[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5aBYENj9Wt2hCCm0dCgDlYp2WjHb6pHUtVlwy0GCKUc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":132,"fingerprints":365},"wpscan","WPScan – WordPress Security Scanner","1.16","ethicalhack3r","https:\u002F\u002Fprofiles.wordpress.org\u002Fethicalhack3r\u002F","\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong> This plugin is no longer actively supported for non-enterprise customers. \u003Cstrong>We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack-protect\u002F\" rel=\"ugc\">Jetpack Protect\u003C\u002Fa>\u003C\u002Fstrong> – a free security plugin for WordPress that leverages the extensive database of WPScan. Jetpack Protect scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.\u003C\u002Fp>\n\u003Cp>The WPScan WordPress security plugin is unique in that it uses its own manually curated \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">WPScan WordPress Vulnerability Database\u003C\u002Fa>. The vulnerability database has been around since 2014 and is updated on a daily basis by dedicated WordPress security specialists and the community at large. The database includes more than 21,000 known security vulnerabilities. The plugin uses this database to scan for \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fwordpresses\" rel=\"nofollow ugc\">WordPress vulnerabilities\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fplugins\" rel=\"nofollow ugc\">plugin vulnerabilities\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fthemes\" rel=\"nofollow ugc\">theme vulnerabilities\u003C\u002Fa>, and has the options to schedule automated daily scans and to send email notifications.\u003C\u002Fp>\n\u003Cp>WPScan has a Free API plan that should be suitable for most WordPress websites, however, also has paid plans for users who may need more API calls. To use the WPScan WordPress Security Plugin you will need to use a free API token by \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">registering here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The Free plan allows 25 API requests per day. View the different available \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fapi\" rel=\"nofollow ugc\">API plans\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>How many API requests do you need?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.\u003C\u002Fli>\n\u003Cli>On average, a WordPress website has 22 installed plugins.\u003C\u002Fli>\n\u003Cli>The Free plan should cover around 50% of all WordPress websites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Checks\u003C\u002Fh4>\n\u003Cp>The WPScan WordPress Security Plugin will also check for other security issues, which do not require an API token, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check for debug.log files\u003C\u002Fli>\n\u003Cli>Check for wp-config.php backup files\u003C\u002Fli>\n\u003Cli>Check if XML-RPC is enabled\u003C\u002Fli>\n\u003Cli>Check for code repository files\u003C\u002Fli>\n\u003Cli>Check if default secret keys are used\u003C\u002Fli>\n\u003Cli>Check for exported database files\u003C\u002Fli>\n\u003Cli>Weak passwords\u003C\u002Fli>\n\u003Cli>HTTPS enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What does the plugin do?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scans for known WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities;\u003C\u002Fli>\n\u003Cli>Does additional security checks;\u003C\u002Fli>\n\u003Cli>Shows an icon on the Admin Toolbar with the total number of security vulnerabilities found;\u003C\u002Fli>\n\u003Cli>Notifies you by mail when new security vulnerabilities are found.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002F\" rel=\"nofollow ugc\">WPScan WordPress Vulnerability Database\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fwordpress-security-scanner\" rel=\"nofollow ugc\">WPScan WordPress Security Scanner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002F_wpscan_\" rel=\"nofollow ugc\">WPScan Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","WPScan WordPress Security Scanner - Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.",9000,266474,76,28,"2026-01-12T13:09:00.000Z","6.9.4","3.4","5.5",[20,21,22,4,23],"hack","security","vulnerability","wpvulndb","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpscan\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpscan.1.16.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,94,"2026-04-04T00:52:32.591Z",[37,54,72,91,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":48,"requires_at_least":17,"requires_php":43,"tags":49,"homepage":51,"download_link":52,"security_score":53,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"whook-security","Whook Security","1.3","darteweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarteweb\u002F","","Our plugin Scans other plugins vulnerabilities listed in the WPScan Database of vulnerabilities.",10,1534,"2018-04-12T12:50:00.000Z","4.9.29",[20,50,21,22,4],"scan","http:\u002F\u002Fwww.darteweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhook-security.1.3.zip",85,{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":26,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":17,"requires_php":43,"tags":67,"homepage":43,"download_link":71,"security_score":53,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gauntlet-security","Gauntlet Security","1.4.1","Cornelius Bergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbergen\u002F","\u003Cp>Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, plugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue.\u003C\u002Fp>\n\u003Cp>How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins.\u003C\u002Fp>\n\u003Cp>Checks and recommendations include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set correct file and directory permissions\u003C\u002Fli>\n\u003Cli>Turn off directory indexing\u003C\u002Fli>\n\u003Cli>Prevent code execution in the uploads directory\u003C\u002Fli>\n\u003Cli>Block files in the includes directory\u003C\u002Fli>\n\u003Cli>Prevent access to stray files which could be useful to attackers\u003C\u002Fli>\n\u003Cli>Keep PHP up-to-date\u003C\u002Fli>\n\u003Cli>Disable dangerous PHP functions\u003C\u002Fli>\n\u003Cli>Disable allow_url_include and allow_url_fopen PHP flags\u003C\u002Fli>\n\u003Cli>Turn off the display of PHP errors\u003C\u002Fli>\n\u003Cli>Don’t advertise the PHP version you are running\u003C\u002Fli>\n\u003Cli>Use a strong database password\u003C\u002Fli>\n\u003Cli>Change the default database table prefix\u003C\u002Fli>\n\u003Cli>Keep WordPress up-to-date\u003C\u002Fli>\n\u003Cli>Turn off file editing in the control panel\u003C\u002Fli>\n\u003Cli>Set security keys in WP-Config file\u003C\u002Fli>\n\u003Cli>Don’t advertise the WordPress version you are running\u003C\u002Fli>\n\u003Cli>Turn off self-registration\u003C\u002Fli>\n\u003Cli>Force SSL when accessing the admin area\u003C\u002Fli>\n\u003Cli>Review the development activity and reputation of all plugins\u003C\u002Fli>\n\u003Cli>Remove unused themes from the server\u003C\u002Fli>\n\u003Cli>Rename the plugin directory\u003C\u002Fli>\n\u003Cli>Move the active theme to an alternate location\u003C\u002Fli>\n\u003Cli>Do not use TimThumb\u003C\u002Fli>\n\u003Cli>Do not use common user names (such as “admin”)\u003C\u002Fli>\n\u003Cli>Do not use weak passwords\u003C\u002Fli>\n\u003Cli>Do not have a user with an ID = 1\u003C\u002Fli>\n\u003Cli>Minimize the number of admin users\u003C\u002Fli>\n\u003Cli>Users should not display their login usernames publicly\u003C\u002Fli>\n\u003Cli>Prevent username enumeration through standard author URLs\u003C\u002Fli>\n\u003Cli>…more tests planned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the \u003Ca href=\"screenshots\" rel=\"nofollow ugc\">screenshots\u003C\u002Fa> for more detail on some of the above features.\u003C\u002Fp>\n\u003Cp>Many of these security checks are based on recommendations from the WordPress codex: https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in-depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Apache web server\u003C\u002Fli>\n\u003Cli>WordPress 3.4 minimum\u003C\u002Fli>\n\u003Cli>PHP 5.2.7 minimum\u003C\u002Fli>\n\u003C\u002Ful>\n","Performs a detailed security analysis of your WordPress installation. Provides specific instructions on how to make your site more secure.",70,8052,8,"2016-07-19T02:06:00.000Z","4.6.30",[68,69,70,21,22],"exploit","hacks","secure","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgauntlet-security.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":43,"requires_at_least":85,"requires_php":43,"tags":86,"homepage":43,"download_link":90,"security_score":53,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"n0wpscan","N0WPScan","5.6","GeekParadize","https:\u002F\u002Fprofiles.wordpress.org\u002Fwartraxx93\u002F","\u003Cp>We love security testing, we do it! We love WPSCAN, we use it! However we don’t love people abusing WPSCAN and other automated methods to try and gain access to WordPress sites through known and often easy vulnerabilities. N0WPScan is not a silver bullet, but it will stop unskilled attackers, bots and automated attacks which account for over 90% of all WordPress breaches. The other 10% can be offset with a good firewall, IDS and NSM services. Server load will also be lower and sites faster as this tool will prevent a lot of WordPress related automated testing.\u003C\u002Fp>\n\u003Cp>[!] You can prevent most of the common attacks simply by keeping plugins, themes and the core WordPress framework updated\u003C\u002Fp>\n\u003Cp>Benefits\u003Cbr \u002F>\n*   Disables access to admin for everyone except admins and editors\u003Cbr \u002F>\n*   Disables the use of WPScan, a tool commonly used by hackers to attack WordPress, also blocks other automated WP scanners\u003Cbr \u002F>\n*   Blocks hackers from scanning your website for admin users, vulnerable themes, vulnerable plugins and exposed files\u003Cbr \u002F>\n*   Reduces the load on your server\u003Cbr \u002F>\n*   Prevents access to sensitive files\u003C\u002Fp>\n","Secure your Wordpress of WPScan Prevent hackers using WPScan to find vulnerabilities in your site, disable this plugin when you are security testing o …",40,3536,80,2,"2020-01-15T19:40:00.000Z","5.2",[87,88,89,21,4],"firewall","hackers","scanning","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fn0wpscan.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":16,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":109,"download_link":110,"security_score":111,"vuln_count":112,"unpatched_count":27,"last_vuln_date":113,"fetched_at":29},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.3","7.4",[107,21,108,4],"fail2ban","user-enumeration","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",91,6,"2025-06-26 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":101,"num_ratings":124,"last_updated":125,"tested_up_to":16,"requires_at_least":126,"requires_php":75,"tags":127,"homepage":130,"download_link":131,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"patchstack","Patchstack – WordPress & Plugins Security","2.3.5","Patchstack","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatchstack\u002F","\u003Cp>Patchstack is a powerful tool that helps identify security vulnerabilities within your websites’ plugins, themes, and WordPress core. It is powered by the WordPress ecosystem’s most active community of ethical hackers. Patchstack is trusted by leading WordPress experts such as Pagely, Cloudways, GridPane, Plesk, and others!\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fz2nuYpg26Vc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Patchstack is a security plugin for WordPress that finds WP core, plugin and theme vulnerabilities in your websites.\u003C\u002Fp>\n\u003Cp>The free version includes up to 48-hour early warning for new vulnerabilities found by our security research community. It also allows you to automatically update vulnerable software, manage updates remotely, and get snapshot reports on your sites’ security status.\u003C\u002Fp>\n\u003Cp>The paid version includes automatic vulnerability protection. Patchstack deploys highly targeted rules on a per-site basis, only when a specific vulnerability is detected on a site.\u003C\u002Fp>\n\u003Cp>This prevents vulnerable components from being exploited without modifying website code, or impacting site performance or functionality. Patchstack’s paid version includes access to 12,000+ individual protection rules (vPatches).\u003C\u002Fp>\n\u003Cp>Patchstack paid version also includes other preventive security features, such as 2 factor authentication, WordPress specific hardening rules, a Community IP blocklist for malicious IP addresses, advanced security settings, and custom protection rules.\u003C\u002Fp>\n\u003Ch3>Post-hack cleanups vs attack prevention in WordPress security\u003C\u002Fh3>\n\u003Cp>Unlike the standard approach to WordPress security (malware scanning and infection cleanups), Patchstack is focused on preventing infections in the first place.\u003C\u002Fp>\n\u003Cp>Thanks to its big WordPress security research community and partnerships with nearly one thousand plugin vendors and developers, Patchstack is regularly among the first to identify new vulnerabilities.\u003C\u002Fp>\n\u003Ch3>Who is Patchstack’s WordPress security plugin for?\u003C\u002Fh3>\n\u003Cp>Patchstack’s vulnerability management works extremely well for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Agencies with WordPress care\u002Fmaintenance plans for their customers’ websites\u003C\u002Fli>\n\u003Cli>WooCommerce websites to protect their revenue and customers from attacks\u003C\u002Fli>\n\u003Cli>Hosting companies that want to deliver highly targeted vulnerability protection easily and at scale\u003Cbr \u002F>\nWebsite owners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You don’t have to be highly technical to use it. Install the plugin, connect it with the Patchstack App, and stay safe!\u003C\u002Fp>\n\u003Ch3>What features are included in the Patchstack Personal (Free) plan?\u003C\u002Fh3>\n\u003Cp>Patchstack’s Personal plan is a free security service for WordPress that lets you find and manage vulnerabilities in your websites. It includes access to a central security dashboard via the Patchstack web App for more visibility and control over your sites’ security:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Be the first to know about new vulnerabilities.\u003C\u002Fli>\n\u003Cli>Receive notifications if any installed plugins or themes have security issues.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress plugins.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress themes.\u003C\u002Fli>\n\u003Cli>Detect the latest security vulnerabilities in WordPress core.\u003C\u002Fli>\n\u003Cli>Receive real-time alerts via email if any security vulnerabilities are found.\u003C\u002Fli>\n\u003Cli>Manage core, plugin and theme updates from a single dashboard.\u003C\u002Fli>\n\u003Cli>[Optional] Enable automatic updates for vulnerable plugins only.\u003C\u002Fli>\n\u003Cli>Generate snapshot reports about the security status of your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What features do Patchstack paid subscriptions have?\u003C\u002Fh3>\n\u003Cp>Patchstack’s paid subscriptions include automatic protection for WordPress vulnerabilities, as well as other protection modules.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Virtual patching to prevent vulnerable components from being exploited\u003C\u002Fli>\n\u003Cli>Advanced hardening module for added WordPress security\u003C\u002Fli>\n\u003Cli>Remote hardening settings (including .httacess, login protection and reCAPTCHA)\u003C\u002Fli>\n\u003Cli>Community IP Blocklist of known attacker IP addresses\u003Cbr \u002F>\nAll of these features are included in the Developer and Enterprise plans.\u003Cbr \u002F>\nAdditionally, Developer and Enterprise plan users have access to custom protection rule creation, periodical security reports and report scheduling.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Personal (Free) plan users can enable these features on a per-site basis for $5 \u002F site per month.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\" rel=\"nofollow ugc\">Patchstack website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\" rel=\"nofollow ugc\">Help Center\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.patchstack.com\u002Fpatchstack-plugin\u002Fchangelog\u002F\" rel=\"nofollow ugc\">Changelog\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\" rel=\"nofollow ugc\">Patchstack Vulnerability Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what our customers say about our paid plans:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“An excellent and valuable service that’s backed by a company that contributes a significant number of resources and money directly back to the WordPress ecosystem.” – John Blackbourn  \u003C\u002Fli>\n\u003Cli>“Patchstack is like CrowdStrike, but for websites!” – Ryan McCue, HumanMade  \u003C\u002Fli>\n\u003Cli>“The service here is superb! And they are always right on it with the best solution to solve the problem or question at hand. The tool itself speaks for itself. I am very satisfied with this project and the service they offer.” – Daniel Canup  \u003C\u002Fli>\n\u003Cli>“This is a security plugin everyone needs to install. The Patchstack team are incredible at what they do. We have been using them for years and have not been disappointed!” – @craniumstudio  \u003C\u002Fli>\n\u003Cli>“We’ve been with Patchstack for a LONG time (even before they were Patchstack). It has always done its job seamlessly and without fail. Ongoing innovation and updates to the Patchstack product mean this plugin is a winner. 5 stars all the way.” – @guapx  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*Comparisons are made by evaluating paid versions.)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsucuri-alternative\u002F\" rel=\"nofollow ugc\">Sucuri vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fwordfence-alternative\u002F\" rel=\"nofollow ugc\">Wordfence vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fmalcare-alternative\u002F\" rel=\"nofollow ugc\">Malcare vs. Patchstack\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fsitelock-alternative\u002F\" rel=\"nofollow ugc\">Sitelock vs. Patchstack\u003C\u002Fa>\u003C\u002Fp>\n","Patchstack automatically identifies and mitigates security vulnerabilities in WordPress plugins, themes, and core.",40000,554865,61,"2026-01-06T14:10:00.000Z","4.4",[87,21,128,129,22],"virtual-patching","vulnerabilities","https:\u002F\u002Fpatchstack.com\u002F?utm_medium=wp&utm_source=dashboard&utm_campaign=patchstack%20plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpatchstack.2.3.5.zip",{"attackSurface":133,"codeSignals":228,"taintFlows":355,"riskAssessment":356,"analyzedAt":364},{"hooks":134,"ajaxHandlers":208,"restRoutes":224,"shortcodes":225,"cronEvents":226,"entryPointCount":227,"unprotectedCount":27},[135,141,146,150,154,158,161,164,167,170,175,177,179,184,188,190,192,194,196,198,199,205],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_init","add_account_summary_meta_box","app\\Account.php",27,{"type":136,"name":142,"callback":143,"file":144,"line":145},"admin_notices","display_errors","app\\Checks\\System.php",53,{"type":136,"name":147,"callback":148,"file":144,"line":149},"plugins_loaded","load_checks",55,{"type":136,"name":151,"callback":152,"file":144,"line":153},"admin_enqueue_scripts","admin_enqueue",56,{"type":136,"name":155,"callback":156,"file":157,"line":140},"wp_dashboard_setup","add_dashboard_widgets","app\\Dashboard.php",{"type":136,"name":137,"callback":137,"file":159,"line":160},"app\\ignoreVulnerabilities.php",31,{"type":136,"name":137,"callback":162,"file":159,"line":163},"add_meta_box_ignore_vulnerabilities",32,{"type":136,"name":137,"callback":137,"file":165,"line":166},"app\\Notification.php",34,{"type":136,"name":137,"callback":168,"file":165,"line":169},"add_meta_box_notification",35,{"type":136,"name":171,"callback":172,"file":173,"line":174},"admin_menu","menu","app\\Plugin.php",84,{"type":136,"name":142,"callback":176,"file":173,"line":53},"protect_notify",{"type":136,"name":151,"callback":152,"file":173,"line":178},86,{"type":136,"name":180,"callback":181,"priority":182,"file":173,"line":183},"admin_bar_menu","admin_bar",65,87,{"type":136,"name":185,"callback":186,"file":173,"line":187},"in_admin_header","deactivate_screen",90,{"type":136,"name":137,"callback":189,"file":173,"line":34},"api_token_from_constant",{"type":136,"name":171,"callback":172,"file":191,"line":163},"app\\Report.php",{"type":136,"name":171,"callback":172,"file":193,"line":14},"app\\Settings.php",{"type":136,"name":137,"callback":137,"file":193,"line":195},29,{"type":136,"name":142,"callback":197,"file":193,"line":33},"got_api_token",{"type":136,"name":151,"callback":152,"file":193,"line":160},{"type":200,"name":201,"callback":202,"file":203,"line":204},"filter","site_status_tests","add_site_health_tests","app\\SiteHealth.php",26,{"type":136,"name":137,"callback":206,"file":207,"line":204},"add_meta_box_summary","app\\Summary.php",[209,215,218,221],{"action":210,"nopriv":211,"callback":212,"hasNonce":213,"hasCapCheck":213,"file":144,"line":214},"wpscan_check_action",false,"handle_actions",true,57,{"action":216,"nopriv":211,"callback":217,"hasNonce":213,"hasCapCheck":211,"file":173,"line":111},"wpscan_dismiss_protect_notice","ajax_wpscan_dismiss_protect_notice",{"action":219,"nopriv":211,"callback":220,"hasNonce":213,"hasCapCheck":213,"file":207,"line":140},"wpscan_check_now","ajax_check_now",{"action":222,"nopriv":211,"callback":223,"hasNonce":213,"hasCapCheck":213,"file":207,"line":33},"wpscan_security_check_now","ajax_security_check_now",[],[],[],4,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":236,"fileOperations":83,"externalRequests":352,"nonceChecks":353,"capabilityChecks":112,"bundledLibraries":354},[],{"prepared":27,"raw":32,"locations":231},[232],{"file":233,"line":234,"context":235},"uninstall.php",11,"$wpdb->get_results() with variable interpolation",{"escaped":237,"rawEcho":238,"locations":239},96,59,[240,243,245,247,249,251,253,255,257,259,261,263,265,266,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,322,323,324,326,328,330,331,333,335,337,338,340,342,344,346,348,350],{"file":139,"line":241,"context":242},149,"raw output",{"file":139,"line":244,"context":242},152,{"file":139,"line":246,"context":242},153,{"file":139,"line":248,"context":242},158,{"file":144,"line":250,"context":242},157,{"file":144,"line":252,"context":242},224,{"file":157,"line":254,"context":242},79,{"file":159,"line":256,"context":242},182,{"file":165,"line":258,"context":242},126,{"file":165,"line":260,"context":242},138,{"file":165,"line":262,"context":242},155,{"file":165,"line":264,"context":242},156,{"file":165,"line":250,"context":242},{"file":165,"line":248,"context":242},{"file":165,"line":268,"context":242},159,{"file":165,"line":270,"context":242},160,{"file":165,"line":272,"context":242},161,{"file":165,"line":274,"context":242},162,{"file":165,"line":276,"context":242},163,{"file":165,"line":278,"context":242},164,{"file":165,"line":280,"context":242},165,{"file":165,"line":282,"context":242},177,{"file":165,"line":284,"context":242},188,{"file":191,"line":286,"context":242},192,{"file":193,"line":288,"context":242},209,{"file":193,"line":290,"context":242},211,{"file":193,"line":292,"context":242},213,{"file":193,"line":294,"context":242},244,{"file":193,"line":296,"context":242},255,{"file":193,"line":298,"context":242},260,{"file":193,"line":300,"context":242},288,{"file":193,"line":302,"context":242},291,{"file":193,"line":304,"context":242},319,{"file":193,"line":306,"context":242},322,{"file":193,"line":308,"context":242},348,{"file":193,"line":310,"context":242},366,{"file":193,"line":312,"context":242},398,{"file":193,"line":314,"context":242},407,{"file":207,"line":316,"context":242},78,{"file":207,"line":318,"context":242},81,{"file":207,"line":320,"context":242},83,{"file":207,"line":53,"context":242},{"file":207,"line":183,"context":242},{"file":207,"line":26,"context":242},{"file":207,"line":325,"context":242},102,{"file":207,"line":327,"context":242},111,{"file":207,"line":329,"context":242},137,{"file":207,"line":260,"context":242},{"file":332,"line":234,"context":242},"views\\report.php",{"file":332,"line":334,"context":242},52,{"file":332,"line":336,"context":242},54,{"file":332,"line":124,"context":242},{"file":332,"line":339,"context":242},89,{"file":332,"line":341,"context":242},95,{"file":332,"line":343,"context":242},107,{"file":332,"line":345,"context":242},136,{"file":332,"line":347,"context":242},140,{"file":332,"line":349,"context":242},151,{"file":332,"line":351,"context":242},180,9,5,[],[],{"summary":357,"deductions":358},"The 'wpscan' v1.16 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of shortcodes, cron events, and REST API routes contributes to a small and manageable attack surface. Crucially, all identified AJAX entry points are protected by authentication checks, and the absence of any taint analysis findings or known historical CVEs further bolsters this positive assessment.\n\nHowever, a significant concern arises from the handling of SQL queries. The analysis indicates that 100% of SQL queries do not utilize prepared statements. This is a critical security weakness that could expose the plugin to SQL injection vulnerabilities, especially if the data used in these queries originates from user input. While the plugin demonstrates good practices in output escaping (62% proper escaping is acceptable, though room for improvement exists) and implements nonces and capability checks on its entry points, the lack of prepared statements for all SQL queries represents a substantial risk.\n\nOverall, 'wpscan' v1.16 appears to be a well-secured plugin with a clean vulnerability history, indicating a commitment to security by its developers. The primary weakness lies in its database interaction. Addressing the SQL query preparation is paramount to fully mitigating potential risks and achieving a robust security profile.",[359,361],{"reason":360,"points":45},"100% of SQL queries not using prepared statements",{"reason":362,"points":363},"62% of output properly escaped, room for improvement",3,"2026-03-16T17:54:52.741Z",{"wat":366,"direct":374},{"assetPaths":367,"generatorPatterns":369,"scriptPaths":370,"versionParams":372},[368],"\u002Fwp-content\u002Fplugins\u002Fwpscan\u002Fassets\u002Fjs\u002Fsecurity-checks.js",[],[371],"wp-content\u002Fplugins\u002Fwpscan\u002Fvendor\u002Fautoload.php",[373],"wpscan-security-checks.js?ver=",{"cssClasses":375,"htmlComments":381,"htmlAttributes":383,"restEndpoints":387,"jsGlobals":388,"shortcodeOutput":389},[376,377,378,379,380],"wpscan-critical","wpscan-high","wpscan-medium","wpscan-low","wpscan-vulnerability-severity",[382],"WPScan WordPress Security Scanner.",[384,385,386,376,377,378,379],"data-check-id","data-confirm","data-action",[],[210],[]]