[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgU266dcy9RaU1J6JtsV138See_4RQcdO65ftlox9W9c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":172,"crawl_stats":38,"alternatives":180,"analysis":283,"fingerprints":1267},"wp-simple-firewall","Shield: Blocks Bots, Protects Users, and Prevents Security Breaches","21.2.6","Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaultgoodchild\u002F","\u003Cp>Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.\u003C\u002Fp>\n\u003Ch3>Key Security Features At A Glance\u003C\u002Fh3>\n\u003Ch3>[PRO-Only] Zero-Configuration, Fast & Reliable WordPress Backups Included\u003C\u002Fh3>\n\u003Cp>We’ve made WordPress backups faster than ever with our integrated WordPress Disaster Recovery Backups solution – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldbackups\" rel=\"nofollow ugc\">ShieldBACKUPS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No more risky Cloud Storage\u002FOAuth credentials exposed on your sites; Backups that work without relying on a temperamental WordPress cron.\u003C\u002Fp>\n\u003Cp>ShieldBACKUPS keeps your data off-site, encrypted, and far away from hackers.\u003C\u002Fp>\n\u003Ch3>\u003Cem>silent\u003C\u002Fem>CAPTCHA Bad Bot Protection\u003C\u002Fh3>\n\u003Cp>Bad bots are your #1 security threat. They account for nearly all WordPress security probes, attacks, injections, malware, and vulnerability exploitation.\u003C\u002Fp>\n\u003Cp>Google reCAPTCHA and CloudFlare Turnstile are considered the best way to detect bots, but these along with all other CAPTCHAs interrupt the user experience.\u003C\u002Fp>\n\u003Cp>Shield’s exclusive \u003Cem>silent\u003C\u002Fem>CAPTCHA detects bad bots and blocks them from taking any abusive actions on your site, such as brute-force user login attacks and WP Comments SPAM.\u003C\u002Fp>\n\u003Cp>Furthermore, privacy directives from legislation such as Europe’s GDPR restrict what data you may share of your visitors. All \u003Cem>silent\u003C\u002Fem>CAPTCHA data is kept on your WordPress site and ensures full compliance with GDPR regulations.\u003C\u002Fp>\n\u003Ch3>Comprehensive Activity Log\u003C\u002Fh3>\n\u003Cp>Shield’s has best-in-class logging that documents every WP action on your site.\u003C\u002Fp>\n\u003Cp>Unlike existing logging solutions, Shield detects changes to your WordPress sites that happen directly on your database. e.g. by hackers that have infiltrated your defenses via an exposed vulnerability.\u003C\u002Fp>\n\u003Cp>No other WordPress security plugin does this.\u003C\u002Fp>\n\u003Ch3>Limit Login Attempts and Block User Registration SPAM\u003C\u002Fh3>\n\u003Cp>\u003Cem>silent\u003C\u002Fem>CAPTCHA technology is invisible to your visitors and protects your WordPress login, registration and lost password forms from brute force attacks, and eliminates user registration SPAM from bots.\u003C\u002Fp>\n\u003Ch3>User Session Theft Protection\u003C\u002Fh3>\n\u003Cp>Shield can lock user session to browsers, or IP addresses. Combine with 2FA (below), you can protect your users from session theft and account theft.\u003C\u002Fp>\n\u003Ch3>Two-Factor Authentication (2FA) for all users\u003C\u002Fh3>\n\u003Cp>Two-Factor Authentication is a crucial part of WordPress user security. It protects against account theft, takeover, and sharing. Shield supports email-based login code, Google\u002FMicrosoft\u002FLastpass Authenticator, Yubikey One-Time Passwords and Passkeys (pro).\u003C\u002Fp>\n\u003Ch3>Exclusive Security Admin Protection\u003C\u002Fh3>\n\u003Cp>Not only does Shield Security protect your WordPress site, it also provides security against tampering of key WordPress options and the Shield Security plugin itself. With Shield’s exclusive Security Admin feature, you can lockdown the security plugin from other admins to prevent accidental or malicious changes that will impact your security.\u003C\u002Fp>\n\u003Ch3>CrowdSec Partnership\u003C\u002Fh3>\n\u003Cp>Shield is the only WordPress security plugin with strategic partnerships that bring powerful protection to your WordPress sites. With our CrowdSec integration, your WordPress sites benefit from crowd-sourced IP Block Lists so your site can block malicious bots before they can do any damage whatsoever.\u003C\u002Fp>\n\u003Ch3>All The Features You’ll Absolutely Love\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>[ShieldPRO] ShieldBACKUPS – Disaster-proof your WordPress site with fast, reliable, easy WordPress backups!\u003C\u002Fli>\n\u003Cli>Exclusive \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fju\" rel=\"nofollow ugc\">silentCAPTCHA Security\u003C\u002Fa> – WordPress-specific bot-detection alternative to Google reCAPTCHA and CloudFlare Turnstile.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic Bot & IP Blocking\u003C\u002Fa> – reputation-based security intelligence to block repeat offenders automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Bad Bot Blocking with \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fl5\" rel=\"nofollow ugc\">our exclusive CrowdSec Security integration\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Easy To Understand Security Dashboard that highlights quick wins and areas to rapidly improve site security\u003C\u002Fli>\n\u003Cli>[ShieldPRO] \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Flf\" rel=\"nofollow ugc\">Artificial Intelligence based PHP Malware Detection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Security for your important user forms, by blocking Block Bots:\n\u003Cul>\n\u003Cli>Login Forms\u003C\u002Fli>\n\u003Cli>User Registration Forms\u003C\u002Fli>\n\u003Cli>Lost Password Reset Forms\u003C\u002Fli>\n\u003Cli>[ShieldPRO] WooCommerce & Easy Digital Downloads\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Contact Form SPAM Protection: Contact Form 7, NinjaForms, Elementor, WP Forms, and more!\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Memberpress, LearnPress, BuddyPress, WP Members, ProfileBuilder\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiw\" rel=\"nofollow ugc\">Brute Force Security Protection, Limit Login Attempts + Login Cooldown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Powerful Firewall Rules\u003C\u002Fli>\n\u003Cli>Restricted Security Admin Access\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fix\" rel=\"nofollow ugc\">Prevents Unauthorized Changes By Compromised Admins\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>(MFA) \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiy\" rel=\"nofollow ugc\">Two-Factor \u002F Multi-Factor Login Authentication\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Google Authenticator\u003C\u002Fli>\n\u003Cli>Yubikey\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Passkeys\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Backup Login Codes\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Multiple Yubikey per User\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Remember Me (reduces 2FA requests for users)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fiz\" rel=\"nofollow ugc\">Block XML-RPC\u003C\u002Fa> (\u003Cem>including\u003C\u002Fem> Pingbacks and Trackbacks)\u003C\u002Fli>\n\u003Cli>Security firewall for the REST API – block anonymous requests\u003C\u002Fli>\n\u003Cli>Powerful IP Addresses-based Security:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj0\" rel=\"nofollow ugc\">Automatic IP Address Blocking Using Points-Based System\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Block or Bypass individual IPs\u003C\u002Fli>\n\u003Cli>Block or Bypass IP Subnets\u003C\u002Fli>\n\u003Cli>Full IP Security Analysis in 1 place to review activity on your sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Comprehensive WordPress File Scanner for Intrusions and Hacks\n\u003Cul>\n\u003Cli>Detect File Changes – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj1\" rel=\"nofollow ugc\">Scan & Repair WordPress Core Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj2\" rel=\"nofollow ugc\">Detect Unknown\u002FSuspicious PHP Files\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Detect Abandoned Plugins.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Malware Scanner – detects known and unknown malware.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Plugin and Theme Scanning – identify file changes in your plugins\u002Fthemes.\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Detect Plugins\u002FThemes With Known Security Vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj3\" rel=\"nofollow ugc\">Create a \u003Cstrong>Private Secure Login URL\u003C\u002Fstrong> by hiding wp-login.php\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Comment SPAM Blocking – Block \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjf\" rel=\"nofollow ugc\">Comment SPAM from Bots and Humans\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Never Block Google\u003C\u002Fstrong>: Smart Security Automatically Detects Known Good Bots: GoogleBot, Bing and other Official Search Engines including:\n\u003Cul>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Bing,\u003C\u002Fli>\n\u003Cli>DuckDuckGo\u003C\u002Fli>\n\u003Cli>Yahoo!\u003C\u002Fli>\n\u003Cli>Baidu\u003C\u002Fli>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>Yandex\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Automatically Detects 3rd Party Services and Prevents Blocking Of:\n\u003Cul>\n\u003Cli>ManageWP \u002F iControlWP \u002F MainWP\u003C\u002Fli>\n\u003Cli>Pingdom, NodePing, Statuscake, UptimeRobot, GTMetrix\u003C\u002Fli>\n\u003Cli>Stripe, PayPal IPN\u003C\u002Fli>\n\u003Cli>CloudFlare, SEMRush\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full Security Activity Log – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj5\" rel=\"nofollow ugc\">Monitor \u003Cstrong>All\u003C\u002Fstrong> Site Activity, including\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Activity log for all user login & registration attempts\u003C\u002Fli>\n\u003Cli>Plugin and Theme installation activity logs, including activation & deactivation etc.\u003C\u002Fli>\n\u003Cli>User creation activity log, including detection of administrator promotions\u003C\u002Fli>\n\u003Cli>Activity log for Page\u002FPost create, update, delete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advanced User Sessions Control\n\u003Cul>\n\u003Cli>Restrict Multiple User Login\u003C\u002Fli>\n\u003Cli>Restrict Users Session To IP\u003C\u002Fli>\n\u003Cli>Password Security – Block Pwned Passwords\u003C\u002Fli>\n\u003Cli>User Enumeration Blocking – Firewall blocks requests to \u003Ccode>?author=x\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Security for old and idle user account with manual and automatic User Suspend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Full\u002FAutomatic Support for All IP Address Sources including Proxy Support\u003C\u002Fli>\n\u003Cli>HTTP Request\u002FTraffic Logging – \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj7\" rel=\"nofollow ugc\">Full Traffic Logging and Request Monitoring\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>[ShieldPRO] Traffic Rate Limiting Security – prevent server overload from DoS Attacks\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fj6\" rel=\"nofollow ugc\">HTTP Security Headers & Content Security Policies (CSP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldfeatures\" rel=\"nofollow ugc\">Full Shield Security Features List\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Shield is the only security plugin for WordPress that prioritises protection and intrusion prevention before repair. With Shield Security, your site will immediately to block visitors as they probe your site looking for vulnerabilities, and before they can do damage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other standalone WordPress security plugin\u003C\u002Fstrong> (including \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fshieldvswordfence\" rel=\"nofollow ugc\">Wordfence\u003C\u002Fa>, WP Cerber, Ninja Firewall, All-In-One Security) approaches security in this way. The 1st step in any good security system is Intrusion Detection\u002FPrevention, the 2nd step is repair. Shield Security does both.\u003C\u002Fp>\n\u003Ch4>Get the highest rated 5* Security Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Per download, Shield Security \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fjl\" rel=\"nofollow ugc\">has the highest 5* rating\u003C\u002Fa> in the WordPress plugin repository.\u003C\u002Fp>\n\u003Ch3>Leave Behind the Security Marketing Hype and Scare Mongering\u003C\u002Fh3>\n\u003Cp>Our solution isn’t designed to scare you and make you feel unsafe.\u003C\u002Fp>\n\u003Ch3>2 Key WordPress Security Strategies\u003C\u002Fh3>\n\u003Cp>Shield Security uses 2 simple key strategies to protect your WordPress sites:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Intrusion Prevention System – Detect Bots\u002FMalicious IPs that will try to hack and invade your WordPress sites.\u003C\u002Fli>\n\u003Cli>Block & Recover – Block Bad Bots and Repair Hacks\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Key Security Strategy #1: Hacking Prevention\u003C\u002Fh4>\n\u003Cp>Bad Bots are the primary cause for nearly all our security troubles – they’re relentless, automatic and powerful.\u003C\u002Fp>\n\u003Cp>Shield Security is highly focused on their detection and eradication from your WordPress sites.\u003C\u002Fp>\n\u003Cp>Blocking malicious bots before they do damage through malware and exploitation of vulnerabilities is the #1 security strategy to protect and enhance security on a WordPress site.\u003C\u002Fp>\n\u003Cp>Shield detects these malicious visitors, then blocks their access to your site completely. This involves analysing different security bot-signals and combining them to identify a visitor as malicious.\u003C\u002Fp>\n\u003Cp>These security signals include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>site probes that generate 404 errors\u003C\u002Fli>\n\u003Cli>failed logins\u003C\u002Fli>\n\u003Cli>logins with invalid usernames\u003C\u002Fli>\n\u003Cli>xml-rpc access\u003C\u002Fli>\n\u003Cli>fake search engine web crawlers\u003C\u002Fli>\n\u003Cli>invalid user agents\u003C\u002Fli>\n\u003Cli>excessive website requests and resource abuse\u003C\u002Fli>\n\u003Cli>and many more signals our security team have identified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Early identification and blocking of malicious bots reduces your WordPress site’s vulnerability to any sort of attack.\u003C\u002Fp>\n\u003Ch4>Key Strategy #2: Hacking Recovery\u003C\u002Fh4>\n\u003Cp>Even with the best security efforts, a site can get hacked. This usually involves file modification: either a hack file is added, or a file is changed.\u003C\u002Fp>\n\u003Cp>There are 3 key WordPress assets whose files can be hacked:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress Core\u003C\u002Fli>\n\u003Cli>WordPress Plugins\u003C\u002Fli>\n\u003Cli>WordPress Themes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Almost every security plugin can now do #1 – it’s easy because WordPress.org provides \u003Cem>checksums\u003C\u002Fem> for core files.\u003C\u002Fp>\n\u003Cp>But, there are no hashes available for plugins and themes, particularly premium plugins, so they can’t do it.\u003C\u002Fp>\n\u003Cp>Shield is \u003Cstrong>the only WordPress security plugin\u003C\u002Fstrong> that offers accurate detection of file modifications for all plugins and themes because we \u003Cstrong>build our own file fingerprints\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Shield can compare the file contents of every plugin & theme in the WordPress.org repository, looking for changed or new files\u003C\u002Fp>\n\u003Cp>And, if you’re a ShieldPRO client, you can protect premium plugins\u002Fthemes too, including Yoast SEO and Advanced Custom Fields Pro.\u003C\u002Fp>\n\u003Cp>Where possible, Shield will repair any unrecognised\u002Fmodified files it detects.\u003C\u002Fp>\n\u003Ch4>Non-stop Security Notifications Are Not Okay.\u003C\u002Fh4>\n\u003Cp>Your security plugin must be smarter, and take responsibility for decisions, so you don’t have to.\u003C\u002Fp>\n\u003Cp>Shield handles many problems for you, making intelligent decisions without noisy email notifications.\u003C\u002Fp>\n\u003Ch3>Dedicated Premium Support When You Go PRO\u003C\u002Fh3>\n\u003Cp>The Shield Security team prioritises email technical support over the WordPress.org forums.\u003Cbr \u002F>\nIndividual, dedicated technical support is only available to customers who have \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">purchased Shield Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Discover all the advantages of switching your WordPress security Pro at \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fab\" rel=\"nofollow ugc\">our Shield Security store\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Partnerships & Integrations\u003C\u002Fh3>\n\u003Cp>We believe that \u003Ca href=\"https:\u002F\u002Fclk.shldscrty.com\u002Fol\" rel=\"nofollow ugc\">silentCAPTCHA\u003C\u002Fa> is one of the simplest and most powerful solutions available today for all WordPress site owners to block and eliminate automated bot spam.\u003C\u002Fp>\n\u003Cp>That’s why we’ve started a collaboration campaign with other WordPress plugin developers to adapt their plugins to natively support Shield’s silentCAPTCHA solution, alongside Google reCAPTCHA & Cloudflare Turnstile.\u003C\u002Fp>\n\u003Cp>When you use one of the products from any of our partners, you will be able to activate Shield’s silentCAPTCHA bot spam protection so that your forms are protected from automated spam. You won’t need any site\u002FAPI keys, custom integrations, or JavaScript that can breaks your forms. It all works automatically for you when you enable the feature.\u003C\u002Fp>\n\u003Cp>As of this release, we have partnered with the following WordPress form providers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-form-builder\u002F\" rel=\"ugc\">Easy Form Builder\u003C\u002Fa> v4+\u003C\u002Fli>\n\u003C\u002Ful>\n","Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.",40000,12640449,96,1032,"2026-03-05T10:26:00.000Z","7.0","5.7","7.4",[20,21,22,23,24],"2fa","activity-log","bots","firewall","security","https:\u002F\u002Fclk.shldscrty.com\u002F2f","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-firewall.21.2.6.zip",83,11,0,"2026-02-18 16:19:04","2026-03-15T15:16:48.613Z",[33,49,61,74,84,96,110,126,141,152,159],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2026-0722","shield-security-cross-site-request-forgery-to-sql-injection","Shield Security \u003C= 21.0.8 - Cross-Site Request Forgery to SQL Injection","The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=21.0.8","21.0.10","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-02-19 04:36:29",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff53d9579-56e9-41aa-b6b7-2472734ee719?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":48},"CVE-2026-0561","shield-security-unauthenticated-reflected-cross-site-scripting-via-message-parameter","Shield Security \u003C= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter","The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-18 16:17:44","2026-02-19 04:36:25",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcb49eb5f-c1ff-4440-8b53-c2515e65da27?source=api-prod",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":38,"affected_versions":66,"patched_in_version":40,"severity":41,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":48},"CVE-2025-14427","shield-security-blocks-bots-protects-users-and-prevents-security-breaches-missing-authorization-to-authenticated-subscri","Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches \u003C= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update","The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable the global Email 2FA setting for the entire site.","\u003C=21.0.9",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-18 16:16:58","2026-02-19 04:36:20",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F91dbc521-c24b-4b73-9b70-46d363ccb535?source=api-prod",{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":66,"patched_in_version":40,"severity":41,"cvss_score":67,"cvss_vector":68,"vuln_type":79,"published_date":80,"updated_date":81,"references":82,"days_to_patch":48},"CVE-2025-15370","shield-security-authenticated-subscriber-insecure-direct-object-reference-to-disable-google-authenticator","Shield Security \u003C= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator","The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable Google Authenticator for any user.","Authorization Bypass Through User-Controlled Key","2026-01-15 15:58:56","2026-01-16 04:44:37",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd777014a-5397-4062-af39-7ea86589a0d0?source=api-prod",{"id":85,"url_slug":86,"title":87,"description":88,"plugin_slug":4,"theme_slug":38,"affected_versions":89,"patched_in_version":90,"severity":41,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":91,"updated_date":92,"references":93,"days_to_patch":95},"CVE-2024-7313","shield-security-smart-bot-blocking-intrusion-prevention-security-reflected-cross-site-scripting","Shield Security – Smart Bot Blocking & Intrusion Prevention Security \u003C= 20.0.5 - Reflected Cross-Site Scripting","The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nav_sub' parameter in all versions up to, and including, 20.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=20.0.5","20.0.6","2024-08-05 00:00:00","2024-08-28 22:54:05",[94],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff23e7274-45f6-46da-b4c8-2eaa1bd39257?source=api-prod",24,{"id":97,"url_slug":98,"title":99,"description":100,"plugin_slug":4,"theme_slug":38,"affected_versions":101,"patched_in_version":102,"severity":41,"cvss_score":67,"cvss_vector":103,"vuln_type":104,"published_date":105,"updated_date":106,"references":107,"days_to_patch":109},"CVE-2024-4344","shield-security-smart-bot-blocking-intrusion-prevention-security-cross-site-request-forgery","Shield Security – Smart Bot Blocking & Intrusion Prevention Security \u003C= 19.1.13 - Cross-Site Request Forgery","The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for unauthenticated attackers to disable pin protection for the admin interface of the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=19.1.10","19.1.11","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-06-01 16:29:51","2024-06-03 13:51:01",[108],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d?source=api-prod",2,{"id":111,"url_slug":112,"title":113,"description":114,"plugin_slug":4,"theme_slug":38,"affected_versions":115,"patched_in_version":116,"severity":117,"cvss_score":118,"cvss_vector":119,"vuln_type":120,"published_date":121,"updated_date":122,"references":123,"days_to_patch":125},"CVE-2023-6989","shield-security-smart-bot-blocking-intrusion-prevention-security-unauthenticated-local-file-inclusion","Shield Security – Smart Bot Blocking & Intrusion Prevention Security \u003C= 18.5.9 - Unauthenticated Local File Inclusion","The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","\u003C=18.5.9","18.5.10","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2024-02-05 00:00:00","2024-07-29 21:35:48",[124],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=api-prod",176,{"id":127,"url_slug":128,"title":129,"description":130,"plugin_slug":4,"theme_slug":38,"affected_versions":131,"patched_in_version":132,"severity":133,"cvss_score":134,"cvss_vector":135,"vuln_type":56,"published_date":136,"updated_date":137,"references":138,"days_to_patch":140},"CVE-2024-22163","shield-security-unauthenticated-stored-cross-site-scripting-via-getcolumncontentpage","Shield Security \u003C= 18.5.7 - Unauthenticated Stored Cross-Site Scripting via getColumnContent_Page","The Shield Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the getColumnContent_Page function in versions up to, and including, 18.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=18.5.7","18.5.8","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-01-16 00:00:00","2024-01-22 19:56:02",[139],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffcd02dfa-688e-4375-92cb-8d0e7cbaaa6e?source=api-prod",7,{"id":142,"url_slug":143,"title":144,"description":145,"plugin_slug":4,"theme_slug":38,"affected_versions":146,"patched_in_version":147,"severity":133,"cvss_score":134,"cvss_vector":135,"vuln_type":56,"published_date":148,"updated_date":137,"references":149,"days_to_patch":151},"CVE-2023-0992","shield-security-unauthenticated-stored-cross-site-scripting","Shield Security \u003C= 17.0.17 - Unauthenticated Stored Cross-Site Scripting","The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C17.0.18","17.0.18","2023-04-25 00:00:00",[150],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F162dff28-94ea-4a47-a6cb-a13317cf1a04?source=api-prod",273,{"id":153,"url_slug":154,"title":155,"description":156,"plugin_slug":4,"theme_slug":38,"affected_versions":146,"patched_in_version":147,"severity":41,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":148,"updated_date":137,"references":157,"days_to_patch":151},"CVE-2023-0993","shield-security-missing-authorization","Shield Security \u003C= 17.0.17 - Missing Authorization","The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.",[158],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F674461ad-9b61-48c4-af2a-5dfcaeb38215?source=api-prod",{"id":160,"url_slug":161,"title":162,"description":163,"plugin_slug":4,"theme_slug":38,"affected_versions":164,"patched_in_version":165,"severity":41,"cvss_score":166,"cvss_vector":167,"vuln_type":56,"published_date":168,"updated_date":137,"references":169,"days_to_patch":171},"CVE-2022-0211","shield-security-admin-stored-cross-site-scripting","Shield Security \u003C= 13.0.5 - Admin+ Stored Cross-Site Scripting","The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.","\u003C=13.0.5","13.0.6",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-01-19 00:00:00",[170],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F287c6cdc-f534-4b87-8a97-ee1e3666cd25?source=api-prod",734,{"slug":173,"display_name":7,"profile_url":8,"plugin_count":174,"total_installs":175,"avg_security_score":176,"avg_patch_time_days":177,"trust_score":178,"computed_at":179},"paultgoodchild",5,141210,90,125,72,"2026-04-03T19:19:58.447Z",[181,203,224,243,263],{"slug":182,"name":183,"version":184,"author":185,"author_profile":186,"description":187,"short_description":188,"active_installs":189,"downloaded":190,"rating":191,"num_ratings":192,"last_updated":193,"tested_up_to":194,"requires_at_least":195,"requires_php":16,"tags":196,"homepage":199,"download_link":200,"security_score":13,"vuln_count":201,"unpatched_count":29,"last_vuln_date":202,"fetched_at":31},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","6.9.4","4.7",[20,23,197,198,24],"malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",12,"2022-09-06 00:00:00",{"slug":204,"name":205,"version":206,"author":207,"author_profile":208,"description":209,"short_description":210,"active_installs":211,"downloaded":212,"rating":213,"num_ratings":214,"last_updated":215,"tested_up_to":194,"requires_at_least":216,"requires_php":217,"tags":218,"homepage":217,"download_link":221,"security_score":213,"vuln_count":222,"unpatched_count":29,"last_vuln_date":223,"fetched_at":31},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0","",[20,219,23,220,24],"brute-force","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":225,"name":226,"version":227,"author":228,"author_profile":229,"description":230,"short_description":231,"active_installs":232,"downloaded":233,"rating":213,"num_ratings":234,"last_updated":235,"tested_up_to":194,"requires_at_least":195,"requires_php":236,"tags":237,"homepage":240,"download_link":241,"security_score":242,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"block-bad-queries","BBQ Firewall – Fast & Powerful Firewall Security","20260205","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>🔥 Install, activate, and done!\u003Cbr \u002F>\n  🔥 Powerful protection from WP’s \u003Cstrong>fastest\u003C\u002Fstrong> firewall plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F\" rel=\"nofollow ugc\">BBQ Firewall\u003C\u002Fa> is a lightweight, blazing-fast firewall plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like \u003Ccode>eval(\u003C\u002Fcode>, \u003Ccode>base64_\u003C\u002Fcode>, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">strong Apache\u002F.htaccess firewall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Adds a strong firewall to ANY WordPress site\u003Cbr \u002F>\n  🔥 Works with all WordPress plugins and themes\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Powerful Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ protects your site against many threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SQL injection attacks\u003C\u002Fli>\n\u003Cli>Executable file uploads\u003C\u002Fli>\n\u003Cli>Directory traversal attacks\u003C\u002Fli>\n\u003Cli>Unsafe character requests\u003C\u002Fli>\n\u003Cli>Excessively long requests\u003C\u002Fli>\n\u003Cli>PHP remote\u002Ffile execution\u003C\u002Fli>\n\u003Cli>XSS, XXE, and related attacks\u003C\u002Fli>\n\u003Cli>Protects against bad bots\u003C\u002Fli>\n\u003Cli>Protects against bad referrers\u003C\u002Fli>\n\u003Cli>Protects against bad POST content\u003C\u002Fli>\n\u003Cli>Protects against many other bad requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackhole-bad-bots\u002F\" rel=\"ugc\">Blackhole for Bad Bots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbanhammer\u002F\" rel=\"ugc\">Banhammer\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Awesome Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BBQ provides all the best firewall features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rated \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-bad-queries\u002F#reviews\" rel=\"ugc\">5 stars\u003C\u002Fa> at WordPress.org\u003C\u002Fli>\n\u003Cli>100% plug-&-play, zero configuration\u003C\u002Fli>\n\u003Cli>100% focused on security and performance\u003C\u002Fli>\n\u003Cli>Blocks a wide range of malicious URL requests\u003C\u002Fli>\n\u003Cli>Fastest Web Application Firewall (WAF) for WordPress\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F7g-firewall\u002F\" rel=\"nofollow ugc\">7G\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002F8g-firewall\u002F\" rel=\"nofollow ugc\">8G Firewall\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Scans all incoming traffic and blocks bad requests\u003C\u002Fli>\n\u003Cli>Scans all types of requests: GET, POST, PUT, DELETE, etc.\u003C\u002Fli>\n\u003Cli>Protects against known bad bots and referrers\u003C\u002Fli>\n\u003Cli>Works silently behind the scenes to protect your site\u003C\u002Fli>\n\u003Cli>Hassle-free security plugin that’s easy to use\u003C\u002Fli>\n\u003Cli>Thoroughly tested, error-free performance\u003C\u002Fli>\n\u003Cli>Extremely low rate of false positives\u003C\u002Fli>\n\u003Cli>Compatible with other security plugins\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Firewall \u003C 10 kilobytes in size\u003C\u002Fli>\n\u003Cli>Lightweight, fast and flexible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>🔥 For advanced protection and features, check out \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Exclusive Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize firewall via plugin settings\u003C\u002Fli>\n\u003Cli>Easily add or remove firewall patterns\u003C\u002Fli>\n\u003Cli>Easily add Jeff Starr’s \u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fultimate-ai-block-list\u002F\" rel=\"nofollow ugc\">AI Block List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Send Email Alerts for blocked requests\u003C\u002Fli>\n\u003Cli>Quickly enable\u002Fdisable firewall rules\u003C\u002Fli>\n\u003Cli>Disable firewall for logged-in users\u003C\u002Fli>\n\u003Cli>Block excessively long URI requests\u003C\u002Fli>\n\u003Cli>Protect against XML-RPC exploits\u003C\u002Fli>\n\u003Cli>Block any individual IP address\u003C\u002Fli>\n\u003Cli>Block entire ranges of IP addresses\u003C\u002Fli>\n\u003Cli>Protect against user-ID phishing\u003C\u002Fli>\n\u003Cli>Redirect all blocked requests\u003C\u002Fli>\n\u003Cli>Display a custom “blocked” message\u003C\u002Fli>\n\u003Cli>Set your own response status code\u003C\u002Fli>\n\u003Cli>Complete inline documentation\u003C\u002Fli>\n\u003Cli>Statistics for blocked requests\u003C\u002Fli>\n\u003Cli>Tools to reset options and patterns\u003C\u002Fli>\n\u003Cli>Import and Export firewall patterns\u003C\u002Fli>\n\u003Cli>One-click pattern testing\u003C\u002Fli>\n\u003Cli>Whitelist IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>..plus everything the free version can do and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 Learn more and \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">get BBQ Pro »\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>BBQ Firewall is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>🔥 BBQ = Block Bad Queries\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.",100000,3258210,156,"2026-02-05T20:29:00.000Z","7.1",[22,23,238,24,239],"secure","web-application-firewall","https:\u002F\u002Fperishablepress.com\u002Fblock-bad-queries\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-bad-queries.20260205.zip",100,{"slug":244,"name":245,"version":246,"author":247,"author_profile":248,"description":249,"short_description":250,"active_installs":251,"downloaded":252,"rating":242,"num_ratings":253,"last_updated":254,"tested_up_to":194,"requires_at_least":255,"requires_php":217,"tags":256,"homepage":261,"download_link":262,"security_score":242,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"cloudfilt-codes","CloudFilt Bot & Spam Protection","1.0.20","CloudFilt","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudfilt\u002F","\u003Cp>Prevent and block bot traffic, web scraping, Tor traffic, spam submissions (comments and contact forms), online fraud, business logic abuse, and denial-of-service (DDoS) attacks.\u003Cbr \u002F>\nThis plugin inserts the CloudFilt tracking and security codes into your website, enabling the protection services available at https:\u002F\u002Fcloudfilt.com\u002F\u003Cbr \u002F>\nYou can read the full documentation at: https:\u002F\u002Fdocs.cloudfilt.com\u002F\u003C\u002Fp>\n\u003Cp>Terms and Conditions: https:\u002F\u002Fcloudfilt.com\u002Fdocs\u002Fpt_cloudfilt_07302025.pdf\u003C\u002Fp>\n\u003Cp>Tags: web security, bot blocking, web application firewall, antispam, stop bad bots\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Authentification form\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using your public and private key to connect your WordPress website to your CloudFilt account and enable CloudFilt features.\u003C\u002Fli>\n\u003Cli>Check if your website is still connected to your CloudFilt account.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enabled CloudFilt features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevents and stop bots traffic, Web Scraping, Tor traffic, Spam Submissions, Web Fraud, Business logic and Denial of service (DDoS).\u003C\u002Fli>\n\u003Cli>Injects JS into pages to track and detect potentially dangerous users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to your CloudFilt account and go to https:\u002F\u002Fapp.cloudfilt.com\u002Fwebsites.\u003C\u002Fli>\n\u003Cli>Select the website and go to Settings > Integration & Plugins.\u003C\u002Fli>\n\u003Cli>In the “WordPress” tab, retrieve the public key and the private key.\u003C\u002Fli>\n\u003Cli>Login to the administration page of your WordPress and select the “CloudFilt” plugin from the menu.\u003C\u002Fli>\n\u003Cli>In the form, paste the keys you retrieved from your CloudFilt account.\u003C\u002Fli>\n\u003Cli>Once it is done, you can go back to https:\u002F\u002Fapp.cloudfilt.com and access to your website’s security statistics. Bots can’t be anymore go on your website and users are tracked.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>To learn more, see the screenshots section.\u003C\u002Fp>\n","Prevent and stop bots traffic. This plugin inserts in your website the CloudFilt codes for the security tracking available on https:\u002F\u002Fcloudfilt.com\u002F.",600,18891,3,"2026-02-17T10:43:00.000Z","4.0",[257,258,259,239,260],"antispam","block-bots","stop-bad-bots","web-security","https:\u002F\u002Fcloudfilt.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudfilt-codes.1.0.20.zip",{"slug":264,"name":265,"version":266,"author":267,"author_profile":268,"description":269,"short_description":270,"active_installs":271,"downloaded":272,"rating":242,"num_ratings":140,"last_updated":273,"tested_up_to":274,"requires_at_least":275,"requires_php":18,"tags":276,"homepage":279,"download_link":280,"security_score":281,"vuln_count":48,"unpatched_count":29,"last_vuln_date":282,"fetched_at":31},"bitfire","BitFire Security – Firewall, WAF, Bot\u002FSpam Blocker, Login Security","4.8.2","Cory Marsh","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitslip6\u002F","\u003Ch3>Real-Time Security for WordPress\u003C\u002Fh3>\n\u003Cp>BitFire protects your website from bots, hackers, malware, and critical vulnerabilities – before they can cause damage.\u003C\u002Fp>\n\u003Cp>This plugin brings advanced security technology used by large enterprises to your WordPress site, now available in a free version. Whether you manage a business website, blog, or WooCommerce store, BitFire gives you powerful protection and visibility into your traffic.\u003C\u002Fp>\n\u003Ch3>Smarter Protection with AI\u003C\u002Fh3>\n\u003Cp>Most security plugins wait for updates to detect new threats. BitFire takes a different approach: it uses artificial intelligence and real-time request analysis to \u003Cstrong>stop zero-day attacks\u003C\u002Fstrong>, bots, and malicious users \u003Cstrong>before\u003C\u002Fstrong> they get access to your site.\u003C\u002Fp>\n\u003Cp>Our AI learns what normal traffic looks like for your site and blocks anything suspicious – without you needing to configure endless rules.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Unlike traditional firewalls that allow everything by default and react to known threats, BitFire only allows verified traffic – stopping new and unknown attacks instantly.”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>🔐 Security Highlights (Free & Pro)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stop Bots Automatically\u003C\u002Fstrong> – Block fake users, spam bots, and scanners (no captchas needed).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Scan your site for infected or unknown files using a fast hash-based scanner.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Traffic Monitor\u003C\u002Fstrong> – See who’s visiting your site, including IP, city, browser, request rate, and referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Protection\u003C\u002Fstrong> – Block bots from abusing your login page, detect phishing attacks, and stop brute-force attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Human \u002F Bot Detection\u003C\u002Fstrong> – BitFire can tell the difference between real users and fake browsers with 99.7% accuracy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Reputation\u003C\u002Fstrong> – Block over 300,000 known malicious IPs with real-time threat intelligence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Built for Speed\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>BitFire logs traffic in \u003Cstrong>under 2ms per request\u003C\u002Fstrong>, thanks to a high-performance binary logging engine.\u003C\u002Fli>\n\u003Cli>Unlike bulky WAFs that rely on large rule sets, BitFire looks at the \u003Cstrong>intent\u003C\u002Fstrong> behind every request – giving you \u003Cstrong>faster speeds\u003C\u002Fstrong> and fewer false positives.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔍 Live Traffic Monitoring\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Track every visitor request in real time  \u003C\u002Fli>\n\u003Cli>Remove blind spots and gain confidence in your site security\u003C\u002Fli>\n\u003Cli>Filter traffic by IP, URL, response code, or user-agent  \u003C\u002Fli>\n\u003Cli>View bot fingerprints from over 3,000 known bots and 180 real browsers  \u003C\u002Fli>\n\u003Cli>See what was blocked and why\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛡 Runtime Protection (PRO)\u003C\u002Fh4>\n\u003Cp>BitFire includes WordPress’s first Runtime Application Self Protection (RASP) firewall.\u003C\u002Fp>\n\u003Cp>This means BitFire watches what your plugins and code are doing in real time and blocks anything suspicious – including:\u003Cbr \u002F>\n– Unauthorized file modifications (File RASP)\u003Cbr \u002F>\n– Suspicious database queries (Database RASP)\u003Cbr \u002F>\n– Unauthorized account creation or privilege escalation (Authentication RASP)\u003Cbr \u002F>\n– Dangerous outbound network requests (Network RASP)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“It’s like a bodyguard inside your WordPress server – watching every move and stopping threats before they execute.”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>What’s Included in the Free Version?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Traffic logger (current day only)\u003C\u002Fli>\n\u003Cli>Real-time bot and malware detection\u003C\u002Fli>\n\u003Cli>File scanner with fast hash matching\u003C\u002Fli>\n\u003Cli>Block plugin and theme enumeration tools\u003C\u002Fli>\n\u003Cli>Live IP and user-agent request viewer\u003C\u002Fli>\n\u003Cli>Block hacking tools like WPScan, Nmap, Nikto, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What’s in BitFire Pro?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Web Firewall rated A+ by cloudbric with real-time updates\u003C\u002Fli>\n\u003Cli>Full Runtime Self Protection engine (File, Database, Account, and Network protection)\u003C\u002Fli>\n\u003Cli>Advanced login protection and phishing detection\u003C\u002Fli>\n\u003Cli>Malware scanner with 14 million+ clean file hashes\u003C\u002Fli>\n\u003Cli>Automatic browser fingerprinting and allowlists\u003C\u002Fli>\n\u003Cli>Auto-configured CSP and security headers (A+ rating)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Increased traffic logging and historical view to 30 days\u003C\u002Fp>\n\u003Cp>** Independent WAF testing by Cloudbric https:\u002F\u002Flabs.cloudbric.com\u002Fwafer **\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>BitFire [PRO] – 🇦  (94%)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>MalCare [PRO] – 🇫  (34%)\u003C\u002Fli>\n\u003Cli>WordFence [PRO] – 🇩  (41%)\u003C\u002Fli>\n\u003Cli>iThemes Security – 🇫  (2%)\u003C\u002Fli>\n\u003Cli>Ninja Firewall [PRO] – 🇩  (67%)\u003C\u002Fli>\n\u003Cli>Site Ground Security – 🇫  (2%)\u003C\u002Fli>\n\u003Cli>Shield Security [PRO] – 🇫  (2%)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Trusted by Enterprises, Now Available to You\u003C\u002Fh3>\n\u003Cp>BitFire is used by major organizations on our managed enterprise platform and developed by a veteran security architect with over 20 years of experience defending Fortune 500s and critical infrastructure.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This free release brings our best bot detection and traffic logging features to the WordPress community – at no cost.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Learn More\u003C\u002Fh3>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fbitfire.co\" rel=\"nofollow ugc\">https:\u002F\u002Fbitfire.co\u003C\u002Fa> for:\u003Cbr \u002F>\n– Full product comparison\u003Cbr \u002F>\n– Malware removal services\u003Cbr \u002F>\n– Pro pricing\u003Cbr \u002F>\n– Support\u003C\u002Fp>\n\u003Ch3>Privacy \u002F Monitoring \u002F Data Collection\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Privacy.  We take privacy very seriously. BitFire inspects all traffic going to the webserver and takes care to filter out any potentially sensitive information by replacing it with \u003Cstrong>\u003Cem>redacted\u003C\u002Fem>\u003C\u002Fstrong>. The config.ini file includes a list of common sensitive field names under the “filtered_logging” section. You can add additional fields to filter in the config file by adding a line “filtered_logging[field_name] = true” and replacing “field_name” with the name of the desired parameter to filter.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>BitFire includes an error handler which monitors it’s operation. In the event an error is detected in the BitFire software; including during install, an alert can be sent to BitFire’s developer team. The development team monitors these errors in real time and includes fixes for any detected errors in each new release.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Malware scanner. BitFire sends tiny 64bit hashes (signatures, or fingerprints) of every file to our hash database. For instance, index.php may hash to the number: 812612388126487. The database is many gigabytes and centrally located on our servers. BitFire uses that information to determine if a file has been modified or is a known good file and sends the results back to your site. Client hashes are never stored off your server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Log data and configuration data is stored locally on the filesystem in the wp-content\u002Fuploads\u002Fbitfire_RANDOM directory. This directory is unique and hidden from the Internet and protected by an .htaccess file. Web servers that are configured to allow directory listings will want to ensure that the file wp-content\u002Fuploads\u002Findex.php is present to prevent directory listings. The random directory name is 12 characters long and is generated on install. The directory is not accessible from the Internet and is protected by a .htaccess file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Real-time firewall that stops bots, malware, and hackers with real AI, file protection, and traffic analytics without slowing down your site",300,13786,"2025-09-21T22:57:00.000Z","6.8.5","6.1",[21,23,277,24,278],"malware-scanner","waf","https:\u002F\u002Fbitfire.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitfire.4.8.2.zip",99,"2025-08-01 00:00:00",{"attackSurface":284,"codeSignals":1154,"taintFlows":1250,"riskAssessment":1251,"analyzedAt":1266},{"hooks":285,"ajaxHandlers":1137,"restRoutes":1144,"shortcodes":1145,"cronEvents":1153,"entryPointCount":174,"unprotectedCount":29},[286,292,296,299,302,305,307,312,317,321,324,328,333,337,340,343,346,350,353,357,360,364,368,371,375,378,382,385,389,392,397,399,402,407,411,414,418,423,427,429,431,434,437,440,442,445,447,451,453,457,461,464,468,472,477,480,484,488,493,498,502,506,509,512,514,517,520,523,526,529,533,536,539,543,546,549,553,557,560,564,566,570,572,574,577,579,582,584,585,586,590,594,596,598,601,604,607,610,614,618,620,624,627,629,632,635,639,641,643,645,647,649,652,654,656,660,662,666,669,670,673,676,679,681,684,687,690,693,696,699,702,705,707,710,713,716,719,721,725,729,731,735,738,741,745,748,752,755,759,762,765,769,773,776,778,781,783,786,790,793,796,800,803,807,809,813,816,820,824,827,830,832,834,837,840,842,844,845,847,849,851,853,855,857,860,863,866,868,872,874,877,878,880,882,884,886,888,890,892,893,896,899,901,902,904,906,907,911,915,918,921,924,926,927,932,934,935,937,939,942,944,945,947,949,951,953,955,957,960,964,965,967,968,971,973,976,981,984,987,988,990,993,996,998,1002,1004,1006,1008,1010,1013,1016,1017,1020,1024,1028,1030,1032,1035,1038,1041,1042,1044,1046,1048,1052,1054,1055,1057,1058,1059,1062,1063,1065,1067,1069,1073,1075,1078,1081,1083,1086,1089,1092,1094,1096,1099,1102,1104,1106,1108,1111,1115,1118,1120,1121,1123,1124,1125,1129,1132,1135],{"type":287,"name":288,"callback":289,"priority":48,"file":290,"line":291},"action","plugins_loaded","icwp_wpsf_init","icwp-wpsf.php",46,{"type":287,"name":293,"callback":294,"file":290,"line":295},"admin_notices","closure",66,{"type":287,"name":293,"callback":294,"file":297,"line":298},"plugin_compatibility.php",27,{"type":287,"name":300,"callback":294,"file":297,"line":301},"network_admin_notices",28,{"type":287,"name":293,"callback":294,"file":303,"line":304},"plugin_init.php",63,{"type":287,"name":293,"callback":294,"file":303,"line":306},69,{"type":308,"name":309,"callback":294,"priority":28,"file":310,"line":311},"filter","pre_http_request","src\\ActionRouter\\Actions\\Debug\\SimplePluginTests.php",56,{"type":287,"name":313,"callback":294,"priority":314,"file":315,"line":316},"wp_loaded",8,"src\\ActionRouter\\Actions\\MfaLoginVerifyStep.php",17,{"type":287,"name":318,"callback":294,"file":319,"line":320},"admin_menu","src\\ActionRouter\\Actions\\PluginAdmin\\PluginAdminPageHandler.php",29,{"type":287,"name":322,"callback":294,"file":319,"line":323},"network_admin_menu",35,{"type":308,"name":325,"callback":326,"file":319,"line":327},"nocache_headers","adjustNocacheHeaders",41,{"type":308,"name":329,"callback":330,"file":331,"line":332},"wp_robots","wp_robots_sensitive_page","src\\ActionRouter\\Actions\\Render\\FullPage\\Mfa\\Components\\WpLoginReplicaHeader.php",19,{"type":287,"name":334,"callback":335,"file":331,"line":336},"login_head","wp_strict_cross_origin_referrer",22,{"type":287,"name":334,"callback":338,"file":331,"line":339},"wp_login_viewport_meta",31,{"type":308,"name":341,"callback":294,"file":342,"line":28},"shield\u002Fcustom_enqueue_assets","src\\ActionRouter\\Actions\\Render\\FullPage\\Mfa\\WpReplicaLoginIntentPage.php",{"type":308,"name":344,"callback":294,"file":342,"line":345},"shield\u002Fcustom_localisations\u002Fcomponents",13,{"type":287,"name":347,"callback":294,"file":348,"line":349},"apto\u002Fservices\u002Fpre_render_twig","src\\ActionRouter\\Actions\\Render\\PluginAdminPages\\PageRulesSummary.php",38,{"type":287,"name":351,"callback":294,"file":352,"line":201},"rest_api_init","src\\ActionRouter\\CaptureRestApiAction.php",{"type":308,"name":354,"callback":355,"file":356,"line":301},"auto_update_plugin","autoupdate_plugins","src\\Components\\CompCons\\AutoUpdatesCon.php",{"type":308,"name":358,"callback":359,"file":356,"line":320},"auto_update_theme","autoupdate_themes",{"type":308,"name":361,"callback":362,"file":356,"line":363},"auto_update_core","autoupdate_core",30,{"type":308,"name":365,"callback":366,"file":356,"line":367},"auto_core_update_email","autoupdate_email_override",32,{"type":308,"name":369,"callback":366,"file":356,"line":370},"auto_plugin_theme_update_email",33,{"type":287,"name":372,"callback":373,"file":356,"line":374},"set_site_transient_update_core","trackUpdateTimesCore",34,{"type":287,"name":376,"callback":377,"file":356,"line":323},"set_site_transient_update_plugins","trackUpdateTimesPlugins",{"type":287,"name":379,"callback":380,"file":356,"line":381},"set_site_transient_update_themes","trackUpdateTimesThemes",36,{"type":308,"name":383,"callback":384,"file":356,"line":349},"plugins_list","indicateAutoUpdate",{"type":308,"name":386,"callback":387,"file":388,"line":320},"wp_headers","addToHeaders","src\\Components\\CompCons\\HttpHeadersCon.php",{"type":287,"name":390,"callback":391,"file":388,"line":363},"send_headers","sendHeaders",{"type":287,"name":393,"callback":294,"priority":394,"file":395,"line":396},"shield\u002Fpre_snapshot_update",10,"src\\Components\\CompCons\\InstantAlerts\\Handlers\\AlertHandlerAdmins.php",37,{"type":287,"name":313,"callback":294,"file":398,"line":320},"src\\Components\\CompCons\\InstantAlerts\\Handlers\\AlertHandlerFileLocker.php",{"type":287,"name":400,"callback":294,"file":401,"line":320},"shield\u002Fscan_queue_completed","src\\Components\\CompCons\\InstantAlerts\\Handlers\\AlertHandlerVulnerabilities.php",{"type":308,"name":403,"callback":404,"priority":405,"file":406,"line":298},"plugin_row_meta","removePluginMetaLinks",200,"src\\Components\\CompCons\\WhitelabelCon.php",{"type":287,"name":408,"callback":294,"file":409,"line":410},"cli_init","src\\Components\\CompCons\\WpCliCon.php",43,{"type":287,"name":412,"callback":294,"priority":242,"file":413,"line":301},"admin_bar_menu","src\\Controller\\Admin\\AdminBarMenu.php",{"type":287,"name":415,"callback":294,"file":416,"line":417},"wp_dashboard_setup","src\\Controller\\Admin\\DashboardWidget.php",20,{"type":308,"name":403,"callback":419,"priority":420,"file":421,"line":422},"onPluginRowMeta",50,"src\\Controller\\Admin\\PluginsPageSupplements.php",21,{"type":287,"name":424,"callback":294,"priority":425,"file":426,"line":363},"login_enqueue_scripts",1000,"src\\Controller\\Assets\\Enqueue.php",{"type":287,"name":428,"callback":294,"file":426,"line":367},"login_footer",{"type":287,"name":430,"callback":294,"priority":425,"file":426,"line":396},"wp_enqueue_scripts",{"type":287,"name":432,"callback":294,"file":426,"line":433},"wp_footer",39,{"type":287,"name":435,"callback":294,"priority":425,"file":426,"line":436},"admin_enqueue_scripts",44,{"type":287,"name":438,"callback":294,"file":426,"line":439},"admin_footer",48,{"type":287,"name":435,"callback":294,"file":426,"line":441},53,{"type":308,"name":443,"callback":294,"file":426,"line":444},"mailpoet_conflict_resolver_whitelist_script",65,{"type":308,"name":446,"callback":294,"file":426,"line":306},"mailpoet_conflict_resolver_whitelist_style",{"type":287,"name":293,"callback":448,"file":449,"line":450},"adminNoticeDoesNotMeetRequirements","src\\Controller\\Controller.php",308,{"type":287,"name":300,"callback":448,"file":449,"line":452},309,{"type":287,"name":454,"callback":455,"file":449,"line":456},"after_setup_theme","onWpAfterSetupTheme",436,{"type":287,"name":458,"callback":459,"file":449,"line":460},"init","onWpInit",437,{"type":287,"name":313,"callback":462,"priority":174,"file":449,"line":463},"onWpLoaded",438,{"type":287,"name":465,"callback":466,"file":449,"line":467},"admin_init","onWpAdminInit",439,{"type":287,"name":469,"callback":470,"file":449,"line":471},"shutdown","onWpShutdown",440,{"type":308,"name":473,"callback":474,"priority":242,"file":475,"line":476},"wp_mail_from","setMailFrom","src\\Controller\\Email\\EmailCon.php",62,{"type":308,"name":478,"callback":479,"priority":242,"file":475,"line":304},"wp_mail_from_name","setMailFromName",{"type":308,"name":481,"callback":482,"priority":242,"file":475,"line":483},"wp_mail_content_type","setMailContentType",64,{"type":308,"name":485,"callback":486,"priority":242,"file":487,"line":417},"load_textdomain_mofile","onLoadTextdomainMofile","src\\Controller\\I18n\\LoadTextDomain.php",{"type":308,"name":489,"callback":490,"file":491,"line":492},"all_plugins","applyLabels","src\\Controller\\Plugin\\PluginLabels.php",14,{"type":308,"name":494,"callback":495,"file":496,"line":497},"wp_privacy_personal_data_erasers","onWpPrivacyRegisterEraser","src\\Controller\\Privacy\\PrivacyEraser.php",15,{"type":308,"name":499,"callback":500,"file":501,"line":497},"wp_privacy_personal_data_exporters","onWpPrivacyRegisterExporter","src\\Controller\\Privacy\\PrivacyExport.php",{"type":308,"name":503,"callback":504,"priority":394,"file":505,"line":492},"upgrader_post_install","captureMyInstall","src\\Controller\\Updates\\CaptureMyUpgrade.php",{"type":287,"name":507,"callback":508,"priority":394,"file":505,"line":497},"upgrader_process_complete","captureMyUpgrade",{"type":287,"name":510,"callback":294,"priority":394,"file":511,"line":492},"shield\u002Fevent","src\\Events\\EventsListener.php",{"type":287,"name":458,"callback":294,"file":513,"line":439},"src\\Extensions\\BaseExtension.php",{"type":287,"name":515,"callback":294,"priority":394,"file":516,"line":396},"shield\u002Fmodules_configuration","src\\Extensions\\ExtensionsCon.php",{"type":308,"name":518,"callback":294,"file":516,"line":519},"shield\u002Frules\u002Fenum_conditions",60,{"type":308,"name":521,"callback":294,"file":516,"line":522},"shield\u002Frules\u002Fenum_responses",68,{"type":308,"name":524,"callback":294,"file":516,"line":525},"shield\u002Fcollate_rule_builders",76,{"type":308,"name":527,"callback":294,"file":516,"line":528},"shield\u002Frules\u002Fenum_types",84,{"type":287,"name":530,"callback":531,"file":532,"line":28},"post_updated","auditPostUpdated","src\\Modules\\AuditTrail\\Auditors\\BasePosts.php",{"type":287,"name":534,"callback":535,"file":532,"line":201},"deleted_post","auditDeletedPost",{"type":287,"name":537,"callback":538,"priority":363,"file":532,"line":345},"transition_post_status","auditPostStatus",{"type":287,"name":540,"callback":541,"file":542,"line":201},"comment_post","auditNew","src\\Modules\\AuditTrail\\Auditors\\Comments.php",{"type":287,"name":544,"callback":545,"file":542,"line":345},"deleted_comment","auditDelete",{"type":287,"name":547,"callback":548,"file":542,"line":492},"transition_comment_status","auditStatusUpdate",{"type":308,"name":550,"callback":551,"file":552,"line":394},"wp_mail","auditEmailSend","src\\Modules\\AuditTrail\\Auditors\\Emails.php",{"type":287,"name":554,"callback":555,"file":556,"line":381},"activated_plugin","auditActivatedPlugin","src\\Modules\\AuditTrail\\Auditors\\Plugins.php",{"type":287,"name":558,"callback":559,"file":556,"line":396},"deactivated_plugin","auditDeactivatedPlugin",{"type":287,"name":561,"callback":562,"priority":563,"file":556,"line":349},"update_option_active_plugins","auditDeactivatedPluginsPart2",9,{"type":287,"name":507,"callback":565,"priority":394,"file":556,"line":433},"auditInstall",{"type":287,"name":567,"callback":568,"file":556,"line":569},"pre_uninstall_plugin","auditUninstalled",40,{"type":287,"name":571,"callback":568,"file":556,"line":327},"deleted_plugin",{"type":287,"name":507,"callback":573,"priority":394,"file":556,"line":436},"auditUpgrades",{"type":308,"name":503,"callback":575,"priority":394,"file":556,"line":576},"auditUpgrade2",45,{"type":287,"name":507,"callback":565,"priority":394,"file":578,"line":298},"src\\Modules\\AuditTrail\\Auditors\\Themes.php",{"type":287,"name":580,"callback":581,"file":578,"line":301},"switch_theme","auditSwitchTheme",{"type":287,"name":583,"callback":568,"priority":394,"file":578,"line":363},"deleted_theme",{"type":287,"name":507,"callback":573,"priority":394,"file":578,"line":367},{"type":308,"name":503,"callback":575,"priority":394,"file":578,"line":370},{"type":287,"name":587,"callback":588,"file":589,"line":95},"user_register","auditNewUserRegistered","src\\Modules\\AuditTrail\\Auditors\\Users.php",{"type":287,"name":591,"callback":592,"priority":363,"file":589,"line":593},"delete_user","auditDeleteUser",25,{"type":287,"name":595,"callback":294,"file":589,"line":301},"application_password_failed_authentication",{"type":287,"name":597,"callback":294,"file":589,"line":374},"application_password_did_authenticate",{"type":287,"name":599,"callback":600,"priority":363,"file":589,"line":327},"wp_create_application_password","auditAppPasswordNew",{"type":287,"name":602,"callback":603,"file":589,"line":410},"profile_update","captureProfileUpdate",{"type":308,"name":605,"callback":606,"file":589,"line":576},"send_password_change_email","captureUserPasswordUpdate",{"type":287,"name":608,"callback":609,"file":589,"line":291},"wp_set_password","captureUserPasswordSet",{"type":287,"name":611,"callback":612,"file":589,"line":613},"after_password_reset","captureUserPasswordReset",47,{"type":287,"name":615,"callback":616,"file":617,"line":316},"_core_updated_successfully","auditCoreUpdated","src\\Modules\\AuditTrail\\Auditors\\Wordpress.php",{"type":287,"name":313,"callback":294,"file":619,"line":439},"src\\Modules\\AuditTrail\\Lib\\AuditCon.php",{"type":308,"name":621,"callback":622,"file":623,"line":304},"shield\u002Fis_log_traffic","__return_true","src\\Modules\\AuditTrail\\Lib\\LogHandlers\\LocalDbWriter.php",{"type":287,"name":625,"callback":294,"priority":394,"file":626,"line":201},"wp_set_comment_status","src\\Modules\\CommentsFilter\\Scan\\CommentAdditiveCleaner.php",{"type":308,"name":458,"callback":459,"priority":563,"file":628,"line":332},"src\\Modules\\CommentsFilter\\Scan\\CommentSpamCon.php",{"type":308,"name":630,"callback":631,"priority":242,"file":628,"line":301},"comment_notification_recipients","clearCommentNotificationEmail",{"type":308,"name":633,"callback":634,"priority":394,"file":628,"line":367},"pre_comment_user_ip","setCorrectCommentIP",{"type":308,"name":636,"callback":637,"priority":28,"file":638,"line":323},"pre_comment_approved","checkComment","src\\Modules\\CommentsFilter\\Scan\\Scanner.php",{"type":287,"name":540,"callback":640,"priority":563,"file":638,"line":176},"insertExplanation",{"type":287,"name":313,"callback":294,"priority":425,"file":642,"line":410},"src\\Modules\\HackGuard\\Lib\\FileLocker\\FileLockerController.php",{"type":287,"name":507,"callback":294,"priority":394,"file":644,"line":497},"src\\Modules\\HackGuard\\Scan\\Controller\\Wpv.php",{"type":287,"name":571,"callback":294,"priority":394,"file":644,"line":646},18,{"type":287,"name":648,"callback":294,"priority":394,"file":644,"line":422},"load-plugins.php",{"type":287,"name":313,"callback":462,"file":650,"line":651},"src\\Modules\\HackGuard\\Scan\\Queue\\Controller.php",26,{"type":287,"name":438,"callback":294,"file":653,"line":569},"src\\Modules\\HackGuard\\Scan\\Utilities\\PtgAddReinstallLinks.php",{"type":308,"name":344,"callback":294,"priority":394,"file":653,"line":655},49,{"type":287,"name":657,"callback":658,"priority":425,"file":659,"line":569},"pre_current_active_plugins","addVulnerablePluginStatusView","src\\Modules\\HackGuard\\Scan\\Utilities\\WpvAddPluginRows.php",{"type":308,"name":489,"callback":661,"priority":425,"file":659,"line":327},"filterPluginsToView",{"type":308,"name":663,"callback":664,"priority":425,"file":659,"line":665},"views_plugins","addPluginsStatusViewLink",42,{"type":308,"name":667,"callback":668,"priority":425,"file":659,"line":410},"manage_plugins_columns","fCountColumns",{"type":308,"name":663,"callback":664,"priority":425,"file":659,"line":519},{"type":308,"name":671,"callback":294,"priority":425,"file":672,"line":314},"arflite_is_to_validate_spam_filter","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\ArformsLite.php",{"type":287,"name":674,"callback":294,"priority":425,"file":675,"line":394},"caldera_forms_submit_start","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\CalderaForms.php",{"type":308,"name":677,"callback":294,"priority":425,"file":678,"line":314},"wpcf7_spam","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\ContactForm7.php",{"type":308,"name":680,"callback":294,"priority":242,"file":678,"line":201},"wpcf7_display_message",{"type":287,"name":682,"callback":294,"priority":425,"file":683,"line":314},"elementor_pro\u002Fforms\u002Fvalidation","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\ElementorPro.php",{"type":308,"name":685,"callback":294,"priority":425,"file":686,"line":314},"frm_validate_entry","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\FormidableForms.php",{"type":308,"name":688,"callback":294,"priority":425,"file":689,"line":314},"forminator_spam_protection","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Forminator.php",{"type":308,"name":691,"callback":294,"priority":425,"file":692,"line":394},"gform_entry_is_spam","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\GravityForms.php",{"type":308,"name":694,"callback":294,"priority":425,"file":695,"line":314},"groundhogg\u002Fform\u002Fsubmission_handler\u002Fis_spam","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\Groundhogg.php",{"type":308,"name":697,"callback":294,"priority":425,"file":698,"line":314},"happyforms_validate_submission","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\HappyForms.php",{"type":308,"name":700,"callback":294,"priority":425,"file":701,"line":314},"kaliforms_before_form_process","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\KaliForms.php",{"type":308,"name":703,"callback":294,"priority":425,"file":704,"line":301},"ninja_forms_register_actions","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\NinjaForms.php",{"type":308,"name":706,"callback":294,"priority":425,"file":704,"line":370},"ninja_forms_submission_actions",{"type":287,"name":708,"callback":294,"priority":425,"file":709,"line":314},"super_before_sending_email_hook","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\SuperForms.php",{"type":308,"name":711,"callback":294,"priority":425,"file":712,"line":394},"wpsc_before_create_ticket_args","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\SupportCandy.php",{"type":308,"name":714,"callback":294,"priority":425,"file":715,"line":314},"weforms_before_entry_submission","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WeForms.php",{"type":308,"name":717,"callback":294,"priority":425,"file":718,"line":394},"wpforms_process_before_form_data","src\\Modules\\Integrations\\Lib\\Bots\\Spam\\Handlers\\WPForms.php",{"type":308,"name":720,"callback":294,"priority":425,"file":718,"line":646},"wpforms_process_initial_errors",{"type":308,"name":722,"callback":723,"file":724,"line":314},"armember_validate_spam_filter_fields","checkArmemberForm","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\ArmemberLite.php",{"type":287,"name":726,"callback":727,"file":728,"line":314},"bp_signup_validate","checkRegister_BP","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\Buddyboss.php",{"type":287,"name":726,"callback":727,"file":730,"line":314},"src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\Buddypress.php",{"type":308,"name":732,"callback":733,"file":734,"line":314},"rtcl_process_login_errors","checkLogin","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\ClassifiedListing.php",{"type":308,"name":736,"callback":737,"file":734,"line":563},"rtcl_process_registration_errors","checkRegister",{"type":287,"name":739,"callback":737,"file":740,"line":394},"edd_process_register_form","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\EasyDigitalDownloads.php",{"type":308,"name":742,"callback":743,"priority":242,"file":744,"line":314},"learn-press\u002Flogin-validate-field","checkLogin_LP","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\LearnPress.php",{"type":308,"name":746,"callback":747,"priority":242,"file":744,"line":201},"learn-press\u002Fregister-validate-field","checkRegister_LP",{"type":308,"name":749,"callback":750,"priority":242,"file":751,"line":28},"llms_after_user_login_data_validation","checkLogin_LLMS","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\LifterLMS.php",{"type":308,"name":753,"callback":754,"priority":242,"file":751,"line":497},"lifterlms_user_registration_data","checkRegister_LLMS",{"type":308,"name":756,"callback":757,"priority":242,"file":758,"line":28},"mepr-validate-login","checkLogin_MP","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\MemberPress.php",{"type":308,"name":760,"callback":761,"priority":394,"file":758,"line":497},"mepr-validate-signup","checkRegister_MP",{"type":308,"name":763,"callback":764,"priority":242,"file":758,"line":332},"mepr-validate-forgot-password","checkLostPassword_MP",{"type":308,"name":766,"callback":767,"priority":242,"file":768,"line":314},"pms_register_form_validation","checkRegister_PMS","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\PaidMemberSubscriptions.php",{"type":308,"name":770,"callback":771,"priority":242,"file":772,"line":28},"wppb_output_field_errors_filter","checkRegister_PB","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\ProfileBuilder.php",{"type":308,"name":774,"callback":733,"file":775,"line":314},"ppress_login_validation","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\ProfilePress.php",{"type":308,"name":777,"callback":737,"file":775,"line":563},"ppress_registration_validation",{"type":308,"name":779,"callback":733,"priority":242,"file":780,"line":492},"swpm_validate_login_form_submission","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\SimpleMembership.php",{"type":308,"name":782,"callback":737,"priority":242,"file":780,"line":646},"swpm_validate_registration_form_submission",{"type":308,"name":784,"callback":785,"priority":242,"file":780,"line":336},"swpm_validate_pass_reset_form_submission","checkLostPassword",{"type":287,"name":787,"callback":788,"priority":242,"file":789,"line":28},"um_submit_form_login","checkLogin_UM","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\UltimateMember.php",{"type":287,"name":791,"callback":792,"priority":174,"file":789,"line":497},"um_submit_form_register","checkRegister_UM",{"type":287,"name":794,"callback":795,"priority":174,"file":789,"line":332},"um_submit_form_password_reset","checkLostPassword_UM",{"type":308,"name":797,"callback":798,"priority":28,"file":799,"line":314},"woocommerce_process_login_errors","checkLogin_Woo","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\WooCommerce.php",{"type":308,"name":801,"callback":802,"priority":28,"file":799,"line":201},"woocommerce_process_registration_errors","checkRegister_Woo",{"type":287,"name":804,"callback":805,"priority":28,"file":799,"line":806},"woocommerce_after_checkout_validation","checkCheckout_Woo",16,{"type":287,"name":808,"callback":294,"priority":28,"file":799,"line":316},"woocommerce_store_api_cart_errors",{"type":308,"name":810,"callback":811,"priority":394,"file":812,"line":497},"authenticate","checkLogin_WP","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\WordPress.php",{"type":308,"name":814,"callback":815,"priority":394,"file":812,"line":332},"registration_errors","checkRegister_WP",{"type":287,"name":817,"callback":818,"priority":394,"file":812,"line":819},"lostpassword_post","checkLostPassword_WP",23,{"type":287,"name":821,"callback":822,"priority":174,"file":823,"line":28},"wpmem_pre_register_data","checkRegister_WM","src\\Modules\\Integrations\\Lib\\Bots\\UserForms\\Handlers\\WPMembers.php",{"type":287,"name":825,"callback":826,"priority":174,"file":823,"line":497},"wpmem_pwdreset_args","checkLostPassword_WM",{"type":308,"name":828,"callback":294,"priority":417,"file":829,"line":336},"icwp_shield_2fa_skip","src\\Modules\\Integrations\\Lib\\MainWP\\Client\\Actions\\Init.php",{"type":287,"name":831,"callback":294,"priority":394,"file":829,"line":593},"mainwp_child_site_stats",{"type":308,"name":833,"callback":294,"priority":394,"file":829,"line":381},"mainwp_site_sync_others_data",{"type":308,"name":835,"callback":294,"priority":394,"file":829,"line":836},"mainwp_child_extra_execution",67,{"type":287,"name":838,"callback":294,"priority":394,"file":839,"line":497},"mainwp_sync_others_data","src\\Modules\\Integrations\\Lib\\MainWP\\Server\\Data\\SyncHandler.php",{"type":287,"name":841,"callback":294,"priority":394,"file":839,"line":332},"mainwp_site_synced",{"type":308,"name":341,"callback":294,"priority":394,"file":843,"line":316},"src\\Modules\\Integrations\\Lib\\MainWP\\Server\\ExtensionSettingsPage.php",{"type":308,"name":344,"callback":294,"file":843,"line":593},{"type":287,"name":465,"callback":294,"file":846,"line":327},"src\\Modules\\Integrations\\Lib\\MainWP\\Server\\Init.php",{"type":308,"name":848,"callback":294,"file":846,"line":420},"mainwp_sitestable_getcolumns",{"type":308,"name":850,"callback":294,"file":846,"line":311},"mainwp_sitestable_item",{"type":308,"name":852,"callback":294,"file":846,"line":178},"mainwp_getextensions",{"type":308,"name":854,"callback":294,"file":846,"line":27},"pre_update_option_mainwp_extensions",{"type":308,"name":856,"callback":294,"file":846,"line":242},"mainwp_plugins_install_checks",{"type":287,"name":858,"callback":294,"priority":394,"file":846,"line":859},"mainwp_admin_menu",109,{"type":308,"name":861,"callback":294,"priority":242,"file":862,"line":422},"mainwp_header_title","src\\Modules\\Integrations\\Lib\\MainWP\\Server\\MwpExtensionLoader.php",{"type":287,"name":864,"callback":294,"file":865,"line":336},"spammed_comment","src\\Modules\\IPs\\BotTrack\\TrackCommentSpam.php",{"type":287,"name":867,"callback":294,"file":865,"line":410},"unspammed_comment",{"type":308,"name":869,"callback":870,"priority":497,"file":871,"line":95},"robots_txt","appendRobotsTxt","src\\Modules\\IPs\\BotTrack\\TrackLinkCheese.php",{"type":287,"name":432,"callback":873,"priority":29,"file":871,"line":593},"insertMouseTrap",{"type":287,"name":875,"callback":876,"file":871,"line":651},"wp","testCheese",{"type":308,"name":329,"callback":294,"file":871,"line":367},{"type":308,"name":810,"callback":294,"priority":422,"file":879,"line":316},"src\\Modules\\IPs\\BotTrack\\TrackLoginFailed.php",{"type":308,"name":810,"callback":294,"priority":422,"file":881,"line":316},"src\\Modules\\IPs\\BotTrack\\TrackLoginInvalid.php",{"type":287,"name":510,"callback":294,"priority":394,"file":883,"line":646},"src\\Modules\\IPs\\Lib\\Bots\\BotEventListener.php",{"type":287,"name":458,"callback":294,"file":885,"line":651},"src\\Modules\\IPs\\Lib\\Bots\\BotSignalsController.php",{"type":287,"name":432,"callback":294,"file":885,"line":887},134,{"type":287,"name":428,"callback":294,"file":885,"line":889},154,{"type":308,"name":341,"callback":294,"file":891,"line":95},"src\\Modules\\IPs\\Lib\\Bots\\NotBot\\InsertNotBotJs.php",{"type":308,"name":344,"callback":294,"file":891,"line":298},{"type":287,"name":458,"callback":894,"file":895,"line":301},"sendNotBotFlagCookie","src\\Modules\\IPs\\Lib\\Bots\\NotBot\\NotBotHandler.php",{"type":308,"name":897,"callback":294,"file":898,"line":301},"status_header","src\\Modules\\IPs\\Lib\\CrowdSec\\Signals\\EventsToSignals.php",{"type":287,"name":458,"callback":294,"file":900,"line":593},"src\\Modules\\License\\Lib\\LicenseHandler.php",{"type":287,"name":313,"callback":294,"file":900,"line":298},{"type":287,"name":510,"callback":294,"file":903,"line":646},"src\\Modules\\License\\Lib\\WpHashes\\ApiTokenManager.php",{"type":287,"name":458,"callback":459,"file":905,"line":367},"src\\Modules\\LoginGuard\\Lib\\Rename\\RenameLogin.php",{"type":287,"name":313,"callback":462,"priority":28,"file":905,"line":576},{"type":287,"name":908,"callback":909,"priority":29,"file":905,"line":910},"login_init","aLoginFormAction",54,{"type":308,"name":912,"callback":913,"priority":420,"file":905,"line":914},"wp_redirect","fProtectUnauthorizedLoginRedirect",58,{"type":308,"name":916,"callback":917,"priority":417,"file":905,"line":519},"register_url","blockRegisterUrlRedirect",{"type":308,"name":919,"callback":920,"file":905,"line":476},"et_anticipate_exceptions","fAddToEtMaintenanceExceptions",{"type":308,"name":922,"callback":923,"priority":417,"file":905,"line":295},"site_url","fCheckForLoginPhp",{"type":308,"name":925,"callback":923,"priority":417,"file":905,"line":836},"network_site_url",{"type":308,"name":912,"callback":923,"priority":417,"file":905,"line":522},{"type":308,"name":928,"callback":929,"priority":242,"file":930,"line":931},"login_message","__return_empty_string","src\\Modules\\LoginGuard\\Lib\\TwoFactor\\LoginIntentRequestCapture.php",127,{"type":287,"name":458,"callback":459,"file":933,"line":323},"src\\Modules\\LoginGuard\\Lib\\TwoFactor\\MfaController.php",{"type":287,"name":313,"callback":462,"file":933,"line":381},{"type":287,"name":465,"callback":936,"file":933,"line":396},"onAdminInit",{"type":308,"name":928,"callback":938,"priority":28,"file":933,"line":349},"onLoginMessage",{"type":308,"name":940,"callback":294,"priority":394,"file":933,"line":941},"shield\u002Fuser_status_column",113,{"type":287,"name":875,"callback":294,"file":943,"line":320},"src\\Modules\\LoginGuard\\Lib\\TwoFactor\\MfaProfilesController.php",{"type":287,"name":318,"callback":294,"file":943,"line":291},{"type":287,"name":946,"callback":294,"priority":140,"file":943,"line":519},"show_user_profile",{"type":287,"name":948,"callback":294,"file":943,"line":444},"edit_user_profile",{"type":308,"name":341,"callback":294,"priority":394,"file":943,"line":950},78,{"type":308,"name":952,"callback":294,"file":943,"line":528},"shield\u002Fcustom_dequeues",{"type":308,"name":344,"callback":294,"file":943,"line":954},86,{"type":287,"name":458,"callback":294,"file":956,"line":417},"src\\Modules\\Plugin\\Components\\AnonRestApiDisable.php",{"type":308,"name":958,"callback":959,"priority":281,"file":956,"line":336},"rest_authentication_errors","disableAnonymousRestApi",{"type":287,"name":961,"callback":962,"file":963,"line":316},"widgets_init","addPluginBadgeWidget","src\\Modules\\Plugin\\Components\\PluginBadge.php",{"type":308,"name":341,"callback":294,"file":963,"line":363},{"type":287,"name":432,"callback":966,"priority":242,"file":963,"line":339},"printPluginBadge",{"type":287,"name":428,"callback":966,"priority":242,"file":963,"line":367},{"type":308,"name":969,"callback":294,"file":970,"line":320},"site_transient_update_plugins","src\\Modules\\Plugin\\Lib\\AllowBetaUpgrades.php",{"type":308,"name":972,"callback":294,"file":970,"line":363},"pre_set_site_transient_update_plugins",{"type":308,"name":974,"callback":294,"priority":394,"file":975,"line":327},"shield\u002Fcustom_localisations","src\\Modules\\Plugin\\Lib\\AssetsCustomizer.php",{"type":308,"name":977,"callback":978,"priority":28,"file":979,"line":980},"http_request_host_is_external","\\__return_true","src\\Modules\\Plugin\\Lib\\ImportExport\\Import.php",164,{"type":287,"name":982,"callback":294,"file":983,"line":367},"shield\u002Fplugin_activated","src\\Modules\\Plugin\\Lib\\ImportExport\\ImportExportController.php",{"type":287,"name":985,"callback":294,"priority":394,"file":986,"line":422},"shield\u002Fafter_form_submit_options_save","src\\Modules\\Plugin\\Lib\\ImportExport\\NotifyWhitelist.php",{"type":287,"name":510,"callback":294,"file":986,"line":651},{"type":308,"name":341,"callback":294,"file":989,"line":417},"src\\Modules\\Plugin\\Lib\\Merlin\\MerlinController.php",{"type":287,"name":991,"callback":294,"priority":29,"file":992,"line":417},"clear_auth_cookie","src\\Modules\\Plugin\\Lib\\Sessions\\SessionController.php",{"type":308,"name":994,"callback":294,"priority":28,"file":995,"line":298},"site_health_navigation_tabs","src\\Modules\\Plugin\\Lib\\SiteHealthController.php",{"type":287,"name":997,"callback":294,"file":995,"line":349},"site_health_tab_content",{"type":287,"name":999,"callback":294,"file":1000,"line":1001},"before_woocommerce_init","src\\Modules\\Plugin\\ModCon.php",87,{"type":287,"name":458,"callback":459,"file":1000,"line":1003},169,{"type":287,"name":438,"callback":294,"priority":242,"file":1000,"line":1005},171,{"type":287,"name":458,"callback":294,"file":1007,"line":519},"src\\Modules\\Plugin\\Processor.php",{"type":287,"name":458,"callback":294,"file":1007,"line":1009},61,{"type":308,"name":1011,"callback":1012,"file":1007,"line":306},"manage_users_columns","addUserStatusLastLogin",{"type":308,"name":1014,"callback":1012,"file":1007,"line":1015},"wpmu_users_columns",70,{"type":287,"name":587,"callback":294,"file":1007,"line":525},{"type":308,"name":1018,"callback":294,"priority":417,"file":1007,"line":1019},"manage_users_custom_column",143,{"type":308,"name":1021,"callback":1022,"priority":29,"file":1023,"line":492},"user_has_cap","removeCapabilities","src\\Modules\\SecurityAdmin\\Lib\\SecurityAdmin\\Restrictions\\BaseCapabilitiesRestrict.php",{"type":308,"name":1025,"callback":1026,"priority":242,"file":1027,"line":492},"editable_roles","restrictEditableRoles","src\\Modules\\SecurityAdmin\\Lib\\SecurityAdmin\\Restrictions\\Users.php",{"type":308,"name":1021,"callback":1029,"priority":242,"file":1027,"line":497},"restrictAdminUserChanges",{"type":287,"name":591,"callback":1031,"priority":242,"file":1027,"line":806},"restrictAdminUserDelete",{"type":287,"name":1033,"callback":1034,"priority":242,"file":1027,"line":316},"add_user_role","restrictAddUserRole",{"type":287,"name":1036,"callback":1037,"priority":242,"file":1027,"line":646},"remove_user_role","restrictRemoveUserRole",{"type":287,"name":1039,"callback":1040,"priority":242,"file":1027,"line":332},"set_user_role","restrictSetUserRole",{"type":287,"name":1036,"callback":1037,"priority":242,"file":1027,"line":374},{"type":287,"name":1033,"callback":1034,"priority":242,"file":1027,"line":1043},74,{"type":287,"name":1036,"callback":1037,"priority":242,"file":1027,"line":1045},75,{"type":287,"name":1033,"callback":1034,"priority":242,"file":1027,"line":1047},92,{"type":308,"name":1049,"callback":1050,"priority":48,"file":1051,"line":497},"pre_update_option","blockOptionsSaves","src\\Modules\\SecurityAdmin\\Lib\\SecurityAdmin\\Restrictions\\WpOptions.php",{"type":287,"name":465,"callback":294,"file":1053,"line":301},"src\\Modules\\SecurityAdmin\\Lib\\SecurityAdmin\\SecurityAdminController.php",{"type":287,"name":458,"callback":294,"file":1053,"line":339},{"type":287,"name":438,"callback":1056,"file":1053,"line":576},"printPinLoginForm",{"type":287,"name":567,"callback":294,"file":1053,"line":439},{"type":308,"name":344,"callback":294,"file":1053,"line":281},{"type":287,"name":611,"callback":1060,"file":1061,"line":819},"onPasswordReset","src\\Modules\\UserManagement\\Lib\\Password\\UserPasswordHandler.php",{"type":287,"name":313,"callback":462,"file":1061,"line":298},{"type":308,"name":814,"callback":1064,"priority":242,"file":1061,"line":301},"checkPassword",{"type":287,"name":1066,"callback":1064,"priority":242,"file":1061,"line":320},"user_profile_update_errors",{"type":287,"name":1068,"callback":1064,"priority":242,"file":1061,"line":363},"validate_password_reset",{"type":308,"name":1070,"callback":1071,"file":1072,"line":336},"wp_pre_insert_user_data","validateNewUserEmail","src\\Modules\\UserManagement\\Lib\\Registration\\EmailValidate.php",{"type":287,"name":313,"callback":462,"file":1074,"line":593},"src\\Modules\\UserManagement\\Lib\\Session\\UserSessionHandler.php",{"type":308,"name":1076,"callback":1077,"file":1074,"line":651},"wp_login_errors","addLoginMessage",{"type":308,"name":1079,"callback":1080,"priority":242,"file":1074,"line":298},"auth_cookie_expiration","setMaxAuthCookieExpiration",{"type":308,"name":928,"callback":1082,"file":1074,"line":301},"printLinkToAdmin",{"type":308,"name":810,"callback":1084,"file":1085,"line":646},"checkUser","src\\Modules\\UserManagement\\Lib\\Suspend\\Base.php",{"type":287,"name":948,"callback":1087,"priority":48,"file":1088,"line":476},"addUserBlockOption","src\\Modules\\UserManagement\\Lib\\Suspend\\UserSuspendController.php",{"type":287,"name":1090,"callback":1091,"file":1088,"line":304},"edit_user_profile_update","handleUserSuspendOptionSubmit",{"type":287,"name":1093,"callback":294,"file":1088,"line":295},"load-users.php",{"type":308,"name":940,"callback":294,"priority":394,"file":1088,"line":1095},71,{"type":308,"name":1097,"callback":294,"file":1088,"line":1098},"users_list_table_query_args",115,{"type":308,"name":1100,"callback":294,"file":1088,"line":1101},"views_users",158,{"type":308,"name":1021,"callback":294,"file":1103,"line":394},"src\\Rules\\Responses\\DisableFileEditing.php",{"type":287,"name":351,"callback":294,"priority":425,"file":1105,"line":497},"src\\Rules\\Responses\\DisableRestApiRequest.php",{"type":308,"name":958,"callback":1107,"file":1105,"line":806},"disableRestApi",{"type":308,"name":1109,"callback":294,"file":1110,"line":394},"shield\u002Fis_trusted_request","src\\Rules\\Responses\\MarkRequestAsTrustedService.php",{"type":308,"name":1112,"callback":1113,"file":1114,"line":314},"shield\u002Fis_ip_blocked_auto","__return_false","src\\Rules\\Responses\\PreventShieldIpAutoBlock.php",{"type":308,"name":621,"callback":1116,"file":1117,"line":394},"anonymous","src\\Rules\\Responses\\SetRequestToBeLogged.php",{"type":287,"name":458,"callback":294,"file":1119,"line":806},"src\\Rules\\Responses\\UserSessionRotateAuthCookies.php",{"type":308,"name":1079,"callback":1116,"file":1119,"line":441},{"type":287,"name":293,"callback":294,"file":1122,"line":593},"src\\Utilities\\AdminNotices\\Controller.php",{"type":287,"name":300,"callback":294,"file":1122,"line":651},{"type":308,"name":928,"callback":294,"file":1122,"line":298},{"type":287,"name":1126,"callback":1127,"file":1128,"line":191},"wp_login","onWpLogin","src\\Utilities\\Consumer\\WpLoginCapture.php",{"type":287,"name":1130,"callback":1131,"priority":174,"file":1128,"line":13},"set_logged_in_cookie","onWpSetLoggedInCookie",{"type":287,"name":293,"callback":1133,"file":1134,"line":174},"icwp_wpsf_unsupported_php","unsupported.php",{"type":287,"name":300,"callback":1133,"file":1134,"line":1136},6,[1138,1143],{"action":1139,"nopriv":1140,"callback":1141,"hasNonce":1142,"hasCapCheck":1142,"file":556,"line":665},"edit-theme-plugin-file",false,"auditEditedFile",true,{"action":1139,"nopriv":1140,"callback":1141,"hasNonce":1142,"hasCapCheck":1142,"file":578,"line":320},[],[1146,1148,1152],{"tag":1147,"callback":294,"file":943,"line":593},"SHIELD_USER_PROFILE_MFA",{"tag":1149,"callback":1150,"file":1151,"line":422},"SHIELD_BADGE","renderBadge","src\\Modules\\Plugin\\Components\\BadgeWidget.php",{"tag":1149,"callback":294,"file":963,"line":646},[],{"dangerousFunctions":1155,"sqlUsage":1177,"outputEscaping":1180,"fileOperations":613,"externalRequests":222,"nonceChecks":253,"capabilityChecks":222,"bundledLibraries":1246},[1156,1161,1165,1168,1173],{"fn":1157,"file":1158,"line":1159,"context":1160},"proc_open","vendor_prefixed\\monolog\\monolog\\src\\Monolog\\Handler\\ProcessHandler.php",116,"$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);",{"fn":1162,"file":1163,"line":836,"context":1164},"shell_exec","vendor_prefixed\\monolog\\monolog\\src\\Monolog\\Processor\\GitProcessor.php","$branches = shell_exec('git branch -v --no-abbrev');",{"fn":1162,"file":1166,"line":295,"context":1167},"vendor_prefixed\\monolog\\monolog\\src\\Monolog\\Processor\\MercurialProcessor.php","$result = explode(' ', trim((string) shell_exec('hg id -nb')));",{"fn":1169,"file":1170,"line":1171,"context":1172},"unserialize","vendor_prefixed\\symfony\\config\\ResourceCheckerConfigCache.php",167,"$meta = unserialize($content);",{"fn":1169,"file":1174,"line":1175,"context":1176},"vendor_prefixed\\twig\\twig\\src\\Profiler\\Profile.php",163,"$this->__unserialize(unserialize($data));",{"prepared":1178,"raw":29,"locations":1179},82,[],{"escaped":176,"rawEcho":349,"locations":1181},[1182,1184,1185,1186,1187,1189,1191,1193,1195,1197,1198,1199,1201,1202,1203,1204,1206,1208,1209,1210,1211,1213,1214,1216,1218,1220,1222,1224,1225,1226,1228,1230,1233,1236,1238,1240,1242,1244],{"file":290,"line":836,"context":1183},"raw output",{"file":297,"line":323,"context":1183},{"file":303,"line":483,"context":1183},{"file":303,"line":1015,"context":1183},{"file":1188,"line":349,"context":1183},"src\\ActionRouter\\Actions\\FullPageDisplay\\BaseFullPageDisplay.php",{"file":319,"line":1190,"context":1183},132,{"file":1192,"line":492,"context":1183},"src\\ActionRouter\\Actions\\PluginDumpTelemetry.php",{"file":1194,"line":345,"context":1183},"src\\ActionRouter\\Actions\\PluginImportExport_HandshakeConfirm.php",{"file":331,"line":1196,"context":1183},142,{"file":416,"line":339,"context":1183},{"file":421,"line":819,"context":1183},{"file":1200,"line":819,"context":1183},"src\\Controller\\Ajax\\Response.php",{"file":653,"line":436,"context":1183},{"file":659,"line":613,"context":1183},{"file":862,"line":95,"context":1183},{"file":871,"line":1205,"context":1183},80,{"file":943,"line":1207,"context":1183},52,{"file":943,"line":1009,"context":1183},{"file":943,"line":522,"context":1183},{"file":1151,"line":339,"context":1183},{"file":963,"line":1212,"context":1183},51,{"file":995,"line":569,"context":1183},{"file":1000,"line":1215,"context":1183},173,{"file":1053,"line":1217,"context":1183},192,{"file":1088,"line":1219,"context":1183},190,{"file":1221,"line":370,"context":1183},"src\\Render\\RenderService.php",{"file":1223,"line":367,"context":1183},"src\\Tests\\VerifyActions.php",{"file":1122,"line":522,"context":1183},{"file":1134,"line":497,"context":1183},{"file":1227,"line":492,"context":1183},"vendor_prefixed\\autoload.php",{"file":1229,"line":332,"context":1183},"vendor_prefixed\\composer\\platform_check.php",{"file":1231,"line":1232,"context":1183},"vendor_prefixed\\monolog\\monolog\\src\\Monolog\\Handler\\BrowserConsoleHandler.php",129,{"file":1234,"line":1235,"context":1183},"vendor_prefixed\\twig\\twig\\src\\Template.php",133,{"file":1234,"line":1237,"context":1183},151,{"file":1234,"line":1239,"context":1183},328,{"file":1241,"line":1015,"context":1183},"vendor_prefixed\\twig\\twig\\src\\TemplateWrapper.php",{"file":1243,"line":405,"context":1183},"vendor_prefixed\\twig\\twig\\src\\Test\\IntegrationTestCase.php",{"file":1243,"line":1245,"context":1183},201,[1247],{"name":1248,"version":38,"knownCves":1249},"DataTables",[],[],{"summary":1252,"deductions":1253},"The wp-simple-firewall plugin, version 21.2.6, presents a mixed security posture.  On the positive side, the plugin has a relatively small attack surface with all identified entry points secured by authentication checks.  Furthermore, all SQL queries utilize prepared statements, which is a strong defense against SQL injection vulnerabilities.  The taint analysis also shows no identified flows with unsanitized paths, indicating a good level of input sanitization and handling in the analyzed code paths.\n\nHowever, several concerns are raised by the static analysis and vulnerability history. The presence of dangerous functions like `proc_open` and `shell_exec` warrants caution, as their misuse can lead to remote code execution. While the taint analysis didn't flag issues, these functions are inherently risky if not handled with extreme care.  The output escaping is only 70% proper, meaning there's a risk of cross-site scripting (XSS) vulnerabilities in the remaining 30% of outputs. The plugin's history of 11 known CVEs, including a past critical vulnerability and multiple high and medium severity issues, is a significant red flag. The types of past vulnerabilities, such as SQL Injection, Authorization Bypass, CSRF, PHP Remote File Inclusion, and XSS, suggest recurring security weaknesses that require constant vigilance and robust patching.\n\nIn conclusion, while the current version shows improvements in input handling and SQL security, the historical vulnerability pattern and the presence of dangerous functions indicate that this plugin requires careful monitoring. The 70% proper output escaping is an area of immediate concern for potential XSS flaws. Users should be aware of the plugin's past security issues and ensure it is always updated to the latest version to mitigate known risks.",[1254,1256,1258,1260,1262,1264],{"reason":1255,"points":174},"Output escaping only 70% proper",{"reason":1257,"points":222},"Presence of dangerous functions (proc_open, shell_exec)",{"reason":1259,"points":394},"Significant vulnerability history (11 CVEs)",{"reason":1261,"points":140},"Past critical severity vulnerability",{"reason":1263,"points":1136},"Past high severity vulnerabilities (2)",{"reason":1265,"points":222},"Past medium severity vulnerabilities (8)","2026-03-16T17:21:18.942Z",{"wat":1268,"direct":1277},{"assetPaths":1269,"generatorPatterns":1272,"scriptPaths":1273,"versionParams":1274},[1270,1271],"\u002Fwp-content\u002Fplugins\u002Fwp-simple-firewall\u002Fassets\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fwp-simple-firewall\u002Fassets\u002Fjs\u002Fpassword-toggle.js",[],[1271],[1275,1276],"wp-simple-firewall\u002Fassets\u002Fcss\u002Flogin.css?ver=","wp-simple-firewall\u002Fassets\u002Fjs\u002Fpassword-toggle.js?ver=",{"cssClasses":1278,"htmlComments":1281,"htmlAttributes":1283,"restEndpoints":1285,"jsGlobals":1287,"shortcodeOutput":1290},[1279,1280],"shield-login-form","shield-login-logo",[1282],"\u003C!-- Shield Security Login Override -->",[1284],"data-shield-ajax-nonce",[1286],"\u002Fwp-json\u002Fshield\u002Fv1\u002Fauth\u002Flogin",[1288,1289],"ShieldConfig","ShieldVars",[1291],"[shield_user_account_menu]"]