[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fueiKDOTq_xq8KLKuVUDHd3JDCMuXIzINQkUpjJbJFUk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":139,"fingerprints":246},"wp-firewall","WP Firewall","2.1.2","Andrea De Giovine","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreadegiovine\u002F","\u003Cp>Do you like the \u003Cstrong>WP Firewall\u003C\u002Fstrong> plugin? Leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-firewall\u002Freviews\u002F?filter=5\" title=\"Review this plugin\" rel=\"ugc\">5 star review\u003C\u002Fa> to recommend it to other users.\u003C\u002Fp>\n\u003Cp>This plugin adds a set of protection rules to the .htaccess file of your WordPress site.\u003Cbr \u002F>\nThese rules totally protect the CMS from hacker attacks.\u003C\u002Fp>\n\u003Cp>This is a BETA version, if you find bugs or malfunctions contact the developer from the support section.\u003C\u002Fp>\n\u003Ch3>WP Firewall requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Apache web server\u003C\u002Fli>\n\u003Cli>ModRewite\u003C\u002Fli>\n\u003Cli>SSL connection (https)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP Firewall development functions\u003C\u002Fh3>\n\u003Cp>This plugin uses only functions contained in the CMS core.\u003C\u002Fp>\n\u003Cp>Do you need other functions? Ask the developer from the support section.\u003C\u002Fp>\n\u003Cp>If after activating the protection errors or white screens occur, access the .htaccess file and remove all the code between “# BEGIN Firewall” and “# END Firewall”.\u003C\u002Fp>\n\u003Ch3>WP Firewall credits\u003C\u002Fh3>\n\u003Cp>The “WP Firewall” plugin was entirely \u003Cstrong>designed and created by Andrea De Giovine\u003C\u002Fstrong> (thought by @riccardobastillo1).\u003Cbr \u002F>\nIf you like the idea and want to support the developer, please \u003Ca href=\"https:\u002F\u002Fwww.andreadegiovine.it\u002Foutlinks\u002F1422\u002F?utm_source=wordpress_org&utm_medium=plugin_page&utm_campaign=wp_firewall\" title=\"send donation\" rel=\"nofollow ugc\">donate to this plugin\u003C\u002Fa>.\u003Cbr \u002F>\nFor \u003Cstrong>collaborations\u003C\u002Fstrong> and \u003Cstrong>consultations\u003C\u002Fstrong> visit the website of the \u003Ca href=\"https:\u002F\u002Fwww.andreadegiovine.it\u002F?utm_source=wordpress_org&utm_medium=plugin_page_text&utm_campaign=wp_firewall\" title=\"Web developer freelance\" rel=\"nofollow ugc\">freelance web developer\u003C\u002Fa>.\u003Cbr \u002F>\nFor \u003Cstrong>bug reports\u003C\u002Fstrong> and \u003Cstrong>support for this plugin\u003C\u002Fstrong>, visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-firewall\u002F\" title=\"Go to support\" rel=\"ugc\">support\u003C\u002Fa> section to ask the developer and the community directly.\u003C\u002Fp>\n","Protect WordPress from hacker attacks, spam and dangerous actions.",40,2515,0,"2020-04-24T15:31:00.000Z","5.4.19","4.0","5.6",[19,20,21,22,23],"antivirus","firewall","protection","safety","spam","https:\u002F\u002Fwww.andreadegiovine.it\u002Fdownload\u002Fwp-firewall\u002F?utm_source=wordpress_org&utm_medium=plugin_link&utm_campaign=wp_firewall","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-firewall.2.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"andreadegiovine",4,150,89,30,86,"2026-04-04T05:02:59.984Z",[39,63,84,103,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":28},"zero-spam","Zero Spam for WordPress","5.7.7","Ben Marshall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbmarshall511\u002F","\u003Cp>Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa> to offer a strong defense system.\u003C\u002Fp>\n\u003Cp>Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it’s pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website.\u003C\u002Fp>\n\u003Ch4>Worry-free, Powerful Protection at Your Fingertips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No captchas or moderation queues — no longer a admin’s problem.\u003C\u002Fli>\n\u003Cli>Our system dynamically blocks threats, keeping your site safe.\u003C\u002Fli>\n\u003Cli>Integration with global IP reputation providers for enhanced security.\u003C\u002Fli>\n\u003Cli>Block IPs temporarily or permanently, keep unwanted visitors out.\u003C\u002Fli>\n\u003Cli>Geolocation tracks origins of threats, providing valuable insights.\u003C\u002Fli>\n\u003Cli>Ability to block countries, regions, zip\u002Fpostal codes & cities.\u003C\u002Fli>\n\u003Cli>REST API for programmatic settings management — perfect for CI\u002FCD, staging syncs, and automation.\u003C\u002Fli>\n\u003Cli>Utilize \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">splorp’s Comment Blacklist\u003C\u002Fa> to strengthen your disallowed list.\u003C\u002Fli>\n\u003Cli>Block disposable & malicious email effortlessly with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdisposable\" rel=\"nofollow ugc\">disposable\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Multiple techniques, including the renowned solution by \u003Ca href=\"https:\u002F\u002Fdavidwalsh.name\u002Fwordpress-comment-spam\" rel=\"nofollow ugc\">David Walsh\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Seamlessly integrates with popular plugins including:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> — Secure customer registrations.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgivewp.com\u002Fref\u002F1118\u002F\" rel=\"nofollow ugc\">GiveWP\u003C\u002Fa> — Prevents attempts to test stolen credit cards.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa> — Keeps registrations safe & secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailchimp-for-wp\u002F\" rel=\"ugc\">Mailchimp for WordPress\u003C\u002Fa> — Protects sign-ups from abuse.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpdiscuz\u002F\" rel=\"ugc\">wpDiscuz\u003C\u002Fa> — Versatile form protection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind.\u003C\u002Fp>\n\u003Ch4>Enhance Detection with Optional 3rd-Party Integrations\u003C\u002Fh4>\n\u003Cp>Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002F\" rel=\"nofollow ugc\">Zero Spam\u003C\u002Fa>\u003C\u002Fstrong> – Utilize our real-time IP reputation analysis. Take a look at our \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.zerospam.org\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipbase.com\u002F\" rel=\"nofollow ugc\">ipbase.com\u003C\u002Fa>\u003C\u002Fstrong> – Access detailed geolocation information of attackers. Familiarize yourself with their \u003Ca href=\"https:\u002F\u002Fipbase.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fterms-and-conditions\u002F41661719\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">ipinfo.io\u003C\u002Fa>\u003C\u002Fstrong> – Gather geolocation details of malicious users. Refer to their \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms-of-service\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for further information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" rel=\"nofollow ugc\">ipstack\u003C\u002Fa>\u003C\u002Fstrong> – Obtain extensive geolocation insights. Review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fipstack.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> to learn more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002F\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>\u003C\u002Fstrong> – Verify if visitors’ IPs have been reported. Explore their \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\u002Flegal\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for additional details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002F\" rel=\"nofollow ugc\">Project Honeypot\u003C\u002Fa>\u003C\u002Fstrong> – Check if visitors’ IPs have been flagged. Refer to their \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fprivacy_policy.php\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.projecthoneypot.org\u002Fterms_of_use.php\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for more information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps\u003C\u002Fa>\u003C\u002Fstrong> – Plot attack locations on Google Maps. Please review their \u003Ca href=\"https:\u002F\u002Fwww.ideracorp.com\u002FLegal\u002FAPILayer\u002FPrivacyStatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fsite-terms\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> for complete details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you have the option to contribute to Zero Spam’s improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FHighfivery\u002Fzero-spam-for-wordpress\u002Fwiki\u002FFAQ\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n","No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.",20000,1423449,82,142,"2026-03-12T13:51:00.000Z","6.9.4","6.9","8.2",[20,21,56,23,57],"security","spam-blocker","https:\u002F\u002Fwordpress.com\u002Fplugins\u002Fzero-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzero-spam.5.7.7.zip",92,5,"2024-04-15 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":81,"download_link":82,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wt-security","WebTotem Security","2.4.35","WebTotem","https:\u002F\u002Fprofiles.wordpress.org\u002Fwtsec\u002F","\u003Cp>\u003Cstrong>WebTotem: Enhance Your WordPress Website Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebTotem the Ultimate WordPress Security Plugin for Comprehensive Protection\u003Cbr \u002F>\nIn today’s digital landscape, safeguarding your WordPress website against a myriad of threats is paramount. WebTotem emerges as a formidable security solution, offering a suite of powerful features designed to protect your website from the ground up. With antivirus scans, firewall protection, SSL certificate monitoring, and port analysis, WebTotem ensures your web space is meticulously guarded. Pushing the envelope further, it incorporates CVE vulnerability scanning to preemptively identify and mitigate potential risks, fortifying your website’s defense mechanism.\u003Cbr \u002F>\nWebTotem transforms your website into an impenetrable fortress by integrating additional layers of security such as activity logs, two-factor authentication (2FA), brute force attack prevention, and CAPTCHA functionalities. This not only guarantees uninterrupted operation but also establishes a reliable security framework for your website.\u003C\u002Fp>\n\u003Ch3>Core Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Antivirus Protection:\u003C\u002Fstrong> Conducts thorough scans of your files for malicious software, hidden shells, and dubious modifications, marking the first step towards a secure website. It’s an intuitive solution for maintaining your site’s integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall Defense:\u003C\u002Fstrong> Offers real-time safeguarding against SQL injections, XSS, and DOS attacks, ensuring your data remains secure from unwelcome intrusions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SSL Module:\u003C\u002Fstrong> Administers continuous monitoring and management of your site’s SSL certificates, protecting data transmission round the clock.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Port Scanner:\u003C\u002Fstrong> Employs meticulous analysis to identify open ports, blocking unauthorized access and neutralizing potential threats.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Path Scanner:\u003C\u002Fstrong> Proactively searches and reviews accessible paths to files and directories, closing off avenues for attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reputation Module:\u003C\u002Fstrong> Vigilantly monitors and alerts you about any blacklisting issues, safeguarding your site’s online reputation and visibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessibility Module:\u003C\u002Fstrong> Keeps a close watch on site availability and page response times, ensuring optimal performance and a seamless user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technology Scanner:\u003C\u002Fstrong> Accurately identifies your site’s technology stack and its versions, aiding in keeping your systems up-to-date.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Highlight Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> A cornerstone feature that scans for known vulnerabilities within the Common Vulnerabilities and Exposures (CVE) database, enabling swift remediation to boost your site’s security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Resource Module:\u003C\u002Fstrong> Provides crucial insights into RAM and CPU usage, along with disk space analytics, facilitating efficient resource utilization for enhanced site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log:\u003C\u002Fstrong> An essential tool for monitoring site changes and activities, offering a comprehensive event timeline for enhanced security oversight and swift incident response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Enhanced Security Measures:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Elevates security by requiring a second form of verification, seamlessly integrated within your CMS to protect administrative access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Integration:\u003C\u002Fstrong> A versatile tool against spam bots and automated attacks, offering customizable CAPTCHA deployment to safeguard your forms from unwarranted submissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-Force Protection:\u003C\u002Fstrong> Actively combats password guessing attempts, employing proactive measures to prevent unauthorized access to your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Assessment (Scoring):\u003C\u002Fstrong> Offers a detailed security evaluation based on an innovative methodology, pinpointing improvement areas with strategic recommendations to fortify your website’s security stance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Remediation Advice:\u003C\u002Fstrong> Goes beyond detection by providing actionable, detailed guidance for addressing vulnerabilities, enhancing your website’s resilience against threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WebTotem stands as a comprehensive security plugin, expertly crafted to enhance your WordPress site’s defenses. By adopting WebTotem, you not only protect your site from current threats but also strengthen its overall security architecture, ensuring a safe and robust online presence.\u003C\u002Fp>\n","WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.",900,92711,84,13,"2025-10-06T06:25:00.000Z","6.6.5","6.0","7.1",[19,20,80,21,56],"monitoring","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-security.2.4.35.zip",100,{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":73,"num_ratings":94,"last_updated":95,"tested_up_to":52,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":101,"download_link":102,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"spam-master","Spam Master","7.7.4","TechGasp","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechgasp\u002F","\u003Cp>\u003Cstrong>Spam Master\u003C\u002Fstrong> delivers powerful, real-time firewall and anti-spam protection for WordPress. Instantly block spam bots, brute force logins, fake registrations, comment spam, and malicious contact form submissions. Spam Master uses live RBL (real-time block lists) with millions of updated threats to keep your site secure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Real-Time Spam Firewall (RBL\u002FBlacklist)\u003Cbr \u002F>\n– Anti-bot, anti-flood, anti-crawler, brute force & DDoS protection\u003Cbr \u002F>\n– Compatible with WooCommerce, Contact Form 7, WPForms, BuddyPress, Gravity Forms, bbPress, Jetpack, Akismet, Ninja Forms, MailChimp, S2Member, MailPoet, Formidable, ConvertKit, ActiveCampaign, and any custom plugin or theme\u003Cbr \u002F>\n– No CAPTCHA, No JavaScript, No AJAX — fast and SEO-friendly\u003Cbr \u002F>\n– GDPR compliant & privacy-focused\u003Cbr \u002F>\n– Modular loading for optimal speed\u003Cbr \u002F>\n– IPv6 & PHP 8 ready\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose Spam Master?\u003C\u002Fstrong>\u003Cbr \u002F>\n– Blocks spam before it reaches your site\u003Cbr \u002F>\n– No annoying CAPTCHA or quizzes\u003Cbr \u002F>\n– Advanced honeypot fields for registrations, logins, comments, forms\u003Cbr \u002F>\n– Constant learning from millions of spam sources\u003Cbr \u002F>\n– Professional security logging, analytics & statistics\u003Cbr \u002F>\n– Whitelist management (safe emails\u002FIPs exempted)\u003Cbr \u002F>\n– Customizable block messages\u003C\u002Fp>\n\u003Cp>\u003Cem>For full features, demo, docs, and support visit \u003Ca href=\"https:\u002F\u002Fwww.spammaster.org\u002F\" rel=\"nofollow ugc\">Spam Master website\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Plugin Integrations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce:\u003C\u002Fstrong> Block spam\u002Ffraudulent registrations, custom signatures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BuddyPress:\u003C\u002Fstrong> Stops spam registrations\u002Flogins, custom signatures\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form 7 & WPForms:\u003C\u002Fstrong> Real-time scanning, honeypot & antibot protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms:\u003C\u002Fstrong> Scans data before submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Akismet Compatibility:\u003C\u002Fstrong> Marks missed spam\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Forms\u002FThemes:\u003C\u002Fstrong> Works with any registration, comment, or contact form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Fast, Secure, SEO-Friendly\u003C\u002Fh4>\n\u003Cp>Spam Master loads only what’s needed for security, keeping your site fast and optimized for Google PageSpeed and Lighthouse.\u003C\u002Fp>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Cp>Spam Master uses updated real-time block lists (RBL), spam buffer tech (for local speed), advanced honeypots, and learning heuristics to block millions of threats instantly.\u003C\u002Fp>\n\u003Ch3>Privacy & GDPR\u003C\u002Fh3>\n\u003Cp>Spam Master is developed by an EU company and fully complies with GDPR. No data is shared with third parties. \u003Ca href=\"https:\u002F\u002Fwww.spammaster.org\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Try Online Demo\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.spammaster.org\u002F\" rel=\"nofollow ugc\">Spam Master Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.spammaster.org\u002Fsearch-threat\u002F\" rel=\"nofollow ugc\">Search Threat Database\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.spammaster.org\u002Frbl-servers-status\u002F\" rel=\"nofollow ugc\">RBL Cluster Status\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Real-time firewall and anti-spam for WordPress. Block spam bots, comments, logins & registrations. No CAPTCHA, no slowdown.",200,143566,71,"2026-03-13T06:48:00.000Z","5.0","7.4",[99,100,20,21,23],"antibot","antispam","https:\u002F\u002Fwww.spammaster.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-master.7.7.4.zip",{"slug":104,"name":105,"version":17,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":92,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":81,"download_link":120,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":121,"fetched_at":28},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",13895,78,7,"2025-06-15T19:08:00.000Z","6.8.5","4.6","7.2",[118,20,119,21,56],"anti-spam","login-attempts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip","2024-12-05 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":114,"requires_at_least":135,"requires_php":97,"tags":136,"homepage":81,"download_link":138,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"access-defender","Access Defender – Advanced VPN & Proxy Blocker","1.1.2","Huzaifa Al Mesbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuzaifaalmesbah\u002F","\u003Cp>Access Defender is the most comprehensive WordPress security plugin for blocking VPNs, proxies, and suspicious traffic. Protect your website from malicious users, spam, fraud, and unauthorized access with our advanced multi-provider detection system.\u003C\u002Fp>\n\u003Cp>NEW in Version 1.1.0: Revolutionary multi-provider system with automatic failover, real-time monitoring, and enhanced reliability!\u003C\u002Fp>\n\u003Ch4>Quick Start Video Tutorial\u003C\u002Fh4>\n\u003Cp>Watch our step-by-step installation and configuration guide:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgWUFEuK1ZhA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Ch4>Advanced VPN & Proxy Detection\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>99.9% Detection Accuracy – Industry-leading precision in identifying VPNs, proxies, and hosting providers\u003C\u002Fli>\n\u003Cli>Multiple Detection Methods – Comprehensive IP analysis using advanced algorithms\u003C\u002Fli>\n\u003Cli>Real-time Threat Assessment – Instant blocking of suspicious traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Provider System (NEW!)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>4+ API Providers – Choose from free and premium services\u003C\u002Fli>\n\u003Cli>Smart Auto-Rotation – Automatic switching between providers when limits are reached\u003C\u002Fli>\n\u003Cli>Zero Downtime Protection – Seamless failover ensures continuous security\u003C\u002Fli>\n\u003Cli>Load Balancing – Distribute requests across multiple providers for optimal performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Real-time Monitoring & Analytics\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Live Usage Statistics – Monitor API calls, success rates, and provider performance\u003C\u002Fli>\n\u003Cli>Detailed Reporting – Track blocked attempts, provider efficiency, and security metrics\u003C\u002Fli>\n\u003Cli>Performance Insights – Optimize your security setup with actionable data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Configuration Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free Provider Auto-Rotation – Perfect for small to medium websites\u003C\u002Fli>\n\u003Cli>Premium Provider Support – Enhanced reliability for high-traffic sites\u003C\u002Fli>\n\u003Cli>Flexible API Management – Easy switching between providers\u003C\u002Fli>\n\u003Cli>Custom Rate Limiting – Intelligent request management\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User-Friendly Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup – Get protected in minutes\u003C\u002Fli>\n\u003Cli>Customizable Block Messages – Professional warning pages for blocked users\u003C\u002Fli>\n\u003Cli>Admin Bypass – Administrators never get blocked\u003C\u002Fli>\n\u003Cli>Bot-Friendly – Automatic detection and allowance of search engine crawlers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Access Defender?\u003C\u002Fh3>\n\u003Ch4>For Website Owners:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect against fraud, spam, and malicious activities\u003C\u002Fli>\n\u003Cli>Reduce server load from suspicious traffic\u003C\u002Fli>\n\u003Cli>Improve website performance and user experience\u003C\u002Fli>\n\u003Cli>Maintain compliance with security standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For E-commerce Sites:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Prevent fraudulent transactions and chargebacks\u003C\u002Fli>\n\u003Cli>Block suspicious purchasing patterns\u003C\u002Fli>\n\u003Cli>Protect customer data and payment information\u003C\u002Fli>\n\u003Cli>Reduce cart abandonment from bot traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For Content Creators:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect premium content from unauthorized access\u003C\u002Fli>\n\u003Cli>Prevent content scraping and theft\u003C\u002Fli>\n\u003Cli>Ensure genuine user engagement metrics\u003C\u002Fli>\n\u003Cli>Maintain advertising revenue integrity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported API Providers\u003C\u002Fh3>\n\u003Ch4>Free Providers (Auto-Rotation Enabled):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com (Free) – 45 requests\u002Fminute, reliable detection\u003C\u002Fli>\n\u003Cli>Additional Free APIs – Coming soon for enhanced rotation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Providers (Enhanced Performance):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ProxyCheck.io – Professional-grade detection with 99.9% accuracy\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – Advanced geolocation and VPN detection\u003C\u002Fli>\n\u003Cli>IP-API.com (Pro) – Premium tier with higher limits (Coming Soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Smart Provider Management:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Sequential rotation through free providers\u003C\u002Fli>\n\u003Cli>Automatic failover when rate limits are reached\u003C\u002Fli>\n\u003Cli>Real-time provider health monitoring\u003C\u002Fli>\n\u003Cli>Intelligent request distribution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>E-commerce Websites – Prevent fraud and protect transactions\u003C\u002Fli>\n\u003Cli>Membership Sites – Control access to premium content\u003C\u002Fli>\n\u003Cli>Corporate Websites – Maintain security compliance\u003C\u002Fli>\n\u003Cli>News & Media Sites – Protect against content scraping\u003C\u002Fli>\n\u003Cli>SaaS Platforms – Prevent abuse and unauthorized access\u003C\u002Fli>\n\u003Cli>Any WordPress Site – Universal security enhancement\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy & Security\u003C\u002Fh3>\n\u003Ch4>Data Collection & Processing:\u003C\u002Fh4>\n\u003Cp>Access Defender prioritizes your privacy while providing robust security. Here’s how we handle data:\u003C\u002Fp>\n\u003Ch4>API Provider Data Sharing:\u003C\u002Fh4>\n\u003Cp>When checking IP addresses, minimal data is shared with selected API providers for detection purposes only.\u003C\u002Fp>\n\u003Ch4>Supported Providers & Their Policies:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP-API.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>ProxyCheck.io – \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>IPGeolocation.io – \u003Ca href=\"https:\u002F\u002Fipgeolocation.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Security Measures:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Encrypted API Communications – All provider requests use HTTPS\u003C\u002Fli>\n\u003Cli>No Personal Data Storage – Only IP addresses are processed temporarily\u003C\u002Fli>\n\u003Cli>Automatic Data Purging – Logs are cleared regularly\u003C\u002Fli>\n\u003Cli>Secure Key Management – API keys are encrypted in database\u003C\u002Fli>\n\u003Cli>WordPress Security Standards – Full compliance with WP security guidelines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Analytics & Telemetry:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Opt-in Only – Data collection requires your explicit consent\u003C\u002Fli>\n\u003Cli>Anonymous Usage Data – Helps improve plugin performance\u003C\u002Fli>\n\u003Cli>No Personal Information – Only technical usage statistics\u003C\u002Fli>\n\u003Cli>Full Control – Disable anytime in settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License & Legal\u003C\u002Fh3>\n\u003Ch4>Open Source License\u003C\u002Fh4>\n\u003Cp>Access Defender is licensed under GPLv2 or later. This ensures the plugin remains free and open-source while providing you with the flexibility to use, modify, and distribute it according to your needs.\u003C\u002Fp>\n\u003Ch4>License Details:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Free to use for personal and commercial projects\u003C\u002Fli>\n\u003Cli>Modify and customize according to your requirements\u003C\u002Fli>\n\u003Cli>Redistribute under the same license terms\u003C\u002Fli>\n\u003Cli>Access to complete source code\u003C\u002Fli>\n\u003Cli>Community-driven development and support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Legal Information:\u003C\u002Fh4>\n\u003Cp>This plugin provides security features but users should understand:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No 100% Guarantee: No security measure is completely foolproof\u003C\u002Fli>\n\u003Cli>Third-party Dependencies: Plugin functionality depends on external API services\u003C\u002Fli>\n\u003Cli>Service Availability: API provider changes may affect functionality\u003C\u002Fli>\n\u003Cli>User Responsibility: Proper configuration and monitoring are essential\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Best Practices:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Regularly monitor plugin performance\u003C\u002Fli>\n\u003Cli>Keep plugin updated to latest version\u003C\u002Fli>\n\u003Cli>Test configuration on staging environment\u003C\u002Fli>\n\u003Cli>Maintain backup security measures\u003C\u002Fli>\n\u003Cli>Review API provider terms periodically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using Access Defender, you acknowledge these terms and agree to use the plugin responsibly as part of a comprehensive security strategy.\u003C\u002Fp>\n","Advanced VPN & proxy blocker for WordPress. 99.9% accuracy, multi-API rotation, real-time monitoring. Protect against fraud & spam.",50,1618,60,2,"2025-10-02T04:29:00.000Z","5.9",[20,137,21,56,23],"privacy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccess-defender.1.1.2.zip",{"attackSurface":140,"codeSignals":220,"taintFlows":234,"riskAssessment":235,"analyzedAt":245},{"hooks":141,"ajaxHandlers":216,"restRoutes":217,"shortcodes":218,"cronEvents":219,"entryPointCount":13,"unprotectedCount":13},[142,148,151,154,157,160,163,166,172,176,180,184,188,193,197,201,205,208,211,214],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","do_feed","return_disabled_screen","inc\\disable_rss.php",18,{"type":143,"name":149,"callback":145,"file":146,"line":150},"do_feed_rdf",19,{"type":143,"name":152,"callback":145,"file":146,"line":153},"do_feed_rss",20,{"type":143,"name":155,"callback":145,"file":146,"line":156},"do_feed_rss2",21,{"type":143,"name":158,"callback":145,"file":146,"line":159},"do_feed_atom",22,{"type":143,"name":161,"callback":145,"file":146,"line":162},"do_feed_rss2_comments",23,{"type":143,"name":164,"callback":145,"file":146,"line":165},"do_feed_atom_comments",24,{"type":167,"name":168,"callback":169,"file":170,"line":171},"filter","xmlrpc_enabled","__return_false","inc\\disable_xmlrpc.php",17,{"type":143,"name":173,"callback":174,"file":175,"line":11},"plugins_loaded","apply_upgrade","wp-firewall.php",{"type":143,"name":177,"callback":178,"file":175,"line":179},"init","init_load_textdomain",41,{"type":143,"name":181,"callback":182,"file":175,"line":183},"admin_menu","init_options_menu",47,{"type":143,"name":185,"callback":186,"file":175,"line":187},"network_admin_menu","init_network_options_menu",49,{"type":167,"name":189,"callback":190,"priority":191,"file":175,"line":192},"plugin_action_links","init_plugin_action_links",10,52,{"type":143,"name":194,"callback":195,"file":175,"line":196},"admin_init","apply_htaccess_firewall",54,{"type":143,"name":198,"callback":199,"file":175,"line":200},"admin_notices","init_admin_notice",55,{"type":143,"name":202,"callback":203,"file":175,"line":204},"admin_enqueue_scripts","wp_admin_enqueue",56,{"type":143,"name":177,"callback":206,"file":175,"line":207},"apply_php_firewall",58,{"type":167,"name":209,"callback":169,"file":175,"line":210},"the_generator",121,{"type":143,"name":194,"callback":212,"file":175,"line":213},"settings_options_page",171,{"type":143,"name":194,"callback":212,"file":175,"line":215},176,[],[],[],[],{"dangerousFunctions":221,"sqlUsage":222,"outputEscaping":224,"fileOperations":232,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":233},[],{"prepared":13,"raw":13,"locations":223},[],{"escaped":133,"rawEcho":133,"locations":225},[226,230],{"file":227,"line":228,"context":229},"part\\options_page.php",153,"raw output",{"file":227,"line":231,"context":229},156,3,[],[],{"summary":236,"deductions":237},"The 'wp-firewall' plugin v2.1.2 presents a relatively strong security posture based on the provided static analysis and vulnerability history. The plugin exhibits a remarkably small attack surface, with zero identified entry points in AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there are no flagged dangerous functions, and all detected SQL queries are properly prepared, indicating good practices in database interaction. The absence of known CVEs and historical vulnerabilities is a significant positive indicator, suggesting a stable and well-maintained codebase.\n\nHowever, there are areas that warrant caution. The output escaping is only 50% proper, with 4 total outputs, meaning half of the plugin's output may be vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not handled carefully. The lack of nonce checks and capability checks on any potential (though currently undocumented) entry points could be a concern if the attack surface were to expand in future versions or if certain functions are implicitly called. The plugin's file operations, while not explicitly detailed as risky, should be reviewed for secure implementation.\n\nIn conclusion, the plugin appears to be secure against common external threats due to its minimal attack surface and lack of historical vulnerabilities. The primary weakness lies in the partial output escaping, which presents a potential XSS risk. The absence of other common vulnerability patterns in its history is reassuring, but the missing authentication and authorization checks on potential (even if currently zero) entry points remain a latent concern that could be exploited if the plugin's functionality evolves or is misused.",[238,241,243],{"reason":239,"points":240},"50% of output not properly escaped",6,{"reason":242,"points":61},"No nonce checks",{"reason":244,"points":61},"No capability checks","2026-03-16T22:15:19.047Z",{"wat":247,"direct":253},{"assetPaths":248,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[249],"\u002Fwp-content\u002Fplugins\u002Fwp-firewall\u002Fassets\u002Fadmin-ui.css",[],[],[],{"cssClasses":254,"htmlComments":255,"htmlAttributes":256,"restEndpoints":257,"jsGlobals":258,"shortcodeOutput":259},[],[],[],[],[],[]]