[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fR-O1uAwqLCMnayy96lbfI927JESJ3F6mPwUEj_KAehQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":153,"fingerprints":315},"webart-login-shield-recaptcha","Web-Art Login Shield with reCAPTCHA","1.1.0","WEB-ART Creative Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebartdesigning\u002F","\u003Cp>Web-Art Login Shield with reCAPTCHA is a focused security plugin that protects WordPress authentication, Elementor Login widgets and Elementor Forms against automated attacks.\u003C\u002Fp>\n\u003Cp>It strengthens wp-login.php, Elementor Login and Elementor Forms by integrating Google reCAPTCHA v2 verification and optional IP-based rate limiting, without replacing or modifying WordPress core authentication logic.\u003C\u002Fp>\n\u003Cp>The plugin is intentionally lightweight and transparent:\u003Cbr \u002F>\n– no ads\u003Cbr \u002F>\n– no telemetry or analytics sent to the author\u003Cbr \u002F>\n– no third-party dashboards provided by the plugin\u003Cbr \u002F>\n– no all-in-one security suite overhead\u003C\u002Fp>\n\u003Cp>All login protection modules (reCAPTCHA, Login Protect, Advanced login URL) are opt-in and disabled by default.\u003C\u002Fp>\n\u003Cp>Additionally, the plugin can apply a small XML-RPC hardening rule-set (disables a few high-risk XML-RPC methods) to reduce common abuse vectors. This does not disable XML-RPC completely. XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled.\u003C\u002Fp>\n\u003Cp>Each module (reCAPTCHA, Login Protect, Advanced login URL) can be enabled independently. Elementor reCAPTCHA options require reCAPTCHA to be configured and verified.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>reCAPTCHA v2 integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA v2 checkbox for wp-login.php (when enabled and IP is not allowlisted)\u003C\u002Fli>\n\u003Cli>server-side token verification for WordPress login and Elementor Forms validation\u003C\u002Fli>\n\u003Cli>reCAPTCHA must be verified before enabling protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Elementor reCAPTCHA options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>automatic frontend injection for Elementor Login widgets (when enabled)\u003C\u002Fli>\n\u003Cli>optional frontend injection for Elementor Forms (Elementor Pro) (when enabled)\u003C\u002Fli>\n\u003Cli>Custom Alignment: Ability to set Left, Center, or Right alignment for reCAPTCHA in both Elementor Login and Elementor Forms directly from plugin settings.\u003C\u002Fli>\n\u003Cli>Elementor frontend scripts inject reCAPTCHA only when they detect relevant widgets\u002Fforms in the DOM (supports dynamically loaded content, popups, AJAX, etc.)\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA scripts are not loaded for allowlisted IPs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Whitelist IPs (reCAPTCHA)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA IP allowlist (allowlisted IPs bypass reCAPTCHA checks on wp-login.php, Elementor Login and Elementor Forms; Login Protect may still apply)\u003C\u002Fli>\n\u003Cli>reCAPTCHA allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protect (IP-based lockouts)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>failed login attempt counting per IP address\u003C\u002Fli>\n\u003Cli>timed lockouts after a configurable threshold\u003C\u002Fli>\n\u003Cli>blocked IP list (lockouts expire automatically after the configured lockout time)\u003C\u002Fli>\n\u003Cli>recent security event log (stored locally)\u003C\u002Fli>\n\u003Cli>wp-login.php lockout UX: countdown notice and temporary submit blocking during an active lockout\u003C\u002Fli>\n\u003Cli>Login Protect is independent of reCAPTCHA (can be enabled and used without reCAPTCHA enabled)\u003C\u002Fli>\n\u003Cli>three practical protection modes:\n\u003Cul>\n\u003Cli>MODE 1 – reCAPTCHA only\u003C\u002Fli>\n\u003Cli>MODE 2 – reCAPTCHA + Login Protect\u003C\u002Fli>\n\u003Cli>MODE 3 – Login Protect only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Trusted IPs (Login Protect)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>separate allowlists for reCAPTCHA and Login Protect (exact IP match only)\u003C\u002Fli>\n\u003Cli>Login Protect allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API and XML-RPC protection (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optional protection for authentication attempts via XML-RPC and REST API (applies only when the corresponding checkbox is enabled; Login Protect must be enabled)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC hardening (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optionally disables a small set of high-risk XML-RPC methods commonly abused by attackers:\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>system.multicall\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled\u003Cbr \u002F>\nThis reduces abuse without disabling XML-RPC entirely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced login URL (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables Advanced login behavior\u003C\u002Fli>\n\u003Cli>custom login endpoint (rewrites requests to the standard WordPress login handler without altering core authentication logic)\u003C\u002Fli>\n\u003Cli>when Advanced is enabled, wp-login.php and wp-admin are protected for non-authenticated visitors\u003C\u002Fli>\n\u003Cli>protection behavior is configured via two required fields:\n\u003Cul>\n\u003Cli>Custom login URL slug (example: “secure-login-1234”)\u003C\u002Fli>\n\u003Cli>Default redirect slug (recommended: “404” to display the active theme’s 404 page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>both fields are required when Advanced is enabled (saving is blocked if any field is empty)\u003C\u002Fli>\n\u003Cli>if fields are empty when enabling Advanced, the plugin auto-generates a secure random login slug and sets the redirect slug to the recommended default\u003C\u002Fli>\n\u003Cli>protection applies only to non-authenticated users (logged-in users can still access wp-admin and wp-login.php)\u003C\u002Fli>\n\u003Cli>safe fallback handling to avoid logout loops (wp-login.php?action=logout remains accessible)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>IP Blocking (Site-wide)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables site-wide IP blocking\u003C\u002Fli>\n\u003Cli>permanently blocks selected IP addresses from accessing the entire site (returns HTTP 403)\u003C\u002Fli>\n\u003Cli>blocklist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003Cli>recommended use cases: persistent abuse, scraping, hostile bots, repeated attacks not covered by login-only protection\u003C\u002Fli>\n\u003Cli>warning: do not add your own IP address unless you have alternative access (hosting panel \u002F WP-CLI \u002F database access) to remove the entry\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Design Principles\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Fail-closed security model (scoped)\u003Cbr \u002F>\nIf reCAPTCHA verification cannot be completed and reCAPTCHA protection is enabled for the given login or form, the request is rejected to reduce the risk of automated bypass.\u003Cbr \u002F>\nAdministrators can always regain access by disabling the feature in plugin settings or by deactivating the plugin via hosting or FTP.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Non-intrusive defaults\u003Cbr \u002F>\nLogin protection modules remain disabled until explicitly enabled by an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Conflict awareness\u003Cbr \u002F>\nIf another plugin injects reCAPTCHA into login or form flows, it should be disabled to avoid duplicate widgets or verification conflicts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Emergency config kill-switches (wp-config.php)\u003Cbr \u002F>\nFor recovery scenarios (e.g. accidental lockouts), selected modules can be force-disabled via wp-config.php constants. This does not bypass security rules; it disables the module logic before it runs. Remove the constant to restore normal behavior.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with Google reCAPTCHA v2, an external service provided by Google LLC.\u003C\u002Fp>\n\u003Cp>reCAPTCHA features are disabled by default. The plugin does not load reCAPTCHA scripts or send verification requests unless an administrator enables reCAPTCHA protection and\u002For uses the “Verify reCAPTCHA” test in the plugin settings.\u003C\u002Fp>\n\u003Cp>Google’s reCAPTCHA JavaScript (https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js) may be loaded on:\u003Cbr \u002F>\n– wp-login.php (when reCAPTCHA is enabled and the visitor IP is not allowlisted)\u003Cbr \u002F>\n– the frontend (when Elementor Login protection is enabled and a non-allowlisted visitor loads the page; injection occurs only if Elementor Login widgets are detected in the DOM)\u003Cbr \u002F>\n– the frontend (when Elementor Forms protection is enabled and a non-allowlisted visitor loads the page; injection occurs only for Elementor Forms)\u003Cbr \u002F>\n– the plugin settings page only when an administrator runs the “Verify reCAPTCHA” test (if provided in the UI)\u003C\u002Fp>\n\u003Cp>When a visitor (or admin during verification) completes the reCAPTCHA challenge:\u003Cbr \u002F>\n– a verification token (g-recaptcha-response) is generated in the browser\u003Cbr \u002F>\n– during server-side verification on your website, the token and the configured Secret Key are sent to:\u003Cbr \u002F>\n  https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003Cbr \u002F>\n– the visitor’s IP address is sent to Google as the remoteip parameter when it is available on the server\u003C\u002Fp>\n\u003Cp>The plugin sends the g-recaptcha-response token to Google only when the protected form is submitted (login attempt \u002F form submission) or when an administrator runs the “Verify reCAPTCHA” test.\u003Cbr \u002F>\nThe plugin does not send usernames, passwords, email addresses, or any form field contents to Google – only the reCAPTCHA token, the configured Secret Key, and the visitor IP address (remoteip) when available.\u003C\u002Fp>\n\u003Cp>The plugin does not store or process any data returned by Google beyond the verification result, and it does not send any telemetry, analytics, or usage data to the plugin author.\u003C\u002Fp>\n\u003Cp>Note: Google reCAPTCHA may set cookies and collect additional device and usage data in the visitor’s browser, as described in Google’s privacy policy and terms. Site owners are responsible for disclosing this in their site privacy policy and obtaining consent where required by applicable law.\u003C\u002Fp>\n\u003Cp>Google privacy policies apply:\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not send telemetry, analytics or usage data to the plugin author or any third party.\u003C\u002Fp>\n\u003Cp>Local data stored by the plugin (for security purposes only):\u003Cbr \u002F>\n– IP addresses related to login attempts \u002F lockouts (Login Protect)\u003Cbr \u002F>\n– timestamps of failed attempts and lockouts\u003Cbr \u002F>\n– last username associated with a locked IP (Login Protect)\u003Cbr \u002F>\n– recent security event log entries (the plugin stores up to the last 30 events; entries rotate automatically)\u003Cbr \u002F>\n– last reCAPTCHA configuration or HTTP error (for admin diagnostics)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries (optional notes stored; notes are not used for matching)\u003C\u002Fp>\n\u003Cp>Data retention:\u003Cbr \u002F>\n– security event log keeps only the most recent entries (up to 30; automatic rotation)\u003Cbr \u002F>\n– Login Protect state is stored locally and is automatically pruned (e.g. stale non-locked entries are removed over time and the list is capped)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries are retained until removed by an administrator\u003Cbr \u002F>\n– plugin data can be removed during uninstall if the uninstall cleanup option is enabled\u003C\u002Fp>\n\u003Cp>All data is stored locally in the WordPress database and is used solely to enforce security rules and display administrative information.\u003C\u002Fp>\n\u003Ch3>Legal\u003C\u002Fh3>\n\u003Cp>reCAPTCHA is a trademark of Google LLC.\u003Cbr \u002F>\nElementor is a trademark of Elementor Ltd.\u003Cbr \u002F>\nThis plugin is not affiliated with, endorsed by, or sponsored by Google LLC or Elementor Ltd.\u003C\u002Fp>\n","Protect WordPress logins and Elementor Login\u002FForms using Google reCAPTCHA v2 and optional IP-based lockouts.",60,448,100,4,"2026-02-12T20:41:00.000Z","6.9.4","5.8","7.4",[20,21,22,23,24],"brute-force","elementor","login","recaptcha","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebart-login-shield-recaptcha.1.1.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"webartdesigning",1,30,94,"2026-04-04T04:24:54.480Z",[38,69,89,109,131],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":48,"tested_up_to":25,"requires_at_least":49,"requires_php":25,"tags":50,"homepage":65,"download_link":66,"security_score":67,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":68},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",10,1394,"2016-04-14T06:46:00.000Z","4.0",[51,52,53,54,55,56,57,58,22,59,60,23,61,62,24,63,64],"access","attack","axs","block","brute","brute-force-attack","captcha","force","no-captcha","nocaptcha","register","secure","sign","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip",85,"2026-03-15T14:54:45.397Z",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":16,"requires_at_least":82,"requires_php":25,"tags":83,"homepage":25,"download_link":87,"security_score":79,"vuln_count":14,"unpatched_count":27,"last_vuln_date":88,"fetched_at":29},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0",[84,20,85,86,24],"2fa","firewall","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip","2023-12-20 00:00:00",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":13,"num_ratings":99,"last_updated":100,"tested_up_to":16,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":107,"download_link":108,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cloudsecure-wp-security","CloudSecure WP Security","1.4.5","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、管理者にメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、管理者にメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",100000,604268,2,"2026-03-13T05:42:00.000Z","5.3.15","7.1",[104,20,105,24,106],"anti-spam","login-lock","waf","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.5.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":33,"unpatched_count":27,"last_vuln_date":130,"fetched_at":29},"wp-fail2ban","WP fail2ban – Advanced Security","5.4.1","invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">fail2ban\u003C\u002Fa> is one of the simplest and most effective security measures you can implement to protect your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cem>WP fail2ban\u003C\u002Fem> provides the link between WordPress and \u003Ccode>fail2ban\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1\nOct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>WPf2b\u003C\u002Fem> comes with three \u003Ccode>fail2ban\u003C\u002Fcode> filters: \u003Ccode>wordpress-hard.conf\u003C\u002Fcode>, \u003Ccode>wordpress-soft.conf\u003C\u002Fcode>, and \u003Ccode>wordpress-extra.conf\u003C\u002Fcode>. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nThe very first feature of \u003Cem>WPf2b\u003C\u002Fem>: logging failed login attempts so the IP can be banned. Just as useful today as it was then.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block User Enumeration\u003C\u002Fstrong>\u003Cbr \u002F>\nOne of the most common precursors to a password-guessing brute force attack is \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fblock-user-enumeration\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">user enumeration\u003C\u002Fa>. \u003Cem>WPf2b\u003C\u002Fem> can block it, stopping the attack before it starts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block username logins\u003C\u002Fstrong>\u003Cbr \u002F>\nSometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). \u003Cem>WPf2b\u003C\u002Fem> can require users to login with their email address instead of their username.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocking Users\u003C\u002Fstrong>\u003Cbr \u002F>\nAnther of the older \u003Cem>WPf2b\u003C\u002Fem> features: the login process can be aborted for specified usernames.\u003Cbr \u002F>\nSay a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Empty Username Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nSome bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Spam\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Attempted Comments\u003C\u002Fstrong>\u003Cbr \u002F>\nSome spam bots try to comment on everything, even things that aren’t there. \u003Cem>WPf2b\u003C\u002Fem> detects these and logs them as a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Pingbacks\u003C\u002Fstrong>\u003Cbr \u002F>\nPingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, \u003Cem>WPf2b\u003C\u002Fem> effectively rate-limits potential attackers by logging the IP address as a “soft” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block XML‑RPC Requests\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nThe only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; \u003Cem>WPf2b\u003C\u002Fem> Premium can block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Countries\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nSometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cloudflare and Proxy Servers\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will work with \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fcloudflare-and-proxy-servers\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa>, and the Premium version will automatically update the list of Cloudflare IP addresses.\u003Cbr \u002F>\nYou can also configure your own list of trusted proxies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>syslog Dashboard Widget\u003C\u002Fstrong>\u003Cbr \u002F>\nEver wondered what’s being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Health Check\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will (try to) check that your \u003Ccode>fail2ban\u003C\u002Fcode> configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of \u003Cem>WPf2b\u003C\u002Fem> not working as well as it can.\u003Cbr \u002F>\nWhen did you last run the Site Health tool?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ccode>mu-plugins\u003C\u002Fcode> Support\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> can easily be configured as a “must-use plugin” – see \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fconfiguration.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1#mu-plugins-support\" rel=\"nofollow ugc\">Configuration\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>API to Extend \u003Cem>WPf2b\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nIf your plugin can detect behaviour which should be blocked, why reinvent the wheel?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event Hooks\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nNeed to do something special when \u003Cem>WPf2b\u003C\u002Fem> detects a particular event? \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fdevelopers\u002Fevents.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">There’s a hook for that\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Web Application Firewall (WAF)\u003C\u002Fli>\n\u003Cli>Akismet support.\u003C\u002Fli>\n\u003Cli>Block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fli>\n\u003Cli>Block Countries.\u003C\u002Fli>\n\u003Cli>Auto-update Cloudflare IPs.\u003C\u002Fli>\n\u003Cli>Event log.\u003C\u002Fli>\n\u003Cli>Event hooks.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP fail2ban uses fail2ban to protect your WordPress site.",70000,1973124,84,71,"2025-04-29T15:21:00.000Z","6.8.5","4.2",[20,125,22,24,126],"fail2ban","syslog","https:\u002F\u002Fwp-fail2ban.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban.5.4.1.zip",99,"2019-02-25 00:00:00",{"slug":104,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":140,"num_ratings":141,"last_updated":142,"tested_up_to":16,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":149,"download_link":150,"security_score":79,"vuln_count":151,"unpatched_count":27,"last_vuln_date":152,"fetched_at":29},"Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","5.6",[145,146,147,24,148],"antispam","brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",3,"2024-07-11 00:00:00",{"attackSurface":154,"codeSignals":294,"taintFlows":310,"riskAssessment":311,"analyzedAt":314},{"hooks":155,"ajaxHandlers":284,"restRoutes":291,"shortcodes":292,"cronEvents":293,"entryPointCount":33,"unprotectedCount":27},[156,162,166,170,175,179,183,186,189,193,198,201,206,210,214,218,222,226,230,236,239,243,247,251,255,258,261,267,271,274,278,281],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","admin_init","lgre_admin_validate_recaptcha_fingerprint","includes\\admin\\admin-recaptcha-verification.php",167,{"type":157,"name":158,"callback":163,"file":164,"line":165},"handle_dismiss","includes\\admin\\admin-setup-notice.php",25,{"type":157,"name":167,"callback":168,"file":164,"line":169},"admin_notices","render_notice",26,{"type":157,"name":171,"callback":172,"file":173,"line":174},"admin_menu","lgre_register_admin_menu","includes\\admin\\admin-ui.php",36,{"type":157,"name":176,"callback":177,"file":173,"line":178},"admin_enqueue_scripts","lgre_admin_enqueue_assets",208,{"type":157,"name":158,"callback":180,"file":181,"line":182},"lgre_handle_unblock_ip_request","includes\\admin\\settings-logs.php",624,{"type":157,"name":158,"callback":184,"file":181,"line":185},"lgre_handle_unblock_all_request",627,{"type":157,"name":158,"callback":187,"file":181,"line":188},"lgre_handle_clear_event_log_request",630,{"type":157,"name":158,"callback":190,"file":191,"line":192},"lgre_register_settings","includes\\admin\\settings-register.php",785,{"type":157,"name":194,"callback":195,"file":196,"line":197},"init","lgre_maybe_migrate_advanced_settings_schema","includes\\advanced-login.php",67,{"type":157,"name":194,"callback":199,"priority":27,"file":196,"line":200},"lgre_handle_advanced_login_routing",429,{"type":202,"name":203,"callback":204,"priority":46,"file":196,"line":205},"filter","login_url","lgre_filter_login_url",462,{"type":202,"name":207,"callback":208,"priority":46,"file":196,"line":209},"lostpassword_url","lgre_filter_lostpassword_url",490,{"type":202,"name":211,"callback":212,"priority":46,"file":196,"line":213},"register_url","lgre_filter_register_url",516,{"type":202,"name":215,"callback":216,"priority":46,"file":196,"line":217},"site_url","lgre_filter_site_url_for_login",555,{"type":157,"name":219,"callback":220,"file":196,"line":221},"login_init","lgre_redirect_logged_in_from_login_screen",578,{"type":157,"name":158,"callback":223,"file":224,"line":225},"lgre_maybe_fix_autoload_flags","includes\\auth.php",55,{"type":202,"name":227,"callback":228,"priority":34,"file":224,"line":229},"authenticate","lgre_authenticate_security_layer",846,{"type":157,"name":231,"callback":232,"priority":233,"file":234,"line":235},"wp_enqueue_scripts","lgre_enqueue_elementor_login_assets",20,"includes\\frontend.php",91,{"type":157,"name":231,"callback":237,"priority":233,"file":234,"line":238},"lgre_enqueue_elementor_forms_assets",162,{"type":157,"name":240,"callback":241,"file":234,"line":242},"login_enqueue_scripts","lgre_enqueue_wp_login_assets",216,{"type":157,"name":240,"callback":244,"priority":245,"file":234,"line":246},"lgre_enqueue_login_protect_lockout_assets",11,327,{"type":202,"name":248,"callback":249,"priority":233,"file":234,"line":250},"login_message","lgre_login_protect_lockout_login_message",352,{"type":157,"name":252,"callback":253,"priority":46,"file":234,"line":254},"elementor_pro\u002Fforms\u002Fvalidation","lgre_elementor_forms_validate_recaptcha",521,{"type":157,"name":194,"callback":256,"file":234,"line":257},"lgre_maybe_hook_elementor_forms_recaptcha",523,{"type":157,"name":158,"callback":259,"file":260,"line":11},"lgre_add_privacy_policy_content","includes\\privacy.php",{"type":202,"name":262,"callback":263,"priority":264,"file":265,"line":266},"xmlrpc_methods","lgre_harden_xmlrpc_methods",1000,"includes\\xmlrpc-hardening.php",69,{"type":157,"name":167,"callback":268,"file":269,"line":270},"lgre_admin_notice_emergency_overrides","webart-login-shield-recaptcha.php",107,{"type":157,"name":272,"callback":268,"file":269,"line":273},"network_admin_notices",108,{"type":157,"name":275,"callback":276,"file":269,"line":277},"plugins_loaded","lgre_maybe_block_by_ip_blocklist",413,{"type":157,"name":167,"callback":279,"file":269,"line":280},"closure",430,{"type":157,"name":275,"callback":282,"priority":27,"file":269,"line":283},"lgre_bootstrap_modules",470,[285],{"action":286,"nopriv":287,"callback":288,"hasNonce":289,"hasCapCheck":289,"file":160,"line":290},"lgre_verify_recaptcha_admin",false,"lgre_ajax_verify_recaptcha_admin",true,274,[],[],[],{"dangerousFunctions":295,"sqlUsage":296,"outputEscaping":299,"fileOperations":27,"externalRequests":151,"nonceChecks":307,"capabilityChecks":308,"bundledLibraries":309},[],{"prepared":297,"raw":27,"locations":298},6,[],{"escaped":300,"rawEcho":99,"locations":301},253,[302,305],{"file":269,"line":303,"context":304},96,"raw output",{"file":269,"line":306,"context":304},102,8,13,[],[],{"summary":312,"deductions":313},"The webart-login-shield-recaptcha plugin, version 1.1.0, exhibits a generally strong security posture based on the provided static analysis. The plugin appears to follow good development practices by consistently using prepared statements for all SQL queries and properly escaping nearly all output. The limited attack surface, consisting of a single AJAX handler that is protected by authentication, further contributes to its good security. The absence of any recorded vulnerabilities, including critical or high severity ones, is also a very positive indicator.\n\nHowever, there are minor areas that could be improved. The presence of three external HTTP requests, while not immediately indicative of a vulnerability, warrants careful scrutiny to ensure they are not being made to untrusted endpoints or are susceptible to man-in-the-middle attacks. Although no taint analysis results are provided, the absence of flows doesn't guarantee complete security, and future analysis might uncover issues. Overall, the plugin is well-developed from a security perspective, but continued vigilance regarding external requests and potential future findings is advisable.",[],"2026-03-16T21:48:57.264Z",{"wat":316,"direct":325},{"assetPaths":317,"generatorPatterns":320,"scriptPaths":321,"versionParams":322},[318,319],"\u002Fwp-content\u002Fplugins\u002Fwebart-login-shield-recaptcha\u002Fassets\u002Fcss\u002Frecaptcha-login-shield.css","\u002Fwp-content\u002Fplugins\u002Fwebart-login-shield-recaptcha\u002Fassets\u002Fjs\u002Frecaptcha-login-shield.js",[],[319],[323,324],"webart-login-shield-recaptcha\u002Fassets\u002Fcss\u002Frecaptcha-login-shield.css?ver=","webart-login-shield-recaptcha\u002Fassets\u002Fjs\u002Frecaptcha-login-shield.js?ver=",{"cssClasses":326,"htmlComments":329,"htmlAttributes":330,"restEndpoints":334,"jsGlobals":335,"shortcodeOutput":337},[327,328],"lgre-admin-notice-emergency-overrides","lgre-recaptcha-container",[],[331,332,333],"data-sitekey","data-callback","data-expired-callback",[],[336],"lgre_recaptcha_object",[]]