[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiyRH6k3gHvU0AlBmmXU4Xvntb-RedOLF1bNbTFOwyl8":3,"$fhAx2M7iagQC3wC9kb2sCXAqgX8PYuHIGQu3_zXX5Fng":249,"$fSDrlH91p4FA3kkKV3PV08KRGWNPtJfnzxdtuSmAbgAg":253},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":40,"analysis":153,"fingerprints":232},"wp-denyhosts","WP-DenyHosts","0.9.1","Simon Prosser","https:\u002F\u002Fprofiles.wordpress.org\u002Fpross\u002F","\u003Cp>How it works.\u003C\u002Fp>\n\u003Cp>The plugin monitors failed login attempts, if the limit is reached the users IP is added to a local banlist.\u003Cbr \u002F>\nThe user is now blocked and can no longer attempt to login.\u003C\u002Fp>\n\u003Cp>Every 24 hours the plugin will upload the blocker IPs and download a fresh list of all IPs blocked accross the network in the last 7 days.\u003C\u002Fp>\n\u003Cp>If an IP is blocked on 3 or more servers its added the the global ban list and will be blocked on all servers using the plugin.\u003C\u002Fp>\n","Distributed anti bruteforce plugin.",20,3235,100,1,"2013-04-29T23:48:00.000Z","3.6.1","3.5","",[20,21,22,23],"block","bruteforce","login","spam","http:\u002F\u002Fpross.org.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-denyhosts.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"pross",6,6060,86,30,84,"2026-05-19T23:10:20.259Z",[41,71,95,115,135],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":27,"num_ratings":27,"last_updated":51,"tested_up_to":18,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":68,"download_link":69,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":70},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",10,1416,"2016-04-14T06:46:00.000Z","4.0",[54,55,56,20,57,58,59,60,22,61,62,63,64,65,66,67,23],"access","attack","axs","brute","brute-force-attack","captcha","force","no-captcha","nocaptcha","recaptcha","register","secure","security","sign","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip","2026-04-06T09:54:40.288Z",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":18,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":27,"last_vuln_date":94,"fetched_at":29},"captcha-code-authentication","Captcha Code","3.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Captcha\u003C\u002Fa> adds GDPR compatible captcha code anti-spam protection (like Google ReCaptcha) to WordPress forms – comments form, registration form, lost password form, and login form. In order to post comments or register, users have to type in the code shown on the image. This prevents spam from automated bots & adds security. No external services (like Google ReCaptcha) are used. No API keys are needed, and no user-identifiable data is used so it’s GDPR compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Captcha position – comments form, login form, registration form, or lost password form.\u003C\u002Fli>\n\u003Cli>Letters type – capital letters, small letters, or captial & small letters.\u003C\u002Fli>\n\u003Cli>Captcha type – alphanumeric, alphabets or numbers.\u003C\u002Fli>\n\u003Cli>Translation enabled.\u003C\u002Fli>\n\u003C\u002Fol>\n","GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.",100000,708754,76,34,"2026-04-14T19:46:00.000Z","7.0","3.0","5.2",[59,88,89,90,63],"comments-spam","form-captcha","login-captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-code-authentication.3.31.zip",99,2,"2023-11-24 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":79,"downloaded":103,"rating":13,"num_ratings":93,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":113,"download_link":114,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cloudsecure-wp-security","CloudSecure WP Security","1.4.7","cloudsecure","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudsecure\u002F","\u003Cp>管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。\u003Cbr \u002F>\nかんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。\u003Cbr \u002F>\nまた、各機能の有効・無効（ON・OFF）や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。\u003C\u002Fp>\n\u003Cp>ドキュメントやFAQなど、より詳細な情報は \u003Ca href=\"https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security\" rel=\"nofollow ugc\">こちら\u003C\u002Fa> でご覧いただけます。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPressのマルチサイト機能には対応していません。\u003C\u002Fli>\n\u003Cli>WebサーバーのApache1.3、2.xにのみ対応しています。\u003C\u002Fli>\n\u003Cli>画像認証追加機能を利用するためには、PHPに拡張ライブラリ「gd」をインストールする必要があります。\u003C\u002Fli>\n\u003Cli>管理画面アクセス制限機能、ログインURL変更機能を利用するためには、Apacheに「mod_rewrite」を読み込む必要があります。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本プラグインの機能は以下のとおりです。\u003C\u002Fp>\n\u003Ch4>ログイン無効化\u003C\u002Fh4>\n\u003Cp>指定した期間内に指定した回数ログインに失敗した場合、指定した時間ログインを無効化（ブロック）します。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を防ぐための機能です。\u003Cbr \u002F>\nとくに、自動化された攻撃に有効です。\u003C\u002Fp>\n\u003Ch4>ログインURL変更\u003C\u002Fh4>\n\u003Cp>ログインURL（wp-login.php）を変更します。\u003Cbr \u002F>\n半角英小文字、半角数字、ハイフン、アンダースコアのいずれかを使用し、4文字以上12文字以下でお好みの名前（文字列）に設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃など、不正なログインを試みる攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>ログインエラーメッセージ統一\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名、パスワード、画像認証のどれを間違えても同一のメッセージを表示します。\u003Cbr \u002F>\nユーザー名の存在を調査する攻撃を受けにくくするための機能です。\u003C\u002Fp>\n\u003Ch4>2段階認証\u003C\u002Fh4>\n\u003Cp>ログイン時、ユーザー名とパスワードの入力に加え、別のコードで追加認証を行います。\u003Cbr \u002F>\n利用するには、\u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.google.android.apps.authenticator2\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> アプリケーションでデバイスを登録する必要があります。\u003Cbr \u002F>\nアプリケーションに表示された6桁の認証コードをログイン画面で入力し、すべての情報が一致すればログインできます。\u003Cbr \u002F>\nユーザー名やパスワードを不正入手した第三者によるログインやなりすましを防止し、セキュリティを強化します。\u003C\u002Fp>\n\u003Ch4>画像認証追加\u003C\u002Fh4>\n\u003Cp>画像データ上にランダムに表示される文字の入力を求め、一致しなければ次の画面に進めないようにする機能です。\u003Cbr \u002F>\nログインフォーム、コメントフォーム、パスワードリセットフォーム、ユーザー登録フォームに設定できます。\u003Cbr \u002F>\nブルートフォースアタックやパスワードリスト攻撃などの不正なログインを試みる攻撃や、悪意のあるプログラムからの機械的な不正アクセスを防止する機能です。\u003C\u002Fp>\n\u003Ch4>ユーザー名漏えい防止\u003C\u002Fh4>\n\u003Cp>「?author=数字」アクセスによるユーザー名の漏えいを防止します。\u003C\u002Fp>\n\u003Ch4>XML-RPC無効化\u003C\u002Fh4>\n\u003Cp>XML-RPC機能、またはピンバック機能を無効化し、その乱用から管理画面を保護します。\u003C\u002Fp>\n\u003Ch4>REST API無効化\u003C\u002Fh4>\n\u003Cp>REST APIを無効化し、その悪用から管理画面を守ります。\u003C\u002Fp>\n\u003Ch4>管理画面アクセス制限\u003C\u002Fh4>\n\u003Cp>管理画面にログインしていない接続元IPアドレスから管理ページ（\u002Fwp-admin\u002F以降）にアクセスすると、404エラー（Not Found）を返します。\u003Cbr \u002F>\n24時間以上管理画面にログインしていない接続元IPアドレスが対象です。\u003Cbr \u002F>\nログインすると接続元IPアドレスが記録され、管理画面にアクセスできるようになります。\u003Cbr \u002F>\nこの機能を除外するページ（wp-admin以下）を指定できます。\u003C\u002Fp>\n\u003Ch4>設定ファイルアクセス防止\u003C\u002Fh4>\n\u003Cp>WordPressのシステムに関するファイルへの不正アクセスを遮断する機能です。\u003C\u002Fp>\n\u003Ch4>シンプルWAF\u003C\u002Fh4>\n\u003Cp>WordPressへの攻撃に対して、基本的な防御機能を備えたシンプルなWAF（Web Application Firewall）機能です。\u003Cbr \u002F>\nSQLインジェクションやクロスサイトスクリプティングなどの一般的な攻撃を遮断します。\u003C\u002Fp>\n\u003Ch4>ログイン通知\u003C\u002Fh4>\n\u003Cp>ログインがあったとき、ユーザーにメールで通知します。\u003Cbr \u002F>\n心当たりのないメールを受信した場合、不正なログインを疑ってください。\u003C\u002Fp>\n\u003Ch4>アップデート通知\u003C\u002Fh4>\n\u003Cp>WordPress、プラグイン、テーマの更新が必要になったとき、WordPressの管理者ユーザーにメールで通知します。\u003Cbr \u002F>\n更新の確認は24時間ごとに行われます。\u003Cbr \u002F>\n常に最新版を使用することが、セキュリティの基本です。\u003C\u002Fp>\n\u003Ch4>サーバーエラー通知\u003C\u002Fh4>\n\u003Cp>サーバーエラー「HTTPステータスコード500（Internal Server Error）」が発生したとき、エラーの履歴を記録し、WordPressの管理者ユーザーにメールで通知します。\u003Cbr \u002F>\n1時間以内に同じタイプのエラーが発生した場合、エラーの履歴は記録しますが、メールでの通知は行いません。\u003C\u002Fp>\n\u003Ch4>ログイン履歴\u003C\u002Fh4>\n\u003Cp>管理画面にログインした履歴を表示します。\u003Cbr \u002F>\nそれぞれの項目で絞り込んでの検索も可能です。\u003Cbr \u002F>\nログイン通知と同様、不正なログインの気づきを促す機能です。\u003C\u002Fp>\n","管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。",698583,"2026-04-13T03:08:00.000Z","6.9.4","5.3.15","7.1",[109,110,111,66,112],"anti-spam","brute-force","login-lock","waf","https:\u002F\u002Fwpplugin.cloudsecure.ne.jp\u002Fcloudsecure_wp_security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudsecure-wp-security.1.4.7.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":79,"downloaded":123,"rating":38,"num_ratings":124,"last_updated":125,"tested_up_to":84,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":132,"download_link":133,"security_score":92,"vuln_count":93,"unpatched_count":27,"last_vuln_date":134,"fetched_at":29},"email-address-encoder","Email Address Encoder","1.0.25","Till Krüss","https:\u002F\u002Fprofiles.wordpress.org\u002Ftillkruess\u002F","\u003Cp>A lightweight plugin that protects plain email addresses and mailto links from email-harvesting robots, by encoding them into decimal and hexadecimal entities. Has an effect on the posts, pages, comments, excerpts, text widgets and other filtered content. Works without JavaScript — just simple spam protection.\u003C\u002Fp>\n\u003Cp>To see whether all your email addresses are properly protected, use the free \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fscanner?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">page scanner\u003C\u002Fa> tool.\u003C\u002Fp>\n\u003Cp>Other content (like phone numbers) can be protected using \u003Ccode>[encode]\u003C\u002Fcode> shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[encode]+1 (555) 123-4567[\u002Fencode]\n[encode link=\"tel:+15551234567\"]+1 (555) 123-4567[\u002Fencode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-page protection\u003C\u002Fstrong> that catches all email addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardened protection\u003C\u002Fstrong> using JavaScript and CSS techniques\u003C\u002Fli>\n\u003Cli>Improved \u003Cstrong>phone number\u003C\u002Fstrong> protection\u003C\u002Fli>\n\u003Cli>Built-in plugin support for \u003Cstrong>ACF\u003C\u002Fstrong>, \u003Cstrong>Jetpack\u003C\u002Fstrong>, \u003Cstrong>WooCommerce\u003C\u002Fstrong> and many others\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fdownload?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> version of Email Address Encoder.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcoderisk.com\u002Fwp\u002Fplugin\u002Femail-address-encoder\u002FRIPS-r0bJqKvBws\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin that protects email addresses from email-harvesting robots, by encoding them into decimal and hexadecimal entities.",1604581,160,"2026-04-12T15:36:00.000Z","2.0","5.3",[20,129,130,131,23],"crawler","encryption","protection","https:\u002F\u002Fencoder.till.im\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-encoder.1.0.25.zip","2024-08-26 00:00:00",{"slug":136,"name":137,"version":138,"author":75,"author_profile":76,"description":139,"short_description":140,"active_installs":79,"downloaded":141,"rating":36,"num_ratings":142,"last_updated":143,"tested_up_to":84,"requires_at_least":52,"requires_php":86,"tags":144,"homepage":148,"download_link":149,"security_score":150,"vuln_count":151,"unpatched_count":27,"last_vuln_date":152,"fetched_at":29},"login-lockdown","Login Lockdown & Protection","2.16","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwploginlockdown.com\u002F\" rel=\"nofollow ugc\">Login Lockdown\u003C\u002Fa> records the IP address and timestamp of failed login attempts. If more than a selected number of attempts are detected within a set period of time from the same IP, then the \u003Cstrong>login is disabled for all requests from that IP address\u003C\u002Fstrong> (or the IP is completely blocked from accessing the site). This secures the site and helps prevent brute force password attacks & discovery.\u003C\u002Fp>\n\u003Cp>The plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified in options. Administrators can release locked out IPs manually from the panel. A detailed log is available for all failed login attempts and all IP locks to control lockdown.\u003C\u002Fp>\n\u003Cp>Configure the plugin from Settings – Login Lockdown.\u003C\u002Fp>\n\u003Ch4>Country blocking (PRO feature)\u003C\u002Fh4>\n\u003Cp>Block unwanted countries from accessing the site, or block them from being able to log in. Display a custom message to blocked visitors so they know why they can’t access the site.\u003C\u002Fp>\n\u003Ch4>Captcha\u003C\u002Fh4>\n\u003Cp>The simplest way to get rid of bots and brute-force password attacks. Choose from 5 different versions – built-in one, two from Google (PRO feature), Cloudflare Turnstile, and hCaptcha (PRO feature). Built-in captcha is GDPR compatible.\u003C\u002Fp>\n\u003Ch4>2FA – Two Factor Authentication (PRO feature)\u003C\u002Fh4>\n\u003Cp>Provide an extra layer of security without 2FA code generating apps such as Google Authenticator. Even if somebody knows your username & password they won’t be able to log in because it needs to be confirmed by clicking a unique link sent to your email. Since you’re the only one that has access to your inbox, you’ll never get hacked.\u003C\u002Fp>\n\u003Ch4>Cloud Protection (PRO feature)\u003C\u002Fh4>\n\u003Cp>Manage IP Whitelists and Blacklists in your Login Lockdown Dashboard (a SaaS service for managing all your sites) and apply them to protect all the sites you manage from a single location.\u003C\u002Fp>\n\u003Ch4>Temporary Access (PRO feature)\u003C\u002Fh4>\n\u003Cp>Give temporary access to other people without giving them a username & password. Set the lifetime of the link and the maximum number of times it can be used to prevent abuse. Access level rights can be any you pick – admin, editor, author…\u003C\u002Fp>\n","Protect, lockdown & secure login form by limiting login attempts from the same IP & banning IPs.",1971498,60,"2026-04-14T14:40:00.000Z",[145,59,146,22,147],"block-login","firewall","protect-login","https:\u002F\u002Fwploginlockdown.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-lockdown.2.16.zip",92,5,"2025-12-12 15:27:33",{"attackSurface":154,"codeSignals":193,"taintFlows":203,"riskAssessment":223,"analyzedAt":231},{"hooks":155,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":27,"unprotectedCount":27},[156,161,165,169,173,176,179,183],{"type":157,"name":158,"callback":158,"file":159,"line":160},"action","init","wp-denyhosts.php",13,{"type":157,"name":162,"callback":163,"file":159,"line":164},"login_head","check_bans",15,{"type":157,"name":166,"callback":167,"file":159,"line":168},"wp_login_failed","failed_attempt",16,{"type":157,"name":170,"callback":171,"file":159,"line":172},"denyhost_cron","cron_funcs",19,{"type":157,"name":158,"callback":174,"file":159,"line":175},"admin",23,{"type":157,"name":177,"callback":178,"file":159,"line":37},"admin_menu","denyhosts_menu",{"type":157,"name":180,"callback":181,"file":159,"line":182},"admin_enqueue_scripts","admin_scripts",31,{"type":157,"name":184,"callback":185,"file":159,"line":186},"admin_footer","placeholder",32,[],[],[],[191],{"hook":170,"callback":170,"file":159,"line":192},21,{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":197,"fileOperations":27,"externalRequests":14,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":202},[],{"prepared":27,"raw":27,"locations":196},[],{"escaped":14,"rawEcho":14,"locations":198},[199],{"file":159,"line":200,"context":201},98,"raw output",[],[204],{"entryPoint":205,"graph":206,"unsanitizedCount":27,"severity":222},"\u003Cwp-denyhosts> (wp-denyhosts.php:0)",{"nodes":207,"edges":219},[208,213],{"id":209,"type":210,"label":211,"file":159,"line":212},"n0","source","$_SERVER (x2)",163,{"id":214,"type":215,"label":216,"file":159,"line":217,"wp_function":218},"n1","sink","update_option() [Settings Manipulation]",214,"update_option",[220],{"from":209,"to":214,"sanitized":221},true,"low",{"summary":224,"deductions":225},"The \"wp-denyhosts\" v0.9.1 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and a clean vulnerability history suggest a well-maintained and secure codebase. The code analysis reveals no dangerous functions, no raw SQL queries, and a commendable absence of taint flows with unsanitized paths. The plugin also implements nonce and capability checks, which are crucial for preventing unauthorized actions.\n\nHowever, there are minor areas for improvement. The presence of one external HTTP request without further context warrants attention, as it could potentially be a vector for vulnerabilities if not handled securely. Additionally, while the plugin has a limited number of outputs, only 50% being properly escaped indicates a potential for cross-site scripting (XSS) vulnerabilities in the other 50%. The single cron event, while not inherently insecure, should be carefully monitored for any potential side effects or security implications in future updates.\n\nOverall, \"wp-denyhosts\" v0.9.1 appears to be a secure plugin with a minimal attack surface and a history free of known vulnerabilities. The detected minor concerns, such as output escaping and an external HTTP request, are not critical and can likely be addressed with minor code adjustments. The plugin's strengths lie in its lack of dangerous functions, secure database interactions, and implemented security checks.",[226,228],{"reason":227,"points":151},"Unescaped output found",{"reason":229,"points":230},"External HTTP request without context",3,"2026-03-16T22:59:06.100Z",{"wat":233,"direct":240},{"assetPaths":234,"generatorPatterns":236,"scriptPaths":237,"versionParams":239},[235],"\u002Fwp-content\u002Fplugins\u002Fwp-denyhosts\u002Fjs\u002Fjquery.placeholder.min.js",[],[238],"js\u002Fjquery.placeholder.min.js",[],{"cssClasses":241,"htmlComments":243,"htmlAttributes":244,"restEndpoints":245,"jsGlobals":246,"shortcodeOutput":248},[242],"error-page",[],[185],[],[247],"jQuery",[],{"error":221,"url":250,"statusCode":251,"statusMessage":252,"message":252},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-denyhosts\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":254},[]]