[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f421FRIWOIm7PuqruZF7B0E1hv1xqKdfqshJ702yX-_k":3,"$fmGVRIZEi3fVKEk58_YfSz9HEmUwUKuIz5VxIkJygMAQ":1143,"$fhpcxMvsbgcnUmlwI1Hq1M2R3Xps7l_p2eMmTklYucgU":1147},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":123,"fingerprints":1125},"ultimate-security","Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening","1.0.17","WP Ultimate Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpultimatesecurity\u002F","\u003Cp>Ultimate Security protects your WordPress site from brute force attacks, unauthorized access, and bots. Lightweight, modular, and privacy-focused.\u003C\u002Fp>\n\u003Cp>Check out the documentation for this plugin from here\u003C\u002Fp>\n\u003Cp>Link: \u003Ca href=\"https:\u002F\u002Fdocs.wpultimatesecurity.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Visit Documentation Site\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email OTP verification\u003Cbr \u002F>\n* Google Authenticator, Authy, Microsoft Authenticator (TOTP\u002FHOTP)\u003Cbr \u002F>\n* 2FA status dashboard\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Protection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom login URL (hide wp-admin)\u003Cbr \u002F>\n* Login attempt limits\u003Cbr \u002F>\n* Password policy enforcement\u003Cbr \u002F>\n* Session management\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bot Protection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Google reCAPTCHA v2\u002Fv3\u003Cbr \u002F>\n* Cloudflare Turnstile\u003Cbr \u002F>\n* Protect login, registration, comments, WooCommerce\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Hardening\u003C\u002Fstrong>\u003Cbr \u002F>\n* Security keys rotation\u003Cbr \u002F>\n* Auto-update controls\u003Cbr \u002F>\n* Site health monitoring\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Content Protection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Right-click disable\u003Cbr \u002F>\n* Text selection control\u003Cbr \u002F>\n* Image drag prevention\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n* Security Score dashboard\u003Cbr \u002F>\n* Settings backup\u002Frestore\u003Cbr \u002F>\n* Test mode for previewing rules\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services:\u003C\u002Fp>\n\u003Ch4>Cloudflare Turnstile\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>When: Turnstile CAPTCHA enabled\u003C\u002Fli>\n\u003Cli>Sends: Response token, site secret key\u003C\u002Fli>\n\u003Cli>URL: https:\u002F\u002Fchallenges.cloudflare.com\u002Fturnstile\u002Fv0\u002Fsiteverify\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google reCAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>When: reCAPTCHA enabled\u003C\u002Fli>\n\u003Cli>Sends: Response token, site secret key\u003C\u002Fli>\n\u003Cli>URL: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress.org Salt API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>When: Security keys rotation requested\u003C\u002Fli>\n\u003Cli>Sends: Request for random salt strings\u003C\u002Fli>\n\u003Cli>URL: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect your WordPress site with 2FA, brute force protection, CAPTCHA, custom login URL, and security hardening.",10,1485,0,"2026-02-18T10:05:00.000Z","6.8.5","5.8","8.1",[19,20,21,22,23],"brute-force","firewall","login-security","security","two-factor-authentication","https:\u002F\u002Fwww.wpultimatesecurity.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.17.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"wpultimatesecurity",1,30,94,"2026-05-19T20:00:36.808Z",[38,60,77,92,108],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":35,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":28},"all-in-one-wp-security-and-firewall","All-In-One Security (AIOS) – Security and Firewall","5.4.6","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Ch3>THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios&utm_creative_format=description\" rel=\"nofollow ugc\">All-in-One Security (AIOS)\u003C\u002Fa> is a WordPress security plugin from the same, trusted team that brought you UpdraftPlus.\u003C\u002Fp>\n\u003Cp>It’s called ‘All-In-One’ because it’s packed full of ways to keep your WordPress website(s) safe and secure.\u003C\u002Fp>\n\u003Cp>It includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login security features\u003C\u002Fstrong> keep bots at bay. Lock out users based on a configurable number of login attempts, get two-factor authentication and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File and database security.\u003C\u002Fstrong> Get notified of file changes that occur outside of normal operations. Block access to key files and scan files and folders to spot insecure permissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall.\u003C\u002Fstrong> Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam prevention.\u003C\u002Fstrong> Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit log.\u003C\u002Fstrong> View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated and more.\u003C\u002Fp>\n\u003Ch4>WHY ALL-IN-ONE SECURITY?\u003C\u002Fh4>\n\u003Cp>AIOS has a near-perfect \u003Cstrong>4.7 \u002F 5-star user rating\u003C\u002Fstrong> across more than 1 million installs.\u003C\u002Fp>\n\u003Cp>Great for beginners and experts alike. AIOS guides you logically and clearly through each of its features which are all clearly explained. Security features are marked as basic, intermediate and advanced. Each step increases your security score. Turn them on and watch your protection grow!\u003C\u002Fp>\n\u003Cp>We have a large support team of software developers. That means we have the availability and the skillset to help you with the trickiest of queries.\u003C\u002Fp>\n\u003Cp>We comb the WordPress plugin directory for support tickets daily – most queries are responded to within 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Excellent plugin with numerous well-thought-out options for making a website more secure. I have been using it for years and am very happy with it. I recently had a small problem setting up a website and – even as a non-premium user – I received support very quickly. Highly recommended!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>For even more ways to stay safe and secure, upgrade to \u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002Fpricing?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios_premium&utm_creative_format=description\" rel=\"nofollow ugc\">AIOS Premium\u003C\u002Fa> – it packs a punch security-wise, whilst being \u003Cstrong>extremely cost-competitive\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>LOGIN SECURITY\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication (TFA)\u003C\u002Fstrong> – Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detect and manage ‘admin’ usernames\u003C\u002Fstrong> – Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify and correct identical login and display names\u003C\u002Fstrong> – Detect cases where the display name matches the username and provide guidance to improve login security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent user enumeration\u003C\u002Fstrong> – Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control login attempts\u003C\u002Fstrong> – Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lockout durations, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force user logout\u003C\u002Fstrong> – Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually approve new registrations\u003C\u002Fstrong> – Review and approve new user registrations to prevent spam and fake sign-ups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance WordPress salt security\u003C\u002Fstrong> – Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002F\u003Cbr \u002F>\n\u003Cstrong>Monitor and manage active sessions\u003C\u002Fstrong> – If a user is logged in who shouldn’t be, log them out or add them to a blacklist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SPAM PREVENTION\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block spam coming from bots\u003C\u002Fstrong> – Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor spam IP addresses\u003C\u002Fstrong> – Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block based on a configurable number of comments left.\u003C\u002Fp>\n\u003Ch4>FILE \u002F DATABASE Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Scan and fix file permissions\u003C\u002Fstrong> – Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable PHP file editing\u003C\u002Fstrong> – Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect sensitive files\u003C\u002Fstrong> – Prevent access to files like readme.html that might reveal information about your WordPress installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File change scanner\u003C\u002Fstrong> – Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent image hotlinking\u003C\u002Fstrong> – Prevent other websites from displaying your images via hotlinking and protect server bandwidth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure database backups\u003C\u002Fstrong> – Perform a database backup via UpdraftPlus from AIOS. Change the default ‘wp_’ prefix to hide your WordPress database from hackers.\u003C\u002Fp>\n\u003Ch4>FIREWALL\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Get .htaccess firewall rules\u003C\u002Fstrong> – Deny access to the .htaccess and wp-config.php files. Disable the server signature and limit file uploads to a configurable size.**\u003C\u002Fp>\n\u003Cp>Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get PHP firewall rules\u003C\u002Fstrong> – PHP firewall rules prevent malicious users from exploiting well-known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and Atom feeds and avoid cross-site scripting (XSS) attacks.\u003Cbr \u002F>\nBlock fake Google bots and POST requests made by bots – Block fake Google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Utilise 6G firewall rules\u003C\u002Fstrong> – Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>And more\u003C\u002Fstrong> – Blacklist (and whitelist) IP ranges and user agents and block unauthorized access to data by disabling REST API access for non-logged-in requests.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION ENHANCED [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong> is included in the free plugin. Upgrade to Premium if you’d like to:\u003Cbr \u002F>\nRequire TFA after a set time period – Mandate TFA for all admins or other roles after their accounts reach a specified age.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control how often TFA is required\u003C\u002Fstrong> – Set TFA to be required after a certain number of days on trusted devices instead of every login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customise design layout\u003C\u002Fstrong> – Adjust the TFA design to match your website’s existing layout and branding.\u003Cbr \u002F>\nEmergency codes – Generate one-time use emergency codes to regain access if you lose your TFA device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Multisite Compatible\u003C\u002Fstrong> – Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with login forms\u003C\u002Fstrong> – Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme My Login’ without additional coding.\u003C\u002Fp>\n\u003Ch4>SMART 404 BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block IPs based on 404 errors\u003C\u002Fstrong> – Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 Configuration\u003C\u002Fstrong> – Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g., 10 errors within 10 minutes).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 block by URL string\u003C\u002Fstrong> – Instantly block an IP address if a 404 event includes a specific URL string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 whitelisting\u003C\u002Fstrong> – Prevent particular IP addresses from being permanently blocked due to 404 events.\u003C\u002Fp>\n\u003Ch4>COUNTRY BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block traffic to the entire site or to specific pages or posts\u003C\u002Fstrong> – Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelist some users from blocked countries\u003C\u002Fstrong> – Whitelist IP addresses or IP ranges even if they are part of a blocked country.\u003C\u002Fp>\n\u003Ch4>MALWARE SCANNING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Automatic malware scanning\u003C\u002Fstrong> – Detect and protect against the latest malware, trojans, and spyware.\u003Cbr \u002F>\nAlerts you to blacklisting by search engines – Monitor your site for blacklisting by search engines due to malicious code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response time monitoring\u003C\u002Fstrong> – Keep track of your website’s response time to identify and address any performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Uptime monitoring\u003C\u002Fstrong> – Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advice and malware removal\u003C\u002Fstrong> – Need hands-on advice and support for malware removal? Our team of genuine cybersecurity experts is here to help.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notification if something’s amiss\u003C\u002Fstrong> – Receive notifications about any issues with your site so you can address problems before they escalate.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cp>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you are a developer and you need some extra hooks or filters for this plugin then let us know.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All-In-One Security plugin can be translated to any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently available translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Hungarian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.\u003C\u002Fp>\n\u003Cp>The collected information is stored on your server. No information is transmitted to third parties or remote server locations.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n","Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.",1000000,36261587,1699,"2026-03-25T10:40:00.000Z","7.0","5.0","5.6",[20,21,54,22,23],"malware-scanning","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-security-and-firewall.5.4.6.zip",93,26,"2024-02-08 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":13,"num_ratings":13,"last_updated":70,"tested_up_to":71,"requires_at_least":16,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bearmor-security","Bearmor Security","0.9.16","bearmor","https:\u002F\u002Fprofiles.wordpress.org\u002Fandeirz\u002F","\u003Cp>\u003Cstrong>Finally, a WordPress security plugin that doesn’t slow down your site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Bearmor Security is built for \u003Cstrong>small to medium businesses, freelancers, and agencies\u003C\u002Fstrong> who need real protection without the bloat. No confusing dashboards, no technical jargon, no performance hit.\u003C\u002Fp>\n\u003Ch3>Why Bearmor?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🎯 Built for Non-Technical Users\u003C\u002Fstrong>\u003Cbr \u002F>\nYou shouldn’t need a security degree to protect your website. Bearmor gives you clear, actionable insights in plain English.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Lightweight & Fast\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike bloated competitors, Bearmor won’t slow down your site. Clean code, efficient scans, zero impact on performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>💰 Most Features FREE\u003C\u002Fstrong>\u003Cbr \u002F>\nWhile others lock everything behind paywalls, Bearmor gives you professional-grade security for free. Compare us to Wordfence, Sucuri, or iThemes Security – we’re more generous.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Real Protection, Not Theater\u003C\u002Fstrong>\u003Cbr \u002F>\nWe focus on what actually matters: detecting threats, blocking attacks, and keeping you informed. No fake “critical alerts” to scare you into upgrading.\u003C\u002Fp>\n\u003Ch3>🆓 FREE Features (Yes, Really Free)\u003C\u002Fh3>\n\u003Ch3>Malware Scanner\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deep file scanning\u003C\u002Fstrong> for backdoors, shells, and malicious code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart detection\u003C\u002Fstrong> with pattern matching and heuristics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quarantine threats\u003C\u002Fstrong> with one click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist false positives\u003C\u002Fstrong> to prevent future alerts\u003C\u002Fli>\n\u003Cli>Scans plugins, themes, uploads, and core files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>File Integrity Monitoring\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-time tracking\u003C\u002Fstrong> of all file changes\u003C\u002Fli>\n\u003Cli>See exactly what changed, when, and where\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quarantine suspicious changes\u003C\u002Fstrong> instantly\u003C\u002Fli>\n\u003Cli>Mark safe changes to keep your dashboard clean\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Login Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute force protection\u003C\u002Fstrong> with automatic IP blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login activity log\u003C\u002Fstrong> – see every login attempt\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anomaly detection\u003C\u002Fstrong> – alerts for suspicious login patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geographic tracking\u003C\u002Fstrong> – know where logins come from\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> via email – completely free\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Hardening\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-click hardening\u003C\u002Fstrong> for common vulnerabilities\u003C\u002Fli>\n\u003Cli>Disable XML-RPC, file editing, directory browsing\u003C\u002Fli>\n\u003Cli>Hide WordPress version and login errors\u003C\u002Fli>\n\u003Cli>Enforce strong passwords\u003C\u002Fli>\n\u003Cli>All with simple on\u002Foff toggles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Activity Logging\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Track all admin actions\u003C\u002Fli>\n\u003Cli>See who changed what and when\u003C\u002Fli>\n\u003Cli>Filter by user, action type, or date\u003C\u002Fli>\n\u003Cli>Essential for multi-user sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Dashboard\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>At-a-glance overview\u003C\u002Fstrong> of your security status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security score\u003C\u002Fstrong> with clear letter grade (A-F)\u003C\u002Fli>\n\u003Cli>See threats, recent activity, and recommendations\u003C\u002Fli>\n\u003Cli>No clutter, just what matters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 PRO Features (Optional Upgrade)\u003C\u002Fh3>\n\u003Ch3>What’s FREE Forever\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Full file scanning with quarantine\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Monitoring\u003C\u002Fstrong> – Real-time change tracking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Security\u003C\u002Fstrong> – Brute force protection and blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA Authentication\u003C\u002Fstrong> – TOTP support built-in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quarantine Threats\u003C\u002Fstrong> – One-click isolation of malware\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong> – All hardening options included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade to PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🔥 \u003Cstrong>Advanced Firewall\u003C\u002Fstrong> – Block attacks before they reach WordPress\u003C\u002Fli>\n\u003Cli>🤖 \u003Cstrong>AI Security Analysis\u003C\u002Fstrong> – ChatGPT explains threats in plain English\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Deep Vulnerability Scanner\u003C\u002Fstrong> – Database scanning and comprehensive CVE checks\u003C\u002Fli>\n\u003Cli>⏰ \u003Cstrong>24\u002F7 Uptime Monitoring\u003C\u002Fstrong> – External monitoring with instant email alerts\u003C\u002Fli>\n\u003Cli>🌍 \u003Cstrong>Geo-Blocking\u003C\u002Fstrong> – Block entire countries and IP ranges\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>Priority Support\u003C\u002Fstrong> – Email support with faster response times\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbearmor.eu\u002Fpricing\" rel=\"nofollow ugc\">Learn more about PRO \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Small Business Owners\u003C\u002Fstrong> who need protection without complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freelancers\u003C\u002Fstrong> managing multiple client sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies\u003C\u002Fstrong> who want reliable security without performance issues\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> tired of bloated, confusing security plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 Privacy & External Services\u003C\u002Fh3>\n\u003Cp>Bearmor Security connects to our secure API server (bearmor.eu) for:\u003Cbr \u002F>\n– \u003Cstrong>License verification\u003C\u002Fstrong> (PRO users only)\u003Cbr \u002F>\n– \u003Cstrong>Uptime monitoring\u003C\u002Fstrong> (PRO users only)\u003Cbr \u002F>\n– \u003Cstrong>AI analysis\u003C\u002Fstrong> (PRO users only)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data sent to our servers:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Site URL\u003Cbr \u002F>\n– Admin email (for notifications)\u003Cbr \u002F>\n– Security scan results (PRO AI analysis only)\u003Cbr \u002F>\n– Site ID (anonymous identifier)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>We DO NOT:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Sell your data\u003Cbr \u002F>\n– Track your visitors\u003Cbr \u002F>\n– Store sensitive information\u003Cbr \u002F>\n– Share data with third parties\u003C\u002Fp>\n\u003Cp>For FREE users, only basic site registration data is sent (URL + email). No security data leaves your server.\u003C\u002Fp>\n\u003Cp>Read our full privacy policy: https:\u002F\u002Fbearmor.eu\u002Fprivacy\u003C\u002Fp>\n\u003Ch3>📊 Why Choose Bearmor?\u003C\u002Fh3>\n\u003Ch3>vs. Wordfence FREE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We include 2FA (they lock it behind PRO)\u003C\u002Fli>\n\u003Cli>We include quarantine (they lock it behind PRO)\u003C\u002Fli>\n\u003Cli>Lighter performance impact\u003C\u002Fli>\n\u003Cli>Simpler, cleaner interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>vs. Sucuri FREE\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We include malware scanner (they lock it behind PRO)\u003C\u002Fli>\n\u003Cli>We include file monitoring (they lock it behind PRO)\u003C\u002Fli>\n\u003Cli>We include 2FA and quarantine\u003C\u002Fli>\n\u003Cli>More features in free version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>vs. iThemes Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>More generous free tier\u003C\u002Fli>\n\u003Cli>Better malware detection\u003C\u002Fli>\n\u003Cli>Cleaner dashboard\u003C\u002Fli>\n\u003Cli>Faster scans\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Quick Start\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate Bearmor Security\u003C\u002Fli>\n\u003Cli>Run your first malware scan (Dashboard \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Scan Now)\u003C\u002Fli>\n\u003Cli>Enable recommended hardening options (Dashboard \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Hardening)\u003C\u002Fli>\n\u003Cli>Set up 2FA for your account (Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Two-Factor Auth)\u003C\u002Fli>\n\u003Cli>You’re protected! 🎉\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No configuration needed. Works out of the box.\u003C\u002Fp>\n\u003Ch3>💬 Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Documentation:\u003C\u002Fstrong> https:\u002F\u002Fbearmor.eu\u002Fdocs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Forum:\u003C\u002Fstrong> https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbearmor-security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email:\u003C\u002Fstrong> security@bearmor.eu (PRO users get priority)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌟 What Users Say\u003C\u002Fh3>\n\u003Cp>\u003Cem>“Finally, a security plugin that doesn’t make me feel stupid. Everything just works.”\u003C\u002Fem> – Sarah M., Freelancer\u003C\u002Fp>\n\u003Cp>\u003Cem>“Switched from Wordfence. Bearmor is faster and the free version has more features.”\u003C\u002Fem> – Mike T., Agency Owner\u003C\u002Fp>\n\u003Cp>\u003Cem>“The AI analysis feature is a game-changer. It explains threats in plain English.”\u003C\u002Fem> – David R., Small Business Owner\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Bearmor Security respects your privacy. Here’s exactly what data we collect and why:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FREE Users:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Site URL (to identify your installation)\u003Cbr \u002F>\n– Admin email (for security notifications)\u003Cbr \u002F>\n– Plugin version (for update checks)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PRO Users (in addition to above):\u003C\u002Fstrong>\u003Cbr \u002F>\n– Security scan results (for AI analysis)\u003Cbr \u002F>\n– Uptime monitoring data (ping responses)\u003Cbr \u002F>\n– Firewall block logs (for threat intelligence)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>We NEVER:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Sell your data to third parties\u003Cbr \u002F>\n– Track your website visitors\u003Cbr \u002F>\n– Store passwords or sensitive user data\u003Cbr \u002F>\n– Share data without your explicit consent\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Storage:\u003C\u002Fstrong>\u003Cbr \u002F>\n– All data encrypted in transit (HTTPS)\u003Cbr \u002F>\n– Stored on secure servers in EU\u003Cbr \u002F>\n– Retained for 90 days, then automatically deleted\u003Cbr \u002F>\n– You can request data deletion anytime\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003Cbr \u002F>\n– OpenAI (ChatGPT) for AI analysis (PRO only)\u003Cbr \u002F>\n– Our own servers for uptime monitoring (PRO only)\u003C\u002Fp>\n\u003Cp>Full privacy policy: https:\u002F\u002Fbearmor.eu\u002Fprivacy\u003Cbr \u002F>\nContact: security@bearmor.eu\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services in certain situations:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bearmor API (bearmor.eu)\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>When:\u003C\u002Fstrong> Plugin activation, license verification, PRO features\u003Cbr \u002F>\n– \u003Cstrong>Data sent:\u003C\u002Fstrong> Site URL, admin email, security scan results (PRO only)\u003Cbr \u002F>\n– \u003Cstrong>Purpose:\u003C\u002Fstrong> License management, AI analysis, uptime monitoring\u003Cbr \u002F>\n– \u003Cstrong>Privacy:\u003C\u002Fstrong> https:\u002F\u002Fbearmor.eu\u002Fprivacy\u003Cbr \u002F>\n– \u003Cstrong>Terms:\u003C\u002Fstrong> https:\u002F\u002Fbearmor.eu\u002Fterms\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress.org API (api.wordpress.org)\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>When:\u003C\u002Fstrong> Checking WordPress core file integrity\u003Cbr \u002F>\n– \u003Cstrong>Data sent:\u003C\u002Fstrong> WordPress version number\u003Cbr \u002F>\n– \u003Cstrong>Purpose:\u003C\u002Fstrong> Verify core files haven’t been tampered with\u003Cbr \u002F>\n– \u003Cstrong>Privacy:\u003C\u002Fstrong> https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\u003Cbr \u002F>\n– \u003Cstrong>Terms:\u003C\u002Fstrong> https:\u002F\u002Fwordpress.org\u002Fabout\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WPVulnerability.net API (wpvulnerability.net)\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>When:\u003C\u002Fstrong> Scanning for known plugin\u002Ftheme vulnerabilities\u003Cbr \u002F>\n– \u003Cstrong>Data sent:\u003C\u002Fstrong> Plugin and theme slugs (names only, no site data)\u003Cbr \u002F>\n– \u003Cstrong>Purpose:\u003C\u002Fstrong> Check for known security vulnerabilities\u003Cbr \u002F>\n– \u003Cstrong>Privacy:\u003C\u002Fstrong> https:\u002F\u002Fwww.wpvulnerability.net\u002Fprivacy-policy\u003Cbr \u002F>\n– \u003Cstrong>Terms:\u003C\u002Fstrong> https:\u002F\u002Fwww.wpvulnerability.net\u002Fterms-of-service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IP-API.com (ip-api.com)\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>When:\u003C\u002Fstrong> Firewall blocks an IP or login from restricted country\u003Cbr \u002F>\n– \u003Cstrong>Data sent:\u003C\u002Fstrong> IP address only\u003Cbr \u002F>\n– \u003Cstrong>Purpose:\u003C\u002Fstrong> Determine country of origin for geo-blocking\u003Cbr \u002F>\n– \u003Cstrong>Privacy:\u003C\u002Fstrong> https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Terms:\u003C\u002Fstrong> Free tier for non-commercial use\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OpenAI API (PRO only)\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>When:\u003C\u002Fstrong> AI security analysis is requested\u003Cbr \u002F>\n– \u003Cstrong>Data sent:\u003C\u002Fstrong> Anonymized security scan results\u003Cbr \u002F>\n– \u003Cstrong>Purpose:\u003C\u002Fstrong> Generate security recommendations\u003Cbr \u002F>\n– \u003Cstrong>Privacy:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fprivacy\u003Cbr \u002F>\n– \u003Cstrong>Note:\u003C\u002Fstrong> No personally identifiable information is sent\u003C\u002Fp>\n\u003Cp>All external connections use HTTPS encryption. FREE users connect for: initial registration, vulnerability checks, and geo-blocking. No security scan data leaves your server unless you upgrade to PRO.\u003C\u002Fp>\n","Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.",60,955,"2026-02-28T15:35:00.000Z","6.9.4","7.4",[20,21,74,22,23],"malware-scanner","https:\u002F\u002Fbearmor.eu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbearmor-security.0.9.16.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":13,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":71,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":90,"download_link":91,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"atlant-security","Atlant Security","1.1.2","Atlant","https:\u002F\u002Fprofiles.wordpress.org\u002Fxorred\u002F","\u003Cp>\u003Cstrong>Atlant Security\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides enterprise-grade protection through 17 integrated security modules organized in a 5-layer defense architecture.\u003C\u002Fp>\n\u003Ch4>5-Layer Defense Architecture\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Pre-WordPress WAF\u003C\u002Fstrong> — Firewall, rate limiter, and IP blocking run before WordPress processes the request.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Application-Aware\u003C\u002Fstrong> — Login security, custom login URL, two-factor authentication, session hardening, cron monitoring, and REST API policies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content & Config\u003C\u002Fstrong> — WordPress hardening, security headers, AI crawler management, and honeypot traps.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Outbound & Data\u003C\u002Fstrong> — SSRF prevention, malware scanning (files and database).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Response & Recovery\u003C\u002Fstrong> — Post-breach recovery, notifications, visitor log, and audit log.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Web Application Firewall (WAF)\u003C\u002Fstrong>\u003Cbr \u002F>\nInspects every request against 28+ attack pattern families including SQL injection, XSS, remote code execution, path traversal, PHP object injection, and WordPress-specific attacks. Block or log-only mode. Triple URL decoding prevents evasion.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nProgressive lockout system (5 min > 30 min > 24 hours) with configurable thresholds. Generic login error messages prevent username enumeration. Author enumeration blocking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malware Scanner\u003C\u002Fstrong>\u003Cbr \u002F>\nLocal file and database scanner with 38 malware signatures. Detects backdoors, webshells (WSO, c99, r57), crypto miners, credit card skimmers, and obfuscated code. Quarantine system with web access blocking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\nTOTP (Google Authenticator, Authy) and email OTP. Per-role enforcement, 10 recovery codes, 5-minute challenge timeout, replay attack prevention.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Honeypot Traps\u003C\u002Fstrong>\u003Cbr \u002F>\nZero-false-positive bot detection: hidden link traps, fake login pages, comment honeypots, and Contact Form 7 integration. 3-layer safe bot protection ensures Googlebot, Bingbot, and allowed AI crawlers are never blocked.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI Crawler Management\u003C\u002Fstrong>\u003Cbr \u002F>\nControl 20+ known AI\u002FLLM training crawlers (GPTBot, ClaudeBot, Google-Extended, Bytespider, and more). Per-crawler toggles, robots.txt integration, and 403 enforcement. Block training crawlers while allowing browsing bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers\u003C\u002Fstrong>\u003Cbr \u002F>\nManage HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CSP, CORP, and COOP. Letter-grade scoring system. Remove X-Powered-By and Server headers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Session Security\u003C\u002Fstrong>\u003Cbr \u002F>\nCookie hardening (HttpOnly, Secure, SameSite). Session binding via IP + User-Agent fingerprint detects hijacking. Concurrent session limits. Idle timeout. Optional admin bypass for all session restrictions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Rate Limiter\u003C\u002Fstrong>\u003Cbr \u002F>\nSliding-window rate limiting across 11 endpoint categories: frontend, login, search, feed, REST API, WooCommerce checkout, XML-RPC, and cron.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST API Policies\u003C\u002Fstrong>\u003Cbr \u002F>\nPer-route access control with authentication requirements, HTTP method restrictions, rate limits, and IP whitelists. 5 built-in policies protect user enumeration, search, and write endpoints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cron Guard\u003C\u002Fstrong>\u003Cbr \u002F>\nMonitors wp-cron.php for flood attacks. Detects suspicious scheduled tasks via baseline comparison. System cron migration helper.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Outbound Monitor (SSRF Prevention)\u003C\u002Fstrong>\u003Cbr \u002F>\nMonitors all outgoing HTTP requests. Blocks requests to private\u002Finternal IP ranges including cloud metadata endpoints. Domain allowlist with wildcard support. Caller detection traces requests to specific plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Post-Breach Recovery\u003C\u002Fstrong>\u003Cbr \u002F>\n12 emergency actions: terminate sessions, force password reset, rotate secret keys, emergency lockdown, reinstall core, reinstall plugins, audit admin accounts, clear caches, malware scan, disable plugins, and downloadable incident report.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real-Time Dashboard\u003C\u002Fstrong>\u003Cbr \u002F>\nLive visitor monitoring with 15-second auto-refresh. Stat cards, traffic charts, top IPs with VirusTotal integration, browser distribution, and IP detail modals.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Visitor Log & Audit Log\u003C\u002Fstrong>\u003Cbr \u002F>\nComplete request history with filters (IP, URL, bots, blocked, time range). Tamper-resistant admin action audit trail.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nEmail alerts (HTML formatted, color-coded severity), Slack webhooks, custom JSON webhooks, and daily digest. Configurable severity threshold with 5-minute deduplication.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Hardening\u003C\u002Fstrong>\u003Cbr \u002F>\nOne-click toggles: disable XML-RPC, hide WordPress version, block REST API user enumeration, block author enumeration, disable file editor, block PHP execution in uploads.\u003C\u002Fp>\n\u003Ch4>What Makes Atlant Security Different\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Pre-WordPress WAF\u003C\u002Fstrong> — Blocks attacks via auto_prepend_file before WordPress even loads\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Outbound HTTP Monitor\u003C\u002Fstrong> — Detects SSRF attacks and unauthorized outbound connections\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Backdoor Scanner\u003C\u002Fstrong> — Scans wp_options and wp_posts for eval(), base64, and hidden backdoors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client-Side Bot Detection\u003C\u002Fstrong> — JavaScript challenges and browser fingerprinting catch sophisticated bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI\u002FLLM Crawler Blocking\u003C\u002Fstrong> — Identify and block AI training crawlers scraping your content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Honeypot Traps\u003C\u002Fstrong> — Hidden links, fake login pages, invisible form fields that only bots trigger\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cron Guard\u003C\u002Fstrong> — Monitors wp-cron for unauthorized scheduled tasks planted by malware\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Breach Recovery\u003C\u002Fstrong> — Guided recovery toolkit with 12 emergency actions in one place\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Fingerprint Binding\u003C\u002Fstrong> — Binds sessions to IP + User-Agent so stolen cookies are useless\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Visitor Dashboard\u003C\u002Fstrong> — Live visitor feed updated every 15 seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Password Policy\u003C\u002Fstrong> — Minimum length, complexity, common-password blocking, and passphrase support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular REST API Policies\u003C\u002Fstrong> — Per-endpoint control, not just a global on\u002Foff switch\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Mode Override\u003C\u002Fstrong> — One constant in wp-config.php disables all blocking features instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deactivation Data Control\u003C\u002Fstrong> — Choose to keep or wipe all security data when deactivating\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero phone-home\u003C\u002Fstrong> — No telemetry, no tracking, fully GDPR-compliant (external services used only when explicitly enabled by the admin — see External Services section)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Atlant Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>All-in-one\u003C\u002Fstrong> — Replaces 5-6 separate security plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No external dependencies\u003C\u002Fstrong> — Core security features run locally on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero phone-home\u003C\u002Fstrong> — No telemetry, no tracking (optional features like GeoIP use external services only when explicitly enabled — see External Services section)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR-friendly\u003C\u002Fstrong> — No external fonts, no CDN resources\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup wizard\u003C\u002Fstrong> — Configure core security in under 2 minutes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean uninstall\u003C\u002Fstrong> — Removes all database tables and options when deleted (opt-in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Mode\u003C\u002Fstrong> — Emergency override if you get locked out of your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following third-party services under specific conditions:\u003C\u002Fp>\n\u003Ch4>Cloudflare IP Ranges\u003C\u002Fh4>\n\u003Cp>When Cloudflare integration is enabled, the plugin periodically fetches the current list of Cloudflare edge IP ranges from Cloudflare’s official endpoints. This is used to correctly identify visitor IP addresses behind the Cloudflare proxy and to whitelist Cloudflare edge servers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches publicly available IP range lists.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_cloudflare_ips), only when Cloudflare integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoints: https:\u002F\u002Fwww.cloudflare.com\u002Fips-v4 and https:\u002F\u002Fwww.cloudflare.com\u002Fips-v6\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Cloudflare Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fprivacypolicy\u002F\" rel=\"nofollow ugc\">Cloudflare Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MaxMind GeoLite2 GeoIP Database\u003C\u002Fh4>\n\u003Cp>When GeoIP country detection is enabled and a MaxMind license key is configured, the plugin downloads the GeoLite2-Country database from MaxMind. This database is stored locally and used to resolve visitor IP addresses to country codes for display in the visitor log and dashboard.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Your MaxMind license key is sent to authenticate the download request. No visitor data is sent to MaxMind.\u003C\u002Fli>\n\u003Cli>When: On initial setup and once per week via a scheduled cron job (aswp_update_geoip_db), only when GeoIP is enabled and a license key is configured.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fdownload.maxmind.com\u002Fapp\u002Fgeoip_download\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\" rel=\"nofollow ugc\">MaxMind End User License Agreement\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\" rel=\"nofollow ugc\">MaxMind Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Google IP Ranges\u003C\u002Fh4>\n\u003Cp>When Google integration is enabled in the IP Whitelist, the plugin periodically fetches the current list of Google IP ranges from Google’s official endpoint. This is used to automatically whitelist known Google infrastructure IPs (Googlebot, Google Cloud, etc.) so legitimate Google traffic is never blocked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches a publicly available JSON file containing Google IP ranges.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_google_ips), only when Google integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fwww.gstatic.com\u002Fipranges\u002Fgoog.json\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">Google Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Microsoft \u002F Bing IP Ranges\u003C\u002Fh4>\n\u003Cp>When Microsoft integration is enabled in the IP Whitelist, the plugin periodically fetches the current list of Bing bot IP ranges from Microsoft’s official endpoint. This is used to automatically whitelist known Bing crawler IPs so legitimate Bing traffic is never blocked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches a publicly available JSON file containing Bing bot IP ranges.\u003C\u002Fli>\n\u003Cli>When: Once per week via a scheduled cron job (aswp_refresh_microsoft_ips), only when Microsoft integration is enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fwww.bing.com\u002Ftoolbox\u002Fbingbot.json\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fservicesagreement\u002F\" rel=\"nofollow ugc\">Microsoft Services Agreement\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprivacy.microsoft.com\u002Fen-us\u002Fprivacystatement\" rel=\"nofollow ugc\">Microsoft Privacy Statement\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress.org Secret Key API\u003C\u002Fh4>\n\u003Cp>The Post-Breach Recovery module can generate new WordPress secret keys and salts using the official WordPress.org API. This is used when an administrator manually triggers the “Rotate Secret Keys” emergency action after a security breach.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: No user data is sent. The plugin fetches randomly generated keys from the API.\u003C\u002Fli>\n\u003Cli>When: Only when an administrator manually triggers the “Rotate Secret Keys” action in the Post-Breach Recovery module.\u003C\u002Fli>\n\u003Cli>Endpoint: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fdomains\u002F\" rel=\"ugc\">WordPress.org Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">WordPress.org Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Slack Webhooks\u003C\u002Fh4>\n\u003Cp>When Slack notifications are enabled and a Slack webhook URL is configured, the plugin sends security alert messages to the specified Slack channel. This allows administrators to receive real-time security notifications in Slack.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Security alert messages containing the alert subject, description, severity level, site URL, and the IP address that triggered the alert. No visitor personal data or cookies are sent.\u003C\u002Fli>\n\u003Cli>When: Only when a security event occurs (e.g., brute force attempt, WAF block, honeypot trip) and Slack notifications are enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: Administrator-configured Slack Incoming Webhook URL (e.g., https:\u002F\u002Fhooks.slack.com\u002Fservices\u002F…)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fslack.com\u002Fterms-of-service\" rel=\"nofollow ugc\">Slack Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fslack.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Slack Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Webhooks\u003C\u002Fh4>\n\u003Cp>When webhook notifications are enabled and a webhook URL is configured, the plugin sends security alert payloads in JSON format to the specified endpoint. This allows integration with any external monitoring or alerting system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: JSON payload containing the alert subject, description, severity level, site URL, timestamp, and the IP address that triggered the alert. No visitor personal data or cookies are sent.\u003C\u002Fli>\n\u003Cli>When: Only when a security event occurs and webhook notifications are enabled.\u003C\u002Fli>\n\u003Cli>Endpoint: Administrator-configured webhook URL.\u003C\u002Fli>\n\u003Cli>Terms and privacy: Determined by the third-party service the administrator configures.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade Notices\u003C\u002Fh3>\n\u003Ch4>1.1.2\u003C\u002Fh4>\n\u003Cp>New About page consolidates defense architecture and competitive features. Setup wizard no longer auto-redirects on activation. Dashboard is cleaner with focus on operational data.\u003C\u002Fp>\n\u003Ch4>1.0.7\u003C\u002Fh4>\n\u003Cp>Major UI overhaul: inner sidebar navigation replaces 23 WordPress submenu items with a clean, persistent sidebar panel. All page URLs remain the same — bookmarks still work.\u003C\u002Fp>\n\u003Ch4>1.0.4\u003C\u002Fh4>\n\u003Cp>Adds GeoIP country flags in visitor log, custom login URL, password policy enforcement, and Force SSL Admin setting. Internal prefix migration runs automatically — no action required.\u003C\u002Fp>\n\u003Ch4>1.0.3\u003C\u002Fh4>\n\u003Cp>Adds honeypot traps, security headers management, two-factor authentication, and notification channels. Fixes IP management and status code logging. Recommended update.\u003C\u002Fp>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cp>Initial release. Run the Setup Wizard after activation to configure your site’s security.\u003C\u002Fp>\n","Enterprise-grade WordPress security: WAF, brute force protection, malware scanner, 2FA, honeypots, AI crawler control, and post-breach recovery.",120,"2026-03-30T20:31:00.000Z","6.0","8.0",[19,20,74,22,23],"https:\u002F\u002Fatlantsecurity.com\u002Flearn\u002Fwe-are-releasing-the-best-security-plugin-for-wordpress-in-existence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatlant-security.1.1.2.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":13,"downloaded":100,"rating":13,"num_ratings":13,"last_updated":101,"tested_up_to":71,"requires_at_least":51,"requires_php":72,"tags":102,"homepage":105,"download_link":106,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":107},"logishield-security","LogiShield Security – Login Security, 2FA, Limit Login, Brute Force Protection, Firewall","1.0.0","newWebber","https:\u002F\u002Fprofiles.wordpress.org\u002Fnewwebber1\u002F","\u003Cp>LogiShield Security was built to be the only WordPress login security plugin you will ever need.\u003C\u002Fp>\n\u003Cp>Easily improve your site’s security with this WordPress login security plugin by implementing essential defense features like Two-Factor Authentication (2FA), Limit Login Attempts, Temporary Logins, and Custom Login URLs.\u003C\u002Fp>\n\u003Ch3>Core Login Security Features of LogiShield Security\u003C\u002Fh3>\n\u003Cp>LogiShield Security is not just a basic plugin. It’s a multi-layered WordPress login security plugin with a custom login URL to give maximum protection. Below is a deep dive into the powerful features included in this secure WP login tool, explaining exactly what they do and why your website’s security depends on them.\u003C\u002Fp>\n\u003Ch4>1. Two-Factor Authentication (2FA)\u003C\u002Fh4>\n\u003Cp>As an ultimate WordPress 2FA plugin, LogiShield ensures that a stolen password is no longer enough to compromise your website. It adds an extra layer to your security. 2FA by LogiShield protects your admin login from brute force attacks, password leaks, automated password guessing, and data breaches.\u003C\u002Fp>\n\u003Cp>2FA-enabled WordPress login requires both your password and a phone-generated OTP code. Use Google Authenticator, Authy, or Microsoft Authenticator to generate the 2FA code, then have a sound sleep at night!\u003C\u002Fp>\n\u003Cp>LogiShield is a fully TOTP-compatible OTP login system. So, setting up the 2FA code is a piece of cake now.\u003C\u002Fp>\n\u003Cp>See what our 2FA features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwordless login with passkey support\u003C\u002Fli>\n\u003Cli>Free two-factor authentication (2FA) for all users\u003C\u002Fli>\n\u003Cli>Remember trusted devices\u003C\u002Fli>\n\u003Cli>Recover locked out of authentication accounts with allow next user login\u003C\u002Fli>\n\u003Cli>Support multiple 2FA generators. \u003C\u002Fli>\n\u003Cli>Enable 2FA with Authenticator app (TOTP) \u003C\u002Fli>\n\u003Cli>Generate 2FA code over email (cooking)\u003C\u002Fli>\n\u003Cli>Developer API integration for WhatsApp, OTP Token, etc. (cooking)\u003C\u002Fli>\n\u003Cli>Password reset with 2FA (cooking)\u003C\u002Fli>\n\u003Cli>Universal 2FA app support\u003C\u002Fli>\n\u003Cli>Backup codes (16 digits) for recovery access\u003C\u002Fli>\n\u003Cli>Wizard-driven setup\u003C\u002Fli>\n\u003Cli>One-click WooCommerce integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Passwords are fundamentally flawed. They can be guessed, phished, brute force attacked, or leaked in third-party data breaches. If an attacker acquires your admin password, a standard setup lets them walk right in. Here comes the WordPress 2FA plugin. If enabled, the attacker is stopped dead in their tracks because they cannot access your mobile device instantly to retrieve the 6-digit time-limited code.\u003C\u002Fp>\n\u003Cp>LogiShield Security 2FA plugin provides individual user-based two-factor authentication, allowing your editors, authors, and admins to manage their own WordPress site security seamlessly. Thus ensuring brute force protection.\u003C\u002Fp>\n\u003Cp>Documentation\u003C\u002Fp>\n\u003Ch4>2. Custom Login URL\u003C\u002Fh4>\n\u003Cp>A cornerstone feature of any effective WordPress login security plugin is the ability to mask your entry points, AKA the login URL. This feature lets you easily change WordPress login URL parameters. Instead of your login page living at\u003C\u002Fp>\n\u003Cp>X “yoursite.com\u002Fwp-admin” or “yoursite.com\u002Fwp-login.php”,\u003C\u002Fp>\n\u003Cp>Set a custom login URL WordPress slug, such as:\u003C\u002Fp>\n\u003Cp>✓”yoursite.com\u002Fmy-secret-portal”.\u003C\u002Fp>\n\u003Cp>Hide your WP-Admin page access and rename the WordPress login page locations using this simple custom login URL feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename your WordPress login URL to anything\u003C\u002Fli>\n\u003Cli>No core file changes or rewrite rules\u003C\u002Fli>\n\u003Cli>Hides wp-admin and wp-login.php completely\u003C\u002Fli>\n\u003Cli>Deactivate to restore original access instantly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why Custom Login URL is a must-have plugin: LogiShield is a must-have plugin for security because automated hacking bots are very much active on the WordPress ecosystem. They scour the internet looking for websites and automatically append \u003Ccode>\u002Fwp-admin\u003C\u002Fcode> to the domain.\u003C\u002Fp>\n\u003Cp>If the page loads, they begin their attack. Use the LogiShield WordPress login security plugin to change your admin URL, and those automated scripts simply hit a 404 Not Found error!\u003C\u002Fp>\n\u003Cp>This acts as an immediate unauthorized access prevention measure and a highly effective bot protection strategy. It also works as brute force attacks prevention. The Custom Login URL feature ensures your front door is hidden from the public eye.\u003C\u002Fp>\n\u003Cp>Documentation\u003C\u002Fp>\n\u003Ch4>3. Limit Login Attempts\u003C\u002Fh4>\n\u003Cp>By default, WordPress lets users try an unlimited number of login attempts. Trying to log in endlessly makes it easier for hackers to guess passwords. Limit Login Attempts by LogiShield blocks such brute force attacks by limiting login attempts.\u003C\u002Fp>\n\u003Cp>LogiShield shines as a WordPress login security plugin by actively neutralizing active attacks through advanced request limiting.\u003C\u002Fp>\n\u003Cp>This plugin lets you limit login attempts across your entire WordPress site. Configure a specific threshold (e.g., 3 failed attempts) to temporarily or permanently block suspicious IPs or invalid usernames. It creates a robust login firewall.\u003C\u002Fp>\n\u003Cp>Core features of LogiShield Limit Login Attempts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stops brute force attacks by limiting login attempts\u003C\u002Fli>\n\u003Cli>Works on standard logins, XMLRPC, WooCommerce, and custom pages\u003C\u002Fli>\n\u003Cli>Improves security and site performance\u003C\u002Fli>\n\u003Cli>Customized lockout timing\u003C\u002Fli>\n\u003Cli>Set the remaining time for retry\u003C\u002Fli>\n\u003Cli>Email Notifications of Lockout\u003C\u002Fli>\n\u003Cli>Logs of denied attempts and lockouts\u003C\u002Fli>\n\u003Cli>Logs of Successful Logins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why you need the Limit Login Attempts feature: The limit login attempts feature is needed because in dictionary or brute-force attacks, hackers use automated software to rapidly guess thousands of password combinations per minute. Without a WordPress login security plugin, WordPress allows infinite login guesses.\u003C\u002Fp>\n\u003Cp>This not only puts your credentials at risk but severely drains your server resources, potentially crashing your site.\u003C\u002Fp>\n\u003Cp>By implementing WordPress brute force protection through the LogiShield security plugin, you lock out invalid login attempts instantly. It is a critical WP admin security step to prevent dictionary attacks from overwhelming your database.\u003C\u002Fp>\n\u003Cp>Documentation\u003C\u002Fp>\n\u003Ch4>4. Temporary Login Access\u003C\u002Fh4>\n\u003Cp>Temporary login access feature redefines how you manage guest access and third-party collaborations.\u003C\u002Fp>\n\u003Cp>This feature allows you to generate secure, self-expiring links that grant direct access to your dashboard for a limited time. This means you can create a WordPress guest login without requiring a password.\u003C\u002Fp>\n\u003Cp>You can share temporary WordPress access with a specific user role, and set it to expire after a few hours, days, or after a single use.\u003C\u002Fp>\n\u003Cp>Features we offer for Temporary Login URL:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlimited logins: Create as many temporary logins as you need\u003C\u002Fli>\n\u003Cli>Passwordless login setup: Users log in with a simple link\u003C\u002Fli>\n\u003Cli>Set a custom expiry: Choose when access automatically ends\u003C\u002Fli>\n\u003Cli>Flexible time options: 1 day, 1 week, 1 month, or custom date\u003C\u002Fli>\n\u003Cli>Redirect after login: Send users to a specific page\u003C\u002Fli>\n\u003Cli>Track last login: See when each user last accessed your site using the temp link\u003C\u002Fli>\n\u003Cli>Login count: View how many times a link was used\u003C\u002Fli>\n\u003Cli>Detailed activity logs: Monitor exactly what each user did after login\u003C\u002Fli>\n\u003Cli>Limit link usage: Control how many times a link can be accessed\u003C\u002Fli>\n\u003Cli>Instant alerts: Get notified each time a temporary login is used\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why you need the Temp login link feature: Site owners frequently need to grant temporary admin access to WordPress credentials to freelance developers, support technicians, or guest writers. The traditional method involves creating an admin account and a password, which is a massive security risk. People often forget to delete these accounts, leaving ghost admin profiles vulnerable to attack.\u003C\u002Fp>\n\u003Cp>This WordPress login security plugin eliminates that risk entirely, along with any possibility of brute force attacks. Because no password is created, no password can be stolen. Once the time limit expires, this WordPress login security plugin automatically destroys the access link, maintaining pristine login page protection.\u003C\u002Fp>\n\u003Cp>Documentation\u003C\u002Fp>\n\u003Ch3>Why You Need a Dedicated WordPress Login Security Plugin\u003C\u002Fh3>\n\u003Cp>Every single day, thousands of websites fall victim to brute-force attacks and credential stuffing. The default WordPress configuration is user-friendly, but it leaves your front door wide open. When you install our LogiShield WordPress login security plugin, you instantly close those vulnerabilities.\u003C\u002Fp>\n\u003Cp>Many site owners assume their hosting provider handles security, but server-level security cannot protect your admin dashboard from compromised passwords. This is why a dedicated WordPress login security plugin is strictly necessary.\u003C\u002Fp>\n\u003Cp>By using a WordPress login security plugin, you can control your authentication flow, ensuring only authorized users can access your backend. This also ensures brute force attack prevention.\u003C\u002Fp>\n\u003Cp>We believe that security should have the least possible impact on website performance, user experience, and maintainability. Therefore, this WordPress login security plugin is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lightweight: Every feature in this WordPress login security plugin is developed with a modular approach. Disabled features won’t load any redundant code, keeping your site fast.\u003C\u002Fli>\n\u003Cli>Easy to use: This WordPress login security plugin offers a 1-minute configuration and a short, seamless onboarding process. You don’t need to be a cybersecurity expert to use this WordPress login security plugin effectively.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hence, whether you are running a small personal blog, a bustling e-commerce store, or a massive corporate portal, ensuring a robust firewall and WP login security is no longer optional; it’s a necessity.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>At newWebber, we believe that a WordPress login security plugin should protect your data, not harvest it. We are strictly committed to user privacy and full GDPR, CCPA, and CPRA compliance.\u003C\u002Fp>\n\u003Cp>LogiShield Security does not collect, harvest, transmit, or store personal data beyond what is strictly and functionally required for authentication security on your local server.\u003C\u002Fp>\n\u003Cp>When you use this WordPress login security plugin, all security logs (such as the IP addresses recorded to limit login attempts) are stored locally on your own WordPress database. We do not have access to your site’s data.\u003C\u002Fp>\n\u003Cp>Furthermore, this WordPress login security plugin does not track user behavior, set tracking cookies, or send telemetry or analytics data back to our servers or any third-party marketing agencies.\u003C\u002Fp>\n\u003Cp>The IP blocklists and allowlists are managed locally by your server. You retain absolute data sovereignty while utilizing this WordPress login security plugin.\u003C\u002Fp>\n\u003Cp>If a user requests the deletion of their personal data from your WordPress site, standard WordPress data erasure tools will seamlessly purge any localized security logs associated with that user generated by this WordPress login security plugin.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>To function as a top-tier WordPress login security plugin, LogiShield Security relies on your local server architecture for almost all operations. There is only one specific instance in which an external service is used to enhance the user experience during setup.\u003C\u002Fp>\n\u003Cp>This WordPress login security plugin uses the external QR Server API strictly to generate the visual QR codes during the two-factor authentication WordPress setup process.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service: QR Server API\u003C\u002Fli>\n\u003Cli>Purpose: To instantly generate readable QR codes for your mobile authenticator app during the TOTP setup.\u003C\u002Fli>\n\u003Cli>Data sent: Only the cryptographic TOTP setup URL is transmitted to generate the image. Absolutely no personally identifiable information (PII), usernames, passwords, or site data is sent.\u003C\u002Fli>\n\u003Cli>When: This API is only triggered momentarily during the specific moment a user configures 2FA in their user profile. It does not run in the background.\u003C\u002Fli>\n\u003Cli>Terms of Service: https:\u002F\u002Fqr-server.com\u002Fterms\u002F\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fqr-server.com\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","LogiSheild Security with 2FA, limit login, custom login URL, and temp login is your go-to login security plugin for WordPress.",249,"2026-03-14T08:56:00.000Z",[103,19,104,20,21],"2fa","custom-login","https:\u002F\u002Fplugin.newwebber.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogishield-security.1.0.0.zip","2026-04-06T09:54:40.288Z",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":13,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":71,"requires_at_least":51,"requires_php":72,"tags":118,"homepage":121,"download_link":122,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"vmpfence-security","VMP Security – Firewall, Malware Scan, and Login Security","2.2.7","VMP™","https:\u002F\u002Fprofiles.wordpress.org\u002Ftanveer269\u002F","\u003Cp>\u003Cstrong>Other WordPress security plugins delay firewall rules by 30 days and charge $119\u002Fyear for country blocking and audit logs. We don’t.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>VMP Security is a free WordPress security plugin that gives you 280+ real-time firewall rules, 9 specialized malware scanners, 40,000+ threat signatures, country blocking, audit logging, two-factor authentication, and brute force protection. Everything runs on your server. Your files and database never leave your hosting.\u003C\u002Fp>\n\u003Ch3>What’s Included\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Web Application Firewall\u003C\u002Fstrong> — 280+ real-time rules, zero-day detection, pre-WordPress execution mode\u003Cbr \u002F>\n✅ \u003Cstrong>9 Malware Scanners\u003C\u002Fstrong> — Malware, file integrity, CVE, user accounts, content, public files, server state, binary, domain reputation\u003Cbr \u002F>\n✅ \u003Cstrong>Country Blocking\u003C\u002Fstrong> — Block by country, login-only or full-site (free — competitors charge for this)\u003Cbr \u002F>\n✅ \u003Cstrong>Brute Force & Rate Limiting\u003C\u002Fstrong> — Login limits, leaked password detection, bot throttling\u003Cbr \u002F>\n✅ \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong> — QR setup, backup codes, role enforcement, WooCommerce support\u003Cbr \u002F>\n✅ \u003Cstrong>Audit Log & Live Traffic\u003C\u002Fstrong> — Complete security event history with real-time monitoring\u003Cbr \u002F>\n✅ \u003Cstrong>Privacy-First\u003C\u002Fstrong> — All scanning on your server. Files and database never sent externally.\u003C\u002Fp>\n\u003Ch3>How VMP Security Compares\u003C\u002Fh3>\n\u003Cp> Feature\u003Cbr \u002F>\n VMP Security (Free)\u003Cbr \u002F>\n Wordfence Free\u003Cbr \u002F>\n Wordfence Premium ($119\u002Fyr)\u003C\u002Fp>\n\u003Cp> Real-time firewall rules\u003Cbr \u002F>\n ✅ 280+\u003Cbr \u002F>\n ❌ 30-day delay\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Cp> Real-time malware signatures\u003Cbr \u002F>\n ✅ 40,000+\u003Cbr \u002F>\n ❌ 30-day delay\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Cp> Malware scanners\u003Cbr \u002F>\n 9 specialized\u003Cbr \u002F>\n 1 general\u003Cbr \u002F>\n 1 general\u003C\u002Fp>\n\u003Cp> Country blocking\u003Cbr \u002F>\n ✅\u003Cbr \u002F>\n ❌\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Cp> Audit log\u003Cbr \u002F>\n ✅\u003Cbr \u002F>\n ❌\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Cp> IP blocklist\u003Cbr \u002F>\n ✅\u003Cbr \u002F>\n ❌\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Cp> Two-factor authentication\u003Cbr \u002F>\n ✅\u003Cbr \u002F>\n ✅\u003Cbr \u002F>\n ✅\u003C\u002Fp>\n\u003Ch3>See It In Action\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3TrZaaReeaA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>🔥 Web Application Firewall (WAF)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Your first line of defense. Every request is inspected before it reaches WordPress.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What It Stops:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>SQL injection, cross-site scripting, code injection, file inclusion attacks, and more\u003C\u002Fstrong> — all major attack types covered\u003C\u002Fli>\n\u003Cli>\u003Cstrong>280+ built-in security rules\u003C\u002Fstrong> — updated in real-time, not delayed by 30 days\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-day protection\u003C\u002Fstrong> — pattern-based detection catches new, unknown threats\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom rules\u003C\u002Fstrong> — add your own blocking patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Learning mode\u003C\u002Fstrong> — fine-tune rules based on your real traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack logging\u003C\u002Fstrong> — full audit trail of every blocked request\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extended Protection (WAF Optimizer)\u003C\u002Fh3>\n\u003Cp>Run the firewall \u003Cem>before\u003C\u002Fem> WordPress loads — malicious requests are blocked before any vulnerable plugin or theme code can execute. One-click setup with automatic server detection (Apache\u002FLiteSpeed) and built-in backup.\u003C\u002Fp>\n\u003Ch3>🔍 9 Specialized Malware Scanners\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Not one scanner — nine. Each specialized for a different threat type.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> — 40,000+ signatures detect backdoors, trojans, and malicious code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Integrity Monitor\u003C\u002Fstrong> — Compares your files against official WordPress checksums\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> — Checks plugins and themes against known CVEs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Security Scanner\u003C\u002Fstrong> — Finds suspicious admin accounts and weak credentials\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Safety Scanner\u003C\u002Fstrong> — Detects malicious content injected into posts and comments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Public Files Scanner\u003C\u002Fstrong> — Finds exposed configuration files (wp-config backups, .env, debug logs)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server State Scanner\u003C\u002Fstrong> — Audits PHP settings, file permissions, and server configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Binary Scanner\u003C\u002Fstrong> — Detects malware embedded in images and executables\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Reputation Scanner\u003C\u002Fstrong> — Checks URLs against Google Safe Browsing and threat databases\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Obfuscation analysis catches encoded malware that basic scanners miss. Behavior analysis flags suspicious file operations beyond known signatures. Legitimacy assessment reduces false positives. Choose from quick, standard, high sensitivity, or custom scan modes.\u003C\u002Fp>\n\u003Ch3>🌍 Country Blocking & IP Management\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Block entire countries or fine-tune access with advanced pattern rules.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Geo-Blocking\u003C\u002Fstrong> — Block any country, login-only or full site access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Blocking\u003C\u002Fstrong> — Block individual IPs or IP ranges, temporary or permanent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Patterns\u003C\u002Fstrong> — Block by hostname, user agent, referrer, or IP range with wildcard and regex support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack Analytics\u003C\u002Fstrong> — See which countries attack you most with visual reports\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowlist\u003C\u002Fstrong> — Whitelist trusted IPs and services to bypass all blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GeoIP Integration\u003C\u002Fstrong> — Automatic IP-to-country lookup with auto-updating database\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Brute Force Protection & Rate Limiting\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Stop password guessing and resource exhaustion attacks.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart Login Limiting\u003C\u002Fstrong> — Lock out IPs after too many failed login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked Password Detection\u003C\u002Fstrong> — Check passwords against known breach databases\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strong Password Enforcement\u003C\u002Fstrong> — Require secure passwords for all user roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username Blacklist\u003C\u002Fstrong> — Block common attack usernames instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> — Cap requests per IP to stop scrapers and vulnerability scanners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Human vs Bot Detection\u003C\u002Fstrong> — Smart traffic classification with 404 monitoring\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔐 Two-Factor Authentication (2FA)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Even if someone steals your password, they can’t get in.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>QR Code Setup\u003C\u002Fstrong> — Works with Google Authenticator, Authy, 1Password, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> — Never get locked out of your own site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Enforcement\u003C\u002Fstrong> — Require 2FA for admins or specific user roles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Management\u003C\u002Fstrong> — Users manage their own 2FA via shortcode\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce & XML-RPC\u003C\u002Fstrong> — Covers your store and API endpoints\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📊 Dashboard, Monitoring & Tools\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Set it up in 5 minutes. Go deep when you want to.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Status\u003C\u002Fstrong> — Green, yellow, or red — know your protection level at a glance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic View\u003C\u002Fstrong> — Watch visitors and attacks in real-time with human vs. bot classification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Audit Log\u003C\u002Fstrong> — Every security event tracked with timestamps and IP intelligence\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled Scans\u003C\u002Fstrong> — Daily, weekly, or custom scan schedules\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Actions\u003C\u002Fstrong> — Block IPs, ignore false positives, repair infected files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Diagnostics\u003C\u002Fstrong> — 15+ system health checks for troubleshooting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Settings Export\u002FImport\u003C\u002Fstrong> — Backup and migrate security configuration between sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Site Sync\u003C\u002Fstrong> — Manage security across multiple WordPress sites from one place\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 Privacy-First Security\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>All scanning happens on YOUR server. Period.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What We DON’T Do:\u003C\u002Fh3>\n\u003Cp>❌ We don’t send your file content or database data to external servers\u003Cbr \u002F>\n❌ We don’t track your users\u003Cbr \u002F>\n❌ We don’t collect analytics about your site\u003Cbr \u002F>\n❌ We don’t send data without your knowledge\u003C\u002Fp>\n\u003Ch3>External Services (Optional):\u003C\u002Fh3>\n\u003Cp>We use external services only when necessary for specific security features. You can see exactly what’s sent:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>VMP Security Servers\u003C\u002Fstrong>\u003Cbr \u002F>\n* License activation and validation (free\u002Fpremium)\u003Cbr \u002F>\n* WAF rules synchronization and updates\u003Cbr \u002F>\n* Malware signature database updates\u003Cbr \u002F>\n* Two-Factor Authentication (2FA) system management\u003Cbr \u002F>\n* Settings export\u002Fimport cloud storage (optional)\u003Cbr \u002F>\n* Privacy: Your site data remains on your server — only configuration and security rules are synced\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google Services\u003C\u002Fstrong> (safebrowsing.googleapis.com, www.google.com\u002Frecaptcha)\u003Cbr \u002F>\n* URL threat detection and reCAPTCHA spam protection\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress.org APIs\u003C\u002Fstrong> (api.wordpress.org, downloads.wordpress.org, core.svn.wordpress.org)\u003Cbr \u002F>\n* Download original files for integrity checking during malware scans\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GitHub\u003C\u002Fstrong> (raw.githubusercontent.com)\u003Cbr \u002F>\n* Download WordPress core files for file comparison\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IP Lookup Services\u003C\u002Fstrong> (api.ipify.org, ifconfig.me, icanhazip.com, ip-api.com, ipwhois.app, download.ip2location.com)\u003Cbr \u002F>\n* Server IP detection, geolocation, and country blocking features\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Threat Intelligence\u003C\u002Fstrong> (api.urlvoid.com, www.virustotal.com, checkurl.phishtank.com)\u003Cbr \u002F>\n* URL reputation checking and threat validation\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Vulnerability Databases\u003C\u002Fstrong> (services.nvd.nist.gov, wpscan.com, cvedetails.com, cve.mitre.org)\u003Cbr \u002F>\n* Check for known security vulnerabilities during scans\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All malware scanning happens on YOUR server.\u003C\u002Fstrong> We do not upload your files or database content to external services.\u003C\u002Fp>\n","Firewall, malware scanner, 2FA, country blocking, and audit log — all free with real-time updates. No 30-day delays. No paywall.",975,"2026-04-02T11:37:00.000Z",[119,20,120,22,23],"brute-force-protection","malware","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvmpfence-security.2.2.7.zip",{"attackSurface":124,"codeSignals":1015,"taintFlows":1089,"riskAssessment":1116,"analyzedAt":1124},{"hooks":125,"ajaxHandlers":775,"restRoutes":876,"shortcodes":1001,"cronEvents":1007,"entryPointCount":332,"unprotectedCount":33},[126,132,136,141,144,148,151,153,156,159,162,165,168,169,171,174,177,180,185,189,193,196,201,203,207,211,215,219,222,226,229,231,234,237,242,246,250,254,257,261,265,267,270,273,275,279,282,285,289,292,296,299,302,306,309,311,315,317,321,325,328,333,336,340,344,348,351,354,357,360,364,368,371,374,377,381,385,388,391,395,398,401,404,407,412,415,419,422,425,428,430,433,434,436,440,443,446,450,453,455,457,459,461,466,470,472,476,480,483,486,489,491,493,496,499,502,505,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,545,549,552,554,557,560,562,565,568,571,575,578,581,584,585,589,591,593,595,598,599,600,601,604,607,610,614,617,621,625,628,632,636,640,642,646,649,651,653,658,660,662,663,665,667,668,669,670,671,674,677,679,681,683,686,689,692,695,699,702,706,709,713,716,718,720,724,728,732,736,741,743,745,748,751,753,758,762,765,768,769,773],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","init","closure","php\u002Fsrc\u002FBootstrap\u002FInitializer.php",24,{"type":127,"name":133,"callback":134,"file":130,"line":135},"login_form","ultimate_security_login_form_nonce",40,{"type":137,"name":138,"callback":139,"file":130,"line":140},"filter","auto_update_plugin","__return_true",51,{"type":137,"name":138,"callback":142,"file":130,"line":143},"__return_false",61,{"type":137,"name":145,"callback":146,"file":130,"line":147},"pre_site_transient_update_plugins","__return_null",62,{"type":137,"name":149,"callback":139,"file":130,"line":150},"auto_update_theme",66,{"type":137,"name":149,"callback":142,"file":130,"line":152},76,{"type":137,"name":154,"callback":146,"file":130,"line":155},"pre_site_transient_update_themes",77,{"type":137,"name":157,"callback":142,"file":130,"line":158},"auto_update_translation",82,{"type":137,"name":160,"callback":142,"file":130,"line":161},"auto_update_core",88,{"type":137,"name":163,"callback":142,"file":130,"line":164},"allow_minor_auto_core_updates",90,{"type":137,"name":166,"callback":142,"file":130,"line":167},"allow_major_auto_core_updates",91,{"type":137,"name":163,"callback":139,"file":130,"line":57},{"type":137,"name":166,"callback":139,"file":130,"line":170},95,{"type":137,"name":172,"callback":139,"file":130,"line":173},"allow_dev_auto_core_updates",97,{"type":137,"name":175,"callback":142,"priority":11,"file":130,"line":176},"automatic_updates_is_vcs_checkout",102,{"type":137,"name":178,"callback":129,"file":130,"line":179},"admin_init",107,{"type":127,"name":181,"callback":182,"priority":13,"file":183,"line":184},"plugins_loaded","checkAndRunUpdates","php\u002Fsrc\u002FBootstrap\u002FLifecycle\u002FDatabaseUpdater.php",101,{"type":127,"name":186,"callback":187,"priority":11,"file":183,"line":188},"upgrader_process_complete","onPluginUpdate",110,{"type":127,"name":190,"callback":142,"file":191,"line":192},"wp_password_change_notification","php\u002Fsrc\u002FInfrastructure\u002FWordPress\u002FHooks\u002FCustomHooks.php",223,{"type":137,"name":194,"callback":142,"file":191,"line":195},"retrieve_password_message",225,{"type":127,"name":197,"callback":198,"file":199,"line":200},"show_user_profile","display_2fa_settings","php\u002Fsrc\u002FModules\u002FAuthentication\u002FAuthentication2FA.php",81,{"type":127,"name":202,"callback":198,"file":199,"line":158},"edit_user_profile",{"type":137,"name":204,"callback":205,"priority":34,"file":199,"line":206},"authenticate","intercept_login",85,{"type":137,"name":208,"callback":209,"priority":11,"file":199,"line":210},"login_redirect","redirect_to_verification",86,{"type":127,"name":212,"callback":213,"priority":11,"file":199,"line":214},"wp_login_failed","cleanup_2fa_on_auth_failure",89,{"type":127,"name":216,"callback":217,"file":199,"line":218},"login_init","handle_verification_page",92,{"type":137,"name":220,"callback":220,"priority":221,"file":199,"line":173},"woocommerce_login_redirect",20,{"type":127,"name":223,"callback":224,"file":199,"line":225},"woocommerce_login_form_end","add_woocommerce_context_field",98,{"type":137,"name":227,"callback":228,"priority":11,"file":199,"line":184},"woocommerce_prevent_admin_access","allow_profile_access_for_2fa",{"type":127,"name":128,"callback":230,"file":199,"line":179},"conditionally_disable_xmlrpc",{"type":127,"name":128,"callback":232,"priority":233,"file":199,"line":188},"cleanup_trusted_device_metadata",5,{"type":137,"name":235,"callback":142,"file":199,"line":236},"xmlrpc_enabled",217,{"type":127,"name":238,"callback":239,"priority":240,"file":241,"line":147},"login_footer","login_validation_script",9999,"php\u002Fsrc\u002FModules\u002FAuthentication\u002FLoginControl.php",{"type":137,"name":243,"callback":244,"priority":11,"file":241,"line":245},"site_url","ultimate_security_login_control_site_url",73,{"type":137,"name":247,"callback":248,"priority":11,"file":241,"line":249},"network_site_url","ultimate_security_login_control_network_site_url",74,{"type":137,"name":251,"callback":252,"priority":11,"file":241,"line":253},"wp_redirect","ultimate_security_login_control_wp_redirect",75,{"type":137,"name":255,"callback":256,"file":241,"line":152},"site_option_ultimate_security_welcome_email_content","ultimate_security_welcome_email_content",{"type":137,"name":258,"callback":259,"priority":260,"file":241,"line":155},"user_request_action_email_content","ultimate_security_user_request_action_email_content",999,{"type":137,"name":262,"callback":263,"priority":11,"file":241,"line":264},"login_url","ultimate_security_login_control_login_url",79,{"type":127,"name":128,"callback":266,"priority":33,"file":241,"line":200},"ultimate_security_is_login_check",{"type":127,"name":268,"callback":269,"file":241,"line":158},"wp_loaded","ultimate_security_redirect_user",{"type":127,"name":133,"callback":271,"priority":272,"file":241,"line":206},"ultimate_security_insert_banner_markup",50,{"type":137,"name":274,"callback":129,"file":241,"line":214},"wpseo_exclude_from_sitemap_by_url",{"type":137,"name":276,"callback":277,"file":278,"line":152},"cron_schedules","add_cron_schedule","php\u002Fsrc\u002FModules\u002FAuthentication\u002FLoginLimit.php",{"type":137,"name":204,"callback":280,"priority":26,"file":278,"line":281},"check_login_limits",135,{"type":127,"name":212,"callback":283,"file":278,"line":284},"track_failed_login",136,{"type":127,"name":286,"callback":287,"priority":11,"file":278,"line":288},"wp_login","clear_login_attempts",137,{"type":127,"name":216,"callback":290,"priority":233,"file":278,"line":291},"check_bypass_cookie",143,{"type":137,"name":293,"callback":294,"file":278,"line":295},"login_errors","customize_login_errors",147,{"type":127,"name":133,"callback":297,"file":278,"line":298},"inject_lockout_refresh_script",148,{"type":127,"name":216,"callback":300,"priority":233,"file":278,"line":301},"check_expired_lockouts",149,{"type":137,"name":204,"callback":303,"priority":304,"file":278,"line":305},"bypass_login_limits",99,327,{"type":137,"name":307,"callback":129,"file":278,"line":308},"login_message",329,{"type":127,"name":286,"callback":129,"priority":11,"file":278,"line":310},678,{"type":127,"name":212,"callback":312,"priority":221,"file":313,"line":314},"on_login_failed","php\u002Fsrc\u002FModules\u002FAuthentication\u002FLoginNotifications.php",146,{"type":127,"name":286,"callback":316,"priority":221,"file":313,"line":295},"on_login_success",{"type":127,"name":318,"callback":319,"priority":11,"file":313,"line":320},"ultimate_security_user_locked","on_user_locked",150,{"type":127,"name":322,"callback":323,"priority":11,"file":313,"line":324},"ultimate_security_log_event","on_security_event",151,{"type":137,"name":276,"callback":326,"file":313,"line":327},"add_cron_schedules",154,{"type":127,"name":329,"callback":330,"priority":240,"file":331,"line":332},"admin_footer","edit_profile_password_hints","php\u002Fsrc\u002FModules\u002FAuthentication\u002FPasswordPolicies.php",64,{"type":127,"name":334,"callback":335,"priority":11,"file":331,"line":150},"validate_password_reset","ultimate_security_password_validation_on_reset",{"type":127,"name":337,"callback":338,"priority":11,"file":331,"line":339},"user_profile_update_errors","ultimate_security_password_validation_on_profile_update",67,{"type":127,"name":341,"callback":342,"priority":11,"file":331,"line":343},"woocommerce_save_account_details_errors","ultimate_security_password_validation_on_account_update",69,{"type":137,"name":345,"callback":346,"file":331,"line":347},"password_hint","ultimate_security_change_password_hint_message",71,{"type":127,"name":349,"callback":350,"priority":11,"file":331,"line":245},"wp_set_password","ultimate_security_save_old_password_to_user_meta",{"type":127,"name":352,"callback":353,"priority":11,"file":331,"line":249},"profile_update","ultimate_security_profile_update_password_history",{"type":127,"name":355,"callback":356,"priority":11,"file":331,"line":253},"woocommerce_save_account_details","ultimate_security_woocommerce_save_account_details_password_history",{"type":137,"name":358,"callback":359,"priority":11,"file":331,"line":155},"lostpassword_url","ultimate_security_custom_lostpassword_url",{"type":127,"name":361,"callback":362,"file":331,"line":363},"template_redirect","ultimate_security_redirect_lost_password_to_account",78,{"type":127,"name":365,"callback":366,"file":331,"line":367},"wp_enqueue_scripts","enqueue_scripts",80,{"type":127,"name":369,"callback":370,"file":331,"line":200},"login_enqueue_scripts","enqueue_scripts_login",{"type":127,"name":372,"callback":373,"file":331,"line":158},"admin_enqueue_scripts","enqueue_scripts_admin",{"type":137,"name":375,"callback":376,"file":331,"line":167},"lost_password_html_link","ultimate_security_remove_lost_password_html_link",{"type":127,"name":361,"callback":378,"priority":33,"file":379,"line":380},"exclude_security_pages_from_cache","php\u002Fsrc\u002FModules\u002FCompatibility\u002FCachePluginsIntegration.php",18,{"type":127,"name":382,"callback":383,"file":379,"line":384},"ultimate_security_settings_saved","purge_cache_on_settings_change",21,{"type":137,"name":386,"callback":387,"file":379,"line":131},"nonce_life","adjust_nonce_life_for_cache",{"type":127,"name":216,"callback":389,"priority":33,"file":379,"line":390},"set_login_no_cache",27,{"type":127,"name":181,"callback":392,"priority":221,"file":393,"line":394},"load_integrations","php\u002Fsrc\u002FModules\u002FCompatibility\u002FCompatibilityManager.php",72,{"type":127,"name":396,"callback":397,"file":393,"line":253},"admin_notices","show_compatibility_notices",{"type":137,"name":399,"callback":400,"file":393,"line":363},"ultimate_security_skip_rate_limit","should_skip_rate_limit",{"type":137,"name":402,"callback":403,"priority":11,"file":393,"line":200},"ultimate_security_skip_rest_protection","should_skip_rest_protection",{"type":127,"name":329,"callback":405,"file":393,"line":406},"add_dismiss_notice_script",193,{"type":137,"name":408,"callback":409,"priority":11,"file":410,"line":411},"ultimate_security_rate_limit_check","skip_flavor_ajax","php\u002Fsrc\u002FModules\u002FCompatibility\u002FFlavorIntegration.php",17,{"type":137,"name":413,"callback":414,"file":410,"line":221},"ultimate_security_frame_options","adjust_frame_options",{"type":137,"name":416,"callback":417,"priority":11,"file":410,"line":418},"ultimate_security_url_guard_check","whitelist_flavor_endpoints",23,{"type":137,"name":420,"callback":421,"file":410,"line":58},"ultimate_security_skip_heartbeat_limit","allow_flavor_heartbeat",{"type":137,"name":408,"callback":423,"priority":11,"file":424,"line":380},"skip_form_ajax","php\u002Fsrc\u002FModules\u002FCompatibility\u002FFormPluginsIntegration.php",{"type":137,"name":426,"callback":427,"file":424,"line":384},"ultimate_security_captcha_check","coordinate_captcha",{"type":137,"name":416,"callback":429,"priority":11,"file":424,"line":131},"whitelist_form_endpoints",{"type":137,"name":408,"callback":431,"priority":11,"file":432,"line":221},"skip_builder_ajax","php\u002Fsrc\u002FModules\u002FCompatibility\u002FPageBuildersIntegration.php",{"type":137,"name":413,"callback":414,"file":432,"line":418},{"type":137,"name":420,"callback":435,"file":432,"line":58},"allow_editor_heartbeat",{"type":137,"name":274,"callback":437,"file":438,"line":439},"exclude_security_urls_yoast","php\u002Fsrc\u002FModules\u002FCompatibility\u002FSEOPluginsIntegration.php",19,{"type":137,"name":441,"callback":442,"priority":11,"file":438,"line":418},"rank_math\u002Fsitemap\u002Fexclude_post_type","exclude_security_urls_rankmath",{"type":137,"name":444,"callback":445,"file":438,"line":390},"aioseo_sitemap_excluded_pages","exclude_security_urls_aioseo",{"type":127,"name":447,"callback":448,"priority":33,"file":438,"line":449},"wp_head","add_noindex_to_security_pages",31,{"type":137,"name":408,"callback":451,"priority":11,"file":452,"line":380},"skip_woocommerce_ajax","php\u002Fsrc\u002FModules\u002FCompatibility\u002FWooCommerceIntegration.php",{"type":127,"name":223,"callback":454,"file":452,"line":384},"add_2fa_to_wc_login",{"type":137,"name":416,"callback":456,"priority":11,"file":452,"line":131},"whitelist_wc_rest_api",{"type":127,"name":361,"callback":458,"file":452,"line":390},"set_no_cache_for_wc_pages",{"type":137,"name":386,"callback":460,"file":452,"line":34},"extend_wc_nonce_life",{"type":127,"name":462,"callback":463,"file":464,"line":465},"rest_api_init","regsiter_routes","php\u002Fsrc\u002FModules\u002FMaintenance\u002FDeactivationUrl.php",47,{"type":127,"name":467,"callback":468,"file":464,"line":469},"admin_post_ultimate_security_deactivate","ultimate_security_handle_plugin_deactivation",49,{"type":127,"name":471,"callback":468,"file":464,"line":272},"admin_post_nopriv_ultimate_security_deactivate",{"type":127,"name":462,"callback":473,"file":474,"line":475},"register_rest_routes","php\u002Fsrc\u002FModules\u002FMaintenance\u002FImportExport.php",45,{"type":127,"name":462,"callback":477,"file":478,"line":479},"register_routes","php\u002Fsrc\u002FModules\u002FMaintenance\u002FMoreTools.php",48,{"type":127,"name":462,"callback":473,"file":481,"line":482},"php\u002Fsrc\u002FModules\u002FMaintenance\u002FSimpleCleanup.php",104,{"type":127,"name":484,"callback":485,"file":481,"line":188},"ultimate_security_weekly_cleanup","run_scheduled_cleanup",{"type":127,"name":186,"callback":487,"priority":11,"file":488,"line":245},"ultimate_security_handle_update_complete","php\u002Fsrc\u002FModules\u002FMaintenance\u002FUpdateManager.php",{"type":127,"name":490,"callback":490,"priority":11,"file":488,"line":249},"ultimate_security_send_update_success_email",{"type":137,"name":276,"callback":492,"file":488,"line":363},"ultimate_security_custom_cron_schedules",{"type":127,"name":494,"callback":495,"file":488,"line":264},"wp","ultimate_security_schedule_daily_9am_cron",{"type":127,"name":497,"callback":498,"file":488,"line":367},"ultimate_security_daily_9am_task","ultimate_security_handle_daily_9am_task",{"type":127,"name":128,"callback":500,"file":488,"line":501},"ultimate_security_remove_daily_9am_cron",83,{"type":137,"name":503,"callback":142,"file":488,"line":504},"auto_core_update_send_email",87,{"type":137,"name":506,"callback":507,"file":488,"line":236},"wp_mail_content_type","set_html_content_type",{"type":137,"name":506,"callback":507,"file":488,"line":509},720,{"type":137,"name":506,"callback":507,"file":488,"line":511},736,{"type":137,"name":138,"callback":139,"file":488,"line":513},890,{"type":137,"name":138,"callback":142,"file":488,"line":515},900,{"type":137,"name":145,"callback":146,"file":488,"line":517},901,{"type":137,"name":149,"callback":139,"file":488,"line":519},907,{"type":137,"name":149,"callback":142,"file":488,"line":521},912,{"type":137,"name":154,"callback":146,"file":488,"line":523},915,{"type":137,"name":157,"callback":142,"file":488,"line":525},920,{"type":137,"name":160,"callback":142,"file":488,"line":527},926,{"type":137,"name":163,"callback":142,"file":488,"line":529},928,{"type":137,"name":166,"callback":142,"file":488,"line":531},929,{"type":137,"name":163,"callback":139,"file":488,"line":533},931,{"type":137,"name":166,"callback":139,"file":488,"line":535},933,{"type":137,"name":172,"callback":139,"file":488,"line":537},935,{"type":137,"name":175,"callback":142,"priority":11,"file":488,"line":539},940,{"type":137,"name":178,"callback":129,"file":488,"line":541},945,{"type":127,"name":462,"callback":473,"file":543,"line":544},"php\u002Fsrc\u002FModules\u002FMonitoring\u002FBasicSecurityScore.php",305,{"type":127,"name":546,"callback":547,"file":543,"line":548},"ultimate_security_options_updated","clear_cache",306,{"type":127,"name":286,"callback":550,"priority":11,"file":551,"line":249},"log_login_success","php\u002Fsrc\u002FModules\u002FMonitoring\u002FSimpleEventLogger.php",{"type":127,"name":212,"callback":553,"priority":11,"file":551,"line":253},"log_login_failed",{"type":127,"name":555,"callback":556,"priority":11,"file":551,"line":152},"wp_logout","log_logout",{"type":127,"name":558,"callback":559,"priority":11,"file":551,"line":155},"password_reset","log_password_reset",{"type":127,"name":352,"callback":561,"priority":11,"file":551,"line":363},"log_password_changed",{"type":127,"name":563,"callback":564,"priority":11,"file":551,"line":200},"ultimate_security_2fa_method_enabled","log_2fa_enabled",{"type":127,"name":566,"callback":567,"priority":11,"file":551,"line":158},"ultimate_security_2fa_method_disabled","log_2fa_disabled",{"type":127,"name":569,"callback":570,"priority":11,"file":551,"line":501},"ultimate_security_2fa_verified","log_2fa_success",{"type":127,"name":572,"callback":573,"priority":11,"file":551,"line":574},"ultimate_security_2fa_failed","log_2fa_failed",84,{"type":127,"name":576,"callback":577,"priority":11,"file":551,"line":206},"ultimate_security_user_locked_out","log_lockout",{"type":127,"name":579,"callback":580,"priority":11,"file":551,"line":210},"ultimate_security_device_trusted","log_device_trusted",{"type":127,"name":582,"callback":583,"priority":11,"file":551,"line":504},"ultimate_security_device_revoked","log_device_revoked",{"type":127,"name":462,"callback":473,"file":551,"line":164},{"type":127,"name":586,"callback":587,"file":551,"line":588},"ultimate_security_cleanup_audit_logs","cleanup_old_logs",96,{"type":127,"name":462,"callback":477,"file":590,"line":394},"php\u002Fsrc\u002FModules\u002FMonitoring\u002FSiteHealth\u002FSiteHealthInfo.php",{"type":127,"name":462,"callback":477,"file":592,"line":504},"php\u002Fsrc\u002FModules\u002FMonitoring\u002FVulnerabilityScanner\u002FVulnerabilityScanner.php",{"type":127,"name":178,"callback":594,"file":592,"line":214},"setup_cron_schedule",{"type":127,"name":372,"callback":596,"file":597,"line":167},"ultimate_security_enqueue_turnstile_script","php\u002Fsrc\u002FModules\u002FProtection\u002FCloudflareTurnstile.php",{"type":127,"name":365,"callback":596,"file":597,"line":218},{"type":127,"name":369,"callback":596,"file":597,"line":57},{"type":127,"name":216,"callback":596,"file":597,"line":588},{"type":127,"name":602,"callback":603,"file":597,"line":304},"sclm_captha","sclm_captha_element",{"type":127,"name":133,"callback":605,"priority":606,"file":597,"line":179},"add_turnstile_to_login_form",999999,{"type":127,"name":608,"callback":605,"priority":606,"file":597,"line":609},"woocommerce_login_form",108,{"type":127,"name":611,"callback":612,"file":597,"line":613},"register_form","add_turnstile_to_register_form",112,{"type":127,"name":615,"callback":612,"priority":606,"file":597,"line":616},"woocommerce_register_form",113,{"type":127,"name":618,"callback":619,"file":597,"line":620},"lostpassword_form","add_turnstile_to_lostpassword_form",118,{"type":127,"name":622,"callback":623,"priority":11,"file":597,"line":624},"comment_form","add_turnstile_to_comment_form",125,{"type":137,"name":204,"callback":626,"priority":304,"file":597,"line":627},"verify_login_turnstile",129,{"type":137,"name":629,"callback":630,"priority":11,"file":597,"line":631},"registration_errors","verify_register_turnstile",130,{"type":127,"name":633,"callback":634,"file":597,"line":635},"lostpassword_post","verify_lostpassword_turnstile",131,{"type":137,"name":637,"callback":638,"file":597,"line":639},"preprocess_comment","verify_comment_turnstile",132,{"type":127,"name":462,"callback":641,"file":597,"line":281},"register_turnstile_log_endpoint",{"type":137,"name":643,"callback":644,"priority":11,"file":597,"line":645},"script_loader_tag","ultimate_security_add_defer_attribute",181,{"type":127,"name":447,"callback":647,"priority":260,"file":648,"line":363},"inject_protection_scripts","php\u002Fsrc\u002FModules\u002FProtection\u002FContentProtection.php",{"type":127,"name":447,"callback":650,"priority":260,"file":648,"line":264},"inject_protection_styles",{"type":127,"name":178,"callback":652,"file":648,"line":158},"setup_hotlink_protection",{"type":127,"name":654,"callback":655,"file":656,"line":657},"login_head","disable_recaptcha_script","php\u002Fsrc\u002FModules\u002FProtection\u002FGoogleRecaptcha.php",68,{"type":127,"name":494,"callback":659,"file":656,"line":343},"disable_recaptcha_script_woo",{"type":127,"name":369,"callback":661,"file":656,"line":363},"enqueue_recaptcha_script",{"type":127,"name":365,"callback":661,"file":656,"line":264},{"type":127,"name":654,"callback":664,"file":656,"line":200},"custom_login_inline_scripts",{"type":127,"name":133,"callback":666,"priority":606,"file":656,"line":206},"add_recaptcha_to_form",{"type":127,"name":611,"callback":666,"priority":606,"file":656,"line":504},{"type":127,"name":618,"callback":666,"priority":606,"file":656,"line":161},{"type":127,"name":608,"callback":666,"priority":606,"file":656,"line":218},{"type":127,"name":615,"callback":666,"priority":606,"file":656,"line":57},{"type":127,"name":672,"callback":673,"priority":11,"file":656,"line":35},"woocommerce_process_login_errors","verify_recaptcha_on_woocommerce_login",{"type":127,"name":675,"callback":676,"priority":11,"file":656,"line":170},"woocommerce_register_post","verify_recaptcha_on_woocommerce_register",{"type":127,"name":678,"callback":661,"file":656,"line":588},"woocommerce_before_checkout_form",{"type":127,"name":680,"callback":661,"file":656,"line":173},"woocommerce_before_customer_login_form",{"type":127,"name":682,"callback":661,"file":656,"line":225},"woocommerce_before_register_form",{"type":127,"name":684,"callback":685,"priority":11,"file":656,"line":184},"wp_authenticate_user","verify_recaptcha_response",{"type":127,"name":687,"callback":688,"priority":11,"file":656,"line":176},"register_post","verify_recaptcha_on_registration",{"type":127,"name":633,"callback":690,"file":656,"line":691},"verify_recaptcha_on_lostpassword",103,{"type":127,"name":396,"callback":693,"file":694,"line":147},"maybeShowWizardNotice","php\u002Fsrc\u002FModules\u002FSetup\u002FSecurityWizard.php",{"type":127,"name":396,"callback":696,"file":697,"line":698},"displayTestModeNotice","php\u002Fsrc\u002FModules\u002FTestMode\u002FTestModeModule.php",44,{"type":127,"name":700,"callback":701,"file":697,"line":475},"wp_dashboard_setup","registerDashboardWidget",{"type":127,"name":703,"callback":704,"file":697,"line":705},"update_option_ultimate_security_options","resetCache",46,{"type":127,"name":707,"callback":708,"file":697,"line":469},"wp_before_admin_bar_render","displayTestModeAdminBar",{"type":127,"name":462,"callback":710,"file":711,"line":712},"ultimate_security_rest_api_init","php\u002Fsrc\u002FPresentation\u002FAPI\u002FControllers\u002FRestAPI.php",37,{"type":127,"name":372,"callback":714,"file":715,"line":58},"enqueue_styles","php\u002Fsrc\u002FPresentation\u002FAdmin\u002FAdminAssets.php",{"type":127,"name":372,"callback":366,"file":715,"line":717},28,{"type":127,"name":372,"callback":719,"file":715,"line":34},"ultimate_script_deactive_functionalities",{"type":127,"name":721,"callback":722,"file":715,"line":723},"current_screen","ultimate_security_hide_admin_notices",32,{"type":137,"name":725,"callback":726,"file":715,"line":727},"admin_body_class","ultimate_security_admin_body_class",34,{"type":137,"name":729,"callback":730,"priority":11,"file":715,"line":731},"wp_resource_hints","add_font_preconnect",52,{"type":127,"name":178,"callback":733,"file":734,"line":735},"ultimate_security_do_activation_redirect","php\u002Fsrc\u002FPresentation\u002FAdmin\u002FAdminHooks.php",14,{"type":127,"name":737,"callback":738,"priority":739,"file":734,"line":740},"admin_bar_menu","ultimate_security_admin_bar_menu",500,16,{"type":127,"name":178,"callback":742,"file":734,"line":380},"ultimate_security_page_data",{"type":127,"name":178,"callback":744,"file":734,"line":221},"ultimate_security_product_category_data",{"type":137,"name":276,"callback":746,"file":734,"line":747},"ultimate_security_cron_schedules",22,{"type":127,"name":396,"callback":749,"file":734,"line":750},"ultimate_security_admin_notice_feedback",25,{"type":127,"name":329,"callback":752,"file":734,"line":58},"ultimate_security_admin_footer_feedback",{"type":127,"name":754,"callback":755,"file":756,"line":757},"admin_menu","ultimate_security_admin_menu","php\u002Fsrc\u002FPresentation\u002FAdmin\u002FAdminMenu.php",11,{"type":127,"name":396,"callback":759,"file":760,"line":761},"security_plugin_conflict_notice","php\u002Fsrc\u002FPresentation\u002FAdmin\u002FAdminNotices.php",9,{"type":127,"name":372,"callback":763,"file":764,"line":411},"enqueue_profile_2fa_scripts","php\u002Fsrc\u002FPresentation\u002FAdmin\u002FReactAssets.php",{"type":127,"name":365,"callback":714,"file":766,"line":767},"php\u002Fsrc\u002FPresentation\u002FPublicSite\u002FPublicHooks.php",13,{"type":127,"name":365,"callback":366,"file":766,"line":735},{"type":127,"name":770,"callback":771,"file":766,"line":772},"wp_footer","ultimate_security_top_bar",15,{"type":127,"name":447,"callback":774,"priority":240,"file":766,"line":411},"get_footer_enqueue_styles",[776,782,786,788,790,794,797,800,803,807,811,815,819,822,825,829,832,835,838,841,843,845,847,849,852,854,856,859,862,865,867,869,872,874],{"action":777,"nopriv":778,"callback":779,"hasNonce":778,"hasCapCheck":780,"file":278,"line":781},"check_lockout_status",true,"ajax_check_lockout_status",false,155,{"action":783,"nopriv":780,"callback":784,"hasNonce":778,"hasCapCheck":778,"file":313,"line":785},"ultimate_security_block_ip","ajax_block_ip",164,{"action":787,"nopriv":780,"callback":787,"hasNonce":778,"hasCapCheck":780,"file":331,"line":206},"ultimate_security_get_password_hints",{"action":789,"nopriv":780,"callback":789,"hasNonce":778,"hasCapCheck":780,"file":331,"line":161},"ultimate_security_password_validation_on_myaccount",{"action":791,"nopriv":780,"callback":792,"hasNonce":778,"hasCapCheck":778,"file":793,"line":475},"ultimate_security_update_totp_otp_code","ajax_update_totp_code","php\u002Fsrc\u002FModules\u002FAuthentication\u002FTwoFactor\u002FHttp\u002FAjaxHandlers.php",{"action":795,"nopriv":780,"callback":796,"hasNonce":778,"hasCapCheck":778,"file":793,"line":705},"ultimate_security_update_totp_secret_code","ajax_reset_totp_secret",{"action":798,"nopriv":780,"callback":799,"hasNonce":778,"hasCapCheck":778,"file":793,"line":469},"ultimate_security_update_hotp_otp_code","ajax_update_hotp_code",{"action":801,"nopriv":780,"callback":802,"hasNonce":778,"hasCapCheck":778,"file":793,"line":272},"ultimate_security_update_hotp_secret_code","ajax_reset_hotp_secret",{"action":804,"nopriv":780,"callback":805,"hasNonce":778,"hasCapCheck":778,"file":793,"line":806},"ultimate_security_sent_otp_email","ajax_send_otp_email",53,{"action":808,"nopriv":780,"callback":809,"hasNonce":778,"hasCapCheck":778,"file":793,"line":810},"ultimate_security_enable_otp_email","ajax_enable_otp_email",54,{"action":812,"nopriv":778,"callback":813,"hasNonce":778,"hasCapCheck":780,"file":793,"line":814},"ultimate_security_resend_2fa_code","ajax_resend_2fa_code",55,{"action":816,"nopriv":780,"callback":817,"hasNonce":778,"hasCapCheck":780,"file":793,"line":818},"ultimate_security_enable_encryption_database_keys","ajax_enable_encryption",58,{"action":820,"nopriv":780,"callback":821,"hasNonce":778,"hasCapCheck":778,"file":793,"line":143},"ultimate_security_user_2fa_reset","ajax_reset_2fa",{"action":823,"nopriv":780,"callback":824,"hasNonce":778,"hasCapCheck":778,"file":793,"line":147},"ultimate_security_user_2fa_set","ajax_set_2fa",{"action":826,"nopriv":780,"callback":827,"hasNonce":778,"hasCapCheck":778,"file":793,"line":828},"ultimate_security_user_2fa_get","ajax_get_2fa",63,{"action":830,"nopriv":780,"callback":831,"hasNonce":778,"hasCapCheck":778,"file":793,"line":150},"ultimate_security_generate_backup_codes","ajax_generate_backup_codes",{"action":833,"nopriv":780,"callback":834,"hasNonce":778,"hasCapCheck":780,"file":793,"line":339},"ultimate_security_get_backup_codes_status","ajax_get_backup_codes_status",{"action":836,"nopriv":780,"callback":837,"hasNonce":778,"hasCapCheck":778,"file":793,"line":657},"ultimate_security_revoke_backup_codes","ajax_revoke_backup_codes",{"action":839,"nopriv":780,"callback":840,"hasNonce":778,"hasCapCheck":778,"file":393,"line":574},"ultimate_security_dismiss_notice","ajax_dismiss_notice",{"action":842,"nopriv":780,"callback":842,"hasNonce":778,"hasCapCheck":780,"file":488,"line":731},"ultimate_security_send_update_notification_test_email",{"action":844,"nopriv":780,"callback":844,"hasNonce":778,"hasCapCheck":780,"file":488,"line":814},"ultimate_security_update_plugins",{"action":846,"nopriv":780,"callback":846,"hasNonce":778,"hasCapCheck":780,"file":488,"line":818},"ultimate_security_update_themes",{"action":848,"nopriv":780,"callback":848,"hasNonce":778,"hasCapCheck":780,"file":488,"line":143},"ultimate_security_update_core",{"action":850,"nopriv":780,"callback":850,"hasNonce":778,"hasCapCheck":780,"file":488,"line":851},"ultimate_security_get_pending_updates",65,{"action":853,"nopriv":780,"callback":853,"hasNonce":778,"hasCapCheck":780,"file":488,"line":150},"ultimate_security_update_single_plugin",{"action":855,"nopriv":780,"callback":855,"hasNonce":778,"hasCapCheck":780,"file":488,"line":339},"ultimate_security_update_single_theme",{"action":857,"nopriv":780,"callback":858,"hasNonce":778,"hasCapCheck":778,"file":694,"line":828},"ultimate_security_dismiss_wizard","handleDismissWizard",{"action":860,"nopriv":780,"callback":860,"hasNonce":778,"hasCapCheck":780,"file":861,"line":757},"ultimate_security_search_recent_ips","php\u002Fsrc\u002FPresentation\u002FAPI\u002FControllers\u002FAjaxAPI.php",{"action":863,"nopriv":780,"callback":863,"hasNonce":778,"hasCapCheck":780,"file":861,"line":864},"ultimate_security_ip_set",12,{"action":866,"nopriv":780,"callback":866,"hasNonce":778,"hasCapCheck":780,"file":861,"line":767},"ultimate_security_ip_validate",{"action":868,"nopriv":780,"callback":868,"hasNonce":778,"hasCapCheck":780,"file":861,"line":735},"ultimate_security_shop_ip_reset",{"action":870,"nopriv":780,"callback":871,"hasNonce":778,"hasCapCheck":778,"file":861,"line":772},"ultimate_security_review_action","handle_review_action",{"action":873,"nopriv":780,"callback":873,"hasNonce":778,"hasCapCheck":778,"file":861,"line":740},"ultimate_security_deact_submit",{"action":875,"nopriv":780,"callback":875,"hasNonce":778,"hasCapCheck":778,"file":861,"line":411},"ultimate_security_dismiss_passkey_notice",[877,883,887,891,894,898,901,905,909,913,917,920,924,929,933,938,943,948,953,957,962,968,972,976,981,986,991,996],{"namespace":878,"route":879,"methods":880,"callback":882,"permissionCallback":129,"file":464,"line":332},"ultimate-security\u002Fv1","\u002Fdisable-ultimate-security-popup",[881],"GET","get_ultimate_security_popup_status",{"namespace":878,"route":879,"methods":884,"callback":886,"permissionCallback":129,"file":464,"line":245},[885],"POST","dismiss_ultimate_security_popup",{"namespace":878,"route":888,"methods":889,"callback":890,"permissionCallback":129,"file":464,"line":158},"\u002Fregenerate-deactivation-url",[885],"regenerate_deactivation_url",{"namespace":878,"route":892,"methods":893,"callback":129,"permissionCallback":129,"file":474,"line":469},"\u002Fsettings",[885],{"namespace":878,"route":895,"methods":896,"callback":897,"permissionCallback":129,"file":478,"line":806},"\u002Frest-status",[881],"get_rest_status",{"namespace":878,"route":899,"methods":900,"callback":129,"permissionCallback":139,"file":478,"line":143},"\u002Fping",[881],{"namespace":878,"route":902,"methods":903,"callback":904,"permissionCallback":129,"file":478,"line":343},"\u002Fcron-status",[881],"get_cron_status",{"namespace":878,"route":906,"methods":907,"callback":908,"permissionCallback":129,"file":478,"line":155},"\u002Frun-cron",[885],"run_cron",{"namespace":878,"route":910,"methods":911,"callback":912,"permissionCallback":129,"file":478,"line":164},"\u002Fserver-status",[881],"get_server_status",{"namespace":878,"route":914,"methods":915,"callback":916,"permissionCallback":129,"file":478,"line":184},"\u002Freset-settings",[885],"reset_settings",{"namespace":878,"route":918,"methods":919,"callback":547,"permissionCallback":129,"file":478,"line":188},"\u002Fclear-cache",[885],{"namespace":878,"route":921,"methods":922,"callback":923,"permissionCallback":129,"file":481,"line":85},"\u002Fsimple-cleanup\u002Fstats",[881],"get_stats_endpoint",{"namespace":878,"route":925,"methods":926,"callback":927,"permissionCallback":129,"file":481,"line":928},"\u002Fsimple-cleanup\u002Fdelete",[885],"delete_endpoint",128,{"namespace":878,"route":930,"methods":931,"callback":932,"permissionCallback":129,"file":481,"line":314},"\u002Fsimple-cleanup\u002Fdelete-all",[885],"delete_all_endpoint",{"namespace":878,"route":934,"methods":935,"callback":936,"permissionCallback":129,"file":543,"line":937},"\u002Fsecurity-score",[881],"get_score_endpoint",316,{"namespace":878,"route":939,"methods":940,"callback":941,"permissionCallback":129,"file":543,"line":942},"\u002Fsecurity-score\u002Fchecks",[881],"get_checks_endpoint",324,{"namespace":878,"route":944,"methods":945,"callback":946,"permissionCallback":129,"file":543,"line":947},"\u002Fsecurity-score\u002Frefresh",[885],"refresh_score_endpoint",332,{"namespace":878,"route":949,"methods":950,"callback":951,"permissionCallback":129,"file":551,"line":952},"\u002Faudit-logs",[881],"get_logs_endpoint",505,{"namespace":878,"route":954,"methods":955,"callback":923,"permissionCallback":129,"file":551,"line":956},"\u002Faudit-logs\u002Fstats",[881],523,{"namespace":878,"route":958,"methods":959,"callback":960,"permissionCallback":129,"file":551,"line":961},"\u002Faudit-logs\u002Fevent-types",[881],"get_event_types_endpoint",531,{"namespace":878,"route":963,"methods":964,"callback":966,"permissionCallback":129,"file":551,"line":967},"\u002Faudit-logs\u002Fcleanup",[965],"DELETE","cleanup_endpoint",539,{"namespace":878,"route":969,"methods":970,"callback":971,"permissionCallback":129,"file":590,"line":620},"\u002Fsite-health-info",[881],"get_site_health_info",{"namespace":878,"route":973,"methods":974,"callback":975,"permissionCallback":129,"file":590,"line":631},"\u002Fsite-health\u002Fmu-plugins",[881],"get_mu_plugins_info",{"namespace":878,"route":977,"methods":978,"callback":979,"permissionCallback":129,"file":590,"line":980},"\u002Fsite-health\u002F(?P\u003Ctab_id>[a-zA-Z0-9-_]+)",[881],"get_tab_info",142,{"namespace":878,"route":982,"methods":983,"callback":984,"permissionCallback":129,"file":590,"line":985},"\u002Fhealth-check",[881],"get_health_check_data",161,{"namespace":878,"route":987,"methods":988,"callback":989,"permissionCallback":129,"file":590,"line":990},"\u002Fhealth-check\u002F(?P\u003Ccollector>[a-zA-Z0-9-_]+)",[881],"get_health_check_collector",173,{"namespace":878,"route":992,"methods":993,"callback":994,"permissionCallback":129,"file":590,"line":995},"\u002Fhealth-check\u002Fcollectors",[881],"get_available_collectors",191,{"namespace":878,"route":997,"methods":998,"callback":999,"permissionCallback":129,"file":597,"line":1000},"\u002Fturnstile-logs",[881],"get_turnstile_logs",141,[1002,1005],{"tag":1003,"callback":1004,"file":241,"line":210},"ultimate-security-gdpr-banner","ultimate_security_banner_shortcode",{"tag":1003,"callback":1006,"file":766,"line":439},"ultimate_security_gdpr_banner_shortcode",[1008,1011,1012,1013,1014],{"hook":1009,"callback":1009,"file":191,"line":1010},"ultimate_security_trusted_devices_cleanup",127,{"hook":484,"callback":484,"file":481,"line":609},{"hook":497,"callback":497,"file":488,"line":635},{"hook":490,"callback":490,"file":488,"line":310},{"hook":586,"callback":586,"file":551,"line":35},{"dangerousFunctions":1016,"sqlUsage":1038,"outputEscaping":1041,"fileOperations":1087,"externalRequests":735,"nonceChecks":272,"capabilityChecks":482,"bundledLibraries":1088},[1017,1021,1024,1027,1030,1032,1034],{"fn":1018,"file":488,"line":1019,"context":1020},"set_time_limit",243,"set_time_limit(300); \u002F\u002F 5 minutes",{"fn":1018,"file":488,"line":1022,"context":1023},277,"set_time_limit(sizeof($plugin_updates) * 300);",{"fn":1018,"file":488,"line":1025,"context":1026},303,"set_time_limit(300);",{"fn":1018,"file":488,"line":1028,"context":1029},308,"set_time_limit(sizeof($theme_updates) * 300);",{"fn":1018,"file":488,"line":1031,"context":1026},409,{"fn":1018,"file":488,"line":1033,"context":1026},475,{"fn":1035,"file":1036,"line":161,"context":1037},"shell_exec","php\u002Fsrc\u002FModules\u002FMonitoring\u002FServerProtectionDetector.php","$result = @shell_exec('pgrep -x fail2ban-server 2>\u002Fdev\u002Fnull');",{"prepared":1039,"raw":13,"locations":1040},219,[],{"escaped":519,"rawEcho":747,"locations":1042},[1043,1046,1049,1051,1052,1054,1056,1058,1060,1061,1064,1066,1068,1070,1072,1074,1076,1078,1080,1082,1084,1086],{"file":241,"line":1044,"context":1045},452,"raw output",{"file":1047,"line":1048,"context":1045},"php\u002Fsrc\u002FModules\u002FAuthentication\u002FTwoFactor\u002FHttp\u002FVerificationHandler.php",348,{"file":393,"line":1050,"context":1045},176,{"file":648,"line":544,"context":1045},{"file":648,"line":1053,"context":1045},338,{"file":694,"line":1055,"context":1045},117,{"file":697,"line":1057,"context":1045},159,{"file":697,"line":1059,"context":1045},160,{"file":697,"line":985,"context":1045},{"file":1062,"line":1063,"context":1045},"templates\u002Fadmin\u002Fultimate-security-admin-display-2fa-react.php",229,{"file":1062,"line":1065,"context":1045},230,{"file":1062,"line":1067,"context":1045},231,{"file":1062,"line":1069,"context":1045},232,{"file":1062,"line":1071,"context":1045},233,{"file":1062,"line":1073,"context":1045},234,{"file":1062,"line":1075,"context":1045},235,{"file":1062,"line":1077,"context":1045},236,{"file":1062,"line":1079,"context":1045},239,{"file":1062,"line":1081,"context":1045},240,{"file":1062,"line":1083,"context":1045},241,{"file":1062,"line":1085,"context":1045},242,{"file":1062,"line":1019,"context":1045},4,[],[1090,1108],{"entryPoint":1091,"graph":1092,"unsanitizedCount":13,"severity":1107},"inject_lockout_refresh_script (php\u002Fsrc\u002FModules\u002FAuthentication\u002FLoginLimit.php:163)",{"nodes":1093,"edges":1105},[1094,1099],{"id":1095,"type":1096,"label":1097,"file":278,"line":1098},"n0","source","$_POST",171,{"id":1100,"type":1101,"label":1102,"file":278,"line":1103,"wp_function":1104},"n1","sink","echo() [XSS]",180,"echo",[1106],{"from":1095,"to":1100,"sanitized":778},"low",{"entryPoint":1109,"graph":1110,"unsanitizedCount":13,"severity":1107},"\u003CLoginLimit> (php\u002Fsrc\u002FModules\u002FAuthentication\u002FLoginLimit.php:0)",{"nodes":1111,"edges":1114},[1112,1113],{"id":1095,"type":1096,"label":1097,"file":278,"line":1098},{"id":1100,"type":1101,"label":1102,"file":278,"line":1103,"wp_function":1104},[1115],{"from":1095,"to":1100,"sanitized":778},{"summary":1117,"deductions":1118},"The \"ultimate-security\" plugin v1.0.17 exhibits a generally strong security posture, with a significant emphasis on secure coding practices. The extensive use of prepared statements for SQL queries and the high percentage of properly escaped output are commendable. The plugin also demonstrates a robust implementation of security checks, with a substantial number of nonce and capability checks across its entry points. Its vulnerability history being clear of any recorded CVEs further reinforces this positive outlook.\n\nHowever, there are a few areas that warrant attention. The presence of dangerous functions like `set_time_limit` and `shell_exec` in the code, while potentially necessary for certain functionalities, inherently increases the risk if not handled with extreme caution and robust input validation. Furthermore, the static analysis revealed a single unprotected entry point among 64 total, which, though minor, represents a potential avenue for attackers. The analysis did not uncover any critical or high-severity taint flows, which is reassuring, but the lack of taint analysis flows overall (only 2 analyzed) might suggest limited testing scope in this area.\n\nIn conclusion, \"ultimate-security\" v1.0.17 has a solid foundation with good security practices. The primary concerns lie in the potential risks associated with dangerous functions and the single unprotected entry point. The absence of past vulnerabilities is a significant strength, but ongoing vigilance and thorough testing of all entry points, especially those involving sensitive functions, are crucial for maintaining this security.",[1119,1121],{"reason":1120,"points":233},"Unprotected entry point detected",{"reason":1122,"points":1123},"Presence of dangerous functions: set_time_limit, shell_exec",7,"2026-04-16T12:19:38.207Z",{"wat":1126,"direct":1134},{"assetPaths":1127,"generatorPatterns":1129,"scriptPaths":1130,"versionParams":1132},[1128],"\u002Fwp-content\u002Fplugins\u002Fultimate-security\u002Fassets\u002Fadmin\u002Fjs\u002Fpassword-strength-meter.js",[],[1131],"assets\u002Fadmin\u002Fjs\u002Fpassword-strength-meter.js",[1133],"ultimate-security\u002Fassets\u002Fadmin\u002Fjs\u002Fpassword-strength-meter.js?ver=",{"cssClasses":1135,"htmlComments":1136,"htmlAttributes":1137,"restEndpoints":1138,"jsGlobals":1140,"shortcodeOutput":1142},[],[],[],[1139],"\u002Fwp-json\u002Fultimate-security",[1141],"ultimateSecurityPolicies",[],{"error":778,"url":1144,"statusCode":1145,"statusMessage":1146,"message":1146},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fultimate-security\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":380,"versions":1148},[1149,1154,1161,1168,1175,1182,1189,1196,1203,1210,1217,1224,1231,1238,1245,1252,1259,1266],{"version":6,"download_url":25,"svn_tag_url":1150,"released_at":27,"has_diff":780,"diff_files_changed":1151,"diff_lines":27,"trac_diff_url":1152,"vulnerabilities":1153,"is_current":778},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.17\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.16&new_path=%2Fultimate-security%2Ftags%2F1.0.17",[],{"version":1155,"download_url":1156,"svn_tag_url":1157,"released_at":27,"has_diff":780,"diff_files_changed":1158,"diff_lines":27,"trac_diff_url":1159,"vulnerabilities":1160,"is_current":780},"1.0.16","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.16.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.15&new_path=%2Fultimate-security%2Ftags%2F1.0.16",[],{"version":1162,"download_url":1163,"svn_tag_url":1164,"released_at":27,"has_diff":780,"diff_files_changed":1165,"diff_lines":27,"trac_diff_url":1166,"vulnerabilities":1167,"is_current":780},"1.0.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.15\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.14&new_path=%2Fultimate-security%2Ftags%2F1.0.15",[],{"version":1169,"download_url":1170,"svn_tag_url":1171,"released_at":27,"has_diff":780,"diff_files_changed":1172,"diff_lines":27,"trac_diff_url":1173,"vulnerabilities":1174,"is_current":780},"1.0.14","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.14.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.14\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.13&new_path=%2Fultimate-security%2Ftags%2F1.0.14",[],{"version":1176,"download_url":1177,"svn_tag_url":1178,"released_at":27,"has_diff":780,"diff_files_changed":1179,"diff_lines":27,"trac_diff_url":1180,"vulnerabilities":1181,"is_current":780},"1.0.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.13.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.12&new_path=%2Fultimate-security%2Ftags%2F1.0.13",[],{"version":1183,"download_url":1184,"svn_tag_url":1185,"released_at":27,"has_diff":780,"diff_files_changed":1186,"diff_lines":27,"trac_diff_url":1187,"vulnerabilities":1188,"is_current":780},"1.0.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.11&new_path=%2Fultimate-security%2Ftags%2F1.0.12",[],{"version":1190,"download_url":1191,"svn_tag_url":1192,"released_at":27,"has_diff":780,"diff_files_changed":1193,"diff_lines":27,"trac_diff_url":1194,"vulnerabilities":1195,"is_current":780},"1.0.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.10&new_path=%2Fultimate-security%2Ftags%2F1.0.11",[],{"version":1197,"download_url":1198,"svn_tag_url":1199,"released_at":27,"has_diff":780,"diff_files_changed":1200,"diff_lines":27,"trac_diff_url":1201,"vulnerabilities":1202,"is_current":780},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.9&new_path=%2Fultimate-security%2Ftags%2F1.0.10",[],{"version":1204,"download_url":1205,"svn_tag_url":1206,"released_at":27,"has_diff":780,"diff_files_changed":1207,"diff_lines":27,"trac_diff_url":1208,"vulnerabilities":1209,"is_current":780},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.8&new_path=%2Fultimate-security%2Ftags%2F1.0.9",[],{"version":1211,"download_url":1212,"svn_tag_url":1213,"released_at":27,"has_diff":780,"diff_files_changed":1214,"diff_lines":27,"trac_diff_url":1215,"vulnerabilities":1216,"is_current":780},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.7&new_path=%2Fultimate-security%2Ftags%2F1.0.8",[],{"version":1218,"download_url":1219,"svn_tag_url":1220,"released_at":27,"has_diff":780,"diff_files_changed":1221,"diff_lines":27,"trac_diff_url":1222,"vulnerabilities":1223,"is_current":780},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.6&new_path=%2Fultimate-security%2Ftags%2F1.0.7",[],{"version":1225,"download_url":1226,"svn_tag_url":1227,"released_at":27,"has_diff":780,"diff_files_changed":1228,"diff_lines":27,"trac_diff_url":1229,"vulnerabilities":1230,"is_current":780},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.5&new_path=%2Fultimate-security%2Ftags%2F1.0.6",[],{"version":1232,"download_url":1233,"svn_tag_url":1234,"released_at":27,"has_diff":780,"diff_files_changed":1235,"diff_lines":27,"trac_diff_url":1236,"vulnerabilities":1237,"is_current":780},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.4&new_path=%2Fultimate-security%2Ftags%2F1.0.5",[],{"version":1239,"download_url":1240,"svn_tag_url":1241,"released_at":27,"has_diff":780,"diff_files_changed":1242,"diff_lines":27,"trac_diff_url":1243,"vulnerabilities":1244,"is_current":780},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.3&new_path=%2Fultimate-security%2Ftags%2F1.0.4",[],{"version":1246,"download_url":1247,"svn_tag_url":1248,"released_at":27,"has_diff":780,"diff_files_changed":1249,"diff_lines":27,"trac_diff_url":1250,"vulnerabilities":1251,"is_current":780},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.2&new_path=%2Fultimate-security%2Ftags%2F1.0.3",[],{"version":1253,"download_url":1254,"svn_tag_url":1255,"released_at":27,"has_diff":780,"diff_files_changed":1256,"diff_lines":27,"trac_diff_url":1257,"vulnerabilities":1258,"is_current":780},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.1&new_path=%2Fultimate-security%2Ftags%2F1.0.2",[],{"version":1260,"download_url":1261,"svn_tag_url":1262,"released_at":27,"has_diff":780,"diff_files_changed":1263,"diff_lines":27,"trac_diff_url":1264,"vulnerabilities":1265,"is_current":780},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-security%2Ftags%2F1.0.0&new_path=%2Fultimate-security%2Ftags%2F1.0.1",[],{"version":95,"download_url":1267,"svn_tag_url":1268,"released_at":27,"has_diff":780,"diff_files_changed":1269,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":1270,"is_current":780},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-security.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-security\u002Ftags\u002F1.0.0\u002F",[],[]]