[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3WRA34sal5NBU-giF8H79BCOLq0u7A2C4-eifhHGfz0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":108,"fingerprints":289},"vigiguard-security","VigiGuard Security","1.0.0","Kashif Ahmed Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fkashifahmedkhan\u002F","\u003Cp>VigiGuard Security provides essential WordPress protection without complexity. One-click hardening, brute force protection, and file integrity monitoring – all with zero configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Fix\u003C\u002Fstrong> – Secure your site instantly with one button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> – Blocks repeated login attempts automatically  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Health Score\u003C\u002Fstrong> – Visual A-F grade showing your security status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Integrity Monitor\u003C\u002Fstrong> – Scans 3,000+ WordPress core files weekly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging\u003C\u002Fstrong> – Track all security events and login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong> – Disables XML-RPC, hides WP version, blocks user enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Perfect For:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Small business owners who need security without the hassle\u003C\u002Fli>\n\u003Cli>Bloggers who want “set and forget” protection\u003C\u002Fli>\n\u003Cli>Freelancers managing multiple client sites\u003C\u002Fli>\n\u003Cli>Anyone who finds other security plugins too complicated\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple one-click WordPress security. Protect your site in 30 seconds.",0,132,"","6.9.4","5.8","7.4",[18,19,20,21,22],"brute-force","firewall","hardening","login-protection","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvigiguard-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigiguard-security.1.0.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"kashifahmedkhan",1,30,94,"2026-04-04T07:06:17.415Z",[36,53,69,84,97],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":25,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":14,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":50,"download_link":51,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":52},"security-hardener","Security Hardener","1.0","Marc Armengou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarc4\u002F","\u003Cp>\u003Cstrong>Security Hardener\u003C\u002Fstrong> implements the official WordPress hardening guidelines from the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fhardening\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration \u002F Security \u002F Hardening\u003C\u002Fa> documentation. It uses WordPress core functions and follows best practices without modifying core files.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable file editor in WordPress admin\u003Cbr \u002F>\n* Optionally disable all file modifications (blocks updates – use with caution)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable XML-RPC completely (enabled by default)\u003Cbr \u002F>\n* Remove pingback methods\u003Cbr \u002F>\n* Disable self-pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Protection:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block \u003Ccode>\u002F?author=N\u003C\u002Fcode> queries (returns 404)\u003Cbr \u002F>\n* Secure REST API user endpoints (require authentication)\u003Cbr \u002F>\n* Remove users from XML sitemaps\u003Cbr \u002F>\n* Prevent canonical redirects that expose usernames\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generic error messages (no username\u002Fpassword hints)\u003Cbr \u002F>\n* IP-based rate limiting with configurable thresholds\u003Cbr \u002F>\n* Security event logging (last 100 events)\u003Cbr \u002F>\n* Automatic blocking after failed attempts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> (clickjacking protection)\u003Cbr \u002F>\n* \u003Ccode>X-Content-Type-Options: nosniff\u003C\u002Fcode> (MIME sniffing protection)\u003Cbr \u002F>\n* \u003Ccode>Referrer-Policy: strict-origin-when-cross-origin\u003C\u002Fcode>\u003Cbr \u002F>\n* \u003Ccode>Permissions-Policy\u003C\u002Fcode> (restricts geolocation, microphone, camera)\u003Cbr \u002F>\n* Optional HSTS (HTTP Strict Transport Security) for HTTPS sites\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Hardening:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Hide WordPress version\u003Cbr \u002F>\n* Clean up \u003Ccode>wp_head\u003C\u002Fcode> output\u003Cbr \u002F>\n* Remove unnecessary meta tags and links\u003Cbr \u002F>\n* Security event logging system\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong> Always test security settings in a staging environment first. Some features may affect third-party integrations or plugins.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> This plugin does not send data to external services and does not create custom database tables. It stores plugin settings and a security event log in the WordPress options table, and uses transients for temporary login attempt tracking. All data is deleted on uninstall.\u003C\u002Fp>\n","Basic hardening: secure headers, user enumeration blocking, generic login errors, IP-based rate limiting, and WordPress security improvements.",496,"2026-03-05T12:13:00.000Z","6.9","8.2",[18,20,49,21,22],"headers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecurity-hardener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-hardener.1.0.zip","2026-03-15T15:16:48.613Z",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":11,"downloaded":61,"rating":11,"num_ratings":11,"last_updated":62,"tested_up_to":14,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":67,"download_link":68,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":52},"cyber-smart-defence","Cyber Smart Defence","3.1.3","cybersmartempire","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybersmartempire\u002F","\u003Cp>Cyber Smart Defence is a lightweight WordPress security plugin designed to protect your website against unauthorized access, brute-force login attempts, and suspicious request patterns.\u003C\u002Fp>\n\u003Cp>The plugin runs quietly in the background and integrates directly with WordPress. It monitors login activity, blocks abusive behavior, and records security-related events for administrative review.\u003C\u002Fp>\n\u003Cp>No complex configuration is required. Once activated, protection is enabled automatically.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Login attempt monitoring\u003C\u002Fli>\n\u003Cli>Automatic temporary lockout after multiple failed login attempts\u003C\u002Fli>\n\u003Cli>IP-based threat detection\u003C\u002Fli>\n\u003Cli>Firewall protection against common malicious request patterns\u003C\u002Fli>\n\u003Cli>Secure threat logging for administrators\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service provided by Cyber Smart Empire to check IP reputation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP address of the visitor being checked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* Only when an IP reputation check is performed\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider\u003C\u002Fstrong>\u003Cbr \u002F>\n* Cyber Smart Empire\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service URL\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fterms\u002F\u003C\u002Fp>\n","Lightweight WordPress security firewall with login protection and threat monitoring.",138,"2025-12-24T16:40:00.000Z","5.5","7.2",[18,19,21,22,66],"website-security","https:\u002F\u002Fcybersmartempire.com\u002Fcyberdefence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyber-smart-defence.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":11,"downloaded":77,"rating":11,"num_ratings":11,"last_updated":78,"tested_up_to":14,"requires_at_least":79,"requires_php":16,"tags":80,"homepage":82,"download_link":83,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":52},"liveupx-security","Liveupx Security","1.5.2","Liveupx","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveupx\u002F","\u003Cp>Liveupx Security is a lightweight yet powerful WordPress security plugin that protects your website from hackers, brute force attacks, and malicious activity. Developed by \u003Ca href=\"https:\u002F\u002Fliveupx.com\" rel=\"nofollow ugc\">Liveupx.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection with automatic IP lockout\u003C\u002Fli>\n\u003Cli>Configurable failed login attempts and lockout duration\u003C\u002Fli>\n\u003Cli>Honeypot field to catch automated bots\u003C\u002Fli>\n\u003Cli>Simple math CAPTCHA for human verification\u003C\u002Fli>\n\u003Cli>Hide specific login error messages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block malicious query strings (SQL injection, XSS)\u003C\u002Fli>\n\u003Cli>Block known vulnerability scanners and bad bots\u003C\u002Fli>\n\u003Cli>Disable XML-RPC to prevent DDoS attacks\u003C\u002Fli>\n\u003Cli>Disable pingbacks\u003C\u002Fli>\n\u003Cli>Remove WordPress version from source code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User enumeration protection\u003C\u002Fli>\n\u003Cli>REST API user endpoint protection\u003C\u002Fli>\n\u003Cli>Strong password enforcement\u003C\u002Fli>\n\u003Cli>Block common admin usernames\u003C\u002Fli>\n\u003Cli>Disable theme\u002Fplugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>IP Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manual IP blocking with reason\u003C\u002Fli>\n\u003Cli>IP whitelisting for trusted addresses\u003C\u002Fli>\n\u003Cli>Automatic blocking after security violations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Activity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive security event logging\u003C\u002Fli>\n\u003Cli>Track login attempts and user activity\u003C\u002Fli>\n\u003Cli>Automatic cleanup of old log entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Server Protection (Apache)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>.htaccess security rules\u003C\u002Fli>\n\u003Cli>Protect wp-config.php\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Block common exploits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose Liveupx Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No External Services\u003C\u002Fstrong> – All protection happens on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – Simple settings with sensible defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Source\u003C\u002Fstrong> – 100% free with no premium upsells\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Focused\u003C\u002Fstrong> – No data sent to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cp>This plugin stores security-related data in your WordPress database including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Failed login attempts (IP address, username, timestamp)\u003C\u002Fli>\n\u003Cli>Login lockouts (IP address, duration, reason)\u003C\u002Fli>\n\u003Cli>Blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003Cli>Security activity log (events, user info, IP addresses)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally on your server and is never transmitted to external services.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For documentation and support, visit \u003Ca href=\"https:\u002F\u002Fliveupx.com\u002Fdocs\" rel=\"nofollow ugc\">liveupx.com\u002Fdocs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Liveupx Security is open source. Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fliveupx\u002Fliveupx-security\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Liveupx Security stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login Attempts\u003C\u002Fstrong>: IP addresses, usernames, and timestamps of failed login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockouts\u003C\u002Fstrong>: IP addresses and lockout details for brute force protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Security events including user actions, IP addresses, and timestamps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Lists\u003C\u002Fstrong>: Manually blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used solely for security purposes and is never shared with third parties. Data is automatically cleaned up based on configurable retention periods (default: 7 days for failed logins, 30 days for activity logs).\u003C\u002Fp>\n\u003Cp>You can clear all stored data at any time from the plugin settings. When the plugin is uninstalled, all data is permanently deleted from your database.\u003C\u002Fp>\n","Comprehensive WordPress security plugin with login protection, firewall, brute force prevention, IP blocking, and activity logging.",116,"2026-01-09T19:58:00.000Z","5.0",[18,19,21,81,22],"malware","https:\u002F\u002Fliveupx.com\u002Fliveupx-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliveupx-security.1.5.2.zip",{"slug":85,"name":86,"version":6,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":11,"num_ratings":11,"last_updated":92,"tested_up_to":14,"requires_at_least":93,"requires_php":16,"tags":94,"homepage":95,"download_link":96,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":52},"srworks-armorlite","SRWorks ArmorPro Lite","SRWorks LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrworks\u002F","\u003Cp>\u003Cstrong>ArmorLite\u003C\u002Fstrong> is a free, lightweight WordPress security plugin built for performance. Firewall with 600+ built-in patterns, brute force protection, bot detection, security headers, and login monitoring. No bloat, no unnecessary database queries, no external API calls during normal operation.\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Firewall\u003C\u002Fstrong> — Pure PHP string-matching firewall with 600+ built-in patterns covering SQL injection, XSS, path traversal, shell access, and more. Five categories (Request URI, Query String, User Agent, Referrer, IP Address). Three matching modes: contains, ends-with, and path-only. Pattern manager with per-pattern toggle and hit counts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong> — Session-based login tracking with automatic IP lockouts after configurable failed attempts. Login activity log with IP, location, status badges, and usernames tried. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Protection\u003C\u002Fstrong> — Automated bot detection for login, registration, and password reset forms using honeypot fields, timestamp validation, and JavaScript token verification. Blocks bots before they can attempt brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Headers\u003C\u002Fstrong> — Four managed headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection) with dual delivery via PHP and .htaccess. Header probe system avoids duplicates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelist\u003C\u002Fstrong> — Whitelist trusted IPs to bypass all security checks including brute force lockouts and firewall blocking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscation\u003C\u002Fstrong> — Author slug randomization to prevent user enumeration and email obfuscation to protect addresses from scrapers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard\u003C\u002Fstrong> — Real-time stats, blocks over time chart, protection status cards, and WordPress dashboard widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC & REST API Protection\u003C\u002Fstrong> — Disable XML-RPC and protect the REST API from user enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Log\u003C\u002Fstrong> — View blocked requests with IP, matched rule, request URI, and timestamps. 7-day log retention.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tools\u003C\u002Fstrong> — Health checks with database integrity verification, one-click table repair, and debug mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to ArmorPro\u003C\u002Fh4>\n\u003Cp>Need more protection? \u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">ArmorPro\u003C\u002Fa> adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Engine (blocks attacks before WordPress loads)\u003C\u002Fli>\n\u003Cli>Two-Factor Authentication (TOTP) with backup codes\u003C\u002Fli>\n\u003Cli>Passkey Authentication (Face ID, Touch ID, Windows Hello)\u003C\u002Fli>\n\u003Cli>Custom Login URL (hide wp-login.php)\u003C\u002Fli>\n\u003Cli>IP Blacklist with auto-blacklist for repeat offenders\u003C\u002Fli>\n\u003Cli>Country Blocking with GeoIP\u003C\u002Fli>\n\u003Cli>HSTS, Content-Security-Policy, and Permissions-Policy headers\u003C\u002Fli>\n\u003Cli>Email Notifications and digest summaries\u003C\u002Fli>\n\u003Cli>Extended log retention (90 days)\u003C\u002Fli>\n\u003Cli>Custom firewall patterns\u003C\u002Fli>\n\u003Cli>Export\u002Fimport settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsrworks.co\u002Fplugins\u002Farmorpro\u002F?utm_source=armorlite&utm_medium=readme&utm_campaign=description#pricing\" rel=\"nofollow ugc\">Learn more about ArmorPro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external third-party services in the following situations:\u003C\u002Fp>\n\u003Ch4>Anonymous Usage Data (Optional)\u003C\u002Fh4>\n\u003Cp>This plugin can optionally share anonymous usage data to help improve ArmorLite. This is disabled by default and requires explicit opt-in from the Settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When it is called: Daily heartbeat (if opted in)\u003C\u002Fli>\n\u003Cli>Data sent: WordPress version, PHP version, active plugin features (no personal data)\u003C\u002Fli>\n\u003Cli>Service: https:\u002F\u002Fapi.srworks.co\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fsrworks.co\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personal data is collected or stored by this service.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>ArmorLite stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses of visitors who trigger security rules or attempt to log in\u003C\u002Fli>\n\u003Cli>Timestamps of security events\u003C\u002Fli>\n\u003Cli>Usernames used in login attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is stored to help you monitor and protect your website. You can clear all logs at any time from the Tools tab. When the plugin is uninstalled, all data is automatically deleted.\u003C\u002Fp>\n\u003Cp>No visitor data is sent to external services during normal operation. Anonymous usage data sharing is optional and disabled by default.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help with ArmorLite? Have a feature request or found a bug?\u003C\u002Fp>\n\u003Cp>Visit our support page: https:\u002F\u002Fsrworks.co\u002Fcontact\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Firewall patterns inspired by the work of Jeff Starr at Perishable Press (https:\u002F\u002Fperishablepress.com). Used under GPLv2.\u003C\u002Fp>\n\u003Cp>Charts powered by Chart.js (https:\u002F\u002Fwww.chartjs.org), MIT License.\u003C\u002Fp>\n\u003Cp>Tooltips powered by Tippy.js (https:\u002F\u002Fatomiks.github.io\u002Ftippyjs), MIT License.\u003C\u002Fp>\n","Free WordPress security with firewall, brute force protection, bot detection, security headers, IP whitelist, and login monitoring. No bloat.",129,"2026-03-05T19:07:00.000Z","5.3",[18,19,49,21,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsrworks-armorlite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsrworks-armorlite.1.0.0.zip",{"slug":98,"name":99,"version":6,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":11,"num_ratings":11,"last_updated":105,"tested_up_to":14,"requires_at_least":79,"requires_php":16,"tags":106,"homepage":13,"download_link":107,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":52},"totalweb-security-firewall-malware-scanner","TotalWeb – Security, Firewall & Malware Scanner","Pranshtech Solutions Private Limited","https:\u002F\u002Fprofiles.wordpress.org\u002Fpranshtech\u002F","\u003Cp>TotalWeb offers a multi-layered approach to WordPress security, combining advanced protection mechanisms with an intuitive administrative interface. From real-time monitoring to proactive threat detection and prevention, TotalWeb empowers website administrators to maintain a secure online presence.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>1. Login Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login Attempt Tracking:\u003C\u002Fstrong> Monitors and logs all login attempts, both successful and failed, including IP addresses and usernames.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Enhances login security using TOTP-based 2FA with WooCommerce support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP and User Lockouts:\u003C\u002Fstrong> Automatically locks IP addresses and users after a configurable number of failed login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Log Management:\u003C\u002Fstrong> View, filter, bulk delete, and export login attempt logs to CSV.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>2. CAPTCHA Integration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-form CAPTCHA Protection:\u003C\u002Fstrong> Adds CAPTCHA to:\n\u003Cul>\n\u003Cli>Login Form  \u003C\u002Fli>\n\u003Cli>Registration Form  \u003C\u002Fli>\n\u003Cli>Lost Password Form  \u003C\u002Fli>\n\u003Cli>Reset Password Form  \u003C\u002Fli>\n\u003Cli>Comment Form  \u003C\u002Fli>\n\u003Cli>WooCommerce Forms  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported CAPTCHA Types:\u003C\u002Fstrong> reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Math CAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form 7 Integration:\u003C\u002Fstrong> Seamlessly injects CAPTCHA into CF7 forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3. File and Database Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive File Scanning:\u003C\u002Fstrong> Scans core files, plugins, and themes for modifications, new files, and deletions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled & On-Demand Scans:\u003C\u002Fstrong> Run daily scheduled scans or manual scans anytime.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Monitoring:\u003C\u002Fstrong> Configure file types, exclusions, and email alerts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Integration:\u003C\u002Fstrong> Initiate scans and check status programmatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MD5 Hash Verification:\u003C\u002Fstrong> Detects unauthorized file changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Backup & Restore:\u003C\u002Fstrong> Perform manual or automated backups and restore previous versions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Prefix Change:\u003C\u002Fstrong> Enhances security by changing the WP database prefix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SQL Injection Protection:\u003C\u002Fstrong> Blocks suspicious queries and monitors DB activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Query Monitoring:\u003C\u002Fstrong> Detects and blocks suspicious SQL patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Hardening:\u003C\u002Fstrong> Disable insecure WP features such as:\n\u003Cul>\n\u003Cli>File Editor  \u003C\u002Fli>\n\u003Cli>Unfiltered HTML (non-admins)  \u003C\u002Fli>\n\u003Cli>XML-RPC  \u003C\u002Fli>\n\u003Cli>Force SSL  \u003C\u002Fli>\n\u003Cli>Hide WP version  \u003C\u002Fli>\n\u003Cli>Block PHP execution in uploads  \u003C\u002Fli>\n\u003Cli>Block dangerous file types  \u003C\u002Fli>\n\u003Cli>Protect sensitive files (e.g., wp-config.php, .htaccess)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Controls:\u003C\u002Fstrong> Manage security settings and logs via API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>4. Malware Scanner\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malicious Code Detection:\u003C\u002Fstrong> Scans core, themes, plugins, and uploads for malware signatures.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual & Scheduled Scans:\u003C\u002Fstrong> Flexible scanning options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Issue Tracking:\u003C\u002Fstrong> Detects modified, missing, unknown, and infected files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Reports:\u003C\u002Fstrong> Sends alerts when malware is detected.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>5. Firewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Web Application Firewall (WAF):\u003C\u002Fstrong> Supports custom regex rules and ModSecurity CRS patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Blacklist\u002FWhitelist:\u003C\u002Fstrong> Block malicious IPs or allow trusted ones.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-Blocking:\u003C\u002Fstrong> Restrict access by country.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting & DDoS Protection:\u003C\u002Fstrong> Limits requests per IP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment Spam IP Monitoring:\u003C\u002Fstrong> Auto-blocks frequent spam IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bad Bot Protection:\u003C\u002Fstrong> Blocks known scrapers and bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart 404 Blocking:\u003C\u002Fstrong> Blocks IPs generating excessive 404 errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>General Firewall Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Disable RSS\u002FATOM feeds  \u003C\u002Fli>\n\u003Cli>Block proxy comment submissions  \u003C\u002Fli>\n\u003Cli>Advanced string filtering  \u003C\u002Fli>\n\u003Cli>Enable 6G Firewall rules  \u003C\u002Fli>\n\u003Cli>Block unauthorized REST requests  \u003C\u002Fli>\n\u003Cli>Block blank user-agent or referrer POST requests  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>6. Redirects\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom 301 Redirects:\u003C\u002Fstrong> Manage permanent redirect rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Interface:\u003C\u002Fstrong> Add, edit, and delete redirects easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Validation:\u003C\u002Fstrong> Prevents duplicates and formatting issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>7. Security Hardening\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>HTTP Security Headers:\u003C\u002Fstrong> Configure:\n\u003Cul>\n\u003Cli>HSTS  \u003C\u002Fli>\n\u003Cli>X-Frame-Options  \u003C\u002Fli>\n\u003Cli>Content Security Policy (CSP)  \u003C\u002Fli>\n\u003Cli>Referrer-Policy  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access Restrictions:\u003C\u002Fstrong> Limit access to specific plugin features.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Setup Wizard:\u003C\u002Fstrong> Apply recommended hardening automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>8. Audit Logging\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Logs:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Logins (success\u002Ffailure)\u003C\u002Fli>\n\u003Cli>User profile changes\u003C\u002Fli>\n\u003Cli>Role\u002Fcapability changes\u003C\u002Fli>\n\u003Cli>Plugin\u002Ftheme activation\u002Fdeactivation\u002Fupdates\u003C\u002Fli>\n\u003Cli>Theme switches\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Daily summaries.\u003C\u002Fli>\n\u003Cli>Email alerts for important events.\u003C\u002Fli>\n\u003Cli>Dashboard widget with recent events.\u003C\u002Fli>\n\u003Cli>REST API access to logs.\u003C\u002Fli>\n\u003C\u002Ful>\n","TotalWeb strengthens your site security with malware defense, brute-force protection, firewall rules, and smart hardening controls.",148,"2025-12-08T08:08:00.000Z",[18,19,20,81,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftotalweb-security-firewall-malware-scanner.1.0.0.zip",{"attackSurface":109,"codeSignals":228,"taintFlows":279,"riskAssessment":280,"analyzedAt":288},{"hooks":110,"ajaxHandlers":191,"restRoutes":218,"shortcodes":219,"cronEvents":220,"entryPointCount":227,"unprotectedCount":11},[111,117,121,125,128,133,139,144,147,151,155,159,163,167,171,175,180,184,188],{"type":112,"name":113,"callback":114,"file":115,"line":116},"action","admin_notices","show_activation_notice","includes\\class-vigiguard-core.php",117,{"type":112,"name":118,"callback":119,"file":115,"line":120},"admin_menu","add_admin_menu",125,{"type":112,"name":122,"callback":123,"file":115,"line":124},"admin_enqueue_scripts","enqueue_styles",126,{"type":112,"name":122,"callback":126,"file":115,"line":127},"enqueue_scripts",127,{"type":112,"name":129,"callback":130,"file":131,"line":132},"vigiguard_security_weekly_file_check","run_file_check","includes\\modules\\class-file-integrity.php",57,{"type":134,"name":135,"callback":136,"file":137,"line":138},"filter","the_generator","__return_empty_string","includes\\modules\\class-hardening.php",54,{"type":134,"name":140,"callback":141,"priority":142,"file":137,"line":143},"style_loader_src","remove_version_from_assets",9999,55,{"type":134,"name":145,"callback":141,"priority":142,"file":137,"line":146},"script_loader_src",56,{"type":134,"name":148,"callback":149,"file":137,"line":150},"xmlrpc_enabled","__return_false",61,{"type":134,"name":152,"callback":153,"file":137,"line":154},"wp_headers","remove_xmlrpc_header",62,{"type":112,"name":156,"callback":157,"file":137,"line":158},"template_redirect","block_user_enumeration",72,{"type":134,"name":160,"callback":161,"file":137,"line":162},"rest_authentication_errors","block_user_rest_endpoint",73,{"type":112,"name":164,"callback":165,"file":137,"line":166},"send_headers","add_security_headers",78,{"type":134,"name":168,"callback":169,"priority":32,"file":170,"line":132},"authenticate","check_ip_blocked","includes\\modules\\class-login-protection.php",{"type":112,"name":172,"callback":173,"file":170,"line":174},"wp_login_failed","log_failed_login",60,{"type":112,"name":176,"callback":177,"priority":178,"file":170,"line":179},"wp_login","clear_login_attempts",10,63,{"type":112,"name":181,"callback":182,"file":170,"line":183},"login_errors","show_lockout_message",66,{"type":112,"name":113,"callback":185,"file":186,"line":187},"vigiguard_security_wp_version_notice","vigiguard-security.php",65,{"type":112,"name":113,"callback":189,"file":186,"line":190},"vigiguard_security_php_version_notice",71,[192,199,203,207,210,213,216],{"action":193,"nopriv":194,"callback":195,"hasNonce":196,"hasCapCheck":196,"file":197,"line":198},"vigiguard_fix_all_issues",false,"ajax_fix_all_issues",true,"admin\\class-vigiguard-admin.php",67,{"action":200,"nopriv":194,"callback":201,"hasNonce":196,"hasCapCheck":196,"file":197,"line":202},"vigiguard_dismiss_notice","ajax_dismiss_notice",68,{"action":204,"nopriv":194,"callback":205,"hasNonce":196,"hasCapCheck":196,"file":197,"line":206},"vigiguard_unlock_ip","ajax_unlock_ip",69,{"action":208,"nopriv":194,"callback":209,"hasNonce":196,"hasCapCheck":196,"file":197,"line":190},"vigiguard_run_file_check","ajax_run_file_check",{"action":211,"nopriv":194,"callback":212,"hasNonce":196,"hasCapCheck":196,"file":197,"line":158},"vigiguard_reset_plugin","ajax_reset_plugin",{"action":214,"nopriv":194,"callback":215,"hasNonce":196,"hasCapCheck":196,"file":197,"line":162},"vigiguard_clear_logs","ajax_clear_logs",{"action":208,"nopriv":194,"callback":209,"hasNonce":196,"hasCapCheck":196,"file":197,"line":217},75,[],[],[221,225],{"hook":222,"callback":222,"file":223,"line":224},"vigiguard_security_daily_cleanup","includes\\class-vigiguard-activator.php",130,{"hook":129,"callback":129,"file":223,"line":226},135,7,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":270,"fileOperations":11,"externalRequests":11,"nonceChecks":276,"capabilityChecks":277,"bundledLibraries":278},[],{"prepared":231,"raw":232,"locations":233},8,15,[234,237,240,243,246,249,251,252,254,256,258,260,262,265,268],{"file":197,"line":235,"context":236},891,"$wpdb->get_var() with variable interpolation",{"file":197,"line":238,"context":239},895,"$wpdb->query() with variable interpolation",{"file":241,"line":242,"context":236},"admin\\views\\dashboard.php",159,{"file":244,"line":245,"context":236},"admin\\views\\settings.php",324,{"file":247,"line":183,"context":248},"includes\\class-vigiguard-uninstaller.php","$wpdb->get_col() with variable interpolation",{"file":247,"line":250,"context":239},87,{"file":247,"line":25,"context":239},{"file":247,"line":253,"context":239},115,{"file":247,"line":255,"context":236},231,{"file":247,"line":257,"context":236},247,{"file":247,"line":259,"context":236},252,{"file":247,"line":261,"context":236},258,{"file":170,"line":263,"context":264},393,"$wpdb->get_results() with variable interpolation",{"file":266,"line":267,"context":239},"uninstall.php",37,{"file":266,"line":269,"context":239},53,{"escaped":271,"rawEcho":31,"locations":272},107,[273],{"file":274,"line":174,"context":275},"admin\\views\\logs.php","raw output",9,12,[],[],{"summary":281,"deductions":282},"The \"vigiguard-security\" v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis.  The absence of any critical or high-severity taint flows, coupled with a high percentage of SQL queries using prepared statements and properly escaped output, indicates good development practices regarding common web vulnerabilities like SQL injection and cross-site scripting. The plugin also implements a substantial number of nonce and capability checks, further bolstering its defenses against unauthorized actions and privilege escalation.  Its attack surface, while containing several AJAX handlers, is fully protected by authentication checks, mitigating potential risks associated with these entry points.  Furthermore, the lack of any recorded vulnerabilities in its history, including CVEs, suggests a mature and well-maintained codebase or a lack of focused exploitation attempts.  However, the analysis did not cover all potential attack vectors such as file operations or external HTTP requests, and the absence of taint analysis results might mean that some flows were not analyzed or detected by the tool. While the current version appears robust, ongoing vigilance and a comprehensive security audit beyond static analysis would be beneficial.",[283,286],{"reason":284,"points":285},"SQL queries only 35% prepared",5,{"reason":287,"points":31},"1% of outputs unescaped","2026-03-17T05:49:42.497Z",{"wat":290,"direct":303},{"assetPaths":291,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[292,293,294,295],"\u002Fwp-content\u002Fplugins\u002Fvigiguard-security\u002Fadmin\u002Fcss\u002Fvigiguard-admin.css","\u002Fwp-content\u002Fplugins\u002Fvigiguard-security\u002Fadmin\u002Fjs\u002Fvigiguard-admin.js","\u002Fwp-content\u002Fplugins\u002Fvigiguard-security\u002Fpublic\u002Fcss\u002Fvigiguard-public.css","\u002Fwp-content\u002Fplugins\u002Fvigiguard-security\u002Fpublic\u002Fjs\u002Fvigiguard-public.js",[],[293,295],[299,300,301,302],"vigiguard-security\u002Fadmin\u002Fcss\u002Fvigiguard-admin.css?ver=","vigiguard-security\u002Fadmin\u002Fjs\u002Fvigiguard-admin.js?ver=","vigiguard-security\u002Fpublic\u002Fcss\u002Fvigiguard-public.css?ver=","vigiguard-security\u002Fpublic\u002Fjs\u002Fvigiguard-public.js?ver=",{"cssClasses":304,"htmlComments":309,"htmlAttributes":313,"restEndpoints":318,"jsGlobals":323,"shortcodeOutput":327},[305,306,307,308],"vigiguard-security-admin-wrap","vigiguard-fix-all-button","vigiguard-button-primary","vigiguard-spinner",[310,311,312],"\u003C!-- VigiGuard Security Settings -->","\u003C!-- VigiGuard Security Dashboard -->","\u003C!-- VigiGuard Security Activity Log -->",[314,315,316,317],"data-nonce","data-action","data-target","data-id",[319,320,321,322],"\u002Fwp-json\u002Fvigiguard-security\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fvigiguard-security\u002Fv1\u002Ffix-issue","\u002Fwp-json\u002Fvigiguard-security\u002Fv1\u002Fdismiss-notice","\u002Fwp-json\u002Fvigiguard-security\u002Fv1\u002Funlock-ip",[324,325,326],"VigiGuardAdmin","VigiGuardPublic","vigiguardAjaxUrl",[]]