[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjvmljSvgkfzXmSdTUQHfGjcJgf2K6TwQHQypjLWmo4E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":144,"fingerprints":228},"wp-scheduled-read-only","WP Scheduled Read-Only","1.3.2","Bastien Ho","https:\u002F\u002Fprofiles.wordpress.org\u002Fbastho\u002F","\u003Cp>Schedule readonly mode for WordPress on a multisite network, this is useful when you need that nobody change content on a blog or on the whole network.\u003C\u002Fp>\n\u003Cp>Read only mode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disallows access to the admin panel for non-admin users\u003C\u002Fli>\n\u003Cli>Temporary deactivate comments on front\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>fr_FR : 100%\u003C\u002Fli>\n\u003Cli>en    : 100%\u003C\u002Fli>\n\u003C\u002Ful>\n","Schedule readonly mode for your WordPress site",10,1717,0,"2021-12-22T14:10:00.000Z","5.8.13","3.8","",[19,20,21,22,23],"block","comments","disallow","multisite","readonly","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scheduled-read-only.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"bastho",12,2150,88,15,86,"2026-04-04T09:20:40.482Z",[38,60,80,101,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":35,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":16,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"blacklist-updater","Block List Updater","1.0.2","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Few users are familiar with the comment block list built into WordPress. Located in the WordPress admin area under “Settings”—“Discussion”, that block list for incoming comments accepts values (words) to identify spam by.\u003C\u002Fp>\n\u003Cp>Additionally to plugins like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantispam-bee\u002F\" rel=\"ugc\">Antispam Bee\u003C\u002Fa> in order to fight spam successfully a curated comment block list is recommendable. You can either update the list manually, or utilize a very detailed global \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">comment block list\u003C\u002Fa> that gets updated on a regular basis.\u003C\u002Fp>\n\u003Cp>Block List Updater has been developed to keep your comment block list in your WordPress installation up to speed with the curated global list on GitHub.\u003C\u002Fp>\n\u003Cp>The plugin will check the global comment block list on GitHub multiple times a day. Whenever new anti-spam values have been added to the global list, Block List Updater will read the global list and update your WordPress database accordingly. While the check-up process will run several times a day, the plugin will only update the database when it detects an actual change of the global comment block list on GitHub.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fblacklist-updater\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblacklist-updater\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\u002F\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatic updating of the comment block list in WordPress with antispam keys from GitHub.",4000,31272,4,"2026-03-14T09:16:00.000Z","6.9.4","5.2",[53,54,55,20,56],"antispam","blacklist","blocklist","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblacklist-updater\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-updater.1.0.2.zip",100,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":59,"num_ratings":70,"last_updated":71,"tested_up_to":15,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wps-html-blocks","WPS HTML Blocks","0.1.2","VicToMeyeZR","https:\u002F\u002Fprofiles.wordpress.org\u002Fvictomeyezr\u002F","\u003Cp>WPS HTML Blocks, adds custom html blocks to WordPress. The custom blocks have shortcode to give you the ability to add these HTML blocks to anywhere on the wordpress site. It has been tested against most themes. Elementor and WP Bakery both are compatible.\u003C\u002Fp>\n","This plugin adds a custom HTML post type, with shortcode to place anywhere on your site.",1000,7099,3,"2022-10-12T22:46:00.000Z","5.0","5.2.4",[20,75,76,77],"custom-blocks","custom-shortcode","html-blocks","http:\u002F\u002Fwpsuites.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-html-blocks.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":59,"num_ratings":48,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":100,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"block-comment-spam-bots","Block Comment Spam Bots","2.62","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!\u003C\u002Fp>\n\u003Cp>As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.\u003C\u002Fp>\n\u003Cp>On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.\u003C\u002Fp>\n\u003Cp>Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.\u003C\u002Fp>\n\u003Cp>All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.\u003C\u002Fp>\n\u003Cp>We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.\u003C\u002Fp>\n\u003Cp>** Geeky Stuff **\u003Cbr \u002F>\n…in case you are interested in how it works…\u003C\u002Fp>\n\u003Cp>tl;dr – \u003Cstrong>This provides a total and easy solution to comment spam from spam bots.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL\u002FWGET commands.\u003C\u002Fp>\n\u003Cp>Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!\u003C\u002Fp>\n\u003Cp>The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.\u003C\u002Fp>\n\u003Cp>This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post\u002Fprocessing functions.\u003C\u002Fp>\n\u003Cp>The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL\u002FWGET\u002Fetc cannot process JS code.\u003C\u002Fp>\n\u003Cp>It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.\u003C\u002Fp>\n\u003Cp>And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is the best solution to block comment spam.\u003C\u002Fstrong> We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**\u003C\u002Fp>\n\u003Cp>The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL\u002FWGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.\u003C\u002Fp>\n\u003Cp>The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.\u003C\u002Fp>\n\u003Cp>The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.\u003C\u002Fp>\n","A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t …",800,6808,"2024-04-10T22:16:00.000Z","6.5.8","4.9","5.4",[95,96,97,20,56],"automated-spam","blocking","bots","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-comment-spam-bots.zip",92,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":59,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":121,"download_link":122,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p …",600,16563,1,"2023-03-29T08:59:00.000Z","6.2.9","5.8","7.0",[117,118,119,120,102],"block-spam-comments","captcha","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":59,"num_ratings":31,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":141,"download_link":142,"security_score":25,"vuln_count":111,"unpatched_count":13,"last_vuln_date":143,"fetched_at":27},"vigilantor","VigilanTor","1.3.12","drew010","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrew010\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002F\" title=\"Tor\" rel=\"nofollow ugc\">Tor\u003C\u002Fa> is an invaluable tool for protecting free-speech, privacy, and preventing surveillance but when abused it can protect the identity of malicious users and make tracking their activities more difficult.  “Hackers” might use Tor to run security scans on your website or spam websites with comments and fake registrations.\u003C\u002Fp>\n\u003Cp>The purpose of this plugin is to give you the power to block certain Tor activity from your WordPress site.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Tor users from registering on your site\u003C\u002Fli>\n\u003Cli>Allow Tor registrations, but flag them for review\u003C\u002Fli>\n\u003Cli>Block logins from Tor (useful for preventing brute force attacks and securing your admin panel)\u003C\u002Fli>\n\u003Cli>Block Tor users from posting comments to your site\u003C\u002Fli>\n\u003Cli>Block spammy pingbacks & trackbacks from Tor IP addresses\u003C\u002Fli>\n\u003Cli>Block Tor users from your entire WordPress site\u003C\u002Fli>\n\u003Cli>Permit access after solving a CAPTCHA (requires hCaptcha for WordPress plugin)\u003C\u002Fli>\n\u003Cli>Real-time blocking using the Tor DNS exit list service\u003C\u002Fli>\n\u003Cli>Near real time blocking using a cached blocklist which can be updated every 10 minutes or more\u003C\u002Fli>\n\u003Cli>Custom blocklist support.  Block IP addresses or host networks.\u003C\u002Fli>\n\u003Cli>Statistics to show how many Tor actions have been blocked by this plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is compatible with BuddyPress, the popular Login With Ajax plugin, and hCaptcha.\u003C\u002Fp>\n\u003Cp>If there is a feature missing that you would like, request it!\u003C\u002Fp>\n\u003Cp>If you opt to use the real-time blocking, each IP address looked up is cached for 5 minutes for efficiency.\u003C\u002Fp>\n\u003Cp>The Tor IP lists that are downloaded only contain “exit node” IP addresses so it is relatively small and the list is searched using a binary search so the plugin is very fast!\u003C\u002Fp>\n\u003Cp>This plugin also adds two shortcodes which can be used to display specific content to Tor or non-Tor users. Shortcode usage:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tor_users]Hi, I see you're using Tor.  I support privacy and free-speech too! Visitors not using Tor will not see this message.[\u002Ftor_users]\n[non_tor_users]Defend yourself against tracking and surveillance. Circumvent censorship. Visit torproject.org to learn more. Visitors already using Tor will not see this message.[\u002Fnon_tor_users]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Support Tor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tor is a great thing.  If you agree, consider \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fgetinvolved\u002Fvolunteer.html.en\" rel=\"nofollow ugc\">volunteering\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.torproject.org\u002Fdonate\u002Fdonate.html.en\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the Tor project, or expand the Tor network by \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be maintained by the plugin author.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The author of this plugin values Tor as well as the security of your website.  Considerable effort went into the development of this plugin as well as the code and infrastructure that provides you with the up-to-date exit lists.\u003C\u002Fp>\n\u003Cp>You can support this plugin by installing it, rating it positively, \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Fdonate\u002F\" title=\"Donating\" rel=\"nofollow ugc\">donating\u003C\u002Fa> to the author, or \u003Ca href=\"https:\u002F\u002Fdrew-phillips.com\u002Ftor-nodes\u002F\" rel=\"nofollow ugc\">sponsoring a Tor relay\u003C\u002Fa> which will be operated by the plugin developer in your honor.\u003C\u002Fp>\n","Add a layer of security to your WordPress site with the ability to block Tor users from commenting, registering, logging in and more.",400,11934,"2023-10-19T19:59:00.000Z","6.3.8","4.0","5.6",[20,138,56,139,140],"proxy","tor","tor-blocker","https:\u002F\u002Fdrew-phillips.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvigilantor.1.3.12.zip","2023-03-21 00:00:00",{"attackSurface":145,"codeSignals":176,"taintFlows":194,"riskAssessment":221,"analyzedAt":227},{"hooks":146,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":13,"unprotectedCount":13},[147,152,156,160,163,167],{"type":148,"name":149,"callback":149,"file":150,"line":151},"action","admin_init","readonly.php",32,{"type":148,"name":153,"callback":154,"file":150,"line":155},"admin_post_wp_scheduled_readonly","save_conf",34,{"type":157,"name":158,"callback":158,"priority":59,"file":150,"line":159},"filter","comments_template",36,{"type":148,"name":161,"callback":161,"file":150,"line":162},"wp_head",37,{"type":148,"name":164,"callback":165,"file":150,"line":166},"wp_loaded","filters",38,{"type":157,"name":168,"callback":169,"priority":170,"file":150,"line":171},"comments_open","comment_status",20,133,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":13,"externalRequests":13,"nonceChecks":111,"capabilityChecks":111,"bundledLibraries":193},[],{"prepared":13,"raw":13,"locations":179},[],{"escaped":13,"rawEcho":181,"locations":182},5,[183,186,188,190,192],{"file":150,"line":184,"context":185},166,"raw output",{"file":150,"line":187,"context":185},182,{"file":150,"line":189,"context":185},189,{"file":150,"line":191,"context":185},209,{"file":150,"line":191,"context":185},[],[195,213],{"entryPoint":196,"graph":197,"unsanitizedCount":13,"severity":212},"save_conf (readonly.php:138)",{"nodes":198,"edges":209},[199,204],{"id":200,"type":201,"label":202,"file":150,"line":203},"n0","source","$_REQUEST['eelv_readonly']",144,{"id":205,"type":206,"label":207,"file":150,"line":203,"wp_function":208},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[210],{"from":200,"to":205,"sanitized":211},true,"low",{"entryPoint":214,"graph":215,"unsanitizedCount":13,"severity":212},"\u003Creadonly> (readonly.php:0)",{"nodes":216,"edges":219},[217,218],{"id":200,"type":201,"label":202,"file":150,"line":203},{"id":205,"type":206,"label":207,"file":150,"line":203,"wp_function":208},[220],{"from":200,"to":205,"sanitized":211},{"summary":222,"deductions":223},"The \"wp-scheduled-read-only\" plugin, version 1.3.2, exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface points, such as unprotected AJAX handlers, REST API routes, or shortcodes, is a significant positive indicator. Furthermore, the code signals reveal a clean bill of health regarding dangerous functions, file operations, and external HTTP requests.  The use of prepared statements for all SQL queries is commendable, and the presence of nonce and capability checks, even if limited, demonstrates an awareness of basic WordPress security principles.\n\nDespite the positive indicators, a notable concern arises from the output escaping. With 100% of outputs not being properly escaped, this presents a potential risk for cross-site scripting (XSS) vulnerabilities. Although the taint analysis did not reveal any unsanitized paths or critical\u002Fhigh severity flows, the lack of output escaping means that if any user-supplied data were to be processed and displayed without proper sanitization, an XSS attack would be possible. The plugin's vulnerability history being completely clear is reassuring, suggesting a history of secure development or prompt patching. However, the current lack of output escaping needs immediate attention to mitigate potential XSS risks.\n\nIn conclusion, \"wp-scheduled-read-only\" v1.3.2 is generally secure with a minimal attack surface and robust handling of database queries and authentication. The primary weakness lies in the complete absence of output escaping, which opens the door to XSS vulnerabilities. Addressing this specific issue would significantly enhance the plugin's overall security.  The clean vulnerability history is a good sign, but it should not overshadow the identified code weaknesses.",[224],{"reason":225,"points":226},"0% of outputs properly escaped",8,"2026-03-17T01:14:46.590Z",{"wat":229,"direct":235},{"assetPaths":230,"generatorPatterns":232,"scriptPaths":233,"versionParams":234},[231],"\u002Fwp-content\u002Fplugins\u002Fwp-scheduled-read-only\u002Freadonly.php",[],[],[],{"cssClasses":236,"htmlComments":237,"htmlAttributes":238,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":245},[],[],[239,240,241,242],"name=\"eelv_readonly[active]\"","name=\"eelv_readonly[from]\"","name=\"eelv_readonly[to]\"","name=\"eelv_readonly[who][]\"",[],[],[]]