[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDGx1qpvi9c_a925SvMFv0_bMGGIcAQM4dBmo1C2DLC8":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"juanmaguitar","JuanMa Garrido","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuanmaguitar\u002F",1,0,100,30,94,"2026-04-05T18:09:54.100Z",[14],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":8,"num_ratings":8,"last_updated":21,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":25,"homepage":31,"download_link":32,"security_score":9,"vuln_count":8,"unpatched_count":8,"last_vuln_date":33,"fetched_at":34},"juanma-jwt-auth-pro","JuanMa JWT Auth Pro","1.2.1","\u003Cp>Unlike basic JWT plugins that use \u003Cstrong>single long-lived tokens\u003C\u002Fstrong>, JWT Auth Pro implements \u003Cstrong>modern OAuth 2.0 security best practices\u003C\u002Fstrong> with short-lived access tokens and secure refresh tokens.\u003C\u002Fp>\n\u003Ch4>Why JWT Auth Pro?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The Problem with Basic JWT Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Long-lived tokens (24h+) = Higher security risk\u003Cbr \u002F>\n* No refresh mechanism = Tokens live until expiry\u003Cbr \u002F>\n* XSS vulnerable = Tokens stored in localStorage\u003Cbr \u002F>\n* No revocation = Can’t invalidate compromised tokens\u003C\u002Fp>\n\u003Cp>\u003Cstrong>JWT Auth Pro Solution:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Short-lived access tokens (1h default) = Minimal attack window\u003Cbr \u002F>\n* Secure refresh tokens = HTTP-only cookies, XSS protected\u003Cbr \u002F>\n* Automatic token rotation = Fresh tokens on each refresh\u003Cbr \u002F>\n* Complete session control = Revoke any user session instantly\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Simple JWT Authentication\u003C\u002Fstrong> – Clean, stateless token-based auth\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTPOnly Refresh Tokens\u003C\u002Fstrong> – Secure refresh tokens in HTTP-only cookies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Rotation\u003C\u002Fstrong> – Automatic refresh token rotation for enhanced security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CORS Support\u003C\u002Fstrong> – Proper cross-origin request handling\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Admin Interface\u003C\u002Fstrong> – Simple configuration in WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Clear endpoints and documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Comparison\u003C\u002Fh4>\n\u003Cp>  Feature\u003Cbr \u002F>\n  Basic JWT Plugins\u003Cbr \u002F>\n  JWT Auth Pro\u003C\u002Fp>\n\u003Cp>  Token Lifetime\u003Cbr \u002F>\n  Long (hours\u002Fdays)\u003Cbr \u002F>\n  Short (1 hour)\u003C\u002Fp>\n\u003Cp>  Refresh Tokens\u003Cbr \u002F>\n  None\u003Cbr \u002F>\n  Secure HTTP-only\u003C\u002Fp>\n\u003Cp>  XSS Protection\u003Cbr \u002F>\n  Limited\u003Cbr \u002F>\n  HTTP-only cookies\u003C\u002Fp>\n\u003Cp>  Token Revocation\u003Cbr \u002F>\n  Manual only\u003Cbr \u002F>\n  Automatic rotation\u003C\u002Fp>\n\u003Cp>  Session Management\u003Cbr \u002F>\n  None\u003Cbr \u002F>\n  Database tracking\u003C\u002Fp>\n\u003Cp>  Security Metadata\u003Cbr \u002F>\n  None\u003Cbr \u002F>\n  IP + User Agent\u003C\u002Fp>\n\u003Ch4>Perfect for:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Single Page Applications (React, Vue, Angular)\u003C\u002Fli>\n\u003Cli>Mobile Applications (iOS, Android)\u003C\u002Fli>\n\u003Cli>API Integrations (Third-party services)\u003C\u002Fli>\n\u003Cli>Headless WordPress (Decoupled architecture)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API Endpoints\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fjwt\u002Fv1\u002Ftoken\u003C\u002Fcode> – Login and get access token\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fjwt\u002Fv1\u002Frefresh\u003C\u002Fcode> – Refresh access token\u003C\u002Fli>\n\u003Cli>\u003Ccode>GET \u002Fwp-json\u002Fjwt\u002Fv1\u002Fverify\u003C\u002Fcode> – Verify token and get user info\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fjwt\u002Fv1\u002Flogout\u003C\u002Fcode> – Logout and revoke refresh token\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stateless Authentication\u003C\u002Fstrong> – JWT tokens contain all necessary information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTPOnly Cookies\u003C\u002Fstrong> – Refresh tokens stored securely, inaccessible to JavaScript\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Rotation\u003C\u002Fstrong> – Refresh tokens automatically rotate on use\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Expiration\u003C\u002Fstrong> – Set custom expiration times\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & User Agent Tracking\u003C\u002Fstrong> – Additional security metadata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and documentation, visit: https:\u002F\u002Fgithub.com\u002Fjuanma-wp\u002Fjwt-auth-pro-wp-rest-api\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin stores user session data including IP addresses and user agent strings for security purposes. This data is used solely for authentication and security monitoring.\u003C\u002Fp>\n","Modern JWT authentication with refresh tokens - built for SPAs and mobile apps with enterprise-grade security.",124,"","6.8.5","5.6","7.4",[26,27,28,29,30],"authentication","jwt","rest-api","security","tokens","https:\u002F\u002Fgithub.com\u002Fjuanma-wp\u002Fjwt-auth-pro-wp-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjuanma-jwt-auth-pro.1.2.1.zip",null,"2026-03-15T10:48:56.248Z"]