[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fe6POb_OzWj8fZJer8jEOYskyVw0JdpaSJVuO03ydvCA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":144,"fingerprints":180},"wp-anti-clickjack","WP Anti-Clickjack","1.8.0","Andy Feliciotti","https:\u002F\u002Fprofiles.wordpress.org\u002Fsomeguy9\u002F","\u003Cp>WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.\u003C\u002Fp>\n\u003Cp>This plugin implements two key defense mechanisms:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>X-Frame-Options Header\u003C\u002Fstrong>: The plugin adds the \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> HTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>OWASP’s Legacy Browser Frame Breaking Script\u003C\u002Fstrong>: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.\u003C\u002Fp>\n\u003Cp>For more information about clickjacking defense techniques, refer to the \u003Ca href=\"https:\u002F\u002Fcheatsheetseries.owasp.org\u002Fcheatsheets\u002FClickjacking_Defense_Cheat_Sheet.html\" rel=\"nofollow ugc\">OWASP Clickjacking Defense Cheat Sheet\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds the \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> HTTP header to prevent clickjacking\u003C\u002Fli>\n\u003Cli>Includes a modified version of OWASP’s legacy browser frame breaking script\u003C\u002Fli>\n\u003Cli>Compatible with popular page builders and editors like Elementor, Divi, WPBakery, Bricks, Breakdance, Oxygen, and more\u003C\u002Fli>\n\u003Cli>Provides filters to disable the anti-clickjacking measures when needed\u003C\u002Fli>\n\u003Cli>Easy to install and configure\u003C\u002Fli>\n\u003Cli>Regularly updated and tested with the latest WordPress versions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Details\u003C\u002Fh4>\n\u003Cp>If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_anti_clickjack', '__return_false');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Protect Your WordPress Site From Clickjacking Attacks by Adding the X-Frame-Options Header and Owasp's Legacy Browser Frame Breaking Script.",4000,47033,100,3,"2026-01-12T15:11:00.000Z","6.9.4","5.0.0","",[20,21,22,23],"anti-click-jacking","browser-frame-breaking-script","clickjacking","security","https:\u002F\u002Fdrawne.com\u002Fwordpress-anti-clickjack-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-anti-clickjack.1.8.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"someguy9",5,14550,96,110,76,"2026-04-04T05:30:25.254Z",[39,61,80,98,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":16,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.2.5","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All Free Features\u003C\u002Fstrong>\u003Cbr \u002F>\nThe \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> version includes all the free features.\u003C\u002Fp>\n\u003Cp>We have implemented \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>, using best practices. First, using \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> prevents the browser from including your site in the “cohort calculation” on \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>. This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not “disable” FLoC on the client beyond that scope.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1308613,98,77,"2026-01-18T14:24:00.000Z","4.7","7.4",[22,55,56,57,58],"csp","headers","headers-security","hsts","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.2.5.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":13,"num_ratings":14,"last_updated":71,"tested_up_to":16,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":18,"download_link":79,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,"2025-12-30T17:44:00.000Z","5.0","7.0",[22,75,76,77,78],"content-security-policy","http-security-header","security-headers","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":26,"num_ratings":26,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":95,"download_link":96,"security_score":97,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"do-not-iframe-me","Do Not Iframe Me","0.1","Jesse Lee","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressplugindeveloper\u002F","\u003Cp>A simple plugin that is designed to avoid clickjacking attacks by ensuring your wordpress isn’t iframed in other websites.\u003C\u002Fp>\n","Do Not Iframe My Wordpress Site",10,1672,"2013-03-12T02:02:00.000Z","3.5.2","3.0",[22,94,23],"iframe","http:\u002F\u002Fwww.wpactions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdo-not-iframe-me.0.1.zip",85,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":16,"requires_at_least":52,"requires_php":73,"tags":111,"homepage":116,"download_link":117,"security_score":34,"vuln_count":118,"unpatched_count":26,"last_vuln_date":119,"fetched_at":28},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z",[112,113,114,115,23],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",12,"2022-09-06 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":16,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":139,"download_link":140,"security_score":141,"vuln_count":142,"unpatched_count":26,"last_vuln_date":143,"fetched_at":28},"hostinger","Hostinger Tools","3.0.59","Hostinger","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostinger\u002F","\u003Cp>Hostinger Tools is an all-in-one plugin designed to streamline essential tasks for WordPress site administrators. This plugin offers a range of features to help you manage your site’s information, maintenance mode, security, and redirects effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Basic Info\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the current WordPress version with automatic update checks.\u003C\u002Fli>\n\u003Cli>Shows the current PHP version with automatic update checks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Maintenance Mode\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable or disable maintenance mode for your site.\u003C\u002Fli>\n\u003Cli>Provide a URL to bypass maintenance mode for selected users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Security\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable XML-RPC requests to enhance your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable Authorize application page to enhance your site’s security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Redirects\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force all URLs to use HTTPS for secure browsing.\u003C\u002Fli>\n\u003Cli>Force all URLs to use WWW to ensure consistency in site access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>LLMs.txt Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically generate a structured LLMs.txt file in Markdown format.\u003C\u002Fli>\n\u003Cli>Include website title, description, posts, pages, and products (if WooCommerce is active).\u003C\u002Fli>\n\u003Cli>Keep the file updated when content changes or new content is published.\u003C\u002Fli>\n\u003Cli>Help AI-powered tools better understand and interact with your website content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hostinger Tools is the new version of the previous Hostinger plugin, offering an updated and enhanced experience.\u003Cbr \u002F>\nThe Onboarding assistant and the Learning section previously included in this plugin were moved to the separate plugin Hostinger Easy Onboarding.\u003C\u002Fp>\n","Simplified WordPress management. Manage site info, maintenance, security, & redirects.",3000000,16730722,60,25,"2026-03-03T11:48:00.000Z","5.5","8.1",[121,136,137,23,138],"https","maintenance","tools","https:\u002F\u002Fhostinger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostinger.3.0.59.zip",99,1,"2024-01-05 00:00:00",{"attackSurface":145,"codeSignals":167,"taintFlows":175,"riskAssessment":176,"analyzedAt":179},{"hooks":146,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":26,"unprotectedCount":26},[147,153,157,160],{"type":148,"name":149,"callback":150,"priority":88,"file":151,"line":152},"action","send_headers","send_frame_options_header","wp-anti-clickjack.php",23,{"type":148,"name":154,"callback":155,"file":151,"line":156},"admin_head","include_anticlickjack_script",26,{"type":148,"name":158,"callback":155,"file":151,"line":159},"wp_head",27,{"type":148,"name":161,"callback":155,"file":151,"line":162},"login_head",28,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":174},[],{"prepared":26,"raw":26,"locations":170},[],{"escaped":172,"rawEcho":26,"locations":173},11,[],[],[],{"summary":177,"deductions":178},"The \"wp-anti-clickjack\" v1.8.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code analysis shows no dangerous functions, file operations, or external HTTP requests, and all SQL queries are handled with prepared statements.  Crucially, all identified output is properly escaped, and there are no recorded vulnerabilities or CVEs, suggesting a history of secure development. The lack of any taint analysis findings further reinforces this positive assessment.  The plugin appears to be well-developed with a focus on security best practices. The absence of capability checks and nonce checks on potential entry points, though currently not exploitable due to the lack of entry points, could become a concern if the plugin's functionality expands in the future.  However, given the current state, the immediate risk is very low.",[],"2026-03-16T18:13:08.778Z",{"wat":181,"direct":186},{"assetPaths":182,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[],[],[],[],{"cssClasses":187,"htmlComments":188,"htmlAttributes":189,"restEndpoints":190,"jsGlobals":191,"shortcodeOutput":192},[],[],[],[],[],[193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,201,212],"\u003Cscript type=\"text\u002Fjavascript\">"," var style = document.createElement(\"style\");"," style.type = \"text\u002Fcss\";"," style.id = \"antiClickjack\";"," if (\"cssText\" in style){","   style.cssText = \"body{display:none !important;}\";"," }else{","   style.innerHTML = \"body{display:none !important;}\";"," }"," document.getElementsByTagName(\"head\")[0].appendChild(style);"," try {","   if (top.document.domain === document.domain) {","     var antiClickjack = document.getElementById(\"antiClickjack\");","     antiClickjack.parentNode.removeChild(antiClickjack);","   } else {","     top.location = self.location;","   }"," } catch (e) {","   top.location = self.location;","\u003C\u002Fscript>"]