Logging\\remove_user_from_blog",245,{"type":160,"name":254,"callback":255,"priority":11,"file":163,"line":256},"update_plugin_complete_actions","\\SuperadminHelper\\Logging\\update_plugin_complete_actions",256,{"type":160,"name":258,"callback":259,"priority":11,"file":163,"line":260},"install_plugin_complete_actions","\\SuperadminHelper\\Logging\\install_plugin_complete_actions",266,{"type":160,"name":262,"callback":263,"priority":11,"file":163,"line":264},"update_theme_complete_actions","\\SuperadminHelper\\Logging\\update_theme_complete_actions",276,{"type":160,"name":266,"callback":267,"priority":11,"file":163,"line":268},"install_theme_complete_actions","\\SuperadminHelper\\Logging\\install_theme_complete_actions",286,{"type":160,"name":270,"callback":271,"file":163,"line":272},"blog_redirect_404","\\SuperadminHelper\\Logging\\blog_redirect_404",296,{"type":154,"name":274,"callback":275,"file":276,"line":158},"network_admin_menu","\\SuperadminHelper\\PermbanUI\\network_permban_menu","includes\\permban-ui.php",{"type":154,"name":278,"callback":279,"file":276,"line":280},"admin_menu","\\SuperadminHelper\\PermbanUI\\permban_menu",26,{"type":154,"name":282,"callback":283,"file":276,"line":284},"admin_head","\\SuperadminHelper\\PermbanUI\\admin_head",75,{"type":154,"name":286,"callback":287,"file":288,"line":289},"init","\\SuperadminHelper\\Permban\\ban_check","includes\\permban.php",44,{"type":154,"name":291,"callback":292,"file":288,"line":293},"wp_login_failed","\\SuperadminHelper\\Permban\\process_failed_login",101,{"type":154,"name":295,"callback":296,"file":297,"line":298},"show_user_profile","\\SuperadminHelper\\PrimaryBlogSetting\\show_user_profile","includes\\primary-blog-setting.php",7,{"type":154,"name":300,"callback":296,"file":297,"line":32},"edit_user_profile",{"type":154,"name":302,"callback":303,"file":297,"line":304},"personal_options_update","\\SuperadminHelper\\PrimaryBlogSetting\\edit_user_profile",9,{"type":154,"name":306,"callback":303,"file":297,"line":11},"edit_user_profile_update",{"type":154,"name":170,"callback":308,"file":309,"line":11},"\\SuperadminHelper\\RecordLastLoginTime\\save_last_login","includes\\record-last-login-time.php",{"type":160,"name":311,"callback":312,"file":309,"line":313},"wpmu_users_columns","\\SuperadminHelper\\RecordLastLoginTime\\add_last_login_column",19,{"type":160,"name":315,"callback":312,"file":309,"line":316},"manage_users_columns",20,{"type":154,"name":318,"callback":319,"priority":316,"file":309,"line":320},"manage_users_custom_column","\\SuperadminHelper\\RecordLastLoginTime\\add_last_login_column_value",27,{"type":154,"name":274,"callback":322,"file":323,"line":324},"\\SuperadminHelper\\SettingsUI\\network_admin_menu","includes\\settings-ui.php",25,{"type":154,"name":278,"callback":326,"file":323,"line":327},"\\SuperadminHelper\\SettingsUI\\admin_menu",38,{"type":154,"name":286,"callback":329,"file":330,"line":331},"\\SuperadminHelper\\load_textdomain","superadmin-helper.php",77,[],[],[],[],{"dangerousFunctions":337,"sqlUsage":338,"outputEscaping":363,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":381},[],{"prepared":144,"raw":158,"locations":339},[340,342,344,347,348,350,351,353,354,356,358,359,360,361],{"file":157,"line":176,"context":341},"$wpdb->get_var() with variable interpolation",{"file":157,"line":343,"context":341},61,{"file":157,"line":345,"context":346},66,"$wpdb->query() with variable interpolation",{"file":157,"line":74,"context":346},{"file":157,"line":349,"context":346},79,{"file":157,"line":192,"context":341},{"file":157,"line":352,"context":341},96,{"file":157,"line":293,"context":346},{"file":157,"line":355,"context":346},111,{"file":157,"line":357,"context":346},114,{"file":288,"line":280,"context":346},{"file":288,"line":188,"context":341},{"file":288,"line":352,"context":346},{"file":288,"line":362,"context":341},189,{"escaped":87,"rawEcho":304,"locations":364},[365,368,369,370,372,374,376,377,379],{"file":276,"line":366,"context":367},104,"raw output",{"file":276,"line":355,"context":367},{"file":297,"line":324,"context":367},{"file":323,"line":371,"context":367},155,{"file":323,"line":373,"context":367},156,{"file":323,"line":375,"context":367},175,{"file":323,"line":362,"context":367},{"file":378,"line":32,"context":367},"includes\\zan.php",{"file":378,"line":380,"context":367},13,[],[383,400],{"entryPoint":384,"graph":385,"unsanitizedCount":87,"severity":399},"show_default_page (includes\\permban-ui.php:96)",{"nodes":386,"edges":396},[387,391],{"id":388,"type":389,"label":390,"file":276,"line":366},"n0","source","$_REQUEST['page'] (x2)",{"id":392,"type":393,"label":394,"file":276,"line":366,"wp_function":395},"n1","sink","echo() [XSS]","echo",[397],{"from":388,"to":392,"sanitized":398},false,"medium",{"entryPoint":401,"graph":402,"unsanitizedCount":87,"severity":408},"\u003Cpermban-ui> (includes\\permban-ui.php:0)",{"nodes":403,"edges":406},[404,405],{"id":388,"type":389,"label":390,"file":276,"line":366},{"id":392,"type":393,"label":394,"file":276,"line":366,"wp_function":395},[407],{"from":388,"to":392,"sanitized":398},"low",{"summary":410,"deductions":411},"The \"superadmin-helper\" plugin version 2.0.5 exhibits a generally good security posture in several areas. The absence of known vulnerabilities, a clean vulnerability history, and the lack of file operations or external HTTP requests are all positive indicators.  Furthermore, the plugin does not expose any direct attack surface through AJAX, REST API, shortcodes, or cron events, and importantly, has no unprotected entry points.\n\nHowever, the code analysis reveals significant concerns. A substantial 55% of SQL queries are not using prepared statements, which creates a considerable risk of SQL injection vulnerabilities.  Compounding this, only 18% of output is properly escaped, indicating a high potential for cross-site scripting (XSS) vulnerabilities. The taint analysis also identified two flows with unsanitized paths, although these are not currently classified as critical or high severity, they warrant attention. The lack of nonce checks and capability checks on any potential implicit entry points (though none are directly exposed) is also a weakness that could be exploited if an attack surface were to emerge in future versions or through interactions with other plugins.\n\nIn conclusion, while the plugin benefits from a clean security history and a limited direct attack surface, the prevalent use of raw SQL queries and inadequate output escaping present substantial security risks. These weaknesses could be exploited to compromise database integrity or execute malicious scripts within the WordPress environment. Addressing these code-level issues should be a priority to improve the overall security of \"superadmin-helper\".",[412,415,417,419,422],{"reason":413,"points":414},"Raw SQL queries without prepared statements",15,{"reason":416,"points":32},"Insufficient output escaping",{"reason":418,"points":298},"Unsanitized paths in taint analysis",{"reason":420,"points":421},"Lack of nonce checks",5,{"reason":423,"points":421},"Lack of capability checks","2026-03-17T00:18:39.578Z",{"wat":426,"direct":431},{"assetPaths":427,"generatorPatterns":428,"scriptPaths":429,"versionParams":430},[],[],[],[],{"cssClasses":432,"htmlComments":434,"htmlAttributes":436,"restEndpoints":440,"jsGlobals":441,"shortcodeOutput":442},[433],"form-table",[435],"\u003C!--Superadmin mód-->",[437,438,439],"id=\"primary_blog\"","name=\"primary_blog\"","id=\"suh_last_login\"",[],[],[]]