My apologies, please see attached evidence.

- [A & D] Our plugin uses OpenSSL to encrypt the data at rest before it is saved in a users WordPress database.
This also goes for the API Access Tokens, error.log reporting and any other DATA we retrieve from the Facebook/Instagram API.

Below is our Class that is responsible for encrypting and decrypting All data and access tokens with OpenSSL. Using Salts and Keys using the aes-256-ctr method.

- [B] Screenshot and link to show we have TLS 1.3 and 1.2 Enabled

These are our logs that monitor the encryption of data in transit. From here you can also click on an IP and revoke a users access.

-[C] Yes. Our Code is scanned by PHP Storm code standard checks. Then by GitHub where our plugin is located. We also have the plugin on our server which is running WordFence This also checks for plugin security vulnerabilities and does it 24-7. In total we have 3 checks in place and we make plugin updates at least once a month, so our plugin gets checked for vulnerabilities many times in one year. The nice thing about our APP and plugin is it's read-only so users cannot abuse the Facebook API by making any POST requests to it.

-[F] Yes. We use WordFence for this and it is required for all users now.

-[G] We use WordPress and WordFence to manage assigning, revoking, reviewing access and privileges to users.

-[H] We have enabled dependabot for our plugin on Github now and we will be checking the alerts for issues. Thanks for pointing that option out.

We've setup and added Code Scan Alerts and a Security Policy too.

We use code scanning in our IDE (PHP Storm) to make sure code standards are up to date.

We are constantly maintaining this plugin and it’s used by over 70k people at the moment. As you can see from the update log here we have been on top of things for 10 years now.

Look forward to your response,