[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fw-d3hdOraDqPEwS5I-a1SXin8xqh3DPPcWPKtck6etM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":104,"crawl_stats":38,"alternatives":110,"analysis":211,"fingerprints":527},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","5.6","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",200,13895,78,7,"2025-06-15T19:08:00.000Z","6.8.5","4.6","7.2",[20,21,22,23,24],"anti-spam","firewall","login-attempts","protection","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip",92,5,0,"2024-12-05 00:00:00","2026-03-15T15:16:48.613Z",[33,48,64,79,93],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-54234","limit-login-attempts-unauthenticated-sql-injeciton","Limit Login Attempts \u003C= 5.5 - Unauthenticated SQL Injeciton","The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=5.5","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-01-17 13:24:49",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F60e2f3d3-c9f0-4d06-960a-6d796a280433?source=api-prod",44,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2022-4534","limit-login-attempts-spam-protection-ip-address-spoofing-to-protection-mechanism-bypass","Limit Login Attempts (Spam Protection) \u003C= 5.3 - IP Address Spoofing to Protection Mechanism Bypass","The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.","\u003C=5.3","5.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Use of Less Trusted Source","2024-10-07 00:00:00","2024-10-08 08:33:18",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F561ec1b2-ee26-4e0c-b437-d70b04be5b4c?source=api-prod",1,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":71,"cvss_score":72,"cvss_vector":73,"vuln_type":43,"published_date":74,"updated_date":75,"references":76,"days_to_patch":78},"CVE-2022-0787","limit-login-attempts-spam-protection-unauthenticated-sql-injection","Limit Login Attempts (Spam Protection) \u003C= 4.9.1 - Unauthenticated SQL Injection","The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections","\u003C=4.9.1","5.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2022-03-02 00:00:00","2024-01-22 19:56:02",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F49ea8af1-7171-4498-bfb0-bb3cbd72e6f3?source=api-prod",692,{"id":80,"url_slug":81,"title":82,"description":83,"plugin_slug":4,"theme_slug":38,"affected_versions":84,"patched_in_version":85,"severity":40,"cvss_score":86,"cvss_vector":87,"vuln_type":88,"published_date":89,"updated_date":75,"references":90,"days_to_patch":92},"WF-7d525c50-5911-4be6-a860-b48db619adba-wp-limit-failed-login-attempts","limit-login-attempts-spam-protection-cross-site-request-forgery-to-arbitrary-plugin-installationactivation","Limit Login Attempts (Spam Protection) \u003C= 2.9 - Cross-Site Request Forgery to Arbitrary Plugin Installation\u002FActivation","The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.9","3.1",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2021-04-22 00:00:00",[91],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7d525c50-5911-4be6-a860-b48db619adba?source=api-prod",1006,{"id":94,"url_slug":95,"title":96,"description":97,"plugin_slug":4,"theme_slug":38,"affected_versions":98,"patched_in_version":99,"severity":40,"cvss_score":86,"cvss_vector":100,"vuln_type":101,"published_date":89,"updated_date":75,"references":102,"days_to_patch":92},"CVE-2021-24194","limit-login-attempts-spam-protection-missing-authorization-to-arbitrary-plugin-installationactivation","Limit Login Attempts (Spam Protection) \u003C= 2.8 - Missing Authorization to Arbitrary Plugin Installation\u002FActivation","Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from the blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.","\u003C2.9","2.9","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Authorization",[103],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fda24aad2-ae6b-411e-a229-0df585215731?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":105,"total_installs":106,"avg_security_score":27,"avg_patch_time_days":107,"trust_score":108,"computed_at":109},13,355240,900,73,"2026-04-05T16:50:27.753Z",[111,131,146,168,189],{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":63,"last_updated":122,"tested_up_to":16,"requires_at_least":123,"requires_php":25,"tags":124,"homepage":129,"download_link":130,"security_score":121,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent &hellip;",10,2276,100,"2025-04-28T07:01:00.000Z","5.0",[20,125,126,127,128],"iframe-blocker","spam-protection","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":29,"downloaded":139,"rating":29,"num_ratings":29,"last_updated":140,"tested_up_to":16,"requires_at_least":123,"requires_php":141,"tags":142,"homepage":25,"download_link":145,"security_score":121,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bunkr-solution","Bunkr Solution","1.0.0","Bunkr","https:\u002F\u002Fprofiles.wordpress.org\u002Fyfel\u002F","\u003Cp>Bunkr Solution provides enterprise-grade bot protection for your WordPress site through sophisticated server-side analysis.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Real-time behavioral analysis\u003Cbr \u002F>\n* Advanced bot detection\u003Cbr \u002F>\n* Seamless user experience for legitimate visitors\u003Cbr \u002F>\n* Enterprise-grade protection\u003Cbr \u002F>\n* Easy integration with WordPress\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Bunkr API service to analyze website traffic and provide bot protection. Here’s what you need to know:\u003C\u002Fp>\n\u003Ch4>Service Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service\u003C\u002Fstrong>: Bunkr Bot Protection API (https:\u002F\u002Fwpde.bunkr-solution.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Real-time analysis of website requests to identify and block malicious bot traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Bunkr Solution (https:\u002F\u002Fbunkr-solution.com)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Transmission\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>: Every time a non-admin user visits your website (excluding AJAX requests)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n* Request metadata: URL, HTTP method, referrer, timestamp\u003Cbr \u002F>\n* Server headers: User-Agent, Accept headers, security headers (Sec-* headers)\u003Cbr \u002F>\n* Network information: IP address, domain name\u003Cbr \u002F>\n* Browser context: Mobile detection, HTTPS status\u003Cbr \u002F>\n* Cookie analysis: Count and types of cookies (WordPress, session, persistent)\u003Cbr \u002F>\n* Request identifier: Unique request identifier\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No sensitive data\u003C\u002Fstrong>: The plugin does not send form data, post content, user credentials, or personal information.\u003C\u002Fp>\n\u003Ch4>Legal Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fterms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User Consent\u003C\u002Fh4>\n\u003Cp>By installing and activating this plugin, you acknowledge that:\u003Cbr \u002F>\n1. Request data will be sent to Bunkr’s servers for analysis\u003Cbr \u002F>\n2. This data transmission is necessary for the plugin’s bot protection functionality\u003Cbr \u002F>\n3. You have reviewed Bunkr’s terms of service and privacy policy\u003Cbr \u002F>\n4. You are responsible for informing your website users about this data processing if required by applicable privacy laws\u003C\u002Fp>\n","Advanced bot protection for WordPress using real-time behavioral analysis. Blocks malicious traffic while allowing legitimate users seamless access.",519,"2025-10-10T13:14:00.000Z","7.4",[20,143,144,21,24],"bot-protection","click-fraud","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbunkr-solution.1.0.2.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":156,"num_ratings":157,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":165,"download_link":166,"security_score":121,"vuln_count":63,"unpatched_count":29,"last_vuln_date":167,"fetched_at":31},"ninjafirewall","NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall","4.8.4","nintechnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fnintechnet\u002F","\u003Ch4>A true Web Application Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.\u003C\u002Fp>\n\u003Cp>It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache \u003Ca href=\"http:\u002F\u002Fwww.modsecurity.org\u002F\" title=\"\" rel=\"nofollow ugc\">ModSecurity\u003C\u002Fa> module or the PHP \u003Ca href=\"http:\u002F\u002Fsuhosin.org\u002F\" title=\"\" rel=\"nofollow ugc\">Suhosin\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is \u003Cstrong>not compatible with Microsoft Windows\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>NinjaFirewall can hook, scan, sanitise or reject any HTTP\u002FHTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.\u003C\u002Fp>\n\u003Ch4>Powerful filtering engine\u003C\u002Fh4>\n\u003Cp>NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fintroduction-to-ninjafirewall-filtering-engine\u002F\" title=\"\" rel=\"nofollow ugc\">An introduction to NinjaFirewall filtering engine\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Fastest and most efficient brute-force attack protection for WordPress\u003C\u002Fh4>\n\u003Cp>By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.\u003C\u002Fp>\n\u003Cp>See our benchmarks and stress-tests: \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fwordpress-brute-force-attack-detection-plugins-comparison-2015\u002F\" title=\"\" rel=\"nofollow ugc\">Brute-force attack detection plugins comparison\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The protection applies to the \u003Ccode>wp-login.php\u003C\u002Fcode> script but can be extended to the \u003Ccode>xmlrpc.php\u003C\u002Fcode> one. The incident can also be written to the server \u003Ccode>AUTH\u003C\u002Fcode> log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).\u003C\u002Fp>\n\u003Ch4>Real-time detection\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Guard\u003C\u002Fstrong> real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).\u003C\u002Fp>\n\u003Ch4>File integrity monitoring\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>File Check\u003C\u002Fstrong> lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.\u003C\u002Fp>\n\u003Ch4>Watch your website traffic in real time\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Live Log\u003C\u002Fstrong> lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the \u003Ccode>tail -f\u003C\u002Fcode> Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, \u003Cstrong>Live Log\u003C\u002Fstrong> is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.\u003C\u002Fp>\n\u003Ch4>Event Notifications\u003C\u002Fh4>\n\u003Cp>NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-adds-php-backtrace-to-email-notifications\u002F\" title=\"NinjaFirewall adds PHP backtrace to email notifications\" rel=\"nofollow ugc\">attach a PHP backtrace\u003C\u002Fa> to important notifications.\u003C\u002Fp>\n\u003Cp>Monitored events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrator login.\u003C\u002Fli>\n\u003Cli>Modification of any administrator account in the database.\u003C\u002Fli>\n\u003Cli>Plugins upload, installation, (de)activation, update, deletion.\u003C\u002Fli>\n\u003Cli>Themes upload, installation, activation, deletion.\u003C\u002Fli>\n\u003Cli>WordPress update.\u003C\u002Fli>\n\u003Cli>Pending security update in your plugins and themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stay protected against the latest WordPress security vulnerabilities\u003C\u002Fh4>\n\u003Cp>To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins\u002Fthemes, a new set of security rules will be made available to protect your blog immediately.\u003C\u002Fp>\n\u003Ch4>Strong Privacy\u003C\u002Fh4>\n\u003Cp>Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).\u003C\u002Fp>\n\u003Cp>Your website can run NinjaFirewall and be \u003Cstrong>compliant with the General Data Protection Regulation (GDPR)\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-general-data-protection-regulation-compliance\u002F\" title=\"GDPR Compliance\" rel=\"nofollow ugc\">See our blog for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>IPv6 compatibility\u003C\u002Fh4>\n\u003Cp>IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.\u003C\u002Fp>\n\u003Ch4>Multi-site support\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.\u003C\u002Fp>\n\u003Ch4>Possibility to prepend your own PHP code to the firewall\u003C\u002Fh4>\n\u003Cp>You can prepend your own PHP code to the firewall with the help of an \u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fninjafirewall-wp-edition-the-htninja-configuration-file\u002F\" rel=\"nofollow ugc\">optional distributed configuration file\u003C\u002Fa>. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.\u003C\u002Fp>\n\u003Ch4>Low Footprint Firewall\u003C\u002Fh4>\n\u003Cp>NinjaFirewall is very fast, optimised, compact, and requires very low system resource.\u003Cbr \u002F>\nSee for yourself: download and install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-profiler\u002F\" title=\"\" rel=\"ugc\">Code Profiler\u003C\u002Fa> plugin and compare NinjaFirewall’s performance with other security plugins.\u003C\u002Fp>\n\u003Ch4>Non-Intrusive User Interface\u003C\u002Fh4>\n\u003Cp>NinjaFirewall looks and feels like a built-in WordPress feature. It does not contain intrusive banners, warnings or flashy colors. It uses the WordPress simple and clean interface and is also smartphone-friendly.\u003C\u002Fp>\n\u003Ch4>Contextual Help\u003C\u002Fh4>\n\u003Cp>Each NinjaFirewall menu page has a contextual help screen with useful information about how to use and configure it.\u003Cbr \u002F>\nIf you need help, click on the \u003Cem>Help\u003C\u002Fem> menu tab located in the upper right corner of each page in your admin panel.\u003C\u002Fp>\n\u003Ch4>Need more security ?\u003C\u002Fh4>\n\u003Cp>Check out our new supercharged edition: \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"NinjaFirewall WP+ Edition\" rel=\"nofollow ugc\">NinjaFirewall WP+ Edition\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unix shared memory use for inter-process communication and blazing fast performances.\u003C\u002Fli>\n\u003Cli>IP-based Access Control.\u003C\u002Fli>\n\u003Cli>Role-based Access Control.\u003C\u002Fli>\n\u003Cli>Country-based Access Control via geolocation.\u003C\u002Fli>\n\u003Cli>URL-based Access Control.\u003C\u002Fli>\n\u003Cli>Bot-based Access Control.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fcentralized-logging-with-ninjafirewall\u002F\" title=\"Centralized Logging\" rel=\"nofollow ugc\">Centralized Logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Antispam for comment and user regisration forms.\u003C\u002Fli>\n\u003Cli>Rate limiting option to block aggressive bots, crawlers, web scrapers and HTTP attacks.\u003C\u002Fli>\n\u003Cli>Response body filter to scan the output of the HTML page right before it is sent to your visitors browser.\u003C\u002Fli>\n\u003Cli>Better File uploads management.\u003C\u002Fli>\n\u003Cli>Better logs management.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.nintechnet.com\u002Fsyslog-logging-with-ninjafirewall\u002F\" title=\"Syslog logging\" rel=\"nofollow ugc\">Syslog logging\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F\" title=\"\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa> about the WP+ Edition unique features. \u003Ca href=\"https:\u002F\u002Fnintechnet.com\u002Fninjafirewall\u002Fwp-edition\u002F?comparison\" title=\"\" rel=\"nofollow ugc\">Compare\u003C\u002Fa> the WP and WP+ Editions.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.9+\u003C\u002Fli>\n\u003Cli>Admin\u002FSuperadmin with \u003Ccode>manage_options\u003C\u002Fcode> + \u003Ccode>unfiltered_html capabilities\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>PHP 7.1+\u003C\u002Fli>\n\u003Cli>MySQL or MariaDB with MySQLi extension\u003C\u002Fli>\n\u003Cli>Apache \u002F Nginx \u002F LiteSpeed \u002F Openlitespeed compatible\u003C\u002Fli>\n\u003Cli>Unix-like operating systems only (Linux, BSD etc). NinjaFirewall is \u003Cstrong>NOT\u003C\u002Fstrong> compatible with Microsoft Windows.\u003C\u002Fli>\n\u003C\u002Ful>\n","A true Web Application Firewall to protect and secure WordPress.",100000,3089632,98,217,"2026-03-12T09:53:00.000Z","6.9.4","4.9","7.1",[21,163,23,24,164],"malware","virus","https:\u002F\u002Fnintechnet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fninjafirewall.4.8.4.zip","2021-05-30 00:00:00",{"slug":20,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":177,"num_ratings":178,"last_updated":179,"tested_up_to":159,"requires_at_least":6,"requires_php":141,"tags":180,"homepage":185,"download_link":186,"security_score":156,"vuln_count":187,"unpatched_count":29,"last_vuln_date":188,"fetched_at":31},"Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z",[181,182,183,24,184],"antispam","brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",3,"2024-07-11 00:00:00",{"slug":190,"name":191,"version":192,"author":193,"author_profile":194,"description":195,"short_description":196,"active_installs":197,"downloaded":198,"rating":199,"num_ratings":200,"last_updated":201,"tested_up_to":159,"requires_at_least":202,"requires_php":123,"tags":203,"homepage":206,"download_link":207,"security_score":208,"vuln_count":209,"unpatched_count":29,"last_vuln_date":210,"fetched_at":31},"stop-spammer-registrations-plugin","Stop Spammers Classic","2026.3","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A simplified, restored, and preserved version of the original Stop Spammers plugin.\u003C\u002Fp>\n\u003Cp>🥪 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsponsors\u002Fwebguyio\" rel=\"nofollow ugc\">Buy Me a Sandwich\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Development for Stop Spammers has slowed down; I recommend switching to \u003Ca href=\"https:\u002F\u002Fdamspam.com\u002F\" rel=\"nofollow ugc\">Dam Spam\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>🧐 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\u002F8\" rel=\"nofollow ugc\">Why, What Happened?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>However, rest-assured that if you can’t migrate to Dam Spam, I’ll still continue making sure that Stop Spammers is safe, stable, and supported.\u003C\u002Fp>\n\u003Cp>🛟 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fdam-spam\u002Fissues\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n","A simplified, restored, and preserved version of the original Stop Spammers plugin.",30000,2585698,88,243,"2026-02-24T20:20:00.000Z","3.0",[20,204,24,205,126],"no-spam","spam","https:\u002F\u002Fdamspam.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-spammer-registrations-plugin.zip",89,8,"2026-01-27 00:00:00",{"attackSurface":212,"codeSignals":324,"taintFlows":402,"riskAssessment":511,"analyzedAt":526},{"hooks":213,"ajaxHandlers":297,"restRoutes":320,"shortcodes":321,"cronEvents":322,"entryPointCount":119,"unprotectedCount":323},[214,219,223,227,229,230,232,233,237,239,240,244,248,252,253,255,259,263,268,273,278,280,283,285,288,292,295],{"type":215,"name":216,"callback":217,"file":218,"line":209},"action","admin_menu","WPLFLA_options_page","admin\\countries.php",{"type":215,"name":220,"callback":221,"file":218,"line":222},"admin_enqueue_scripts","my_enqueue",9,{"type":215,"name":224,"callback":225,"file":226,"line":209},"wp_dashboard_setup","dashboard_widgets","admin\\dashboard_widget.php",{"type":215,"name":216,"callback":217,"file":228,"line":209},"admin\\log.php",{"type":215,"name":220,"callback":221,"file":228,"line":222},{"type":215,"name":216,"callback":217,"file":231,"line":14},"admin\\logblockip.php",{"type":215,"name":220,"callback":221,"file":231,"line":209},{"type":215,"name":234,"callback":235,"file":236,"line":14},"admin_footer","my_style","admin\\menu.php",{"type":215,"name":216,"callback":217,"file":238,"line":209},"admin\\range_ip.php",{"type":215,"name":220,"callback":221,"file":238,"line":222},{"type":215,"name":241,"callback":242,"file":243,"line":209},"admin_init","WPLFLA_settings_init","admin\\setting.php",{"type":215,"name":245,"callback":246,"file":243,"line":247},"admin_print_styles","WPLFLA_hkdc_admin_stylespro",285,{"type":215,"name":249,"callback":250,"file":251,"line":209},"add_meta_boxes_login-attempts_page_WPLFLASTATISTICS","wptuts_add_my_meta_box","admin\\statistics.php",{"type":215,"name":216,"callback":217,"file":251,"line":119},{"type":215,"name":220,"callback":221,"file":251,"line":254},11,{"type":215,"name":241,"callback":256,"file":257,"line":258},"WPLFLA_check_some_other_plugin","failed.php",24,{"type":215,"name":260,"callback":261,"file":257,"line":262},"init","WPLFLA_load_textdomain_pro",31,{"type":264,"name":265,"callback":266,"priority":119,"file":257,"line":267},"filter","plugin_row_meta","WPLFLA_row_meta_pro",198,{"type":215,"name":269,"callback":270,"priority":63,"file":271,"line":272},"wp_login_failed","registration_failed","login.php",23,{"type":215,"name":274,"callback":275,"priority":276,"file":271,"line":277},"login_init","remove_COOKIE_login_failed",30,25,{"type":215,"name":274,"callback":274,"priority":63,"file":271,"line":279},27,{"type":215,"name":260,"callback":281,"priority":121,"file":271,"line":282},"add_login_field_validate",29,{"type":215,"name":260,"callback":284,"priority":121,"file":271,"line":276},"if_block_send_mail",{"type":215,"name":286,"callback":286,"priority":121,"file":271,"line":287},"login_footer",231,{"type":215,"name":289,"callback":290,"priority":121,"file":271,"line":291},"login_message","add_login_field_too_many",232,{"type":215,"name":289,"callback":293,"priority":121,"file":271,"line":294},"add_login_field",459,{"type":215,"name":260,"callback":281,"priority":121,"file":271,"line":296},508,[298,302,304,307,308,310,311,314,316,319],{"action":299,"nopriv":300,"callback":301,"hasNonce":300,"hasCapCheck":300,"file":218,"line":119},"WPLFLA_countries",false,"my_ajax_get_countries_data",{"action":299,"nopriv":303,"callback":301,"hasNonce":300,"hasCapCheck":300,"file":218,"line":254},true,{"action":305,"nopriv":300,"callback":306,"hasNonce":300,"hasCapCheck":303,"file":228,"line":119},"WPLFLA_get_log_data","my_ajax_get_log_data",{"action":305,"nopriv":303,"callback":306,"hasNonce":300,"hasCapCheck":303,"file":228,"line":254},{"action":309,"nopriv":300,"callback":306,"hasNonce":300,"hasCapCheck":303,"file":231,"line":222},"WPLFLA_get_log_block_ip_data",{"action":309,"nopriv":303,"callback":306,"hasNonce":300,"hasCapCheck":303,"file":231,"line":119},{"action":312,"nopriv":303,"callback":313,"hasNonce":300,"hasCapCheck":303,"file":231,"line":254},"WPLFLA_delete_log_block_ip_data","delete_log_block_ip_data",{"action":312,"nopriv":300,"callback":313,"hasNonce":300,"hasCapCheck":303,"file":231,"line":315},12,{"action":317,"nopriv":300,"callback":318,"hasNonce":300,"hasCapCheck":300,"file":238,"line":119},"WPLFLA_range_ip","my_ajax_get_range_ip_data",{"action":317,"nopriv":303,"callback":318,"hasNonce":300,"hasCapCheck":300,"file":238,"line":254},[],[],[],4,{"dangerousFunctions":325,"sqlUsage":326,"outputEscaping":368,"fileOperations":29,"externalRequests":187,"nonceChecks":29,"capabilityChecks":323,"bundledLibraries":395},[],{"prepared":258,"raw":327,"locations":328},18,[329,332,334,336,339,341,343,346,347,349,351,353,355,357,359,361,363,366],{"file":226,"line":330,"context":331},76,"$wpdb->get_results() with variable interpolation",{"file":226,"line":333,"context":331},137,{"file":226,"line":335,"context":331},181,{"file":228,"line":337,"context":338},52,"$wpdb->get_var() with variable interpolation",{"file":228,"line":340,"context":338},55,{"file":228,"line":342,"context":331},58,{"file":228,"line":344,"context":345},120,"$wpdb->query() with variable interpolation",{"file":231,"line":277,"context":345},{"file":231,"line":348,"context":338},71,{"file":231,"line":350,"context":338},74,{"file":231,"line":352,"context":331},77,{"file":231,"line":354,"context":345},131,{"file":238,"line":356,"context":338},53,{"file":257,"line":358,"context":331},101,{"file":257,"line":360,"context":345},104,{"file":271,"line":362,"context":338},222,{"file":271,"line":364,"context":365},278,"$wpdb->get_row() with variable interpolation",{"file":271,"line":367,"context":338},303,{"escaped":344,"rawEcho":369,"locations":370},14,[371,374,376,377,379,381,383,384,386,387,389,390,392,393],{"file":226,"line":372,"context":373},106,"raw output",{"file":226,"line":375,"context":373},209,{"file":228,"line":121,"context":373},{"file":231,"line":378,"context":373},33,{"file":231,"line":380,"context":373},113,{"file":236,"line":382,"context":373},15,{"file":236,"line":382,"context":373},{"file":236,"line":385,"context":373},17,{"file":236,"line":385,"context":373},{"file":236,"line":388,"context":373},19,{"file":236,"line":388,"context":373},{"file":236,"line":391,"context":373},21,{"file":236,"line":391,"context":373},{"file":238,"line":394,"context":373},96,[396,399],{"name":397,"version":38,"knownCves":398},"DataTables",[],{"name":400,"version":38,"knownCves":401},"Select2",[],[403,427,438,450,461,478,488,501],{"entryPoint":404,"graph":405,"unsanitizedCount":29,"severity":426},"my_ajax_get_log_data (admin\\log.php:26)",{"nodes":406,"edges":423},[407,412,417,419],{"id":408,"type":409,"label":410,"file":228,"line":411},"n0","source","$_POST",41,{"id":413,"type":414,"label":415,"file":228,"line":340,"wp_function":416},"n1","sink","get_var() [SQLi]","get_var",{"id":418,"type":409,"label":410,"file":228,"line":411},"n2",{"id":420,"type":414,"label":421,"file":228,"line":342,"wp_function":422},"n3","get_results() [SQLi]","get_results",[424,425],{"from":408,"to":413,"sanitized":303},{"from":418,"to":420,"sanitized":303},"low",{"entryPoint":428,"graph":429,"unsanitizedCount":29,"severity":426},"\u003Clog> (admin\\log.php:0)",{"nodes":430,"edges":435},[431,432,433,434],{"id":408,"type":409,"label":410,"file":228,"line":411},{"id":413,"type":414,"label":415,"file":228,"line":340,"wp_function":416},{"id":418,"type":409,"label":410,"file":228,"line":411},{"id":420,"type":414,"label":421,"file":228,"line":342,"wp_function":422},[436,437],{"from":408,"to":413,"sanitized":303},{"from":418,"to":420,"sanitized":303},{"entryPoint":439,"graph":440,"unsanitizedCount":29,"severity":426},"my_ajax_get_log_data (admin\\logblockip.php:45)",{"nodes":441,"edges":447},[442,444,445,446],{"id":408,"type":409,"label":410,"file":231,"line":443},61,{"id":413,"type":414,"label":415,"file":231,"line":350,"wp_function":416},{"id":418,"type":409,"label":410,"file":231,"line":443},{"id":420,"type":414,"label":421,"file":231,"line":352,"wp_function":422},[448,449],{"from":408,"to":413,"sanitized":303},{"from":418,"to":420,"sanitized":303},{"entryPoint":451,"graph":452,"unsanitizedCount":29,"severity":426},"\u003Clogblockip> (admin\\logblockip.php:0)",{"nodes":453,"edges":458},[454,455,456,457],{"id":408,"type":409,"label":410,"file":231,"line":443},{"id":413,"type":414,"label":415,"file":231,"line":350,"wp_function":416},{"id":418,"type":409,"label":410,"file":231,"line":443},{"id":420,"type":414,"label":421,"file":231,"line":352,"wp_function":422},[459,460],{"from":408,"to":413,"sanitized":303},{"from":418,"to":420,"sanitized":303},{"entryPoint":462,"graph":463,"unsanitizedCount":63,"severity":40},"WPLFLA_range_ip (admin\\range_ip.php:198)",{"nodes":464,"edges":475},[465,468,471],{"id":408,"type":409,"label":466,"file":238,"line":467},"$_GET['id']",201,{"id":413,"type":469,"label":470,"file":238,"line":467},"transform","→ delete()",{"id":418,"type":414,"label":472,"file":238,"line":473,"wp_function":474},"query() [SQLi]",122,"query",[476,477],{"from":408,"to":413,"sanitized":300},{"from":413,"to":418,"sanitized":300},{"entryPoint":479,"graph":480,"unsanitizedCount":63,"severity":40},"\u003Crange_ip> (admin\\range_ip.php:0)",{"nodes":481,"edges":485},[482,483,484],{"id":408,"type":409,"label":466,"file":238,"line":467},{"id":413,"type":469,"label":470,"file":238,"line":467},{"id":418,"type":414,"label":472,"file":238,"line":473,"wp_function":474},[486,487],{"from":408,"to":413,"sanitized":300},{"from":413,"to":418,"sanitized":300},{"entryPoint":489,"graph":490,"unsanitizedCount":63,"severity":40},"remove_COOKIE_login_failed (login.php:70)",{"nodes":491,"edges":498},[492,494,496],{"id":408,"type":409,"label":493,"file":271,"line":350},"$_GET",{"id":413,"type":469,"label":495,"file":271,"line":350},"→ delete_block_ip_req()",{"id":418,"type":414,"label":472,"file":271,"line":497,"wp_function":474},62,[499,500],{"from":408,"to":413,"sanitized":300},{"from":413,"to":418,"sanitized":300},{"entryPoint":502,"graph":503,"unsanitizedCount":63,"severity":40},"\u003Clogin> (login.php:0)",{"nodes":504,"edges":508},[505,506,507],{"id":408,"type":409,"label":493,"file":271,"line":350},{"id":413,"type":469,"label":495,"file":271,"line":350},{"id":418,"type":414,"label":472,"file":271,"line":497,"wp_function":474},[509,510],{"from":408,"to":413,"sanitized":300},{"from":413,"to":418,"sanitized":300},{"summary":512,"deductions":513},"The wp-limit-failed-login-attempts plugin, version 5.6, exhibits a mixed security posture. While it shows good practices in its use of prepared statements for SQL queries (57%) and proper output escaping (90%), several critical areas raise concern. The presence of 10 AJAX handlers, with a significant portion (4) lacking authentication checks, creates a substantial attack surface that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could lead to unintended consequences if not properly handled. The plugin's vulnerability history, with 5 known CVEs including 1 critical and 3 high-severity, suggests a recurring pattern of security weaknesses, particularly around authorization, SQL injection, and the use of less trusted sources. The most recent vulnerability in late 2024 further reinforces the need for vigilance. While strengths are present, the combination of unprotected entry points and a history of significant vulnerabilities points to a moderate to high-risk profile that requires careful attention and prompt patching.",[514,516,518,520,522,524],{"reason":515,"points":119},"Unprotected AJAX handlers",{"reason":517,"points":315},"High severity taint flows with unsanitized paths",{"reason":519,"points":382},"5 total known CVEs (1 critical, 3 high)",{"reason":521,"points":119},"Missing nonce checks on AJAX handlers",{"reason":523,"points":28},"SQL queries not using prepared statements (43%)",{"reason":525,"points":187},"Bundled libraries (DataTables, Select2)","2026-03-16T20:29:25.206Z",{"wat":528,"direct":545},{"assetPaths":529,"generatorPatterns":536,"scriptPaths":537,"versionParams":538},[530,531,532,533,534,535],"\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fchart.js","\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fcommon.js","\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Flogin.js","\u002Fwp-content\u002Fplugins\u002Fwp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fstatistics.js",[],[531,532,533,534,535],[539,540,541,542,543,544],"wp-limit-failed-login-attempts\u002Fassets\u002Fcss\u002Fstyle.css?ver=","wp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fchart.js?ver=","wp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fcommon.js?ver=","wp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fdashboard.js?ver=","wp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Flogin.js?ver=","wp-limit-failed-login-attempts\u002Fassets\u002Fjs\u002Fstatistics.js?ver=",{"cssClasses":546,"htmlComments":549,"htmlAttributes":560,"restEndpoints":564,"jsGlobals":565,"shortcodeOutput":571},[547,548],"WPLFLA_countries_PRO","pluginrows-rate-stars",[550,551,552,553,554,555,556,557,558,559],"\u003C!-- Plugin Name: Limit Login Attempts (Spam Protection) -->","\u003C!-- Description: Limit the number of retry attempts when logging in per IP. Fully customizable and easy to use. -->","\u003C!-- Version: 5.6 -->","\u003C!-- Author: wp-buy -->","\u003C!-- Text Domain: codepressFailed_pro -->","\u003C!-- Domain Path: \u002Flanguages\u002F -->","\u003C!-- Author URI: https:\u002F\u002Fwww.wp-buy.com -->","\u003C!-- License: GPL2 -->","\u003C!-- Set icon for thumbsup. -->","\u003C!-- Set icon for 5-star reviews. v1.1.22 -->",[561,562,563],"data-role=\"login-attempt-form\"","data-login-attempt-ajax=\"true\"","data-security-token=\"[token]\"",[],[217,261,256,566,567,568,569,570,266,547],"WPLFLA_install_pro","WPLFLA_create_table_pro","WPLFLA_create_table_range_ip_pro","WPLFLA_create_table_block_countries_pro","WPLFLA_filter_action_links",[]]