[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbzOp9ofmsegWjhv8nSdRER5i-Zy4_Ue83-B2OA1fGIM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":139,"fingerprints":186},"uptime-seo-and-security-monitors-uptimezone","Uptime, SEO and Security monitors – UptimeZone","1.0.1","Chatra","https:\u002F\u002Fprofiles.wordpress.org\u002Fchatra\u002F","\u003Cp>\u003Cstrong>UptimeZone is an all-in-one website monitoring tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ Uptime monitors\u003Cbr \u002F>\n✅ SEO monitors\u003Cbr \u002F>\n✅ Vulnerability monitors\u003Cbr \u002F>\n✅ Blacklist monitors\u003C\u002Fp>\n\u003Cul>\n\u003Cli>** Get alerted whenever downtime happens to your website.\u003C\u002Fli>\n\u003Cli>** Receive notifications of any SEO or security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Free forever plan, or $9 per month\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For the full feature list and additional information check https:\u002F\u002Fuptimezone.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Downtime Happens. Get Notified! Uptime, SEO, and Vulnerability monitors for your website, totally free.",0,904,"2020-10-02T08:12:00.000Z","5.5.18","3.0.1","",[18,19,20,21,22],"blog-uptime","security","server-uptime","uptime-monitor","vulnerability","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuptime-seo-and-security-monitors-uptimezone.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"chatra",2,3000,74,30,76,"2026-04-04T05:33:44.178Z",[37,60,81,104,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"patchstack","Patchstack – WordPress & Plugins Security","2.3.5","Patchstack","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatchstack\u002F","\u003Cp>Patchstack is a powerful tool that helps identify security vulnerabilities within your websites’ plugins, themes, and WordPress core. It is powered by the WordPress ecosystem’s most active community of ethical hackers. Patchstack is trusted by leading WordPress experts such as Pagely, Cloudways, GridPane, Plesk, and others!\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fz2nuYpg26Vc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Patchstack is a security plugin for WordPress that finds WP core, plugin and theme vulnerabilities in your websites.\u003C\u002Fp>\n\u003Cp>The free version includes up to 48-hour early warning for new vulnerabilities found by our security research community. It also allows you to automatically update vulnerable software, manage updates remotely, and get snapshot reports on your sites’ security status.\u003C\u002Fp>\n\u003Cp>The paid version includes automatic vulnerability protection. Patchstack deploys highly targeted rules on a per-site basis, only when a specific vulnerability is detected on a site.\u003C\u002Fp>\n\u003Cp>This prevents vulnerable components from being exploited without modifying website code, or impacting site performance or functionality. Patchstack’s paid version includes access to 12,000+ individual protection rules (vPatches).\u003C\u002Fp>\n\u003Cp>Patchstack paid version also includes other preventive security features, such as 2 factor authentication, WordPress specific hardening rules, a Community IP blocklist for malicious IP addresses, advanced security settings, and custom protection rules.\u003C\u002Fp>\n\u003Ch3>Post-hack cleanups vs attack prevention in WordPress security\u003C\u002Fh3>\n\u003Cp>Unlike the standard approach to WordPress security (malware scanning and infection cleanups), Patchstack is focused on preventing infections in the first place.\u003C\u002Fp>\n\u003Cp>Thanks to its big WordPress security research community and partnerships with nearly one thousand plugin vendors and developers, Patchstack is regularly among the first to identify new vulnerabilities.\u003C\u002Fp>\n\u003Ch3>Who is Patchstack’s WordPress security plugin for?\u003C\u002Fh3>\n\u003Cp>Patchstack’s vulnerability management works extremely well for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Agencies with WordPress care\u002Fmaintenance plans for their customers’ websites\u003C\u002Fli>\n\u003Cli>WooCommerce websites to protect their revenue and customers from attacks\u003C\u002Fli>\n\u003Cli>Hosting companies that want to deliver highly targeted vulnerability protection easily and at scale\u003Cbr \u002F>\nWebsite owners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You don’t have to be highly technical to use it. Install the plugin, connect it with the Patchstack App, and stay safe!\u003C\u002Fp>\n\u003Ch3>What features are included in the Patchstack Personal (Free) plan?\u003C\u002Fh3>\n\u003Cp>Patchstack’s Personal plan is a free security service for WordPress that lets you find and manage vulnerabilities in your websites. It includes access to a central security dashboard via the Patchstack web App for more visibility and control over your sites’ security:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Be the first to know about new vulnerabilities.\u003C\u002Fli>\n\u003Cli>Receive notifications if any installed plugins or themes have security issues.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress plugins.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress themes.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress core.\u003C\u002Fli>\n\u003Cli>Receive real-time alerts via email if any security vulnerabilities are found.\u003C\u002Fli>\n\u003Cli>Manage core, plugin and theme updates from a single dashboard.\u003C\u002Fli>\n\u003Cli>[Optional] Enable automatic updates for vulnerable plugins only.\u003C\u002Fli>\n\u003Cli>Generate snapshot reports about the security status of your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What features do Patchstack paid subscriptions have?\u003C\u002Fh3>\n\u003Cp>Patchstack’s paid subscriptions include automatic protection for WordPress vulnerabilities, as well as other protection modules.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Virtual patching to prevent vulnerable components from being exploited\u003C\u002Fli>\n\u003Cli>Advanced hardening module for added WordPress security\u003C\u002Fli>\n\u003Cli>Remote hardening settings (including .httacess, login protection and reCAPTCHA)\u003C\u002Fli>\n\u003Cli>Community IP Blocklist of known attacker IP addresses\u003Cbr \u002F>\nAll of these features are included in the Developer and Enterprise plans.\u003Cbr \u002F>\nAdditionally, Developer and Enterprise plan users have access to custom protection rule creation, periodical security reports and report scheduling.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Personal (Free) plan users can enable these features on a per-site basis for $5 \u002F site per month.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\" rel=\"nofollow ugc\">Patchstack website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\" rel=\"nofollow ugc\">Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\u002Fpatchstack-plugin\u002Fchangelog\u002F\" rel=\"nofollow ugc\">Changelog\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\" rel=\"nofollow ugc\">Patchstack Vulnerability Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what our customers say about our paid plans:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“An excellent and valuable service that’s backed by a company that contributes a significant number of resources and money directly back to the WordPress ecosystem.” – John Blackbourn  \u003C\u002Fli>\n\u003Cli>“Patchstack is like CrowdStrike, but for websites!” – Ryan McCue, HumanMade  \u003C\u002Fli>\n\u003Cli>“The service here is superb! And they are always right on it with the best solution to solve the problem or question at hand. The tool itself speaks for itself. I am very satisfied with this project and the service they offer.” – Daniel Canup  \u003C\u002Fli>\n\u003Cli>“This is a security plugin everyone needs to install. The Patchstack team are incredible at what they do. We have been using them for years and have not been disappointed!” – @craniumstudio  \u003C\u002Fli>\n\u003Cli>“We’ve been with Patchstack for a LONG time (even before they were Patchstack). It has always done its job seamlessly and without fail. Ongoing innovation and updates to the Patchstack product mean this plugin is a winner. 5 stars all the way.” – @guapx  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*Comparisons are made by evaluating paid versions.)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsucuri-alternative\u002F\" rel=\"nofollow ugc\">Sucuri vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fwordfence-alternative\u002F\" rel=\"nofollow ugc\">Wordfence vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fmalcare-alternative\u002F\" rel=\"nofollow ugc\">Malcare vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsitelock-alternative\u002F\" rel=\"nofollow ugc\">Sitelock vs. Patchstack\u003C\u002Fa>\u003C\u002Fp>\n","Patchstack automatically identifies and mitigates security vulnerabilities in WordPress plugins, themes, and core.",40000,554865,98,61,"2026-01-06T14:10:00.000Z","6.9.4","4.4","5.6",[54,19,55,56,22],"firewall","virtual-patching","vulnerabilities","https:\u002F\u002Fpatchstack.com\u002F?utm_medium=wp&utm_source=dashboard&utm_campaign=patchstack%20plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpatchstack.2.3.5.zip",100,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":16,"tags":75,"homepage":79,"download_link":80,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340310,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[76,77,19,22,78],"lockdown","secure","website-security","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":68,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":50,"requires_at_least":93,"requires_php":52,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":11,"last_vuln_date":103,"fetched_at":26},"wp-malware-removal","Malcure Malware Shield — Removal, Repair, Monitor","19.8","Malcure Web Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fmalcure\u002F","\u003Cp>Is your website acting strangely? Seeing ‘Deceptive Site Ahead’ warnings, Japanese spam, SEO spam, or random redirects? Time to fix and monitor your site with \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Malcure Malware Shield: The Powerful Antivirus\u003C\u002Fh3>\n\u003Cp>Just as your computer requires antivirus, your website demands specialized \u003Cstrong>antivirus-grade protection\u003C\u002Fstrong>. Malcure Malware Shield delivers comprehensive, \u003Cstrong>antivirus-style\u003C\u002Fstrong> detection with advanced signatures to identify viruses, trojans, backdoors, adware, and ransomware. Unlike basic security plugins, it operates with the precision of an antivirus engine, scanning every layer of your site—from core files to the database—to ensure your website remains virus-free and secure.\u003C\u002Fp>\n\u003Ch3>Malware Removal, Hack Repair & SEO Spam Cleanup\u003C\u002Fh3>\n\u003Cp>Malware attacks are evolving. Standard scanners often miss hidden backdoors and database infections. If your current security plugin says “All Clear” but your site is still broken, you need \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong> is the intelligent, lightweight security solution. We believe security should be simple on the surface but deep under the hood. No complex settings. No bloat. Just activate and scan.\u003C\u002Fp>\n\u003Cp>Lightweight, API-driven scanning runs only on demand or on scheduled scans — no persistent background processes.\u003C\u002Fp>\n\u003Cp>Unlike scanners that delay new malware definitions for days, Malcure delivers real-time threat intelligence to every user so you’re protected against the latest threats as soon as they emerge.\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cp>Quotes are verbatim from WordPress.org support reviews, except for bracketed edits (for example, competitor names removed).\u003C\u002Fp>\n\u003Ch4>Best by far, better than [competitor name removed] and other giants\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“You can see it is a bunch of geeks that created this, with skill and visual creativity at that. I spent hours trying to find a plugin like this. So many options and such bad results until now. Great job guys. You deserve it. Simple and effective. (Disclaimer to other potential readers: there are many types of hacks\u002Fmalware out there, every scenario is different, but start with the Malcure scan and see how it goes. 9\u002F10 you won’t be disappointed, my guess)” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-by-far-better-than-wordfence-and-other-giants\u002F\" rel=\"ugc\">@dalingzaf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>The ONLY plugin that scans files…\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I am a web developer and have tried many malware removal plugins, including popular ones [competitor names removed]. However, none of them detected some unusual files that were actually malware causing regular attacks. Some of these files were in JPG format.” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-plugin-that-scans-files-in-real-time-2\u002F\" rel=\"ugc\">@devzeeshanx\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Best Malware Removal Plugin in just few minutes\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Most security plugins that are free only scan the code, but Malcure Malware Removal Plugin scans the wordpress database and the code files in few minutes. Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers. Thank You Team Malcure” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-malware-removal-plugin-in-just-few-minutes\u002F\" rel=\"ugc\">@s3630\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>It’s not just a “teaser”\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“This plugin really found the malware, and removed it. Really for free. Thanks guys, I’m going to donate now!” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fits-not-just-a-teaser\u002F\" rel=\"ugc\">@halucska\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Malware Removal & Hack Repair\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Checksum Verification:\u003C\u002Fstrong> We verify core, plugin, and theme file integrity against the official repository checksums served by our SaaS API endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Scan:\u003C\u002Fstrong> If checksums fail, Malcure runs a full scan against malware detection signatures detecting estimated 50,000+ variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inspect & Repair:\u003C\u002Fstrong> Inspect infected database records and files. Assists in cleaning compromised files and database entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Specialist:\u003C\u002Fstrong> Detects and removes the notorious “Japanese Keyword Hack” and pharma spam from your files and database, helping restore your Google rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Virus Scanner & Threat Detection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Database Scan:\u003C\u002Fstrong> Scans database tables for malicious injections and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors and obfuscated code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Detection:\u003C\u002Fstrong> Checks your core, plugins, and themes for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DeepScan™ Technology:\u003C\u002Fstrong> Scans backups, archives, images, and hidden files where malware hides.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultra-High Precision:\u003C\u002Fstrong> Uses intelligent checksum verification (comparing your files to official core\u002Fplugin\u002Ftheme checksums) to dramatically reduce false alarms compared to heuristic-only scanners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Intelligent Health Monitor\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Always-On Guard:\u003C\u002Fstrong> Continuous monitoring via \u003Cstrong>Scheduled Scans\u003C\u002Fstrong> (daily\u002Fweekly\u002Fmonthly) configurable cadence.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Alerts:\u003C\u002Fstrong> Every time a scheduled scan completes, you get an instant email report telling you if your site is clean or infected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event Log:\u003C\u002Fstrong> Track the events leading up to a malware incident for faster root-cause analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Powered by Malcure API: Real-Time Threat Intelligence\u003C\u002Fh3>\n\u003Cp>Hackers don’t sleep, and neither do we. Malcure Malware Shield connects to our real-time API to fetch the latest threat definitions.\u003C\u002Fp>\n\u003Cp>This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Data Transmission:\u003C\u002Fstrong> To perform scans, the plugin sends file checksums and your site’s domain to Malcure servers. No sensitive user data is transmitted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms & Privacy:\u003C\u002Fstrong> Use of the API is subject to our \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=1720&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=3&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Day Alerts:\u003C\u002Fstrong> Our API serves new threat-intelligence in real-time, ensuring the site is scanned against the latest vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Checksums:\u003C\u002Fstrong> We verify your core files, themes, and plugins against the official repository checksums using our API, ensuring absolute integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> The scanner only uses minimum resources to keep your server fast and responsive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Keep Malcure Malware Shield Installed?\u003C\u002Fh3>\n\u003Ch4>Reinfection Risk & Continuous Monitoring\u003C\u002Fh4>\n\u003Cp>Malware cleanup is not a one-and-done task. New vulnerabilities and reinfections can appear without warning, so continuous monitoring and scheduled scans help catch issues early—before SEO damage, blacklists, or downtime. You get email notification with the results to rest assured that the site is clean or when immediate action is required.\u003C\u002Fp>\n\u003Cp>Cleaning your site is just step one. Malcure is your anti-malware health monitor.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Continuous Monitoring:\u003C\u002Fstrong> Scheduled scans watch your site for changes so you don’t have to.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Event Log:\u003C\u002Fstrong> See exactly what’s happening on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Early Warning:\u003C\u002Fstrong> Catch new infections before Google blacklists you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Prevention:\u003C\u002Fstrong> Scheduled scans and integrity checks catch reinfections before they spread.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Bloat:\u003C\u002Fstrong> Designed to run on-demand or as per schedule without slowing down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Who This Plugin Is For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site owners\u003C\u002Fstrong> who want clear, actionable results (what was flagged and where).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & developers\u003C\u002Fstrong> who need fast triage across multiple sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce \u002F membership \u002F lead-gen sites\u003C\u002Fstrong> where downtime, SEO brand-reputation damage are expensive.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants a scanner that cuts through the noise to focus on \u003Cem>signal\u003C\u002Fem>—real threats with practical remediation paths.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works (Scan \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Review \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clean \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Monitor)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Scan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Malcure Scanner\u003C\u002Fstrong> in your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Run a scan to check your files and database for vulnerabilities, malware, backdoors, suspicious code, and integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Malcure reports findings with clear locations (file paths \u002F database records) so you can verify what changed and why it was flagged.\u003C\u002Fli>\n\u003Cli>Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean & Recover\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The free edition helps you identify issues, inspect data and understand what needs fixing.\u003C\u002Fli>\n\u003Cli>The Advanced Edition adds Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Monitor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up scheduled scans to keep your site continuously monitored.\u003C\u002Fli>\n\u003Cli>Get email alerts for new infections or integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Is It Free?\u003C\u002Fh4>\n\u003Cp>We believe in 100% transparency.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Professional-grade Detection (Knowledge). You see every infected file and database row (exact file path & line number), so you can clean it yourself for free.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Real-time Threat Intelligence & Monitoring.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro Upgrade:\u003C\u002Fstrong> Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You are never forced to pay to \u003Cem>find\u003C\u002Fem> a hack.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEbSbxiTOc8k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Core Features (Free Forever)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deep Malware Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and your entire database for vulnerabilities, viruses, trojans, backdoors, and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">malicious redirects\u003C\u002Fa>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Files:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors, shells including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database:\u003C\u002Fstrong> Scans database tables for malicious injections, recurring malware and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Detection:\u003C\u002Fstrong> Specifically checks page titles and database records for “Japanese Keyword Hack”, “Pharma Hack” and other SEO spam symptoms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> Checks your installed plugins and themes against our real-time database of known security vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Checksum Verification:\u003C\u002Fstrong> Automatically verifies your core files, themes, and plugins against the official checksums. If a file has been tampered with, we know instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uncompromising Detection:\u003C\u002Fstrong> Detects variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack Surface Hardening & Firewall:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Path Traversal:\u003C\u002Fstrong> Stops attackers from accessing sensitive system files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block PHP Uploads:\u003C\u002Fstrong> Prevents malicious scripts from being uploaded to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop User Enumeration:\u003C\u002Fstrong> Blocks bots from fishing for your username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Protection:\u003C\u002Fstrong> Prevents user data leakage via the WP REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1622&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Security Hardening\u003C\u002Fa>:\u003C\u002Fstrong> Learn more about securing your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Watchdog (Background Monitor):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set it and forget it:\u003C\u002Fstrong> Malcure runs silently in the background using scheduled scans (configurable cadence) + integrity baseline to monitor changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stay Ahead:\u003C\u002Fstrong> Automatically catch new infections before they spread or damage your SEO rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Incident Response Toolkit:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Nuke User Sessions:\u003C\u002Fstrong> Instantly force-logout every user on the site to kick out intruders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Salt Shuffler:\u003C\u002Fstrong> One-click rotation of \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">security keys (salts)\u003C\u002Fa> to invalidate all browser cookies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forensic Flight Recorder (Event Log):\u003C\u002Fstrong> Track every security event. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>how\u003C\u002Fem> a breach might have occurred with our 100-day event log.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Search Console Integration:\u003C\u002Fstrong> Connect directly to Google to fetch security warnings and blacklist status in real-time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time API Updates:\u003C\u002Fstrong> Connects to the Malcure Cloud to fetch the latest threats and vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Advanced Edition\u003C\u002Fh4>\n\u003Cp>For mission-critical websites that demand comprehensive protection and recovery tools.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>1-Click Surgical Repair:\u003C\u002Fstrong> Inspect, Delete, or Repair infected files instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Whitelisting:\u003C\u002Fstrong> Stop false alarms. Supports files, folders, and \u003Cstrong>Database Records\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration:\u003C\u002Fstrong> Complete command-line control for automated scanning and reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Definition Updates:\u003C\u002Fstrong> Definitions update automatically in the background.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>On-Demand Background Scans:\u003C\u002Fstrong> Trigger deep scans immediately without keeping your browser open.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Scan Filters:\u003C\u002Fstrong> For when you are specifically looking for something in the files or database or want to include, exclude specific files & directories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Operations:\u003C\u002Fstrong> Critical file operations like deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Client-Servicing Features:\u003C\u002Fstrong> Like copying scan results to generate report for clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Background Scan:\u003C\u002Fstrong> For when you want to trigger a scan and forget it. The scan continues and emails you upon completion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support (Expertise):\u003C\u002Fstrong> When you want to consult or want to exploit advanced features or need help troubleshooting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Priority Support:\u003C\u002Fstrong> Direct access to our security analysts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Get Malcure Advanced Edition\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Additional Resources for Malware Removal\u003C\u002Fh4>\n\u003Cp>Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1540&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">A step by step guide to remove the malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=13946&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Japanese Keyword Hack: How to Remove SEO Spam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5728&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">What is the Pharma Hack & How to fix it\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14143&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix Google Ads Disapproved for Malicious Software\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14477&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent SQL Injection Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5265&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Live Malware Infection Removal & Analysis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=7207&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix “This Site May Harm Your Computer” Warning\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Comprehensive Guide to Removing JavaScript Redirect Malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5699&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix a Blank WP-Admin Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=9102&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure WP CLI Integration & Cheatsheet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14375&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent Brute Force Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Change Salt Keys\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Expert Malware Removal Service\u003C\u002Fh4>\n\u003Cp>In over your head? Our security analysts are on standby. We offer a complete \u003Cstrong>Malware Removal Service\u003C\u002Fstrong> that includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Removal Guarantee:\u003C\u002Fstrong> We guarantee to remove all malware from your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Same Day Service:\u003C\u002Fstrong> Fast turnaround time to get your business back online.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Inspection:\u003C\u002Fstrong> Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Removal:\u003C\u002Fstrong> We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening:\u003C\u002Fstrong> We identify the root cause and patch vulnerabilities to prevent future infections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>15-Day Cover:\u003C\u002Fstrong> Security analysts available 24\u002F7\u002F365 to ensure your site stays clean.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Book Expert Malware Removal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Some files are detected by Malcure Malware Shield as “suspicious”. What gives?\u003C\u002Fh4>\n\u003Cp>Malcure’s DeepScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could potentially do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.\u003C\u002Fp>\n\u003Ch4>I can’t get Malcure Malware Shield to work. It hangs \u002F doesn’t complete the scan \u002F breaks for some reason.\u003C\u002Fh4>\n\u003Cp>If you think that the plugin is broken, \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Malcure Malware Shield (or for that matter other plugins) may break on malware affected \u002F broken websites. \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure Advanced Edition\u003C\u002Fa> integrates with WP CLI and allows you to complete the scan from WP CLI even when the site is blocked by the webhost or when you are unable to login to the website.\u003C\u002Fp>\n\u003Ch4>My site is infected however Malcure Malware Shield doesn’t detect the infection.\u003C\u002Fh4>\n\u003Cp>Malware keeps evolving. If you come across malware that Malcure Malware Shield is not able to identify, you may \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The scan gets stuck midway. What should I do?\u003C\u002Fh4>\n\u003Cp>In case of such an event, please file a support request with us and we’ll be more than happy to troubleshoot the issue.\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I cleaned my site but it got infected again. What should I do?\u003C\u002Fh4>\n\u003Cp>Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection and monitor for recurrence. How was someone able to infect your website? Have you plugged in that security hole?\u003C\u002Fp>\n\u003Cp>Please read \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002Fblog\u002Fsecurity\u002Fwhy-do-wordpress-websites-get-hacked\u002F?utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Why Do Websites Get Hacked\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do?\u003C\u002Fh4>\n\u003Cp>First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You’ll need to force or refresh the scan. You can also file a request with us to \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">get your site off any blacklists\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I found a suspicious file, what now?\u003C\u002Fh4>\n\u003Cp>If Malcure flags it, it’s likely malicious. You can inspect the file content using our built-in inspector. If you’re unsure, consider our \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Expert Malware Removal Service\u003C\u002Fa>.\u003C\u002Fp>\n","Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.",605372,88,69,"2026-02-13T05:45:00.000Z","3.7.4",[95,96,19,97,98],"antivirus","malware-scanner","virus","vulnerability-scanner","https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=plugin-header&utm_medium=web&utm_campaign=wpmr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-malware-removal.19.8.zip",96,3,"2025-09-03 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":68,"downloaded":112,"rating":59,"num_ratings":113,"last_updated":114,"tested_up_to":50,"requires_at_least":115,"requires_php":52,"tags":116,"homepage":118,"download_link":119,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wpvulnerability","WPVulnerability","4.3.1","Javier Casares","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaviercasares\u002F","\u003Cp>This plugin integrates with the WPVulnerability API to provide real-time vulnerability assessments for your WordPress core, plugins, themes, PHP version, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite.\u003C\u002Fp>\n\u003Cp>It delivers detailed reports directly within your WordPress dashboard, helping you stay aware of potential security risks. Configure the plugin to send periodic notifications about your site’s security status, ensuring you remain informed without being overwhelmed. Designed for ease of use, it supports proactive security measures without storing or retrieving any personal data from your site.\u003C\u002Fp>\n\u003Ch4>Data reliability\u003C\u002Fh4>\n\u003Cp>The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information. Act at your own risk.\u003C\u002Fp>\n\u003Ch3>Using the plugin\u003C\u002Fh3>\n\u003Ch4>WP-CLI\u003C\u002Fh4>\n\u003Cp>You can use the following WP-CLI commands to manage and check vulnerabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core: \u003Ccode>wp wpvulnerability core\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugins: \u003Ccode>wp wpvulnerability plugins\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Themes: \u003Ccode>wp wpvulnerability themes\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>PHP: \u003Ccode>wp wpvulnerability php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Apache HTTPD: \u003Ccode>wp wpvulnerability apache\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>nginx: \u003Ccode>wp wpvulnerability nginx\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MariaDB: \u003Ccode>wp wpvulnerability mariadb\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MySQL: \u003Ccode>wp wpvulnerability mysql\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>ImageMagick: \u003Ccode>wp wpvulnerability imagemagick\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>curl: \u003Ccode>wp wpvulnerability curl\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>memcached: \u003Ccode>wp wpvulnerability memcached\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Redis: \u003Ccode>wp wpvulnerability redis\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>SQLite: \u003Ccode>wp wpvulnerability sqlite\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To configure the plugin you can use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide component: \u003Ccode>wp wpvulnerability config hide \u003Ccomponent> [on|off]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Notification email: \u003Ccode>wp wpvulnerability config email \u003Cemails>\u003C\u002Fcode> (comma separatted)\u003C\u002Fli>\n\u003Cli>Notification period: \u003Ccode>wp wpvulnerability config period \u003Cnever|daily|weekly>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Log retention: \u003Ccode>wp wpvulnerability config log-retention \u003C0|1|7|14|28>\u003C\u002Fcode> (in days)\u003C\u002Fli>\n\u003Cli>Cache duration: \u003Ccode>wp wpvulnerability config cache \u003C1|6|12|24>\u003C\u002Fcode> (in hours)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All commands support the \u003Ccode>--format\u003C\u002Fcode> option to specify the output format:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>--format=table\u003C\u002Fcode>: Displays the results in a table format (default).\u003C\u002Fli>\n\u003Cli>\u003Ccode>--format=json\u003C\u002Fcode>: Displays the results in JSON format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Need help?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp wpvulnerability --help\u003C\u002Fcode>: Displays help information for WPVulnerability commands.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp wpvulnerability [command] --help\u003C\u002Fcode>: Displays help information for a WPVulnerability command.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API\u003C\u002Fh4>\n\u003Cp>The WPVulnerability plugin provides several \u003Cstrong>REST API endpoints\u003C\u002Fstrong> to fetch vulnerability information for different components of your WordPress site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fcore\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugins: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fplugins\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Themes: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fthemes\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>PHP: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fphp\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Apache HTTPD: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fapache\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>nginx: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fnginx\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MariaDB: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmariadb\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MySQL: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmysql\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>ImageMagick: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fimagemagick\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>curl: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fcurl\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>memcached: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmemcached\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Redis: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fredis\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>SQLite: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fsqlite\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The WPVulnerability REST API uses \u003Cstrong>Application Passwords\u003C\u002Fstrong> for authentication. You need to include a valid Application Password in the Authorization header of your requests.\u003C\u002Fp>\n\u003Cp>Example Request with Authentication\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -X GET https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwpvulnerability\u002Fv1\u002Fplugins -u username:application_password\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Replace username with your WordPress \u003Ccode>username\u003C\u002Fcode> and \u003Ccode>application_password\u003C\u002Fcode> with your \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F11\u002F05\u002Fapplication-passwords-integration-guide\u002F\" rel=\"nofollow ugc\">Application Password\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Extra Configurations\u003C\u002Fh3>\n\u003Ch4>“From:” mail (since: 3.2.2)\u003C\u002Fh4>\n\u003Cp>If, for some reason, you need the emails sent by the plugin to have a From different from the site administrator, you can change it from the \u003Ccode>wp-config.php\u003C\u002Fcode> by adding a constant:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_MAIL', 'sender@example.com' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the constant is active, it will be visible in the configuration screen.\u003C\u002Fp>\n\u003Ch4>Force hiding checks (since: 4.1.0)\u003C\u002Fh4>\n\u003Cp>If you want to always hide a specific component, you can define a constant in \u003Ccode>wp-config.php\u003C\u002Fcode>. When set to \u003Ccode>true\u003C\u002Fcode>, the option will be checked automatically in the settings screen and the related analysis will be skipped.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_HIDE_APACHE', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Available constants: \u003Ccode>WPVULNERABILITY_HIDE_CORE\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_PLUGINS\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_THEMES\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_PHP\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_APACHE\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_NGINX\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MARIADB\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MYSQL\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_IMAGEMAGICK\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_CURL\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MEMCACHED\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_REDIS\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_SQLITE\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Cache duration (since: 4.1.0)\u003C\u002Fh4>\n\u003Cp>By default, data from the API is cached for 12 hours. To change this, define \u003Ccode>WPVULNERABILITY_CACHE_HOURS\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode> with one of \u003Ccode>1\u003C\u002Fcode>, \u003Ccode>6\u003C\u002Fcode>, \u003Ccode>12\u003C\u002Fcode> or \u003Ccode>24\u003C\u002Fcode>. This value overrides the setting screen and WP-CLI command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_CACHE_HOURS', 24 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Log rotation (since: 4.2.0)\u003C\u002Fh4>\n\u003Cp>WPVulnerability stores the most recent API responses so you can review recent calls from the new log tab. Define \u003Ccode>WPVULNERABILITY_LOG_RETENTION_DAYS\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode> to control how many days of entries are preserved. Supported values are \u003Ccode>0\u003C\u002Fcode>, \u003Ccode>1\u003C\u002Fcode>, \u003Ccode>7\u003C\u002Fcode>, \u003Ccode>14\u003C\u002Fcode> or \u003Ccode>28\u003C\u002Fcode>; using \u003Ccode>0\u003C\u002Fcode> disables logging entirely.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_LOG_RETENTION_DAYS', 14 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When the constant is present its value is enforced in the settings UI and through WP-CLI, ensuring consistent log rotation across environments.\u003C\u002Fp>\n\u003Ch4>Security configuration (since: 4.3.0)\u003C\u002Fh4>\n\u003Cp>WPVulnerability uses a hybrid detection approach for server software (ImageMagick, Redis, Memcached, SQLite): PHP extensions first (most secure), then shell commands as fallback (most accurate). You can control this behavior using security configuration constants in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Global disable of shell commands:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_DISABLE_SHELL_EXEC', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Completely disables shell command usage. Falls back to PHP extensions only. Use for maximum security when accuracy loss is acceptable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security mode (standard\u002Fstrict\u002Fdisabled):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SECURITY_MODE', 'strict' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Ccode>standard\u003C\u002Fcode> – Hybrid detection: PHP extensions first, shell commands fallback (default, best accuracy)\u003C\u002Fli>\n\u003Cli>\u003Ccode>strict\u003C\u002Fcode> – PHP extensions only, no shell commands (high security, lower accuracy)\u003C\u002Fli>\n\u003Cli>\u003Ccode>disabled\u003C\u002Fcode> – No software detection at all (maximum security)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Component whitelist:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SHELL_EXEC_WHITELIST', 'imagemagick,redis' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Allows shell commands only for specified components. Available components: \u003Ccode>imagemagick\u003C\u002Fcode>, \u003Ccode>redis\u003C\u002Fcode>, \u003Ccode>memcached\u003C\u002Fcode>, \u003Ccode>sqlite\u003C\u002Fcode>. Use for granular control.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Examples:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Maximum security (no shell commands):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SECURITY_MODE', 'strict' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Only allow ImageMagick shell detection:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SHELL_EXEC_WHITELIST', 'imagemagick' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Complete disable:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_DISABLE_SHELL_EXEC', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>All shell commands are hardcoded and validated – no user input is involved. Commands are logged for security auditing.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress: 4.7 – 6.9\u003C\u002Fli>\n\u003Cli>PHP: 5.6 – 8.5\u003C\u002Fli>\n\u003Cli>WP-CLI: 2.3.0 – 2.11.0\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin adheres to the following security measures and review protocols for each version:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002F\" rel=\"nofollow ugc\">WordPress Plugin Handbook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fplugin-security\u002F\" rel=\"nofollow ugc\">WordPress Plugin Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fapis\u002Fsecurity\u002F\" rel=\"nofollow ugc\">WordPress APIs Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-check\u002F\" rel=\"ugc\">Plugin Check (PCP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Vulnerabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A security vulnerability was found and fixed in version 4.2.2.1. All previous versions (3.3.0 – 4.2.1) are affected. Please update to version 4.2.2.1 or later.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Found a security vulnerability? Please report it to us privately at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaviercasares\u002Fwpvulnerability\u002Fsecurity\u002Fadvisories\u002Fnew\" rel=\"nofollow ugc\">WPVulnerability GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>You can contribute to this plugin at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaviercasares\u002Fwpvulnerability\" rel=\"nofollow ugc\">WPVulnerability GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Get WordPress vulnerability alerts from the WPVulnerability Database API.",527094,20,"2026-01-20T15:01:00.000Z","4.7",[19,117,22],"site-health","https:\u002F\u002Fwww.wpvulnerability.com\u002Fplugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpvulnerability.4.3.1.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":101,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":16,"tags":134,"homepage":137,"download_link":138,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ip-geo-block","IP Geo Block","3.0.17.4","tokkonopapa","https:\u002F\u002Fprofiles.wordpress.org\u002Ftokkonopapa\u002F","\u003Cp>The more you install themes and plugins, the more likely your sites will be vulnerable, even if you \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" title=\"Hardening WordPress &laquo; WordPress Codex\" rel=\"nofollow ugc\">securely harden your sites\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>While WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fsecurity\u002F\" title=\"Security | WordPress.org\" rel=\"ugc\">provides\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fthemes\u002Ftheme-security\u002F\" title=\"Theme Security | Theme Developer Handbook | WordPress Developer Resources\" rel=\"nofollow ugc\">excellent\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F\" title=\"Plugin Security | Plugin Developer Handbook | WordPress Developer Resources\" rel=\"nofollow ugc\">resources\u003C\u002Fa>, themes and plugins may often get vulnerable due to developers’ \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fsearch?q=human+factors+in+security\" title=\"human factors in security - Google Search\" rel=\"nofollow ugc\">human factors\u003C\u002Fa> such as lack of security awareness, misuse and disuse of the best practices in those resources.\u003C\u002Fp>\n\u003Cp>This plugin focuses on insights into such developers’ human factors instead of detecting the specific attack vectors after they were disclosed. This brings a smart and powerful methods named as “\u003Cstrong>WP Zero-day Exploit Prevention\u003C\u002Fstrong>” and “\u003Cstrong>WP Metadata Exploit Protection\u003C\u002Fstrong>“.\u003C\u002Fp>\n\u003Cp>Combined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Privacy by design:\u003C\u002Fstrong>\u003Cbr \u002F>\nIP address is always encrypted on recording in logs\u002Fcache. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immigration control:\u003C\u002Fstrong>\u003Cbr \u002F>\nAccess to the basic and important entrances into back-end such as \u003Ccode>wp-comments-post.php\u003C\u002Fcode>, \u003Ccode>xmlrpc.php\u003C\u002Fcode>, \u003Ccode>wp-login.php\u003C\u002Fcode>, \u003Ccode>wp-signup.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-ajax.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-post.php\u003C\u002Fcode> will be validated by means of a country code based on IP address. It allows you to configure either whitelist or blacklist to \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FISO_3166-1_alpha-2#Officially_assigned_code_elements\" title=\"ISO 3166-1 alpha-2 - Wikipedia\" rel=\"nofollow ugc\">specify the countires\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FClassless_Inter-Domain_Routing\" title=\"Classless Inter-Domain Routing - Wikipedia\" rel=\"nofollow ugc\">CIDR notation\u003C\u002Fa> for a range of IP addresses and \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAutonomous_system_(Internet)\" title=\"Autonomous system (Internet) - Wikipedia\" rel=\"nofollow ugc\">AS number\u003C\u002Fa> for a group of IP networks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Zero-day Exploit Prevention:\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike other security firewalls based on attack patterns (vectors), the original feature “\u003Cstrong>W\u003C\u002Fstrong>ord\u003Cstrong>P\u003C\u002Fstrong>ress \u003Cstrong>Z\u003C\u002Fstrong>ero-day \u003Cstrong>E\u003C\u002Fstrong>xploit \u003Cstrong>P\u003C\u002Fstrong>revention” (WP-ZEP) is focused on patterns of vulnerability. It is simple but still smart and strong enough to block any malicious accesses to \u003Ccode>wp-admin\u002F*.php\u003C\u002Fcode>, \u003Ccode>plugins\u002F*.php\u003C\u002Fcode> and \u003Ccode>themes\u002F*.php\u003C\u002Fcode> even from the permitted countries. It will protect your site against certain types of attack such as CSRF, LFI, SQLi, XSS and so on, \u003Cstrong>even if you have some vulnerable plugins and themes in your site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Guard against login attempts:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Minimize server load against brute-force attacks:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin as a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FMust_Use_Plugins\" title=\"Must Use Plugins &laquo; WordPress Codex\" rel=\"nofollow ugc\">Must Use Plugins\u003C\u002Fa> so that this plugin can be loaded prior to regular plugins. It can massively \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fvalidation-timing.html\" title=\"Validation timing | IP Geo Block\" rel=\"nofollow ugc\">reduce the load on server\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent malicious down\u002Fuploading:\u003C\u002Fstrong>\u003Cbr \u002F>\nA malicious request such as exposing \u003Ccode>wp-config.php\u003C\u002Fcode> or uploading malwares via vulnerable plugins\u002Fthemes can be blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block badly-behaved bots and crawlers:\u003C\u002Fstrong>\u003Cbr \u002F>\nA simple logic may help to reduce the number of rogue bots and crawlers scraping your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support of BuddyPress and bbPress:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It is suitable for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" title=\"BuddyPress &mdash; WordPress Plugins\" rel=\"ugc\">BuddyPress\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbbpress\u002F\" title=\"WordPress &rsaquo; bbPress &laquo; WordPress Plugins\" rel=\"ugc\">bbPress\u003C\u002Fa> to help reducing spams.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Referrer suppressor for external links:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multiple source of IP Geolocation databases:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind GeoLite2 free databases\u003C\u002Fa> (it requires PHP 5.4.0+) and \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\u002F\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location LITE databases\u003C\u002Fa> can be installed in this plugin. Also free Geolocation REST APIs and whois information can be available for audit purposes.\u003Cbr \u002F>\nFather more, \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Farticle\u002Fapi-class-library.html\" title=\"CloudFlare & CloudFront API class library | IP Geo Block\" rel=\"nofollow ugc\">dedicated API class libraries\u003C\u002Fa> can be installed for CloudFlare and CloudFront as a reverse proxy service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizing response:\u003C\u002Fstrong>\u003Cbr \u002F>\nHTTP response code can be selectable as \u003Ccode>403 Forbidden\u003C\u002Fcode> to deny access pages, \u003Ccode>404 Not Found\u003C\u002Fcode> to hide pages or even \u003Ccode>200 OK\u003C\u002Fcode> to redirect to the top page.\u003Cbr \u002F>\nYou can also have a human friendly page (like \u003Ccode>404.php\u003C\u002Fcode>) in your parent\u002Fchild theme template directory to fit your site design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Validation logs:\u003C\u002Fstrong>\u003Cbr \u002F>\nValidation logs for useful information to audit attack patterns can be manageable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cooperation with full spec security plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is lite enough to be able to cooperate with other full spec security plugin such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" title=\"Wordfence Security &mdash; WordPress Plugins\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>. See \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fpage-speed-performance.html\" title=\"Page speed performance | IP Geo Block\" rel=\"nofollow ugc\">this report\u003C\u002Fa> about page speed performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Extendability:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can customize the behavior of this plugin via \u003Ccode>add_filter()\u003C\u002Fcode> with \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002F\" title=\"Codex | IP Geo Block\" rel=\"nofollow ugc\">pre-defined filter hook\u003C\u002Fa>. See various use cases in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\u002Fblob\u002Fmaster\u002Fip-geo-block\u002Fsamples.php\" title=\"WordPress-IP-Geo-Block\u002Fsamples.php at master - tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">samples.php\u003C\u002Fa> bundled within this package.\u003Cbr \u002F>\nYou can also get the extension \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\u002FWordPress-IP-Geo-Allow\" title=\"GitHub - ddur\u002FWordPress-IP-Geo-Allow: WordPress Plugin Exension for WordPress-IP-Geo-Block Plugin\" rel=\"nofollow ugc\">IP Geo Allow\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\" title=\"ddur (Dragan) - GitHub\" rel=\"nofollow ugc\">Dragan\u003C\u002Fa>. It makes admin screens strictly private with more flexible way than specifying IP addresses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Self blocking prevention and easy rescue:\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite owners do not prefer themselves to be blocked. This plugin prevents such a sad thing unless you force it. And futhermore, if such a situation occurs, you can \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fwhat-should-i-do-when-i-m-locked-out.html\" title=\"What should I do when I'm locked out? | IP Geo Block\" rel=\"nofollow ugc\">rescue yourself\u003C\u002Fa> easily.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean uninstallation:\u003C\u002Fstrong>\u003Cbr \u002F>\nNothing is left in your precious mySQL database after uninstallation. So you can feel free to install and activate to make a trial of this plugin’s functionality.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Attribution\u003C\u002Fh4>\n\u003Cp>This package includes GeoLite2 library distributed by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind\u003C\u002Fa> (it requires PHP 5.4.0+), and also includes IP2Location open source libraries available from \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also thanks for providing the following great services and REST APIs for free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fip-api.com\u002F\" title=\"IP-API.com - Free Geolocation API\" rel=\"nofollow ugc\">http:\u002F\u002Fip-api.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for non-commercial use)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgeoiplookup.net\u002F\" title=\"What Is My IP Address | GeoIP Lookup\" rel=\"nofollow ugc\">http:\u002F\u002Fgeoiplookup.net\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" title=\"IP Address API and Data Solutions\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfo.io\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>[https:\u002F\u002Fipapi.com\u002F](https:\u002F\u002Fipapi.com\u002F “ipapi – IP Address Lookup and Geolocation API) (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipdata.co\u002F\" title=\"ipdata.co - IP Geolocation and Threat Data API\" rel=\"nofollow ugc\">https:\u002F\u002Fipdata.co\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" title=\"ipstack - Free IP Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipstack.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for registered user, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfodb.com\u002F\" title=\"Free IP Geolocation Tools and API| IPInfoDB\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfodb.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for registered user, need API key)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Development of this plugin is promoted at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\" title=\"tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">WordPress-IP-Geo-Block\u003C\u002Fa> and class libraries to handle geo-location database are developed separately as “add-in”s at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-API\" title=\"tokkonopapa\u002FWordPress-IP-Geo-API - GitHub\" rel=\"nofollow ugc\">WordPress-IP-Geo-API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>All contributions will always be welcome. Or visit my \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002F\" title=\"IP Geo Block\" rel=\"nofollow ugc\">development blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Known issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No image is shown after drag & drop a image in grid view at “Media Library”. For more details, please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\u002Fissues\u002F2\" title=\"No image is shown after drag & drop a image in grid view at \"Media Library\". - Issue #2 - tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">this ticket at Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>From \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2016\u002F03\u002F09\u002Fcomment-changes-in-wordpress-4-5\u002F\" title=\"Comment Changes in WordPress 4.5 – Make WordPress Core\" rel=\"nofollow ugc\">WordPress 4.5\u003C\u002Fa>, \u003Ccode>rel=nofollow\u003C\u002Fcode> had no longer be attached to the links in \u003Ccode>comment_content\u003C\u002Fcode>. This change prevents to block “\u003Ca href=\"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FServer_Side_Request_Forgery\" title=\"Server Side Request Forgery - OWASP\" rel=\"nofollow ugc\">Server Side Request Forgeries\u003C\u002Fa>” (not Cross Site but a malicious internal link in the comment field).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapps.wordpress.com\u002Fmobile\u002F\" title=\"WordPress.com Apps - Mobile Apps\" rel=\"nofollow ugc\">WordPress.com Mobile App\u003C\u002Fa> can’t execute image uploading because of its own authentication system via XMLRPC.\u003C\u002Fli>\n\u003C\u002Ful>\n","It blocks spam posts, login attempts and malicious access to the back-end requested from the specific countries, and also prevents zero-day exploit.",9000,777726,82,"2019-01-22T03:59:00.000Z","5.0.25","3.7",[135,54,136,19,22],"brute-force","login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-geo-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-geo-block.3.0.17.4.zip",{"attackSurface":140,"codeSignals":156,"taintFlows":173,"riskAssessment":174,"analyzedAt":185},{"hooks":141,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":11,"unprotectedCount":11},[142,148],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","uptimezone_setup","uptime-seo-and-security-monitors-uptimezone.php",32,{"type":143,"name":149,"callback":150,"file":146,"line":151},"wp_footer","add_uptimezone_code",72,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":11,"externalRequests":171,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":172},[],{"prepared":11,"raw":11,"locations":159},[],{"escaped":30,"rawEcho":161,"locations":162},4,[163,166,168,170],{"file":146,"line":164,"context":165},43,"raw output",{"file":146,"line":167,"context":165},45,{"file":146,"line":169,"context":165},48,{"file":146,"line":32,"context":165},1,[],[],{"summary":175,"deductions":176},"Based on the provided static analysis and vulnerability history, the uptime-seo-and-security-monitors-uptimezone plugin version 1.0.1 exhibits a generally strong security posture. The absence of any reported CVEs in its history and the lack of critical or high-severity issues in the static analysis are positive indicators. The code also shows good practices in its use of prepared statements for SQL queries and the complete absence of dangerous functions and file operations.\n\nHowever, there are several areas that warrant attention. The plugin has no reported nonce or capability checks, which is a significant concern, especially for potential future entry points. While the current attack surface is zero, if new AJAX handlers, REST API routes, or shortcodes were introduced without proper authentication, they would be immediately vulnerable. Furthermore, the output escaping is only at 33%, meaning a third of the plugin's outputs are not properly escaped, presenting a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs.\n\nIn conclusion, the plugin currently appears secure due to its minimal attack surface and lack of historical vulnerabilities. However, the lack of robust authentication mechanisms (nonces and capability checks) and the poor output escaping present latent risks that could be exploited if the plugin's functionality evolves or if specific input vectors are discovered. Vigilance in code reviews for future updates, particularly around input handling and output sanitization, is recommended.",[177,180,183],{"reason":178,"points":179},"Poor output escaping (33%)",8,{"reason":181,"points":182},"No nonce checks",10,{"reason":184,"points":182},"No capability checks","2026-03-17T06:57:31.117Z",{"wat":187,"direct":193},{"assetPaths":188,"generatorPatterns":189,"scriptPaths":190,"versionParams":192},[],[],[191],"https:\u002F\u002Fuptimezone.com\u002Fcall.js",[],{"cssClasses":194,"htmlComments":195,"htmlAttributes":198,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":203},[],[196,197],"\u003C!--\u003Ctextarea cols=\"80\" rows=\"14\" name=\"uptimezone-code\">","\u003C\u002Ftextarea>\n-->",[199],"name=\"uptimezone-code\"",[],[202],"window.UptimezoneID",[]]