[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdx620XxcJVw0lPoq-iAhUd7NRLuUzsE5honYmBwlkF4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":139,"fingerprints":190},"wp-shield","WP Shield","1.6","drupalmatts","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrupalmatts\u002F","\u003Cp>This plugin will allow you to secure your development, staging and UAT environments\u003Cbr \u002F>\nwith an http authentication block that can be controlled in admin but also turned\u003Cbr \u002F>\noff via a declared variable in your config file.  It allows you to bring your Database\u003Cbr \u002F>\nback to non-production environments without having to physically turn off the plugin each time.\u003C\u002Fp>\n\u003Cp>Variable:  \u003Ccode>define('WP_SHIELD_UN', '');\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This simple line of code (recommended to add to a file ignored by your code management\u003Cbr \u002F>\nsoftware and required into your wp_config.php file) will override the enabled flag\u003Cbr \u002F>\nif the plugin’s settings.  Enable in production and add the above code.  If that\u003Cbr \u002F>\nrequire file doesn’t exist in your other environments, it will prompt users for the\u003Cbr \u002F>\nset username and password.\u003C\u002Fp>\n","This plugin will allow you to secure your development, staging and UAT environments with an http authentication block that can be controlled in admin  &hellip;",300,2309,0,"2023-12-06T01:22:00.000Z","6.4.8","4.6","7.4",[19,20,21],"development","environments","security","https:\u002F\u002Fwww.tronebrandenergy.com\u002Fplugins\u002Fshield","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shield.1.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T05:23:25.526Z",[34,58,76,92,117],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":29,"unpatched_count":13,"last_vuln_date":57,"fetched_at":26},"wp-secure-maintainance","WP Secure Maintenance","1.7","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>Want to lock your site for Maintenance or Development? Then this is the right Plugin. Using WP Secure Maintenance you can lock the whole site with a seceret PIN.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set password to protect your site for maintenance or development\u003C\u002Fli>\n\u003Cli>Set your own logo or use default logo\u003C\u002Fli>\n\u003Cli>Change placeholder text for WP Secure Maintenance login form\u003C\u002Fli>\n\u003Cli>Change Submit button label for WP Secure Maintenance’s login form\u003C\u002Fli>\n\u003Cli>Change Error text for WP Secure Maintenance’s login form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Docs & Support\u003C\u002Fh4>\n\u003Cp>Will be available soon.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you are looking for WordPress Admin Security, use our Free WP SECURE ADMIN plugin.\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-wp-admin\u002F\" rel=\"ugc\">WP SECURE ADMIN\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Interested in contributing to WP Secure Maintenance\u003C\u002Fstrong>\u003Cbr \u002F>\nHead over to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpexpertsio\u002FWP-Secure-Maintainance\" rel=\"nofollow ugc\">WP Secure Maintenance \u003Cstrong>GitHub Repository\u003C\u002Fstrong>\u003C\u002Fa> to find out how you can pitch in 😉\u003C\u002Fp>\n","Want to lock your site for Maintenance or Development? Then this is the right Plugin",1000,56320,72,5,"2024-06-20T07:15:00.000Z","6.5.8","5.2","7.0",[19,51,52,53],"maintenance","maintenance-lock","site-security","https:\u002F\u002Fwpexperts.io\u002Fproducts\u002Fwp-secure-maintenance\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-secure-maintainance.1.7.zip",91,"2024-06-21 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":68,"tags":71,"homepage":68,"download_link":73,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":75},"only-admins","Only Admins","1.0","pcoitinho","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcoitinho\u002F","\u003Cp>Only Admins is a minimal plugin that restricts your entire WordPress site to Admins.\u003C\u002Fp>\n\u003Cp>Best used as a MU-Plugin on Development and Staging sites.\u003C\u002Fp>\n","Only Admins is a minimal plugin that restricts your entire WordPress site to Admins.",10,1122,"","4.7.32","4.3",[19,21,72],"staging","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonly-admins.zip",100,"2026-03-15T10:48:56.248Z",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":66,"downloaded":84,"rating":74,"num_ratings":29,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":68,"tags":88,"homepage":68,"download_link":91,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-logger-tenbulls","WP Logger – Tenbulls","1.0.0","mrkhanakia","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrkhanakia\u002F","\u003Cp>This plugin was developed out of pain as there is no such plugin yet available for WordPress or if available none of them works this way to log every single request that’s why i built this plugin to log all the WordPress request so we can find out spammer ip and the request url and data they are submitting, thus we can prevent spamming and fix the issue.\u003C\u002Fp>\n\u003Ch4>How it works?\u003C\u002Fh4>\n\u003Cp>Simply Install the plugin and change the Plugin settings according to your needs.\u003Cbr \u002F>\nAfter you enabled the settings it will start logging all the request made to your WordPress website.\u003C\u002Fp>\n","Logs every single request made to your Wordpress website and helps you to tighten security by analyzing the requests made to your website.",1210,"2020-11-30T06:55:00.000Z","5.5.18","4.0",[19,89,90,21],"logger","logging","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-logger-tenbulls.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":49,"tags":107,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":13,"last_vuln_date":116,"fetched_at":26},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","6.9.4","4.7",[108,109,110,111,21],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":105,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":135,"download_link":136,"security_score":137,"vuln_count":29,"unpatched_count":13,"last_vuln_date":138,"fetched_at":26},"hostinger","Hostinger Tools","3.0.59","Hostinger","https:\u002F\u002Fprofiles.wordpress.org\u002Fhostinger\u002F","\u003Cp>Hostinger Tools is an all-in-one plugin designed to streamline essential tasks for WordPress site administrators. This plugin offers a range of features to help you manage your site’s information, maintenance mode, security, and redirects effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Basic Info\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the current WordPress version with automatic update checks.\u003C\u002Fli>\n\u003Cli>Shows the current PHP version with automatic update checks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Maintenance Mode\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily enable or disable maintenance mode for your site.\u003C\u002Fli>\n\u003Cli>Provide a URL to bypass maintenance mode for selected users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Security\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable XML-RPC requests to enhance your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable Authorize application page to enhance your site’s security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Redirects\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force all URLs to use HTTPS for secure browsing.\u003C\u002Fli>\n\u003Cli>Force all URLs to use WWW to ensure consistency in site access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>LLMs.txt Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically generate a structured LLMs.txt file in Markdown format.\u003C\u002Fli>\n\u003Cli>Include website title, description, posts, pages, and products (if WooCommerce is active).\u003C\u002Fli>\n\u003Cli>Keep the file updated when content changes or new content is published.\u003C\u002Fli>\n\u003Cli>Help AI-powered tools better understand and interact with your website content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hostinger Tools is the new version of the previous Hostinger plugin, offering an updated and enhanced experience.\u003Cbr \u002F>\nThe Onboarding assistant and the Learning section previously included in this plugin were moved to the separate plugin Hostinger Easy Onboarding.\u003C\u002Fp>\n","Simplified WordPress management. Manage site info, maintenance, security, & redirects.",3000000,16730722,60,25,"2026-03-03T11:48:00.000Z","5.5","8.1",[118,133,51,21,134],"https","tools","https:\u002F\u002Fhostinger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhostinger.3.0.59.zip",99,"2024-01-05 00:00:00",{"attackSurface":140,"codeSignals":161,"taintFlows":178,"riskAssessment":179,"analyzedAt":189},{"hooks":141,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[142,148,152],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","wp_shield_admin_menu","wp_shield.php",26,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_init","update_wp_shield_info",37,{"type":143,"name":153,"callback":154,"file":155,"line":156},"init","wp_shield_auth","wp_shield_auth.php",13,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":177},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":166,"rawEcho":167,"locations":168},2,3,[169,173,175],{"file":170,"line":171,"context":172},"admin\\templates\\settings.php",18,"raw output",{"file":170,"line":174,"context":172},31,{"file":170,"line":176,"context":172},39,[],[],{"summary":180,"deductions":181},"The \"wp-shield\" v1.6 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any registered attack surface points like AJAX handlers, REST API routes, or shortcodes significantly limits the potential for external manipulation. Furthermore, the code signals show no dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, all of which are strong security practices. The fact that there are no recorded vulnerabilities in its history further reinforces this positive assessment. However, a significant concern arises from the low percentage of properly escaped outputs (40%). This indicates that user-supplied data might be directly outputted without proper sanitization, opening the door for Cross-Site Scripting (XSS) vulnerabilities, particularly if user-controlled data is displayed on the front-end. The lack of any observed taint flows, while seemingly good, might also be a consequence of the limited analysis performed or the plugin's minimal interaction with user input.\n\nWhile the plugin scores well on many fronts due to its limited functionality and robust data handling for database interactions, the unescaped output is a critical weakness. The absence of nonce and capability checks across the board, although not directly tied to an exposed attack surface in this analysis, represents a potential risk if the plugin's functionality were to expand or if an indirect attack vector were discovered. The vulnerability history being clean is a strong positive, suggesting a well-maintained codebase in that regard. The conclusion is that \"wp-shield\" v1.6 is largely secure in its current state regarding direct attacks, but the unescaped output is a clear and present danger that needs immediate attention to prevent potential XSS exploits.",[182,185,187],{"reason":183,"points":184},"Low percentage of properly escaped outputs",8,{"reason":186,"points":45},"No nonce checks present",{"reason":188,"points":45},"No capability checks present","2026-03-16T19:55:39.375Z",{"wat":191,"direct":198},{"assetPaths":192,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[193,194],"\u002Fwp-content\u002Fplugins\u002Fwp-shield\u002Fwp_shield_auth.php","\u002Fwp-content\u002Fplugins\u002Fwp-shield\u002Fadmin\u002Ftemplates\u002Fsettings.php",[],[],[],{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":204},[],[],[],[],[],[]]