Author: Artyom Krugov

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (v4.1.3) is a powerful drag-and-drop form builder plugin designed to extend Elementor with advanced form creation capabilities. It allows users to build complex forms such as contact forms, surveys, booking forms, payment forms, and more without writing code.

Built for websites running on WordPress, MetForm integrates deeply into both frontend and backend workflows, handling user input, data storage, AJAX submissions, file uploads, and third-party integrations.

With over 600,000+ active installations, the plugin operates in a highly sensitive layer of application logic, making security a critical factor. A comprehensive source-code audit was conducted to evaluate its safety.

MainWP Child – Securely Connects to the MainWP Dashboard (v6.0.5) is a WordPress plugin designed to establish a secure connection between individual WordPress sites and a self-hosted MainWP Dashboard. This architecture allows centralized management of multiple websites, including updates, backups, monitoring, and content administration.

Built for websites running on WordPress, the plugin acts as a controlled communication bridge between managed sites and the MainWP Dashboard.

Due to its role in remote management and cross-site communication, MainWP Child operates in a highly sensitive security context. As a result, a comprehensive security audit of its codebase and communication mechanisms was conducted.

Spectra Gutenberg Blocks (v2.19.21) is an advanced extension for the WordPress block editor (Gutenberg), providing over 30 customizable blocks, layout tools, templates, and UI components for building modern websites without coding.

Designed for websites running on WordPress, Spectra enhances the native editor instead of replacing it, allowing users to build feature-rich pages while maintaining compatibility with WordPress core architecture.

With over 1+ million active installations, Spectra operates at a critical layer of content rendering and user interaction. Due to its complexity and broad functionality (including dynamic content, forms, popups, and frontend rendering), a comprehensive security audit was conducted.

SpeedyCache – Cache, Optimization, Performance (v1.3.7) is a WordPress performance plugin designed to improve website speed through caching, minification, compression, and resource optimization. By generating static cache files and optimizing frontend assets, the plugin reduces server load and accelerates page delivery.

Built for websites running on WordPress, SpeedyCache provides a comprehensive optimization toolkit while maintaining compatibility with shared hosting environments and CDN integrations.

Given its deep interaction with caching layers, file generation, HTTP headers, and resource processing, a detailed security audit was conducted.

Favicon by RealFaviconGenerator (v1.3.45) is a WordPress plugin that automates the generation and deployment of platform-compatible favicons for desktop browsers, iOS devices, Android devices, Windows tablets, and more.

Modern favicon implementation requires multiple image sizes, platform-specific declarations, and compliance with different UI standards. This plugin simplifies the process by integrating WordPress with the RealFaviconGenerator service, generating all required assets in seconds.

Built for websites running on WordPress, the plugin eliminates manual favicon configuration while ensuring compatibility across browsers and operating systems.

Because the plugin interacts with an external generation service, performs file operations, and modifies theme headers, a structured security audit was conducted.

All 404 Redirect to Homepage (v5.5) is a WordPress plugin designed to automatically redirect 404 error pages to a specified destination using 301 SEO redirects. Instead of allowing visitors to encounter broken links, the plugin routes them to the homepage or a custom URL defined by the administrator.

Built for websites running on WordPress, the plugin focuses on improving SEO performance and user experience by minimizing exposure to 404 errors and preserving link equity.

However, because redirection logic directly affects HTTP responses and routing behavior, secure implementation is critical. Improper redirect handling can introduce open redirect vulnerabilities, redirect loops, or SEO manipulation vectors. Therefore, this plugin underwent a structured security audit.

Instant Indexing by Rank Math is a WordPress plugin that allows website owners to submit crawl requests to Google using the Google Indexing API immediately after publishing or updating content. Instead of waiting for standard search engine discovery cycles, the plugin automates indexing notifications directly from the WordPress dashboard.

Designed for websites running on WordPress, the plugin enables automated and manual submission of URLs to Google for faster crawling and indexing.

Google officially recommends the Indexing API primarily for Job Posting and Live Streaming websites. However, the plugin allows broader usage, and administrators should configure it responsibly.

BackUpWordPress is a long-standing backup plugin originally created by Human Made and now maintained under new ownership with a continued commitment to open-source development. Designed for websites running on WordPress, the plugin provides scheduled backups of both files and databases using native system tools such as zip and mysqldump when available.

Its primary goal is simplicity: BackUpWordPress allows administrators to create full-site backups with minimal configuration, making it suitable even for low-memory shared hosting environments.

The plugin supports PHP 5.3.2+ and operates on both Linux and Windows servers, offering flexibility across hosting platforms.

ReCaptcha v2 for Contact Form 7 is a lightweight compatibility plugin designed to bring back Google reCAPTCHA v2 support to Contact Form 7 after version 5.1 removed the [recaptcha] tag in December 2018. Instead of introducing custom implementations or external wrappers, the plugin restores the original functionality from Contact Form 7 v5.0.5, preserving the familiar behavior many site owners relied on.