[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDQn5dqVmdM9MJ1YeilvcxjUx6oHX3A0eiW6n5E_oJTY":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"hidayatsafewp","Hidayat Mahetar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhidayatsafewp\u002F",3,40,100,30,94,"2026-04-04T01:09:38.513Z",[14,38,55],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":20,"downloaded":21,"rating":9,"num_ratings":22,"last_updated":23,"tested_up_to":24,"requires_at_least":25,"requires_php":26,"tags":27,"homepage":33,"download_link":34,"security_score":9,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"clenex","Clenex","1.0.0","\u003Cp>\u003Cstrong>CleneX\u003C\u002Fstrong> is a complete WordPress optimization plugin that helps site administrators analyze, clean up, and optimize their websites with ease.\u003Cbr \u002F>\nQuickly monitor disk usage, detect optimization opportunities, and maintain a healthy WordPress environment — all from a modern, easy-to-use dashboard.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>📊 Total Site Size Analysis\u003C\u002Fstrong>\u003Cbr \u002F>\n* Get a complete breakdown of your WordPress site’s disk usage\u003Cbr \u002F>\n* See detailed size information for uploads, plugins, themes, database, and WordPress core\u003Cbr \u002F>\n* Track size percentages to identify the largest components of your site\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📁 File Type Breakdown\u003C\u002Fstrong>\u003Cbr \u002F>\n* Analyze your site’s content by file type (images, documents, archives, code, etc.)\u003Cbr \u002F>\n* See the count and total size of each file type category\u003Cbr \u002F>\n* Identify which file types are consuming the most space\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📄 Largest Files Detection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Automatically find the largest files on your WordPress site\u003Cbr \u002F>\n* View file sizes and last modified dates\u003Cbr \u002F>\n* Focus your optimization efforts on the files that will make the biggest impact\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🧹 Duplicate Media Detection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Scan your uploads folder for duplicate image files with identical content\u003Cbr \u002F>\n* Group identical files together regardless of filename or location\u003Cbr \u002F>\n* Calculate wasted space from duplicates to reclaim valuable disk space\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🗑️ Inactive Plugins & Themes Cleaner\u003C\u002Fstrong>\u003Cbr \u002F>\n* Identify and safely remove deactivated plugins and unused themes\u003Cbr \u002F>\n* View detailed information including size, version, and dependencies\u003Cbr \u002F>\n* Bulk delete functionality with safety checks for dependencies\u003Cbr \u002F>\n* Reclaim disk space and reduce security risks from outdated code\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📝 Bulk Dummy Content Remover\u003C\u002Fstrong>\u003Cbr \u002F>\n* Scan for and remove placeholder content like “Hello World” posts and sample pages\u003Cbr \u002F>\n* Identify content with lorem ipsum text or very short word counts\u003Cbr \u002F>\n* Filter by post type, word count, and creation date\u003Cbr \u002F>\n* Safely review and bulk delete or trash unwanted content\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔄 Auto-Redirect Broken Links\u003C\u002Fstrong>\u003Cbr \u002F>\n* Automatically detect and handle 404 errors to improve user experience and SEO\u003Cbr \u002F>\n* Create custom redirect rules for specific URLs\u003Cbr \u002F>\n* Log 404 errors to identify navigation issues\u003Cbr \u002F>\n* Get intelligent suggestions for redirects based on content similarity\u003Cbr \u002F>\n* Exclude specific patterns from redirection\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Realtime Disk Usage Monitor\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track your site’s disk usage over time\u003Cbr \u002F>\n* Get alerts for unusual growth patterns (hourly, daily, weekly, monthly)\u003Cbr \u002F>\n* Identify potential issues before they become critical\u003Cbr \u002F>\n* Auto-refresh option to keep monitoring throughout the day\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🧊 Image Optimization Report\u003C\u002Fstrong>\u003Cbr \u002F>\n* Scan your media library for optimization opportunities\u003Cbr \u002F>\n* Identify uncompressed images, oversized files, and non-web-friendly formats\u003Cbr \u002F>\n* Get recommendations for image optimization tools and techniques\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🧠 Smart Optimization Suggestions\u003C\u002Fstrong>\u003Cbr \u002F>\n* Receive intelligent, data-driven recommendations based on your site’s analysis\u003Cbr \u002F>\n* Prioritized suggestions (high\u002Fmedium\u002Flow) to focus on what matters most\u003Cbr \u002F>\n* Clear, actionable advice to improve your site’s performance and storage usage\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚙️ Modern React-based Dashboard\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, intuitive interface with tabbed navigation\u003Cbr \u002F>\n* Real-time analysis with progress indicators\u003Cbr \u002F>\n* Responsive design that works on all screen sizes\u003Cbr \u002F>\n* Beautiful visualizations of your site’s data\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔧 Fast .htaccess & Robots.txt Tweaker\u003C\u002Fstrong>\u003Cbr \u002F>\n* Safely edit critical files with a user-friendly interface\u003Cbr \u002F>\n* Smart suggestions for common optimizations and security improvements\u003Cbr \u002F>\n* Automatic backup before any changes are made\u003Cbr \u002F>\n* One-click restore from backups if needed\u003Cbr \u002F>\n* Syntax validation to prevent breaking your site\u003Cbr \u002F>\n* Improve SEO and security with recommended configurations\u003C\u002Fp>\n\u003Ch4>Who Is This For?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Administrators\u003C\u002Fstrong> who want to keep their sites running smoothly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developers\u003C\u002Fstrong> looking to optimize client sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Owners\u003C\u002Fstrong> concerned about hosting storage limits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants to maintain a fast, efficient WordPress installation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>CleneX is the ultimate tool for WordPress site maintenance and optimization, giving you the insights you need to make informed decisions about your site’s storage and performance.\u003C\u002Fp>\n\u003Ch3>External Services Used\u003C\u002Fh3>\n\u003Ch3>\u003Cstrong>1. MD5 Checksum\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used for detecting duplicate media files by comparing their MD5 hash values.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is processed & when?\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin computes the MD5 checksum locally on your server for each media file.\u003Cbr \u002F>\n– No file data is sent externally; all processing is done within your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Not applicable, as no external server is used.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2. JSONPlaceholder API\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to fetch demo user data for the demo block feature.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent & when?\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin makes GET requests to JSONPlaceholder’s \u003Ccode>\u002Fusers\u003C\u002Fcode> endpoint when loading the demo block inside the editor.\u003Cbr \u002F>\n– No personal or site data is sent to the service; it only fetches publicly available dummy data.\u003Cbr \u002F>\n– Data is cached locally for 7 days to minimize API requests.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fjsonplaceholder.typicode.com\u002Fguide\u002F\" rel=\"nofollow ugc\">JSONPlaceholder Terms\u003C\u002Fa>\u003Cbr \u002F>\n– JSONPlaceholder is a free fake API service for testing and prototyping purposes.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3. HTTPS Redirect Suggestion\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> The plugin suggests an .htaccess code snippet to redirect HTTP traffic to HTTPS for better security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is processed & when?\u003C\u002Fstrong>\u003Cbr \u002F>\n– This is not an external service but a code suggestion for the user’s own server configuration.\u003Cbr \u002F>\n– No data is sent externally; the code is simply provided as a suggestion in the File Tweaker module.\u003Cbr \u002F>\n– The suggested code only runs on the user’s own server if they choose to implement it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Not applicable, as no external service is used.\u003C\u002Fp>\n","Analyze and optimize your WordPress site with smart tools for disk space, performance, broken links, and duplicate files.",20,465,1,"2025-05-27T17:01:00.000Z","6.8.5","6.0","8.0",[28,29,30,31,32],"404-redirect","broken-links","disk-usage","optimization","site-analyzer","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclenex.1.0.0.zip",0,null,"2026-03-15T15:16:48.613Z",{"slug":39,"name":40,"version":41,"author":5,"author_profile":6,"description":42,"short_description":43,"active_installs":20,"downloaded":44,"rating":9,"num_ratings":22,"last_updated":45,"tested_up_to":46,"requires_at_least":25,"requires_php":26,"tags":47,"homepage":53,"download_link":54,"security_score":9,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"safe-sites","Safe Sites","1.0.1","\u003Cp>Safe Sites provides advanced security features to help keep your WordPress website safe from threats. With real-time monitoring, detailed security insights, and easy-to-use permission management, you can ensure your site is always protected.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Secure your login with TOTP-based 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart File Permission Control\u003C\u002Fstrong> – Easily manage file permissions based on your server type (Windows\u002FLinux).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual File Permissions Map\u003C\u002Fstrong> – See a color-coded structure of your site’s file security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Scanner\u003C\u002Fstrong> – Analyze your domain, URLs, and HTML security headers for vulnerabilities via VirusTotal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Dashboard\u003C\u002Fstrong> – View a complete overview of your site’s security health.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin & Theme Security\u003C\u002Fstrong> – Detect vulnerabilities in plugins and themes and receive alerts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login & User Security\u003C\u002Fstrong> – Monitor login attempts and manage user sessions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Hardening\u003C\u002Fstrong> – Apply recommended security tweaks to your WordPress installation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Signing\u003C\u002Fstrong> – Verify the integrity of your plugin files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Detailed Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>General Security & Server Health:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>SSL Status\u003C\u002Fstrong> – Check if SSL is active for secure connections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Health & Server Info\u003C\u002Fstrong> – Displays PHP version, database version, and server details.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Panic Mode\u003C\u002Fstrong> – Quickly lock down your site in case of an emergency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Access & User Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>TOTP Support\u003C\u002Fstrong> – Use Google Authenticator, Authy, or any TOTP app.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable for All Roles\u003C\u002Fstrong> – Require 2FA for specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate backup codes for emergency access.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Monitoring\u003C\u002Fstrong> – Track failed login attempts and monitor user activity.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Monitoring & Protection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>File Permissions Management:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Windows Servers\u003C\u002Fstrong> – Show file read\u002Fwrite permissions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Linux Servers\u003C\u002Fstrong> – Display numeric file permissions along with current and recommended settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fix Permissions\u003C\u002Fstrong> – Select files and fix incorrect permissions directly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual File Permission Map\u003C\u002Fstrong> – Interactive file structure with security indicators.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardening\u003C\u002Fstrong> – One-click security hardening for common WP vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Signing\u003C\u002Fstrong> – Ensure plugin files haven’t been tampered with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Malware & Security Scanner:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain & URL Analysis\u003C\u002Fstrong> – Scan domain and URLs for malware using VirusTotal API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Header & DNS Scan\u003C\u002Fstrong> – Check security headers and DNS settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Alert System\u003C\u002Fstrong> – Receive alerts for detected threats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WordPress Management & Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Plugin & Theme Security:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Vulnerability Scanner\u003C\u002Fstrong> – Check for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inactive Plugin Alerts\u003C\u002Fstrong> – Warns about inactive components that pose risks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Dashboard\u003C\u002Fstrong> – A centralized panel for all security settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services Used\u003C\u002Fh3>\n\u003Cp>Safe Sites relies on the following third-party services for security analysis and malware detection. Below is a detailed breakdown of what each service does, what data is sent, and where you can review their policies:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1. VirusTotal API\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to scan domain, URLs, and file hashes for malware detection and security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent & when?\u003C\u002Fstrong>\u003Cbr \u002F>\n– When a user initiates a manual malware or URL scan, the plugin sends the target URL or domain to VirusTotal for analysis.\u003Cbr \u002F>\n– No user private data is sent—only the target URLs\u002Fdomains or hash values of files are transmitted.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service & Privacy Policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.virustotal.com\u002Fterms-of-service\" rel=\"nofollow ugc\">VirusTotal Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.virustotal.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">VirusTotal Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Safe Sites is a WordPress security plugin offering real-time monitoring, file permission control, malware scanning, and plugin & theme security.",574,"2026-03-13T07:52:00.000Z","6.7.5",[48,49,50,51,52],"malware","security","security-scanner","site-protection","wp-security","https:\u002F\u002Fhaliyadwala.com\u002Fsafe-sites","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-sites.1.0.1.zip",{"slug":56,"name":57,"version":17,"author":5,"author_profile":6,"description":58,"short_description":59,"active_installs":35,"downloaded":60,"rating":35,"num_ratings":35,"last_updated":61,"tested_up_to":62,"requires_at_least":25,"requires_php":26,"tags":63,"homepage":33,"download_link":68,"security_score":9,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"headlesskey-jwt-auth","HeadlessKey – JWT Auth","\u003Cp>\u003Cstrong>HeadlessKey – JWT Auth\u003C\u002Fstrong> extends the REST API to provide a robust and secure authentication system using JSON Web Tokens (JWT). Designed for Headless WordPress, it enables seamless user authentication, registration, and session management via standard REST endpoints.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication\u003C\u002Fstrong>: Secure user authentication using industry-standard RFC 7519 tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Algorithms\u003C\u002Fstrong>: Support for \u003Ccode>HS256\u003C\u002Fcode>, \u003Ccode>RS256\u003C\u002Fcode>, and \u003Ccode>ES256\u003C\u002Fcode> signing algorithms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Endpoints\u003C\u002Fstrong>: Ready-to-use endpoints for Login, Register, Token Refresh, and Password Management.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Sign-On (SSO)\u003C\u002Fstrong>: Connect multiple sites with a secure, headers-based SSO exchange mechanism.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access Control (RBAC)\u003C\u002Fstrong>: Configure public or authenticated access for every endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute Force Protection\u003C\u002Fstrong>: Protects against attacks by locking users\u002FIPs after failed attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logs\u003C\u002Fstrong>: Detailed audit trail of all authentication events, including IP and device data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Webhooks\u003C\u002Fstrong>: Real-time JSON events sent to your external services for monitoring key actions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Device Limits\u003C\u002Fstrong>: Restrict the number of active devices\u002Fsessions per user.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Extensive hooks and filters for deep customization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch3>Secret Key\u003C\u002Fh3>\n\u003Cp>The plugin uses a secret key to sign tokens. By default, a secure random key is generated. For better security and consistency across environments, define your key in \u003Ccode>wp-config.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('headlesskey_SECRET_KEY', 'your-long-random-secure-string');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a strong salt here: \u003Ca href=\"https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\" rel=\"nofollow ugc\">WordPress Salt Generator\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>CORS Support\u003C\u002Fh3>\n\u003Cp>Cross-Origin Resource Sharing (CORS) is enabled by default to allow frontend applications to connect. To disable or customize it via constant:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('headlesskey_CORS', true); \u002F\u002F or false to disable\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>REST API Namespace\u003C\u002Fh3>\n\u003Cp>By default, endpoints are under \u003Ccode>wp-json\u002Fwpauthapi\u002Fv1\u003C\u002Fcode>. You can customize this namespace:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('headlesskey_REST_NAMESPACE', 'my-custom-auth');\ndefine('headlesskey_REST_VERSION', 'v2');\u003Ch3>Endpoints\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin adds the following endpoints under the \u003Ccode>\u002Fwp-json\u002Fheadlesskey\u002Fv1\u003C\u002Fcode> namespace:\u003C\u002Fp>\n\u003Cp>  Endpoint\u003Cbr \u002F>\n  HTTP Verb\u003Cbr \u002F>\n  Description\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Ftoken\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Login\u003C\u002Fstrong>: Exchange username\u002Fpassword for a JWT.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Validate\u003C\u002Fstrong>: Check if a token validity.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Ftoken\u002Frefresh\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Refresh\u003C\u002Fstrong>: Exchange a valid token for a new one (rotation).\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Ftoken\u002Frevoke\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Logout\u003C\u002Fstrong>: Invalidate a specific token.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Fregister\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Register\u003C\u002Fstrong>: Create a new user account.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Flogin\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Profile\u003C\u002Fstrong>: Login and get full user profile data in one request.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Fforgot-password\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Recover\u003C\u002Fstrong>: Request a password reset via Link or OTP.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Freset-password\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Reset\u003C\u002Fstrong>: Set a new password using a token or OTP.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Fchange-password\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>Update\u003C\u002Fstrong>: Change password for authenticated user.\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u002Fsso\u002Fexchange\u003C\u002Fcode>\u003Cbr \u002F>\n  POST\u003Cbr \u002F>\n  \u003Cstrong>SSO\u003C\u002Fstrong>: Exchange a remote site token for a local session.\u003C\u002Fp>\n\u003Ch3>1. Login (Generate Token)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Ftoken\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Authenticate a user and generate a JWT token.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"username\": \"admin\",\u003Cbr \u002F>\n  \"password\": \"secret-password\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...\",\u003Cbr \u002F>\n  \"expiration\": \"2023-10-27T10:00:00+00:00\",\u003Cbr \u002F>\n  \"expires_in\": 3600,\u003Cbr \u002F>\n  \"user\": {\u003Cbr \u002F>\n    \"ID\": 1,\u003Cbr \u002F>\n    \"user_login\": \"admin\",\u003Cbr \u002F>\n    \"user_email\": \"admin@example.com\",\u003Cbr \u002F>\n    \"display_name\": \"Administrator\",\u003Cbr \u002F>\n    \"roles\": [\"administrator\"]\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  \"refreshable\": true,\u003Cbr \u002F>\n  \"jti\": \"545086b9-450f-488b-a70d-3047d14d1101\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>2. Validate Token\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Validate if an existing token is valid.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"valid\": true,\u003Cbr \u002F>\n  \"data\": {\u003Cbr \u002F>\n    \"iss\": \"https:\u002F\u002Fexample.com\",\u003Cbr \u002F>\n    \"iat\": 1698393600,\u003Cbr \u002F>\n    \"exp\": 1698397200,\u003Cbr \u002F>\n    \"data\": {\u003Cbr \u002F>\n      \"ID\": 1,\u003Cbr \u002F>\n      \"user_login\": \"admin\"\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>3. Refresh Token\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Ftoken\u002Frefresh\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Rotate an expiring token for a fresh one.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.new...\",\u003Cbr \u002F>\n  \"expiration\": \"2023-10-27T11:00:00+00:00\",\u003Cbr \u002F>\n  \"user\": {\u003Cbr \u002F>\n    \"ID\": 1,\u003Cbr \u002F>\n    \"user_login\": \"admin\"\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  \"jti\": \"new-uuid-v4\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>4. Revoke Token (Logout)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Ftoken\u002Frevoke\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Invalidate a token immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"message\": \"Token revoked successfully.\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>5. Register User\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Fregister\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Create a new user account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"username\": \"johndoe\",\u003Cbr \u002F>\n  \"email\": \"john@example.com\",\u003Cbr \u002F>\n  \"password\": \"secure-password\",\u003Cbr \u002F>\n  \"name\": \"John Doe\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"user_id\": 45,\u003Cbr \u002F>\n  \"user\": {\u003Cbr \u002F>\n    \"ID\": 45,\u003Cbr \u002F>\n    \"user_login\": \"johndoe\",\u003Cbr \u002F>\n    \"user_email\": \"john@example.com\",\u003Cbr \u002F>\n    \"display_name\": \"John Doe\",\u003Cbr \u002F>\n    \"roles\": [\"subscriber\"]\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  \"token_response\": {\u003Cbr \u002F>\n    \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOi...\",\u003Cbr \u002F>\n    \"expiration\": \"2023-10-27T10:00:00+00:00\"\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>6. User Profile (Login Extended)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Flogin\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Alternative login endpoint that returns cleaner profile structure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"username\": \"admin\",\u003Cbr \u002F>\n  \"password\": \"secret-password\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...\",\u003Cbr \u002F>\n  \"expiration\": \"2023-10-27T10:00:00+00:00\",\u003Cbr \u002F>\n  \"user\": {\u003Cbr \u002F>\n    \"ID\": 1,\u003Cbr \u002F>\n    \"user_login\": \"admin\",\u003Cbr \u002F>\n    \"user_email\": \"admin@example.com\",\u003Cbr \u002F>\n    \"display_name\": \"Administrator\",\u003Cbr \u002F>\n    \"roles\": [\"administrator\"]\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>7. Forgot Password\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Fforgot-password\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Initiate password recovery. Note: \u003Ccode>delivery\u003C\u002Fcode> can be \u003Ccode>link\u003C\u002Fcode> or \u003Ccode>otp\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"login\": \"admin@example.com\",\u003Cbr \u002F>\n  \"delivery\": \"link\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"message\": \"Password reset email sent.\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>8. Reset Password\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Freset-password\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Reset password using the token sent via email or OTP.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request (Link method):\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"login\": \"admin@example.com\",\u003Cbr \u002F>\n  \"password\": \"new-secure-password\",\u003Cbr \u002F>\n  \"token\": \"generated-reset-key\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"message\": \"Password updated successfully.\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>9. Change Password\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Fchange-password\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Change password for currently authenticated user. Requires \u003Ccode>Authorization\u003C\u002Fcode> header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n    Authorization: Bearer \u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"current_password\": \"old-password\",\u003Cbr \u002F>\n  \"new_password\": \"new-secure-password\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"message\": \"Password changed successfully. Please login again.\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>10. SSO Token Exchange\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Endpoint:\u003C\u002Fstrong> \u003Ccode>POST \u002Fwp-json\u002Fheadlesskey\u002Fv1\u002Fsso\u002Fexchange\u003C\u002Fcode>\u003Cbr \u002F>\n\u003Cstrong>Description:\u003C\u002Fstrong> Securely exchange a token from a connected remote site for a local authentication session. This powers the distributed Single Sign-On network.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Request:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"site_key\": \"remote-site-id\",\u003Cbr \u002F>\n  \"token\": \"remote-jwt-token\",\u003Cbr \u002F>\n  \"signature\": \"hmac-sha256-signature\"\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response:\u003C\u002Fstrong>\u003Cbr \u002F>\nReturns a standard \u003Cstrong>Login\u003C\u002Fstrong> response (Token + User Data) if the signature is valid.\u003C\u002Fp>\n","A complete authentication solution for Headless WordPress applications using JWT, supporting Registration, SSO, RBAC, and advanced Security features.",133,"2026-02-08T10:59:00.000Z","6.9.4",[64,65,66,67,49],"authentication","headless","jwt","rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadlesskey-jwt-auth.1.0.0.zip"]