[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB-57AJ_Pwy-TJyyCeUjUfANTDcIqACyV51DZ-XiIRxA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":137,"fingerprints":263},"wp-author-security","WP Author Security","1.5.0","mgm security partners GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgmsp\u002F","\u003Cp>WP Author Security is a lightweight but powerful plugin to protect against user enumeration attacks on author pages and other places where valid user names can be obtained.\u003C\u002Fp>\n\u003Cp>By default, WordPress will display some sensitive information on author pages.\u003Cbr \u002F>\nThe author page is typically called by requesting the URI \u003Ccode>https:\u002F\u002Fyourdomain.tld\u002F?author=\u003Cid>\u003C\u002Fcode> or with permalinks \u003Ccode>https:\u002F\u002Fyourdomain.tld\u002Fauthor\u002F\u003Cusername>\u003C\u002Fcode>.\u003Cbr \u002F>\nThe page will include (depending on your theme) the full name (first and last name) as well as the username of the author which is used to log in to WordPress.\u003C\u002Fp>\n\u003Cp>In some cases, it is not wanted to expose this information to the public. An attacker is able to brute force valid IDs or valid usernames. This information might be used for further attacks like social engineering attacks or log in brute force attacks with gathered usernames.\u003Cbr \u002F>\n\u003Cem>However, when using the plugin and you disable author pages completely it must be noted that you need to take care that your active theme will not display the author name itself on posts like “Posted by admin” or something like that. This is something the plugin will not handle (at the moment).\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>By using the extension, you are able to disable the author pages either completely or display them only when the author has at least one published post. When the page is disabled the default 404 error page of the active theme is displayed.\u003C\u002Fp>\n\u003Cp>In addition, the plugin will also protect other locations which are commonly used by attackers to gather valid user names. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The REST API for users which will list all users with published posts by default.\u003Cbr \u002F>\n  https:\u002F\u002Fyourdomain.tld\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fli>\n\u003Cli>The log in page where different error messages will indicate whether an entered user name or mail address exists or not. The plugin will display a neutral error message independently whether the user exists or not.\u003C\u002Fli>\n\u003Cli>The password forgotten function will also allow an attacker to check for the existence of a user. As for the log in page the plugin will display a neutral message even when the user does not exists.\u003C\u002Fli>\n\u003Cli>Requesting the feed endpoint \u002Ffeed of your blog will also allow others to see the username or display name of the author. The plugin will remove the name from the result list.\u003C\u002Fli>\n\u003Cli>WordPress supports so-called oEmbeds. This is a technique to embed a reference to a post into another post. However, this reference will also contain the author name and a direct link to the profile page. The plugin will also remove the name and link here.\u003C\u002Fli>\n\u003Cli>Since WordPress 5.5 a default sitemap can be reached via \u002Fwp-sitemap.xml. This sitemap will disclose the usernames of all authors. If this should not be disclosed you are able to disable this feature of WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect against user enumeration attacks on author pages and other places where valid user names can be obtained.",500,6531,100,2,"2023-04-12T07:32:00.000Z","6.2.9","4.7","7.4",[20,21,22,23,24],"author","privacy","security","user-enumeration","wpscan","https:\u002F\u002Fgithub.com\u002Fmgm-sp\u002Fwp-author-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-author-security.1.5.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"mgmsp",1,30,84,"2026-04-04T00:53:36.040Z",[39,61,77,94,117],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":28,"last_vuln_date":60,"fetched_at":30},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.9.4","6.3",[55,22,23,24],"fail2ban","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",91,6,"2025-06-26 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":28,"num_ratings":28,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":74,"download_link":76,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"no-user-enumeration","No User Enumeration","1.3.2","Carlos","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarlost800\u002F","\u003Cp>In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author=1\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author=1\u002F\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?bypass=1&author%00=1\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author%00=%001\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?%61uthor=1\u003C\u002Fp>\n\u003Cp>And recently wordpress since 4.7 comes with a rest api integrated that allow list users:\u003C\u002Fp>\n\u003Cp>curl -s http:\u002F\u002Fwpsite\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F\u003Cbr \u002F>\ncurl -s http:\u002F\u002Fwpsite\u002F?rest_route=\u002Fwp\u002Fv2\u002Fusers\u003Cbr \u002F>\ncurl http:\u002F\u002Fwpsite\u002F?_method=GET -d rest_route=\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fp>\n\u003Cp>Know the username of a administrator is the half battle, now an attacker only need guest the password.\u003Cbr \u002F>\nThis plugin stop it.\u003C\u002Fp>\n\u003Cp>Also, is possible get usernames from the post entries.\u003Cbr \u002F>\nThis plugin, hide the name of the author in a post entry if he is not using a nickname.\u003Cbr \u002F>\nAlso, hide the url page link of an administrator author.\u003C\u002Fp>\n\u003Cp>The main goal is hide the administrators usernames.\u003Cbr \u002F>\nObviously, is better not choose “admin” as the username because is easiliy guessable.\u003C\u002Fp>\n","Stop user enumeration for security.",200,4695,"2019-10-23T03:11:00.000Z","5.2.24","2.9","",[22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-user-enumeration.1.3.2.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":28,"downloaded":85,"rating":28,"num_ratings":28,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":92,"download_link":93,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"prevent-user-name-and-email-leakage","Prevent user name and email leakage","1.0.0","Mark-k","https:\u002F\u002Fprofiles.wordpress.org\u002Fmark-k\u002F","\u003Cp>Stops user name enumeration and other type of user name and email leakages.\u003C\u002Fp>\n\u003Cp>Specifically does the following:\u003Cbr \u002F>\n1. When the site is configured to use pretty permalinks, the plugin will prevent\u003Cbr \u002F>\n   the automatic redirect of usrl which include user ID, like example.com\u002F?author=1, to\u003Cbr \u002F>\n   something like example.com\u002Fauthor\u002Fadmin which will leak the existence of a user\u003Cbr \u002F>\n   named admin which can be used in further brute force attacks.\u003Cbr \u002F>\n   (This is also know as “user enumeration”).\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>With the REST API restrict user name related information (actual user name\u003Cbr \u002F>\nand user posts page URL) to only admin users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Preventing authentication failure notices on the login page to disclose\u003Cbr \u002F>\nthe existence of user names\u002Fuser emails resulting from displaying different\u003Cbr \u002F>\nmessages hen the user is incorrect and when the password is incorrect. Just\u003Cbr \u002F>\ndisplay the same failure message for whatever is the failure reason.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Preventing the reset password mechanism from disclosing user names\u002Fuser emails\u003Cbr \u002F>\nresulting from displaying different messages when a user\u002Femail for which a reset\u003Cbr \u002F>\nis requested exist in the DB, and when it does not. Just display the same message\u003Cbr \u002F>\nfor both.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Even with the plugin active, if your theme displays author information while linking\u003Cbr \u002F>\nto author pages this can be used for user name leakage. In this case you should\u003Cbr \u002F>\nthink about totally decoupling user and author information with plugins like\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauthors-as-taxonomy\u002F\u003C\u002Fp>\n\u003Cp>Another thing that the plugin do not do is to handle leakage resulting from the use\u003Cbr \u002F>\nof gravatar, as this requires a replacement of gravatar functionality itself and\u003Cbr \u002F>\nit is much harder to exploit than the other leakages.\u003C\u002Fp>\n\u003Cp>And last leakage hole not covered right now, but might be covered in the future,\u003Cbr \u002F>\nis leakage of information via the sign in process. We leave it for later as most\u003Cbr \u002F>\ninstalls do not allow people to sign in.\u003C\u002Fp>\n\u003Cp>Read more on the plugins main page https:\u002F\u002Fcalmpress.org\u002Fwordpress-plugins\u002Fprevent-user-name-and-email-leakage\u002F\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>Pull Requests, bug reports and\u002For enhancement suggestions are welcome at https:\u002F\u002Fgithub.com\u002FcalmPress\u002FAuthors-as-taxonomy\u003C\u002Fp>\n","Stops user name enumeration and other type of user name and email leakages.",1174,"2018-04-22T19:19:00.000Z","4.9.29","4.5","7.0",[91,21,22,23],"calmpress","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprevent-user-name-and-email-leakage\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-user-name-and-email-leakage.1.0.0.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":52,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":113,"download_link":114,"security_score":115,"vuln_count":14,"unpatched_count":28,"last_vuln_date":116,"fetched_at":30},"jonradio-private-site","My Private Site","4.1.0","David Gewirtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgewirtz\u002F","\u003Cp>\u003Cstrong>My Private Site\u003C\u002Fstrong> makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust.\u003C\u002Fp>\n\u003Cp>Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles.\u003C\u002Fp>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Family sites and school projects\u003C\u002Fstrong>: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development and staging sites\u003C\u002Fstrong>: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clubs, groups, and internal blogs\u003C\u002Fstrong>: Create a private online space for members or staff without the overhead of a complex membership system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Digital Fortress protection\u003C\u002Fh3>\n\u003Cp>My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make your entire WordPress site private with a single setting  \u003C\u002Fli>\n\u003Cli>Redirect logged-out visitors automatically to the login page  \u003C\u002Fli>\n\u003Cli>Choose where users land after login (requested page, home, dashboard, or custom URL)  \u003C\u002Fli>\n\u003Cli>Support user self-registration on private sites when enabled  \u003C\u002Fli>\n\u003Cli>Protect registration with built-in spam controls and optional reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Optionally block unauthenticated access to the WordPress REST API  \u003C\u002Fli>\n\u003Cli>Simple, no-code setup using standard WordPress settings \u003C\u002Fli>\n\u003Cli>Privacy shortcode lets you selectively show or hide content within a page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in AI Crawler Defense\u003C\u002Fh3>\n\u003Cp>The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated \u003Cstrong>AI Crawler Defense\u003C\u002Fstrong> features:\u003Cbr \u002F>\n* \u003Cstrong>NoAI and NoImageAI tags\u003C\u002Fstrong>: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training.\u003Cbr \u002F>\n* \u003Cstrong>Block GPTBot\u003C\u002Fstrong>: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site.\u003Cbr \u002F>\n* \u003Cstrong>Really Simple Licensing (RSL)\u003C\u002Fstrong>: Publish a machine-readable license that explicitly prohibits AI training on your content.\u003C\u002Fp>\n\u003Cp>These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you’re not using any other site privacy features.\u003C\u002Fp>\n\u003Ch3>Watch the Video Overview and Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fjry3DHD-OB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium Add-ons\u003C\u002Fh3>\n\u003Cp>Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost.\u003C\u002Fp>\n\u003Cp>Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you’re using any site privacy features.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB6s8O9VZLc0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-public-pages\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Public Pages 2.0\u003C\u002Fstrong>\u003C\u002Fa>: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fu7BuYtzS_pI\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-advanced-ai-defense\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced AI Crawler Defense\u003C\u002Fstrong>\u003C\u002Fa>: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FEb4qQDafaRk\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-visitor-intelligence\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visitor Intelligence\u003C\u002Fstrong>\u003C\u002Fa>: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FTTK8bGVD8pM\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-guest-access\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Guest Access\u003C\u002Fstrong>\u003C\u002Fa>: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fj1vYV8lhqcc\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-block-ip\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Block IP\u003C\u002Fstrong>\u003C\u002Fa>: Block unwanted visitors by IP address or range with full IPv4\u002FIPv6 support, configurable scope, and fast enforcement to secure your WordPress site. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FvsxLqYXWITs\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-tags-and-categories\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Tags & Categories\u003C\u002Fstrong>\u003C\u002Fa>: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FdEv7lXxU5lo\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-selective-content\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Selective Content\u003C\u002Fstrong>\u003C\u002Fa>: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FexgJrJJSCNY\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-pricing\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Digital Fortress Bundle\u003C\u002Fstrong>\u003C\u002Fa>: All add-ons are available in bundle form.  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FB6s8O9VZLc0\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limits\u003C\u002Fh3>\n\u003Cp>This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing.\u003C\u002Fp>\n\u003Ch3>Support Note\u003C\u002Fh3>\n\u003Cp>Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">open a ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Mailing List\u003C\u002Fh3>\n\u003Cp>If you’d like to keep up with the latest updates to this plugin, please visit \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Flab-notes\u002F\" rel=\"nofollow ugc\">David’s Lab Notes\u003C\u002Fa> and add yourself to the mailing list.\u003C\u002Fp>\n","Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.",20000,568968,90,80,"2026-01-28T21:00:00.000Z","4.4","5.4",[110,21,111,112,22],"login","private-site","registration","http:\u002F\u002Fzatzlabs.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjonradio-private-site.4.1.0.zip",99,"2024-02-16 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":102,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":52,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":134,"download_link":135,"security_score":13,"vuln_count":34,"unpatched_count":28,"last_vuln_date":136,"fetched_at":30},"restricted-site-access","Restricted Site Access","7.6.1","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development \u002F staging sites.\u003C\u002Fp>\n\u003Cp>Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable site restriction\u003C\u002Fli>\n\u003Cli>Change the restriction behavior: send to login, redirect, display a message, display a page\u003C\u002Fli>\n\u003Cli>Add IP addresses to an unrestricted list, including ranges\u003C\u002Fli>\n\u003Cli>Quickly add your current IP to the unrestricted list\u003C\u002Fli>\n\u003Cli>Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness\u003C\u002Fli>\n\u003Cli>Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!\u003C\u002Fli>\n\u003C\u002Ful>\n","Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.",1120245,96,62,"2026-01-04T21:22:00.000Z","6.6",[131,132,21,133,22],"limited","permissions","restrict","https:\u002F\u002F10up.com\u002Fplugins\u002Frestricted-site-access-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestricted-site-access.7.6.1.zip","2022-08-31 00:00:00",{"attackSurface":138,"codeSignals":191,"taintFlows":247,"riskAssessment":248,"analyzedAt":262},{"hooks":139,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":28,"unprotectedCount":28},[140,146,150,155,160,163,168,172,176,180,184],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","admin_menu","wp_author_security_menu","options.php",17,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_init","register_wp_author_security_settings",18,{"type":141,"name":151,"callback":152,"priority":34,"file":153,"line":154},"template_redirect","wpas_check_author_request","wp-author-security.php",28,{"type":141,"name":156,"callback":157,"priority":158,"file":153,"line":159},"rest_api_init","wpas_check_rest_api",10,29,{"type":141,"name":161,"callback":162,"file":153,"line":35},"plugins_loaded","wpas_load_plugin_textdomain",{"type":164,"name":165,"callback":166,"priority":34,"file":153,"line":167},"filter","login_errors","wpas_login_error_message",31,{"type":141,"name":169,"callback":170,"file":153,"line":171},"lost_password","wpas_check_lost_password_error",32,{"type":164,"name":173,"callback":174,"priority":34,"file":153,"line":175},"the_author","wpas_filter_feed",33,{"type":164,"name":177,"callback":178,"priority":158,"file":153,"line":179},"oembed_response_data","wpas_filter_oembed",34,{"type":164,"name":181,"callback":182,"priority":158,"file":153,"line":183},"wp_sitemaps_add_provider","wpas_filter_wp_sitemap_author",36,{"type":141,"name":161,"callback":185,"file":153,"line":186},"updateDbCheck",40,[],[],[],[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":246},[],{"prepared":34,"raw":28,"locations":194},[],{"escaped":14,"rawEcho":196,"locations":197},24,[198,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,238,240,242,244],{"file":144,"line":199,"context":200},119,"raw output",{"file":144,"line":202,"context":200},121,{"file":144,"line":204,"context":200},132,{"file":144,"line":206,"context":200},137,{"file":144,"line":208,"context":200},141,{"file":144,"line":210,"context":200},145,{"file":144,"line":212,"context":200},148,{"file":144,"line":214,"context":200},153,{"file":144,"line":216,"context":200},158,{"file":144,"line":218,"context":200},162,{"file":144,"line":220,"context":200},166,{"file":144,"line":222,"context":200},169,{"file":144,"line":224,"context":200},174,{"file":144,"line":226,"context":200},177,{"file":144,"line":228,"context":200},181,{"file":144,"line":230,"context":200},184,{"file":144,"line":232,"context":200},189,{"file":144,"line":234,"context":200},192,{"file":144,"line":236,"context":200},197,{"file":144,"line":69,"context":200},{"file":144,"line":239,"context":200},205,{"file":144,"line":241,"context":200},208,{"file":144,"line":243,"context":200},213,{"file":144,"line":245,"context":200},216,[],[],{"summary":249,"deductions":250},"The 'wp-author-security' v1.5.0 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of known vulnerabilities (CVEs) and the lack of critical or high-severity taint flows are significant strengths.  The code also demonstrates good practices by exclusively using prepared statements for its single SQL query and avoiding file operations and external HTTP requests, which mitigates common attack vectors.\n\nHowever, there are notable concerns. The plugin has a concerningly low percentage of properly escaped output (8%), indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While there are no explicit entry points identified with missing authentication or permission checks, the lack of nonces and capability checks on any potential future entry points is a weakness. The complete absence of taint analysis flows is also unusual and might suggest a limited scope of analysis rather than a complete absence of potential taint issues.\n\nOverall, the plugin is not exhibiting known historical vulnerabilities. The current analysis highlights a significant risk related to output escaping. While the plugin appears robust in its direct interactions with the database and external systems, the poor output escaping practices present a clear and present danger for XSS attacks that could compromise user sessions or inject malicious scripts.  Addressing the output escaping issues should be the top priority.",[251,254,257,259],{"reason":252,"points":253},"Low percentage of properly escaped output",8,{"reason":255,"points":256},"Missing nonce checks",5,{"reason":258,"points":256},"Missing capability checks",{"reason":260,"points":261},"No taint analysis flows analyzed",3,"2026-03-16T19:38:45.219Z",{"wat":264,"direct":271},{"assetPaths":265,"generatorPatterns":267,"scriptPaths":268,"versionParams":269},[266],"\u002Fwp-content\u002Fplugins\u002Fwp-author-security\u002Fwp-author-security.php",[],[],[270],"wp-author-security\u002Fwp-author-security.php?ver=",{"cssClasses":272,"htmlComments":273,"htmlAttributes":274,"restEndpoints":275,"jsGlobals":277,"shortcodeOutput":278},[],[],[],[276],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers",[],[]]