[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ-VzzYsPybVVHW6FzRwXRE9Y7coQ8SUdzJGkG4l32qg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":52,"analysis":154,"fingerprints":333},"vigilantor","VigilanTor","1.3.12","drew010","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrew010\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002F\" title=\"Tor\" rel=\"nofollow ugc\">Tor\u003C\u002Fa> is an invaluable tool for protecting free-speech, privacy, and preventing surveillance but when abused it can protect the identity of malicious users and make tracking their activities more difficult.  “Hackers” might use Tor to run security scans on your website or spam websites with comments and fake registrations.\u003C\u002Fp>\n\u003Cp>The purpose of this plugin is to give you the power to block certain Tor activity from your WordPress site.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Tor users from registering on your site\u003C\u002Fli>\n\u003Cli>Allow Tor registrations, but flag them for review\u003C\u002Fli>\n\u003Cli>Block logins from Tor (useful for preventing brute force attacks and securing your admin panel)\u003C\u002Fli>\n\u003Cli>Block Tor users from posting comments to your site\u003C\u002Fli>\n\u003Cli>Block spammy pingbacks & trackbacks from Tor IP addresses\u003C\u002Fli>\n\u003Cli>Block Tor users from your entire WordPress site\u003C\u002Fli>\n\u003Cli>Permit access after solving a CAPTCHA (requires hCaptcha for WordPress plugin)\u003C\u002Fli>\n\u003Cli>Real-time blocking using the Tor DNS exit list service\u003C\u002Fli>\n\u003Cli>Near real time blocking using a cached blocklist which can be updated every 10 minutes or more\u003C\u002Fli>\n\u003Cli>Custom blocklist support.  Block IP addresses or host networks.\u003C\u002Fli>\n\u003Cli>Statistics to show how many Tor actions have been blocked by this plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is compatible with BuddyPress, the popular Login With Ajax plugin, and hCaptcha.\u003C\u002Fp>\n\u003Cp>If there is a feature missing that you would like, request it!\u003C\u002Fp>\n\u003Cp>If you opt to use the real-time blocking, each IP address looked up is cached for 5 minutes for efficiency.\u003C\u002Fp>\n\u003Cp>The Tor IP lists that are downloaded only contain “exit node” IP addresses so it is relatively small and the list is searched using a binary search so the plugin is very fast!\u003C\u002Fp>\n\u003Cp>This plugin also adds two shortcodes which can be used to display specific content to Tor or non-Tor users. Shortcode usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tor_users]Hi, I see you're using Tor.  I support privacy and free-speech too! Visitors not using Tor will not see this message.[\u002Ftor_users]\n[non_tor_users]Defend yourself against tracking and surveillance. Circumvent censorship. Visit torproject.org to learn more. Visitors already using Tor will not see this message.[\u002Fnon_tor_users]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Support Tor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tor is a great thing.  If you agree, consider \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fgetinvolved\u002Fvolunteer.html.en\" rel=\"nofollow ugc\">volunteering\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fdonate\u002Fdonate.html.en\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the Tor project, or expand the Tor network by \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be maintained by the plugin author.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The author of this plugin values Tor as well as the security of your website.  Considerable effort went into the development of this plugin as well as the code and infrastructure that provides you with the up-to-date exit lists.\u003C\u002Fp>\n\u003Cp>You can support this plugin by installing it, rating it positively, \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Fdonate\u002F\" title=\"Donating\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the author, or \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be operated by the plugin developer in your honor.\u003C\u002Fp>\n","Add a layer of security to your WordPress site with the ability to block Tor users from commenting, registering, logging in and more.",400,11934,100,12,"2023-10-19T19:59:00.000Z","6.3.8","4.0","5.6",[20,21,22,23,24],"comments","proxy","spam","tor","tor-blocker","https:\u002F\u002Fdrew-phillips.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigilantor.1.3.12.zip",85,1,0,"2023-03-21 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-28695","vigilantor-authenticated-administrator-stored-cross-site-scripting","VigilanTor \u003C= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting","The VigilanTor  plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vitor_realtime_timeout' admin setting in versions up to, and including, 1.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.3.10","1.3.11","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2ea71d63-27ce-4f24-b3ef-de38e6f25e0d?source=api-prod",308,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":50,"computed_at":51},69,"2026-04-04T09:09:52.634Z",[53,77,96,114,134],{"slug":54,"name":55,"version":56,"author":55,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":28,"unpatched_count":29,"last_vuln_date":76,"fetched_at":31},"proxy-vpn-blocker","Proxy & VPN Blocker","3.5.8","https:\u002F\u002Fprofiles.wordpress.org\u002Frickstermuk\u002F","\u003Ch4>Block VPNs, Proxies, Tor & Spam – Strengthen Your WordPress Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Proxy & VPN Blocker\u003C\u002Fstrong> is a complete \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> designed to protect your site from anonymous and abusive traffic.\u003Cbr \u002F>\nIt functions as a powerful \u003Cstrong>VPN blocker\u003C\u002Fstrong>, \u003Cstrong>proxy blocker\u003C\u002Fstrong>, and \u003Cstrong>Tor blocker\u003C\u002Fstrong>, preventing unwanted visitors, spam bots, and fake users from accessing your site.\u003C\u002Fp>\n\u003Cp>Using the trusted \u003Ca href=\"https:\u002F\u002Fproxycheck.io\" rel=\"nofollow ugc\">proxycheck.io\u003C\u002Fa> API, it detects connections from VPNs, open proxies, Tor nodes, and compromised servers — giving you real-time protection without slowing down your site.\u003C\u002Fp>\n\u003Cp>Perfect for login, registration, comments, or any page you want to secure, Proxy & VPN Blocker also includes smart \u003Cstrong>spam protection\u003C\u002Fstrong>, geoblocking, and IP logging to help you stay in control of who can access your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re running a blog, store, or membership site, this plugin helps keep out fake users, block risky regions, and stop automated spam attempts before they start.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful WordPress security plugin – blocks VPNs, proxies, Tor, Mysterium nodes, and compromised servers in real time  \u003C\u002Fli>\n\u003Cli>Country blocking & geoblocking – allow or deny traffic by country or region with flexible IP-based controls  \u003C\u002Fli>\n\u003Cli>Supports IP ranges, CIDRs, specific IPs, and ASNs for precise network-level blocking  \u003C\u002Fli>\n\u003Cli>Optionally use proxycheck.io’s Risk Score for smarter VPN and proxy detection decisions  \u003C\u002Fli>\n\u003Cli>Built-in API Key Statistics with live usage graphs and daily query totals  \u003C\u002Fli>\n\u003Cli>Visitor Action Log – view blocked IPs, detection reason, and plugin response directly in your dashboard  \u003C\u002Fli>\n\u003Cli>Caches known good IPs to reduce API usage and improve performance  \u003C\u002Fli>\n\u003Cli>Works seamlessly with both IPv4 and IPv6 addresses  \u003C\u002Fli>\n\u003Cli>Compatible with Cloudflare and other CDN headers for accurate IP detection  \u003C\u002Fli>\n\u003Cli>Block access to Login, Registration, Admin, Comments, or any page\u002Fpost easily  \u003C\u002Fli>\n\u003Cli>Customize the “Access Denied” message or redirect visitors to a specific page  \u003C\u002Fli>\n\u003Cli>Log registration and recent login IPs in the Users list and profile – linked to proxycheck.io’s Threats page  \u003C\u002Fli>\n\u003Cli>Manage proxycheck.io Whitelist and Blacklist directly from WordPress  \u003C\u002Fli>\n\u003Cli>Simple integration via WordPress Editor and Toolbar for page-level protection  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built to complement other security plugins  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And much more available in \u003Ca href=\"https:\u002F\u002Fproxyvpnblocker.com\u002Fpremium\" rel=\"nofollow ugc\">Proxy & VPN Blocker Premium\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>The proxycheck.io API\u003C\u002Fh4>\n\u003Cp>This Plugin can be used without a proxycheck.io API key, but it will be limited to 100 daily queries to the API. To enhance the capabilities, you can obtain a free API key from proxycheck.io, which allows for 1,000 free daily queries, making it suitable for small WordPress sites.\u003C\u002Fp>\n\u003Cp>Here’s an overview of the free and paid API options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Without an API key (100 queries\u002Fday)\u003C\u002Fli>\n\u003Cli>With a free API key (1,000 queries\u002Fday – ideal for small sites)\u003C\u002Fli>\n\u003Cli>With a paid API key (10,000 to over 10 million queries\u002Fday)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your API key can be used across all of your sites and apps, you only need a proxycheck.io plan that fits your overall needs.\u003C\u002Fp>\n\u003Ch4>User IP Logging Feature\u003C\u002Fh4>\n\u003Cp>Proxy & VPN Blocker allows for local logging of user registration IP addresses. The IP addresses are displayed next to each user in the Users list and on their profile pages, visible to administrators. The Plugin also logs the most recent login IP address for each user, which is also displayed in the User’s list and profile page, with the IP address linked to the proxycheck.io Threats page.\u003C\u002Fp>\n\u003Ch4>Caching Plugin Notice\u003C\u002Fh4>\n\u003Cp>If you’re using caching plugins (like WP Rocket or WP Super Cache), IP-based page blocking might not function correctly due to static caching. A DONOTCACHEPAGE option is available to help mitigate this issue.\u003C\u002Fp>\n\u003Ch4>Privacy & GDPR Compliance\u003C\u002Fh4>\n\u003Cp>To check IP addresses, the plugin sends them to the proxycheck.io API. No personally identifiable information (PII) beyond the IP is transmitted. For details, refer to proxycheck.io’s \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fprivacy\" rel=\"nofollow ugc\">privacy notice\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fgdpr\" rel=\"nofollow ugc\">GDPR Compliance\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This Plugin is \u003Cem>not developed by proxycheck.io\u003C\u002Fem> despite being recommended by them.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For plugin-related support, please use the WordPress.org support forum.\u003C\u002Fli>\n\u003Cli>For API or account questions, contact proxycheck.io directly.\u003C\u002Fli>\n\u003Cli>The proxycheck.io logo is used with express permission.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.",1000,127298,74,32,"2026-03-05T20:02:00.000Z","6.9.4","4.9","7.2",[69,70,71,24,72],"proxy-blocker","security","spam-protection","vpn-blocker","https:\u002F\u002Fproxyvpnblocker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-vpn-blocker.3.5.8.zip",99,"2026-01-09 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":29,"num_ratings":29,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":94,"download_link":95,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"identity-plus","Identityplus","2.4.3","Stefan Harsan Farr","https:\u002F\u002Fprofiles.wordpress.org\u002Fshfarr\u002F","\u003Cp>Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally 3) factor authentication and TLS level authentication making your site more secure than ever. Additionally it enables site owners to collaborate in defending against criminality by allowing them to send feedback on certificates and their oweners. With Identityplus, when a spam is reported, we are not only preventing the same spam being posted anywhere else, we are effectively preventing the spammer sending any other kind of spam, anywhere else. Keep on reading for a brief intro into this powerful technology.\u003C\u002Fp>\n\u003Ch4>Log In, Before A Login Page\u003C\u002Fh4>\n\u003Cp>Why Identityplus Is Better Than Any 2 Factor Authentication …\u003C\u002Fp>\n\u003Cp>Whenever you deal with application level login, whether it’s one factor, two factor or any factor for that matter, you need a login page. This page must load before it gets the chance to see who is visiting, which is why Worpress has a protection against repeated login attempts. This can stop bots, to a certain degree, but if you happen to have an application vulnerability that can be used by a hacker to bypass login, whether you forgot to updated your WordPress or something totally out of your control like zero day vulnerability in PHP, your blog is toast, regardless of how many factors of authentications you have.\u003Cbr \u002F>\nIdentityplus uses TLS level authentication, which means the visiting device is authenticated before the login page loads. If the proper PKI credentials are not presented by the device, the page will never, ever load. The visitor is simply directed away from the sensitive page and hence is unable to perform any kind of attack, be that brute force, credential theft or zero day for that matter. No login page, no problem …\u003C\u002Fp>\n\u003Ch4>A VPN Into Your Admin Panel\u003C\u002Fh4>\n\u003Cp>Make Your Admin Panel Accessible Only From Your Computers …\u003C\u002Fp>\n\u003Cp>Having a PKI indenity in your browser is a powreful thing. Because the server expects that identity to be there, it does not only limit access by the user, it also limits access based on computer. As such, your admin panel becomes literally inaccessible from any other computer in the world. To access your admin panel, a hacker must steal your computer and access it from there.\u003C\u002Fp>\n\u003Ch4>SSO Like Never Before\u003C\u002Fh4>\n\u003Cp>Simpler, Faster, More Secure. Sign In Without Having To Do Anyting …\u003C\u002Fp>\n\u003Cp>Once you start using Identityplus, you will see you are hardly asked to do anything, you’ll just notice you are logged in. Don’t get scared, you are logged in because your computer is certified and it’s being identified before you would have the chance to do anything. But since you also logged in with your password or your fingerprint into the device you are using (laptop \u002F mobile phone), you are actually performing 2 factor authentication without even noticing it. You will occasionally notice however, as your certificate becomes idle, that you are being asked for your Identityplus PIN. That’s actually the third factor authentication, all in one solution\u003C\u002Fp>\n\u003Ch4>A Network Of Trust\u003C\u002Fh4>\n\u003Cp>Reward Good Deeds And Block The Spammer, Not The Only Spam …\u003C\u002Fp>\n\u003Cp>When devices wear an impossible to forge identity, something amazing happens: if you restrict access to your comment section to devices with Identityplus certificates, whever you approve a comment, you are sending tokens of trust to the owner of that certificate telling Identityplus that you trust the owner. Now other blogs can trust him too, and he is steadily building a profile that defferentiates him from any malicius bot. Conversely, when you mark a comment as spam, you’ll be telling Identityplus that this is a malicious entity, and we block the certificate making sure the device can’t be used to post spam again. Now we are no longer only stopping spam, we are collectively working on stopping the spammer.\u003C\u002Fp>\n\u003Ch4>Enjoy 10 Connected Users For Free\u003C\u002Fh4>\n\u003Cp>Free Certificates, Free API Up To 10 Connected Users, Unlimited Validations For Free …\u003C\u002Fp>\n\u003Cp>A connected user is a user that can be signed in automatically via Identityplus into a service using Identityplus. If that service is your personal blog, you probably don’t have more than 10 users who regularly sign into the administrative section of your WordPress installation. If that’s the case, you will never have to pay for Identityplus. Visitors that comment with Identityplus accounts that are not connected to local accounts do not count. For this reason the plugin will only connect administrator accouns by default. If you need log more than 10 users into your back-end, you’ll need a business account, the cost of which scales with the number of your active users. Check our the pricing section for details.\u003C\u002Fp>\n\u003Ch3>2.4.3\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 6.1.1\u003C\u002Fp>\n\u003Ch3>2.4.2\u003C\u002Fh3>\n\u003Cp>Minor bug fixes and tested with WordPress 6.0\u003C\u002Fp>\n\u003Ch3>2.4.1\u003C\u002Fh3>\n\u003Cp>Minor bug fixes\u003C\u002Fp>\n\u003Ch3>2.4\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.7\u003C\u002Fp>\n\u003Ch3>2.3\u003C\u002Fh3>\n\u003Cp>Minor update and tested with WordPress 5.5\u003C\u002Fp>\n\u003Ch3>2.2\u003C\u002Fh3>\n\u003Cp>Tested with WordPress 5.3.2\u003C\u002Fp>\n\u003Ch3>2.1\u003C\u002Fh3>\n\u003Cp>We’ve replaced the necessity to validate the domain with an uploaded file with an automatic callback to achieve even less friction when you install the plug in.\u003C\u002Fp>\n\u003Ch3>2.0\u003C\u002Fh3>\n\u003Cp>This is a major update. We recommend deactivating the “Enforce Identity + Device Certificate” flag for safety during certificate update.\u003C\u002Fp>\n\u003Cp>Added automatic & one click API certificate renewal. This grately improves user experience for maitaining the Identity Plus plugin and prevents accidental certificate expiration, which may cause service outage.\u003Cbr \u002F>\nIntegrated the new service installation proces via automated wizard. It is no longer needed for the user to log into identity plus account and issue certificate before installation. Using the mobile application, or registered device, you can now onboard the service, issue the certificate and activate identity plus in one short flow.\u003Cbr \u002F>\nWe’ve also moved the certificate storage from file to the database for enhanced security.\u003C\u002Fp>\n\u003Ch3>1.6.4\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.3\u003C\u002Fh3>\n\u003Cp>Moved the legacy certificate validation endpoint from https:\u002F\u002Fget.identity.plus to https:\u002F\u002Fsignon.identity.plus. The get endpoint will now exclussively handle the certificate issuing and installation process.\u003C\u002Fp>\n\u003Cp>If you encounter problems while using legacy redirect and you land on get. subdomain, simply click the “back to single sign on” link to return to original flow. Please update your plugin to avoid this behavior. Sorry for the inconvenience.\u003C\u002Fp>\n\u003Ch3>1.6.2\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6.1\u003C\u002Fh3>\n\u003Cp>Minor bug fix\u003C\u002Fp>\n\u003Ch3>1.6\u003C\u002Fh3>\n\u003Cp>Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.\u003C\u002Fp>\n\u003Ch4>1.5\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.8.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.4 beta\u003C\u002Fh4>\n\u003Cp>Verified compatibility with WordPress 4.9.1.\u003Cbr \u002F>\nCorrected minor bugs.\u003C\u002Fp>\n\u003Ch4>1.2 beta\u003C\u002Fh4>\n\u003Cp>Corrected WordPress coding practice issues and fixing\u003C\u002Fp>\n\u003Ch4>1.1 beta\u003C\u002Fh4>\n\u003Cp>We’ve restricted automatic login for pages that are filtered so that bots would not be bothered by the presence of the plugin.\u003C\u002Fp>\n\u003Ch4>1.0 beta\u003C\u002Fh4>\n\u003Cp>Version 1.0 beta is the first version of the Identityplus plugin, and it contains the minimum set of functionality and configuration options. Nevertheless, it will give your site an incredible security boost and at the same time it will improve user experience. Please take a moment to familiarize yourself with the core concepts so that you can take maximum advantage of this powerful security technology.\u003C\u002Fp>\n","Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally &hellip;",10,2025,"2023-01-03T20:32:00.000Z","6.1.10","3.9","",[92,93,20,70,22],"2factor","authentication","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fidentity-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fidentity-plus.zip",{"slug":97,"name":98,"version":99,"author":97,"author_profile":100,"description":101,"short_description":102,"active_installs":29,"downloaded":103,"rating":29,"num_ratings":29,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":18,"tags":107,"homepage":112,"download_link":113,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"moderateit","Free Net of Moderators","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoderateit\u002F","\u003Cp>Maintaining a culture of online communication in the hands of the users themselves.\u003C\u002Fp>\n\u003Cp>The plugin allows you to reduce the load on a moderator of your site. Pre-moderation of comments available for you: new comments added by users through the standard WordPress comment field, will be sent for review to network of moderators.  Post-moderation of comments is also possible: this means that any user can send any violating comment from the comment feed for review to the network. Based on the results of this review, the comment status will be set to Approved or Spam.\u003C\u002Fp>\n\u003Ch3>\u003Cem>DEMO\u003C\u002Fem>\u003C\u002Fh3>\n\u003Cp>Feel free to use \u003Ca href=\"https:\u002F\u002Fmoderate-it.net\u002Fen\u002Findex.php#sec_try\" rel=\"nofollow ugc\">demo of user moderation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>\u003Cem>Why ModerateIt plugin?\u003C\u002Fem>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A network of independent moderators can identify what automatic methods still cannot handle  and appointed moderators do not have time to cope. For example offtopic, flood, insults, etc.\u003C\u002Fli>\n\u003Cli>You create conditions for users on your site under which it is not profitable to violate:\n\u003Cul>\n\u003Cli>Unauthorized users comment with pre-moderation.\u003C\u002Fli>\n\u003Cli>Authorized users, if they do not violate, can comment without pre-moderation.\u003C\u002Fli>\n\u003Cli>Readers can correct violations using post-moderation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>A quick introduction to the rules of online communication.\u003C\u002Fli>\n\u003Cli>The plugin allows you to reduce the load on a comments moderator of your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cem>Terms of Use\u003C\u002Fem>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>In the course of its work, the plugin sends a user comment for verification to network of moderators, and also receives the result of verification through \u003Ca href=\"https:\u002F\u002Fmoderate-it.net\u002Fen\u002Fconnect.php\" rel=\"nofollow ugc\">ModerateIt Net API\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The network of moderators works on the following principle:\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>In short\u003C\u002Fem>\u003C\u002Fstrong>:   A user checks a some comment, other users check his comment or comment selected by the user.\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>More\u003C\u002Fem>\u003C\u002Fstrong>: With pre-moderation, when a site is connected to the network of moderators, and a user adding a comment to this site, before that him it is proposed to evaluate for violations several comments received from the network. Among them there is comment, the evaluation of which is not yet known. And there are also comments whose network evaluations are known, and by which the network evaluates the objectivity of the user. A biased user is not allowed to add a comment. After an objective evaluation, the user can add his comment, which also can be sent to the network for verification. Post-moderation of comments  working on the same principle. A user can pass any comment to the network for check.  Of course, after checking the comments of others.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Users data transferred to the network of moderators is not disclosed.\u003C\u002Fp>\n\u003Cp>Read the terms of the \u003Ca href=\"https:\u002F\u002Fmoderate-it.net\u002Fen\u002Fagreement.php\" rel=\"nofollow ugc\">User Agreement\u003C\u002Fa> in more detail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>By default, the plugin joins the network with a free public API key. For permanent work, we recommend getting \u003Ca href=\"https:\u002F\u002Fmoderate-it.net\u002Fen\u002Fstart.php\" rel=\"nofollow ugc\">a free personal API key\u003C\u002Fa> for your site (access to basic statistics and increased load limits). With the free personal API key you can use the network in order that users post only comments that contain useful information about the topic of discussion! Also a \u003Ca href=\"https:\u002F\u002Fmoderate-it.net\u002Fen\u002Frise.php\" rel=\"nofollow ugc\">paid personal API key\u003C\u002Fa> will allow you to receive additional features: such as extended rule set for post-moderation.\u003C\u002Fli>\n\u003C\u002Ful>\n","Maintaining a culture of online communication in the hands of the users themselves.",1009,"2020-03-23T07:51:00.000Z","5.3.21","4.6",[108,20,109,110,111],"antispam","moderation","moderator","offtop","https:\u002F\u002Fmoderate-it.net\u002Fen\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoderateit.zip",{"slug":115,"name":116,"version":18,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":65,"requires_at_least":126,"requires_php":67,"tags":127,"homepage":130,"download_link":131,"security_score":75,"vuln_count":132,"unpatched_count":29,"last_vuln_date":133,"fetched_at":31},"akismet","Akismet Anti-spam: Spam Protection","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,94,1173,"2025-11-12T16:31:00.000Z","5.8",[128,108,20,129,22],"anti-spam","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",2,"2015-10-13 00:00:00",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":123,"num_ratings":144,"last_updated":145,"tested_up_to":65,"requires_at_least":146,"requires_php":18,"tags":147,"homepage":151,"download_link":152,"security_score":75,"vuln_count":28,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"disable-comments","Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]","2.6.2","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Ch4>Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]\u003C\u002Fh4>\n\u003Cp>Enable\u002FDisable comments on any WordPress content (Pages, Posts, or Media) to stop spammers. WP-CLI, XML-RPC & REST-API support to stop spam comments.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">More About Plugin\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEpuYs9Nf_nY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Take Global Control Over Your WordPress Site\u003C\u002Fh3>\n\u003Cp>Override all comments-related settings throughout your website & manage your comments just the way you want.\u003C\u002Fp>\n\u003Ch3>Disable Comments On Posts, Pages & Media\u003C\u002Fh3>\n\u003Cp>Choose which posts, pages or media should allow comments from site visitors & configure Disable Comments accordingly\u003C\u002Fp>\n\u003Ch3>Disallow Comments On Multi-Site Network\u003C\u002Fh3>\n\u003Cp>Have multiple websites? Get rid of irrelevant comments on the entire network using Disable Comments Plugin\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJ9AteKzQpPs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>KEY FEATURES OF DISABLE COMMENTS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All “Comments” links are hidden from the Admin Menu and Admin Bar.\u003C\u002Fli>\n\u003Cli>All comment-related sections (“Recent Comments”, “Discussion” etc.) are hidden from the WordPress Dashboard.\u003C\u002Fli>\n\u003Cli>All comment-related widgets are disabled (so your theme cannot use them).\u003C\u002Fli>\n\u003Cli>The “Discussion” settings page is hidden.\u003C\u002Fli>\n\u003Cli>All comment RSS\u002FAtom feeds are disabled (and requests for these will be redirected to the parent post).\u003C\u002Fli>\n\u003Cli>The X-Pingback HTTP header is removed from all pages.\u003C\u002Fli>\n\u003Cli>Outgoing pingbacks are disabled.\u003C\u002Fli>\n\u003Cli>Stop spam comments entirely from the site with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Delete comments by type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Disable comments via \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-xml-rpc\u002F\" rel=\"nofollow ugc\">XML-RPC\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-rest-api\u002F\" rel=\"nofollow ugc\">REST-API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Fully Multi-site Network supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Manage multiple website network-specific subsites or entire network comments in advance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Exclude Disable Comments Settings based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFBq3-W-p-DM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Please delete any existing comments on your site \u003Cstrong>before applying this setting\u003C\u002Fstrong>, otherwise (depending on your theme) those comments may still be displayed to visitors. You can use the \u003Cstrong>Delete Comments tool\u003C\u002Fstrong> to delete any existing comments on your site.\u003C\u002Fp>\n\u003Ch3>🌟 WHAT’S NEW WITH DISABLE COMMENTS 2.0\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>AMAZING USER FRIENDLY INTERFACE\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily configure your comment-related settings with an amazing and attractive app-like user interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WP-CLI COMMANDS TO DISABLE COMMENTS\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-use-disable-comments-plugin-with-wp-cli-command-line\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa> control for comment-related settings to disable comments on posts, pages, attachments or everywhere on your website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fmzi5uhKB9Zk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GET STARTED WITH QUICK SETUP WIZARD\u003C\u002Fstrong>\u003Cbr \u002F>\nUse the quick setup wizard after activating the plugin to instantly configure comment-related settings for your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS ON DOCS\u003C\u002Fstrong>\u003Cbr \u002F>\nInstantly disable comments on your documentation pages or WordPress knowledge base with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ft7BQ-7A4y4s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DELETE CERTAIN COMMENT TYPE(S)\u003C\u002Fstrong>\u003Cbr \u002F>\nPermanently delete certain comment types from your WordPress website including WooCommerce product reviews as well as generic comments.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIzm_ihC-z10?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS VIA XML-RPC And REST API\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock any comments made on your WordPress website via XML-RPC specification and REST API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important note\u003C\u002Fstrong>: Use this plugin if you don’t want comments at all on your site (or on certain post types). Don’t use it if you want to selectively disable comments on individual posts – WordPress lets you do that anyway. If you don’t know how to disable comments on individual posts, there are instructions in \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">the FAQ\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you come across any bugs or have suggestions, please use the plugin support forum. I can’t fix it if I don’t know it’s broken! Please check the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fstrong> for common issues.\u003C\u002Fp>\n\u003Cp>Want to contribute? Here’s the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments\" rel=\"nofollow ugc\">GitHub development repository\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments-mu\" rel=\"nofollow ugc\">must-use version\u003C\u002Fa> of the plugin is also available.\u003C\u002Fp>\n\u003Ch3>Advanced Configuration\u003C\u002Fh3>\n\u003Cp>Some of the plugin’s behavior can be modified by site administrators and plugin\u002Ftheme developers through code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_REMOVE_COMMENTS_TEMPLATE\u003C\u002Fcode> and set it to \u003Ccode>false\u003C\u002Fcode> to prevent the plugin from replacing the theme’s comment template with an empty one.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_ALLOW_DISCUSSION_SETTINGS\u003C\u002Fcode> and set it to \u003Ccode>true\u003C\u002Fcode> to prevent the plugin from hiding the Discussion settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These definitions can be made either in your main \u003Ccode>wp-config.php\u003C\u002Fcode> or in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>THIS PLUGIN IS NOW MAINTAINED BY THE TEAM\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💙 LOVED DISABLE COMMENTS?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>For documentation and tutorials go to our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For video tutorials go to our \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=J9AteKzQpPs&list=PLWHp1xKHCfxD2_xOIR5dMAGf3wd4hv-8K\" rel=\"nofollow ugc\">YouTube Playlist\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you love Disable Comments, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002Freviews\u002F?filter=5\" rel=\"ugc\">rate us on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For more information about features, FAQs, and documentation, check out our website at \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Disable Comments\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 GET FREEBIES FOR YOUR WORDPRESS SITE\u003C\u002Fh3>\n\u003Cp>Consider checking out our other WordPress solutions & boost your WordPress website:\u003C\u002Fp>\n\u003Cp>🔝 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>: Most popular Elementor addons with 2 million+ happy users & 95+ widgets & ready blocks\u003C\u002Fp>\n\u003Cp>🔔 \u003Ca href=\"https:\u002F\u002Fnotificationx.com\u002F\" rel=\"nofollow ugc\">NotificationX\u003C\u002Fa> – Best Social Proof & FOMO Marketing Solution to increase conversion rates.\u003C\u002Fp>\n\u003Cp>🔗 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>: Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003C\u002Fp>\n\u003Cp>📄 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>: EmbedPress lets you embed anything including videos, images, posts, audio, maps and upload PDF, DOC, PPT etc.\u003C\u002Fp>\n\u003Cp>☁ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>: 6000+ Free templates library for Elementor & Gutenberg along with the cloud collaboration for WordPress.\u003C\u002Fp>\n\u003Cp>📚 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>: Best Documentation & Knowledge Base Plugin for WordPress reduce manual support tickets & improve user experience.\u003C\u002Fp>\n\u003Cp>⏰ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>: Advanced editorial calendar with WordPress Post Scheduling, Social Sharing, Missed scheduled alerts, and more.\u003C\u002Fp>\n\u003Cp>⚡ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>: Most lightweight, customizable & multi purpose theme for WordPress.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa> to learn more about how to do better in WordPress with \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fblog\" rel=\"nofollow ugc\">Help Tutorial, Tips & Tricks\u003C\u002Fa>.\u003C\u002Fp>\n","Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.",1000000,31676190,276,"2026-01-20T08:14:00.000Z","5.0",[148,135,149,71,150],"delete-comments","remove-comments","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-comments.2.6.2.zip","2014-08-01 00:00:00",{"attackSurface":155,"codeSignals":257,"taintFlows":274,"riskAssessment":318,"analyzedAt":332},{"hooks":156,"ajaxHandlers":237,"restRoutes":243,"shortcodes":244,"cronEvents":253,"entryPointCount":256,"unprotectedCount":28},[157,163,167,171,175,180,183,186,190,194,198,202,205,209,213,217,221,225,229,233],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","plugins_loaded","vigilantor_load_plugin_textdomain","vigilantor.php",38,{"type":158,"name":164,"callback":165,"priority":29,"file":161,"line":166},"wp","init",80,{"type":158,"name":168,"callback":169,"file":161,"line":170},"admin_menu","adminMenu",81,{"type":158,"name":172,"callback":173,"file":161,"line":174},"vitor_update_lists","updateExitList",82,{"type":176,"name":177,"callback":178,"file":161,"line":179},"filter","widget_text","do_shortcode",84,{"type":176,"name":181,"callback":182,"file":161,"line":27},"cron_schedules","addSchedules",{"type":158,"name":184,"callback":185,"priority":29,"file":161,"line":75},"preprocess_comment","preProcessCommentAction",{"type":158,"name":187,"callback":188,"file":161,"line":189},"comment_form_before","blockCommentForm",102,{"type":158,"name":191,"callback":192,"priority":29,"file":161,"line":193},"register_post","processRegistrationAction",107,{"type":158,"name":195,"callback":196,"priority":29,"file":161,"line":197},"bp_signup_validate","processBPRegistrationAction",111,{"type":158,"name":199,"callback":200,"priority":13,"file":161,"line":201},"register_new_user","postRegistrationAction",117,{"type":158,"name":203,"callback":200,"priority":13,"file":161,"line":204},"user_register",119,{"type":158,"name":206,"callback":207,"priority":13,"file":161,"line":208},"bp_core_signup_user","postBPRegistrationAction",123,{"type":176,"name":210,"callback":211,"priority":85,"file":161,"line":212},"authenticate","processLoginAction",128,{"type":158,"name":214,"callback":215,"priority":28,"file":161,"line":216},"wp_authenticate","wpAuthCallback",129,{"type":158,"name":218,"callback":219,"file":161,"line":220},"comment_form_after","endBlockCommentForm",333,{"type":158,"name":222,"callback":223,"file":161,"line":224},"bp_before_account_details_fields","bpOutputRegistrationError",362,{"type":158,"name":226,"callback":227,"file":161,"line":228},"wp_footer","enqueueUpdateScript",435,{"type":158,"name":230,"callback":231,"file":161,"line":232},"admin_init","registerSettings",501,{"type":176,"name":234,"callback":235,"priority":75,"file":161,"line":236},"http_headers_useragent","filterUserAgent",898,[238],{"action":239,"nopriv":240,"callback":241,"hasNonce":240,"hasCapCheck":240,"file":161,"line":242},"vitor_clear_flag",false,"clearFlagAction",83,[],[245,249],{"tag":246,"callback":247,"file":161,"line":248},"tor_users","doTorUserShortcode",86,{"tag":250,"callback":251,"file":161,"line":252},"non_tor_users","doNonTorUserShortcode",87,[254],{"hook":172,"callback":172,"file":161,"line":255},678,3,{"dangerousFunctions":258,"sqlUsage":259,"outputEscaping":261,"fileOperations":29,"externalRequests":28,"nonceChecks":132,"capabilityChecks":256,"bundledLibraries":273},[],{"prepared":28,"raw":29,"locations":260},[],{"escaped":28,"rawEcho":262,"locations":263},4,[264,267,269,271],{"file":161,"line":265,"context":266},172,"raw output",{"file":161,"line":268,"context":266},373,{"file":161,"line":270,"context":266},670,{"file":161,"line":272,"context":266},715,[],[275,291,303],{"entryPoint":276,"graph":277,"unsanitizedCount":28,"severity":41},"blockWPAccess (vigilantor.php:177)",{"nodes":278,"edges":289},[279,284],{"id":280,"type":281,"label":282,"file":161,"line":283},"n0","source","$_SERVER['SERVER_PROTOCOL']",245,{"id":285,"type":286,"label":287,"file":161,"line":283,"wp_function":288},"n1","sink","header() [Header Injection]","header",[290],{"from":280,"to":285,"sanitized":240},{"entryPoint":292,"graph":293,"unsanitizedCount":28,"severity":41},"getCaptchaHtml (vigilantor.php:1051)",{"nodes":294,"edges":301},[295,298],{"id":280,"type":281,"label":296,"file":161,"line":297},"$_SERVER['REQUEST_URI']",1091,{"id":285,"type":286,"label":299,"file":161,"line":297,"wp_function":300},"wp_redirect() [Open Redirect]","wp_redirect",[302],{"from":280,"to":285,"sanitized":240},{"entryPoint":304,"graph":305,"unsanitizedCount":29,"severity":317},"\u003Cvigilantor> (vigilantor.php:0)",{"nodes":306,"edges":313},[307,308,309,311],{"id":280,"type":281,"label":282,"file":161,"line":283},{"id":285,"type":286,"label":287,"file":161,"line":283,"wp_function":288},{"id":310,"type":281,"label":296,"file":161,"line":297},"n2",{"id":312,"type":286,"label":299,"file":161,"line":297,"wp_function":300},"n3",[314,316],{"from":280,"to":285,"sanitized":315},true,{"from":310,"to":312,"sanitized":315},"low",{"summary":319,"deductions":320},"The 'vigilantor' v1.3.12 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and includes a reasonable number of nonce and capability checks.  The absence of dangerous functions and file operations is also a positive sign.\n\nHowever, there are significant concerns stemming from the static analysis. The presence of an unprotected AJAX handler presents a direct entry point for potential attacks. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating a risk of sensitive data being processed without proper validation or sanitization, even though no critical or high severity taint issues were flagged. The output escaping is also a weakness, with only 20% of outputs being properly escaped, which significantly increases the risk of cross-site scripting (XSS) vulnerabilities.\n\nThe vulnerability history shows one medium severity CVE related to XSS. While there are no currently unpatched vulnerabilities, the past XSS vulnerability, combined with the low percentage of properly escaped output, suggests a recurring weakness in input sanitization and output encoding. The plugin's strengths lie in its database interaction security, but its handling of user-supplied data for output and its exposed AJAX endpoint are clear areas of concern that require attention.",[321,324,327,330],{"reason":322,"points":323},"Unprotected AJAX handler",8,{"reason":325,"points":326},"Flows with unsanitized paths",6,{"reason":328,"points":329},"Low percentage of output escaping",7,{"reason":331,"points":329},"Medium severity CVE in history","2026-03-16T19:44:30.138Z",{"wat":334,"direct":345},{"assetPaths":335,"generatorPatterns":339,"scriptPaths":340,"versionParams":341},[336,337,338],"\u002Fwp-content\u002Fplugins\u002Fvigilantor\u002Fcss\u002Fsecurimage-style.css","\u002Fwp-content\u002Fplugins\u002Fvigilantor\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fvigilantor\u002Fjs\u002Fadmin.js",[],[338],[342,343,344],"vigilantor\u002Fcss\u002Fsecurimage-style.css?ver=","vigilantor\u002Fcss\u002Fadmin.css?ver=","vigilantor\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":346,"htmlComments":348,"htmlAttributes":351,"restEndpoints":353,"jsGlobals":354,"shortcodeOutput":357},[347],"vitor-admin-wrap",[349,350],"\u003C!-- VigilanTor -->","\u003C!-- VigilanTor Admin -->",[352],"data-vitor-flag",[],[355,356],"var vitor_ajax_url","var vitor_nonce",[358,359],"[tor_users]","[non_tor_users]"]