My apologies, please see attached evidence.
- [A & D] Our plugin uses OpenSSL to encrypt the data at rest before it is saved in a users WordPress database.
This also goes for the API Access Tokens, error.log reporting and any other DATA we retrieve from the Facebook/Instagram API.
Below is our Class that is responsible for encrypting and decrypting All data and access tokens with OpenSSL. Using Salts and Keys using the aes-256-ctr method. https://github.com/SlickRemix/feed-them-social/blob/master/admin/data-protection/data-protection.php
- [B] Screenshot and link to show we have TLS 1.3 and 1.2 Enabled
-[C] Yes. Our Code is scanned by PHP Storm code standard checks. Then by GitHub where our plugin is located. https://github.com/SlickRemix/feed-them-social We also have the plugin on our server which is running WordFence https://wordpress.org/plugins/wordfence/ This also checks for plugin security vulnerabilities and does it 24-7. In total we have 3 checks in place and we make plugin updates at least once a month, so our plugin gets checked for vulnerabilities many times in one year. The nice thing about our APP and plugin is it's read-only so users cannot abuse the Facebook API by making any POST requests to it.
-[F] Yes. We use WordFence for this and it is required for all users now. https://www.wordfence.com/help/tools/two-factor-authentication/
We've setup and added Code Scan Alerts and a Security Policy too.
We are constantly maintaining this plugin and it’s used by over 70k people at the moment. As you can see from the update log here https://github.com/SlickRemix/feed-them-social/blob/master/readme.txt we have been on top of things for 10 years now.
Look forward to your response,