[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_T4PNSBgLsEWglc5UGTjz8KeCuRF34rfofbPrPPnTao":3,"$fthQd8tN7dq5PkQaYjk-4cPzvk0pqWCBup8yYXsAyQ28":221,"$fl8wItfmYlw8gcMb6ywTIvaHnUC9W4XzJbVrZfAROtck":226},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":146,"fingerprints":193},"wp-rest-api-security","WP REST API Security","1.1.2","invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F","\u003Cp>The REST API is essential for any modern web framework, but with it comes a huge attack surface. \u003Cem>WP REST API Security\u003C\u002Fem> reduces the attack surface by disabling all the REST API endpoints by default, allowing you to enable only those actually needed. Those that are enabled require authentication by default, allowing you to choose which to make public.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>N.B.\u003C\u002Fstrong> If you are using the new Block Editor you must keep nearly all the endpoints enabled for it to work, but none need be public.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Provides a UI to control which REST API endpoints are enabled and which require authentication.",10,1190,80,1,"2019-08-12T13:44:00.000Z","5.1.22","4.9","7.0",[20,21,22],"api","rest","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-security.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},8,75560,88,1793,71,"2026-05-19T23:28:06.197Z",[39,64,86,106,127],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":23,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":26,"last_vuln_date":63,"fetched_at":28},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7412197,84,420,"2026-03-08T15:53:00.000Z","6.9.4","5.8.0","5.6.0",[56,57,58,22,59],"access-governance","api-security","restricted-content","user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":83,"download_link":84,"security_score":85,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"smntcs-disable-rest-api-user-endpoints","SMNTCS Disable REST API User Endpoints","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>. This plugin disables the REST API user endpoints to obscure the user slugs.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Contributions are more than welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and open an issue or a pull request.\u003C\u002Fp>\n","Disable the REST API user endpoints due to obscure user slugs.",6000,29425,100,2,"2024-12-31T06:23:00.000Z","6.7.5","5.5","5.6",[81,82,22],"endpoints","rest-api","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-disable-rest-api-user-endpoints.2.4.zip",92,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":74,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"rest-xmlrpc-data-checker","REST XML-RPC Data Checker","1.4.0","Enrico Sorcinelli","https:\u002F\u002Fprofiles.wordpress.org\u002Fenricosorcinelli\u002F","\u003Cp>JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.\u003C\u002Fp>\n\u003Cp>If you don’t have external applications that need to communicate with your WordPress instance using JSON REST API or XML-RPC API you should disable access to them for external requests.\u003C\u002Fp>\n\u003Cp>In the standard WordPress installation JSON REST API and XML-RPC API are enabled by default.\u003Cbr \u002F>\nIn particular the REST API is turned on also for unlogged users. This means that your WordPress instance is potentially leaking data, for example anyone could be able to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>copy easily your published contents natively with the REST API (and not with a web crawler);\u003C\u002Fli>\n\u003Cli>get the list of all users (with their ID, nickname and name);\u003C\u002Fli>\n\u003Cli>retrieve other information that you didn’t want to be public (such as an unlisted published page or a saved media not yet used).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Even if you could do the stuff by writing your own code using native filters, this plugin aims to help you to control JSON REST API and XML-RPC API accesses from the administration panel or programmatically by a simple API filter.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Disable REST API\u003C\u002Fstrong> interface for unlogged users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable JSONP support\u003C\u002Fstrong> on REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Basic Authentication\u003C\u002Fstrong> to REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> REST \u003Ccode>\u003Clink>\u003C\u002Fcode> tags, REST \u003Ccode>Link\u003C\u002Fcode> HTTP header and REST Really Simple Discovery (RSD) informations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup trusted users, IP\u002FNetworks and endpoints\u003C\u002Fstrong> for unlogged users REST requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change REST endpoint prefix\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable XML-RPC API\u003C\u002Fstrong> interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> \u003Ccode>\u003Clink>\u003C\u002Fcode> to the Really Simple Discovery (RDS) informations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> \u003Ccode>X-Pingback\u003C\u002Fcode> HTTP header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup trusted users, IP\u002FNetworks and methods\u003C\u002Fstrong> for XML-RPC requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show user’s access informations\u003C\u002Fstrong> in users list administration screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once the plugin is installed you can control settings in the following ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using the \u003Cem>Settings->REST XML-RPC Data Checker\u003C\u002Fem> administration screen.\u003C\u002Fli>\n\u003Cli>Programmatically, by using \u003Ccode>rest_xmlrpc_data_checker_settings\u003C\u002Fcode> filter (see below).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API\u003C\u002Fh3>\n\u003Ch4>Hooks\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_settings\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filters plugin settings values.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_admin_settings\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter allowing to display or not the plugin settings page in the administration.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_rest_error\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter JSON REST authentication error after plugin checks.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>xmlrpc_before_insert_post\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )\n\u003C\u002Fcode>\u003C\u002Fpre>\n","REST XML-RPC Data Checker allow to check JSON REST and XML-RPC API requests and grant access permissions.",1000,11086,3,"2022-08-04T06:44:00.000Z","6.0.11","4.4","5.2.4",[20,102,21,22,103],"json","xmlrpc","https:\u002F\u002Fgithub.com\u002Fenrico-sorcinelli\u002Frest-xmlrpc-data-checker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-xmlrpc-data-checker.1.4.0.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":75,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":79,"tags":120,"homepage":125,"download_link":126,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wpcontrol","WPControl – The Easiest Optimization Plugin for WordPress","1.0.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WPControl is the ultimate way to clean up your WordPress site.\u003C\u002Fp>\n\u003Cp>With over 20 built-in optimizations, WPControl allows you to easily enable and disable WordPress Core features, letting you remove those features that you don’t use from the dashboard you and your users see.\u003C\u002Fp>\n\u003Cp>Simply put, WPControl is the ultimate plugin that you need to control your website. With our single plugin, you can remove the need to have plugins for things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling emails\u003C\u002Fli>\n\u003Cli>Disabling comments\u003C\u002Fli>\n\u003Cli>Disabling the WordPress REST API\u003C\u002Fli>\n\u003Cli>and so much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All in a single, easy to use plugin that helps boost both the performance and security of your WordPress install.\u003C\u002Fp>\n\u003Cp>WPControl is designed for simplicity first, made by the same \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa> that makes your favorite WordPress tutorials.\u003C\u002Fp>\n\u003Cp>Our plugin is used by the plugin authors behind many of your favorite WordPress plugins including \u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> , \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa>  and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple, yet powerful. I love that I can easily disable all of the features of WordPress I’m not using in a single plugin. It makes new site setup a breeze!\u003Cbr \u002F>\n  \u003Cbr \u002F>\n  Chris Christoff\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>At WPControl, we found that there are many unused features of WordPress that make it a hassle sometimes or we just don’t need. There are tons of plugins already out there that will disable a specific feature. But taking the time and energy to optimize all of them was too much. We made just one plugin that has the features of many so you can have a one stop shop for disabling unused features of WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other methods of disabling features, WPControl allows you to disable many features with just a few clicks (no need to hire a developer).\u003C\u002Fp>\n\u003Ch4>Settings Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Comments\u003C\u002Fstrong> – You can disable comments site wide or on specific post types such as posts, pages, and media.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gutenberg\u003C\u002Fstrong> – Disables the Gutenberg block editor and reverts it the Classic Editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable “Try Gutenberg” Nag\u003C\u002Fstrong> – Removes the annoying admin notice that keeps nagging you to try Gutenberg\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Shortlinks\u003C\u002Fstrong> – The tag is auto generated by WordPress and is used to create shortlinks. If you are already using pretty permalinks, such as the PrettyLinks plugin. Then there is no need for this unnecessary tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable RSD Link\u003C\u002Fstrong> – RSD Links are used by blog clients and some 3rd parties that utilize XML-RPC requests. If you edit your site through your browser, then you do not need it. Most of the time, it is just unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove XFN Profile Link\u003C\u002Fstrong> – The XFN Profile Link is used to add semantic data to links to be used by browsers to assign relationships between profiles. Basically it tells browsers that the site contains links that use XFN Specification\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable wlwmanifest Link\u003C\u002Fstrong> – The wlwmanifest link is used by Windows Live Writer. If you don’t use Windows Live Writer then disable the link as it is unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Links to Previous and Next Post\u003C\u002Fstrong> – If your site is not a blog and is used as a CMS, then this feature will remove the previous and next post links in your WordPress theme.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable XML-RPC Pingback\u003C\u002Fstrong> – Removes XML-RPC method to prevent abuse of site’s pingback while you can use the rest of the XML-RPC Pingback method.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Blocks users WordPress from getting user Gravatar from their email to add privacy for the users or prevent inappropriate avatars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Rest API\u003C\u002Fstrong> – Disables the REST-API to prevent abuse of Rest\u002FJSON API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login Errors\u003C\u002Fstrong> – An attacker can find the authors login using a similar request as mysite.com\u002F?author=1.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove HTML comments\u003C\u002Fstrong> – Removes HTML comments in source code to add a layer of defense from attackers trying to find the version of plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove Meta Generator\u003C\u002Fstrong> – This meta tag allows attackers to see the version of WordPress, it serves no useful purpose.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Right Click\u003C\u002Fstrong> – You can disable the ability to right click on your site, or just specific things like posts, pages, media, front page, and even have the ability to show an alert to the user that right click is disabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Admin Notices\u003C\u002Fstrong> – You can disable all admin notices that appear in the admin settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable New User Emails\u003C\u002Fstrong> – Stops WordPress from sending new user notification emails to admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Search\u003C\u002Fstrong> – Disable the front-end search bar in WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Lazy Loading\u003C\u002Fstrong> – Removes the lazy loading functionality that was added in WordPress 5.3.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Admin Toolbar\u003C\u002Fstrong> – Hides the admin toolbar when the admin is on the front-end\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Dashboard Widgets\u003C\u002Fstrong> – Gives you the option to disable whichever default dashboard widgets you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After reading this feature list, you can probably imagine why WPControl is the best disable plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Give WPControl a try today!\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by Zain Balkhi of the \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa> – The original WordPress SEO plugin to help you rank higher in search results (trusted by over 2 million sites)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Most popular coming soon & maintenance mode plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F\" title=\"WP Mail SMTP\" rel=\"friend nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F\" title=\"RafflePress\" rel=\"friend nofollow ugc\">RafflePress\u003C\u002Fa> – Best WordPress giveaway and contest plugin to grow traffic and social followers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsmashballoon.com\u002F\" title=\"Smash Balloon\" rel=\"friend nofollow ugc\">Smash Balloon\u003C\u002Fa> – #1 social feeds plugin for WordPress – display social media content in WordPress without code\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpushengage.com\u002F\" title=\"PushEngage\" rel=\"friend nofollow ugc\">PushEngage\u003C\u002Fa> – Connect with visitors after they leave your website with the leading web push notification plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrustpulse.com\u002F\" title=\"TrustPulse\" rel=\"friend nofollow ugc\">TrustPulse\u003C\u002Fa> – Add real-time social proof notifications to boost your store conversions by up to 15%\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin would not be possible without the help and support of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site. You can learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">free WordPress Tutorials\u003C\u002Fa> like \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fhow-to-install-wordpress\u002F\" title=\"How to Install WordPress - Step by Step\" rel=\"friend nofollow ugc\">how to install WordPress\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" title=\"How to choose the best WordPress hosting\" rel=\"friend nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fglossary\u002F\" title=\"WordPress Glossary Terms for Beginners\" rel=\"friend nofollow ugc\">WordPress glossary\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>You can also learn about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to improve your website's security, performance, and user experience.",200,4358,90,"2022-04-18T21:12:00.000Z","5.9.13","3.8.0",[121,122,123,124,22],"disable-comments","disable-gutenberg","disable-rest-api","performance","https:\u002F\u002Fwww.wpcontrol.com\u002F?utm_source=liteplugin&utm_medium=pluginheader&utm_campaign=pluginurl&utm_content=7%2E0%2E0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcontrol.1.0.1.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":26,"num_ratings":26,"last_updated":137,"tested_up_to":52,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":144,"download_link":145,"security_score":74,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ghostgate","GhostGate","1.3.3","codegee0958","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodegee0958\u002F","\u003Cp>\u003Cstrong>GhostGate\u003C\u002Fstrong> is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it \u003Cstrong>erases the entrance\u003C\u002Fstrong> entirely with dynamic login URLs and multi-layer access verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🔒 Hide your login URL with a custom slug and time-based code\u003C\u002Fli>\n\u003Cli>🔑 Built-in 2FA via email verification\u003C\u002Fli>\n\u003Cli>🚫 Auto-block brute force attacks by IP\u003C\u002Fli>\n\u003Cli>🧱 Disable\u002Flimit unused endpoints like XML-RPC and REST API\u003C\u002Fli>\n\u003Cli>👤 Prevent user enumeration via REST, RSS, and author queries\u003C\u002Fli>\n\u003Cli>🔍 Visualize security status and detect conflicts\u003C\u002Fli>\n\u003Cli>📜 Activity logs with optional file rotation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>GhostGate doesn’t just defend — it disappears.\u003Cbr \u002F>\nInvisible to bots. Intuitive for users.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Full features \u002F screenshots \u002F pricing \u002F docs\u003C\u002Fstrong>:\u003Cbr \u002F>\nhttps:\u002F\u002Farce-experience.com\u002Fproduct\u002F\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:\u003Cbr \u002F>\n– IP addresses (for temporary throttling \u002F block lists)\u003Cbr \u002F>\n– Timestamps and event metadata (login attempts, REST\u002FXML-RPC hits)\u003Cbr \u002F>\n– Optional log files under \u003Ccode>wp-content\u002Fuploads\u002Fghostgate\u002Flogs\u003C\u002Fcode> (if enabled)\u003C\u002Fp>\n\u003Cp>No data is sent to third-party services.\u003Cbr \u002F>\nSite owners are responsible for informing users\u002Fvisitors where required by local laws. You can clear blocks\u002Flogs from the admin UI or by deleting the log files.\u003C\u002Fp>\n","Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.",20,460,"2026-01-21T00:06:00.000Z","5.8","7.4",[141,82,22,142,143],"limit-login-attempts","two-factor-authentication","xml-rpc","https:\u002F\u002Farce-experience.com\u002Fproduct\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fghostgate.1.3.3.zip",{"attackSurface":147,"codeSignals":176,"taintFlows":183,"riskAssessment":184,"analyzedAt":192},{"hooks":148,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":26,"unprotectedCount":26},[149,155,158,161,165,169],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_enqueue_scripts","anonymous","wp-rest-api-security.php",54,{"type":150,"name":156,"callback":152,"file":153,"line":157},"admin_init",70,{"type":150,"name":159,"callback":152,"file":153,"line":160},"admin_menu",108,{"type":162,"name":163,"callback":152,"priority":11,"file":153,"line":164},"filter","rest_pre_dispatch",353,{"type":150,"name":166,"callback":152,"priority":167,"file":153,"line":168},"wp_rest_api_security_endpoint_disabled",99,369,{"type":150,"name":170,"callback":152,"priority":11,"file":153,"line":171},"wp_rest_api_security_endpoint_private",385,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":182},[],{"prepared":26,"raw":26,"locations":179},[],{"escaped":26,"rawEcho":26,"locations":181},[],[],[],{"summary":185,"deductions":186},"The 'wp-rest-api-security' plugin v1.1.2 demonstrates a strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code signals indicate a clean codebase with no dangerous functions, proper use of prepared statements for all SQL queries, and 100% of outputs being properly escaped. The lack of file operations and external HTTP requests further solidifies its secure design. The taint analysis showing zero flows with unsanitized paths reinforces this positive assessment.\n\nThe plugin's vulnerability history is equally impressive, with zero known CVEs, unpatched vulnerabilities, or recorded common vulnerability types. This suggests a commitment to secure development practices and a history of maintaining a secure codebase.  However, the static analysis reports a complete absence of nonce checks and capability checks. While the current version might not have exposed entry points that necessitate these, the lack of these fundamental security mechanisms in the plugin's architecture is a potential concern. If future versions introduce new features or entry points, the absence of these checks could become a significant vulnerability.\n\nIn conclusion, 'wp-rest-api-security' v1.1.2 appears to be a secure plugin with a clean codebase and no historical vulnerabilities. Its strengths lie in its minimal attack surface and adherence to secure coding practices like prepared statements and output escaping. The primary weakness is the complete lack of nonce and capability checks, which, while not currently exploited due to the plugin's limited functionality, represents a potential risk if the plugin evolves.",[187,190],{"reason":188,"points":189},"Missing nonce checks",5,{"reason":191,"points":189},"Missing capability checks","2026-03-17T00:39:28.384Z",{"wat":194,"direct":203},{"assetPaths":195,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[196,197],"\u002Fwp-content\u002Fplugins\u002Fwp-rest-api-security\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-rest-api-security\u002Fscript.js",[],[197],[201,202],"wp-rest-api-security\u002Fstyle.css?ver=","wp-rest-api-security\u002Fscript.js?ver=",{"cssClasses":204,"htmlComments":206,"htmlAttributes":212,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":220},[4,205],"endpoint",[207,208,209,210,211],"\u003C!-- WP REST API Security -->","\u003C!-- All REST endpoints are disabled by default; \u003Cstrong>Enable\u003C\u002Fstrong> only those you need for your application. -->","\u003C!-- All enabled REST endpoints require authentication by default; make \u003Cstrong>Public\u003C\u002Fstrong> only those you need to expose. -->","\u003C!-- For more information: -->","\u003C!-- Support Forums -->",[213,214,215,216],"name=\"wp-rest-api-security[enabled][%s]\"","name=\"wp-rest-api-security[public][%s]\"","class=\"enabled %s\"","class=\"public %s\"",[],[219],"window.wp_rest_api_security",[],{"error":222,"url":223,"statusCode":224,"statusMessage":225,"message":225},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-rest-api-security\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":26,"versions":227},[]]