[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAD2q050yrORHzi1fZ5nMD_9EIZtJcS-KYIXsX0xnxzM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":136,"fingerprints":256},"adaptive-login-action","Adaptive Login Action","3.11","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>Adaptive Login Form: Adjusting compromise between Comfort and Paranoia.\u003C\u002Fp>\n\u003Cp>Conception:\u003Cbr \u002F>\n1. “Zero Trust Mode”\u003Cbr \u002F>\nRecommended for small groups of regular Users with a Static IP Address.\u003Cbr \u002F>\nNot recommended for Dynamic IP Addresses or Mobile Users.\u003C\u002Fp>\n\u003Cp>If my current IP address is not marked as Dangerous since my last successful login, then there is no need to distrust me and force me to go through Quests to solve different types of Captchas.\u003Cbr \u002F>\nIn this case, the standard “Password” field is sufficient for one attempt.\u003C\u002Fp>\n\u003Cp>But if the Attempt is unsuccessful, then we mark the IP address as Dangerous, and then it is possible and necessary to trick me (or the one who is trying to be me) with a more thorough login procedure.\u003C\u002Fp>\n\u003Cp>There may be multilevel options. It doesn’t matter (this will be gradually added to the functionality). We are now talking about the General Principle.\u003C\u002Fp>\n\u003Cp>Separate statistics are generated for each IP address and the ratio “Successful number of entries” \u002F “Total number of entries” is determined. Depending on how close this parameter is to 100%, we can talk about the need for the Toughness of the Mistrust process.\u003C\u002Fp>\n\u003Cp>This mechanism starts before the User enters his Login.\u003C\u002Fp>\n\u003Cp>The more Unsuccessful Login attempts occur from a given IP Address, the more thoroughly it is checked.\u003Cbr \u002F>\nConversely, the Login procedure can be simplified as much as possible if there is no obvious reason.\u003C\u002Fp>\n\u003Col>\n\u003Cli>“Dynamics IP Mode”\u003Cbr \u002F>\nRecommended for mobile Users with a Dynamic IP Address.\u003Cbr \u002F>\nNot recommended for Static IP Addresses.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If the User’s previous login was successful, their next authentication is performed using a simplified method.\u003Cbr \u002F>\nSimply enter the correct password. However, only one attempt is allowed.\u003Cbr \u002F>\nIf the password was entered incorrectly, an additional security element is added to the login form: the “Secret Key” field.\u003C\u002Fp>\n\u003Ch4>Futured\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Regardless of what kind of Authentication Error occurred, be it:\u003C\u002Fli>\n\u003Cli>Invalid Username;\u003C\u002Fli>\n\u003Cli>Invalid User Password;\u003C\u002Fli>\n\u003Cli>Incorrectly specified additional security elements: “Secret Key” \u002F Captcha \u002F etc.\u003Cbr \u002F>\nThis will not be indicated in the error message. There will always be only one message: “Authentication Failed”.\u003Cbr \u002F>\nThus, we do not explicitly indicate to the potential Villain \u002F Bot the reason for the denial of access. And the more such Reasons there are, the more complicated the Entry procedure becomes.\u003C\u002Fli>\n\u003Cli>If multiple consecutive unsuccessful login attempts occur, a Restrictive Timeout may be activated for the given User.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-users-monitor\u002F\" rel=\"ugc\">Integration with “New Users Monitor”\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adaptive Login Form: Adjusting compromise between Comfort and Paranoia.",0,1463,"2026-03-03T12:40:00.000Z","6.9.4","4.1","5.4",[18,19,20,21,22],"authentication","captcha","login","security","user","https:\u002F\u002Fwpgear.xyz\u002Fadaptive-login-action","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadaptive-login-action.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},15,2270,97,33,86,"2026-04-04T00:39:28.211Z",[37,60,78,92,115],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[54,19,55,21,56],"2fa","login-security","two-factor-authentication","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":25,"num_ratings":70,"last_updated":71,"tested_up_to":14,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":76,"download_link":77,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"admintosh","Admintosh – WordPress admin customization and security tools","1.1.6","wpmobo","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmobo\u002F","\u003Ch4>Get many solutions for preventing security threats under one roof.\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Admintosh – WordPress admin customization and security tools\u003C\u002Fstrong> plugin is designed for empowering WordPress administrative operations with different experiences. You will get many essential features under one roof using this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize WP Login Page\u003C\u002Fstrong>: Customize default login page with the Admintosh Login Page Customize options. The plugin offers lots of customization possibilities like background color, background image, text color, link color, logo upload, form style etc. With no coding skill, you can create an outstanding login page in no time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize Dashboard\u003C\u002Fstrong>: Customize the Dashboard and make it like your own brand all customization possibilities are here like background color, menu color, text color, link color, logo upload, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Captcha\u003C\u002Fstrong>: Add captch into login, registration, lost password, comments Form etc. It also supported \u003Cstrong>WooCommerce\u003C\u002Fstrong> & \u003Cstrong>EDD\u003C\u002Fstrong>. The plugin offer 3 types of Captcha Google reCaptcha ( Version 2 ), Random number Captcha and Math Captcha so you could use any one of them’s to protection from remote digital entry by making sure only a human being with the right password can access the account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: After a preset number of attempts has been exceeded, this feature automatically stops any more attempts from a specific Internet Protocol (IP) address and\u002For username. This considerably reduces the potency of brute force attacks on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login\u003C\u002Fstrong>: To change your login URL to whatever you want. This feature allows you to easily and securely change the URL of the login form page to anything you desire. It does not actually rename or change core files, nor does it add rewrite rules. Instead, it intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible so your website becomes more secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Login History\u003C\u002Fstrong>: Monitor your website’s users with detailed login information, including Last login date and time, Environment\u002Fserver IP address Country, city, continent, timezone Latitude and longitude Browser details And much more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Activity Logs\u003C\u002Fstrong>: The Activity Log functions like an airplane’s black box, recording every action in the WordPress admin. It provides a detailed history of user activities, allowing you to monitor exactly what’s happening on your website with full transparency. Track changes, user actions, and plugin\u002Ftheme modifications.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Restriction\u003C\u002Fstrong>: This feature allows you to easily set up rules to block one or more countries from accessing Entire Site, only login page or only front-end. It allows users to block unwanted traffic from accessing the frontend or backend based on country or proxy server detection. It helps reduce spam, unwanted sign-ups, and enhances overall security. This plugin uses the free IP Geolocation API which offers more than 1 billion requests per day absolutely free.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>More coming soon…\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fadmintosh-wordpress-admin-customization-and-security-plugin\u002F\" rel=\"nofollow ugc\">👁️ \u003Cstrong>Visit\u003C\u002Fstrong>\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fdocumentation\u002Fdocs\u002Fadmintosh\u002F\" rel=\"nofollow ugc\">\u003Cstrong>🔗 Documentation\u003C\u002Fstrong>\u003C\u002Fa> \u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmkDHvADBuSY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress Authentication Plugin\u003C\u002Fh3>\n\u003Cp>Secure and customize your WordPress site with Admintosh. This all-in-one plugin enhances authentication by adding login customizations, CAPTCHA options, and limiting login attempts. Features like country restrictions, hidden login URLs, and detailed login history provide advanced security tools to protect your WordPress admin and prevent unauthorized access.\u003C\u002Fp>\n\u003Ch3>Brute Force Protection Plugin\u003C\u002Fh3>\n\u003Cp>Protect your WordPress site from brute force attacks with Admintosh. This powerful plugin limits login attempts, blocks suspicious IPs, and adds CAPTCHA options for enhanced security. Features like hidden login URLs and login monitoring ensure robust protection, safeguarding your site from unauthorized access and keeping it secure against threats.\u003C\u002Fp>\n\u003Ch3>WordPress Security Plugin\u003C\u002Fh3>\n\u003Cp>Fortify your WordPress site with Admintosh, the ultimate security plugin. It offers advanced features like CAPTCHA protection, login attempt limits, hidden login URLs, and country-based access restrictions. With login history monitoring and dashboard customization, Admintosh ensures robust security and empowers you to safeguard your site from threats effectively.\u003C\u002Fp>\n\u003Ch3>Activity Log\u003C\u002Fh3>\n\u003Cp>Track all activity on your WordPress site with detailed user and event logs, giving you clear insights into every action happening in real time.\u003C\u002Fp>\n\u003Cp>✅ Unauthorized Access Attempts – Detect potential hacking attempts.\u003C\u002Fp>\n\u003Cp>✅ Content Changes – Track when a post is published and by whom.\u003C\u002Fp>\n\u003Cp>✅ Plugin & Theme Modifications – See when a plugin\u002Ftheme is activated or deactivated.\u003C\u002Fp>\n\u003Cp>✅ Suspicious Admin Activity – Identify unusual actions for enhanced security.\u003C\u002Fp>\n\u003Cp>Stay informed and keep your website secure! 🚀\u003C\u002Fp>\n\u003Ch4>Free Version Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli> Modular Based (Everything Available On Demand)\u003C\u002Fli>\n\u003Cli> Customize login page style\u003C\u002Fli>\n\u003Cli> Customize admin panel style\u003C\u002Fli>\n\u003Cli> Customize admin menu style\u003C\u002Fli>\n\u003Cli> Customize admin bar style\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## 3 types of Captcha ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Google reCaptcha ( Version 2 )\u003C\u002Fli>\n\u003Cli> Math Captcha\u003C\u002Fli>\n\u003Cli> Random number Captcha\u003C\u002Fli>\n\u003Cli> Login form reCaptcha\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Limit Login Attempts ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Configurable Lockout Timings\u003C\u002Fli>\n\u003Cli> Remaining Tries\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Hide Login ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Block default wp-login.php\u003C\u002Fli>\n\u003Cli> Block default wp-admin\u003C\u002Fli>\n\u003Cli> Use custom login slug instead of wp-admin\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Login History ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Login Date-Time\u003C\u002Fli>\n\u003Cli> Username\u003C\u002Fli>\n\u003Cli> User Role\u003C\u002Fli>\n\u003Cli> IP Address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>## Admin Activity Logs ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Username\u003C\u002Fli>\n\u003Cli>Action\u003C\u002Fli>\n\u003Cli>Object\u002FID\u003C\u002Fli>\n\u003Cli>Message\u003C\u002Fli>\n\u003Cli>Time\u003C\u002Fli>\n\u003Cli>IP Address\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Country Restriction ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Entire Site Country Restriction\u003C\u002Fli>\n\u003Cli> Front-End Country Restriction\u003C\u002Fli>\n\u003Cli> wp-login page Country Restriction\u003C\u002Fli>\n\u003Cli> Block Template Content Edit Option\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## General Options ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Hide WordPress Version\u003C\u002Fli>\n\u003Cli> Disable File Editing\u003C\u002Fli>\n\u003Cli> Disable XML-RPC\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Right Click\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Content Copy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Disable Login Hints Error Messages\u003C\u002Fli>\n\u003Cli> Easy settings options\u003C\u002Fli>\n\u003Cli> Translation ready\u003C\u002Fli>\n\u003Cli> Easy to use it in both Free and Premium WordPress Themes\u003C\u002Fli>\n\u003Cli> Unlimited update\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Compatibility With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to use:-\u003Cbr \u002F>\nvery easy to use,after active plugin  just go to Dashboard -> Admintosh Settings . You will find all settings to use.\u003C\u002Fp>\n\u003Ch3>WHAT’S NEXT\u003C\u002Fh3>\n\u003Cp>Have a look at the other awesome plugins for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fpopx-pupup-builder\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>PopX – Popup Builder\u003C\u002Fstrong>\u003C\u002Fa> – WordPress Gutenberg Popup Builder Plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fstorenotifier-notifications-plugin-for-woocommerce\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>Store Notifier\u003C\u002Fstrong>\u003C\u002Fa> – WhatsApp & On-Site Notifications plugin for WooCommerce\u003C\u002Fp>\n\u003Cp>Unlock new possibilities with WPMOBO plugins—push your limits and achieve more today!\u003C\u002Fp>\n\u003Ch3>3rd Party Service Used\u003C\u002Fh3>\n\u003Cp>We used google reCAPTCHA v2 API service from google. All relevant link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fabout\u002F\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Admintosh uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","login attempts, Firewall, reCAPTCHA, country restriction, Login History, change wp-login.php to anything make sure your site security.",50,2416,1,"2026-02-10T22:15:00.000Z","6.5","7.4",[18,75,19,20,21],"brute-force","http:\u002F\u002Fwpmobo.com\u002Fadmintosh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmintosh.1.1.6.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":14,"requires_at_least":88,"requires_php":73,"tags":89,"homepage":57,"download_link":91,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"greyfu-login-captcha","Greyfu Login Captcha","1.0.0","greyfu","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreyfu\u002F","\u003Cp>Greyfu Login Captcha adds a secure verification step to your WordPress login form, helping block automated login attempts and brute-force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lite Version (Free):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Simple math-based captcha\u003Cbr \u002F>\n* Multisite compatible\u003Cbr \u002F>\n* Lightweight and fast\u003Cbr \u002F>\n* No personal data stored or transmitted\u003Cbr \u002F>\n* Works without any external service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro-Ready Features (Optional Upgrade):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Infrastructure prepared for reCAPTCHA v2 integration\u003Cbr \u002F>\n* Infrastructure prepared for hCaptcha integration\u003Cbr \u002F>\n* API key fields included\u003C\u002Fp>\n\u003Cp>The free version is fully functional on its own and does not require any external captcha service.\u003C\u002Fp>\n\u003Ch3>Third Party Services\u003C\u002Fh3>\n\u003Cp>This plugin optionally connects to external captcha services when the Pro features are enabled:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google reCAPTCHA (Optional)\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen reCAPTCHA is enabled in Pro settings, the plugin sends verification requests to Google’s reCAPTCHA service.\u003Cbr \u002F>\n– Service: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\n– Data sent: User’s IP address and reCAPTCHA response token\u003Cbr \u002F>\n– When: Only during login form submission when reCAPTCHA is enabled\u003C\u002Fp>\n\u003Cp>\u003Cstrong>hCaptcha (Optional)\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen hCaptcha is enabled in Pro settings, the plugin sends verification requests to hCaptcha service.\u003Cbr \u002F>\n– Service: https:\u002F\u002Fwww.hcaptcha.com\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.hcaptcha.com\u002Fprivacy\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.hcaptcha.com\u002Fterms\u003Cbr \u002F>\n– Data sent: User’s IP address and hCaptcha response token\u003Cbr \u002F>\n– When: Only during login form submission when hCaptcha is enabled\u003C\u002Fp>\n\u003Cp>The free\u002Flite version uses a built-in math captcha that does not connect to any external service.\u003C\u002Fp>\n\u003Ch3>Support \u002F Contact\u003C\u002Fh3>\n\u003Cp>For issues or questions, please contact us:\u003Cbr \u002F>\n\u003Cstrong>Email:\u003C\u002Fstrong> hello@greyfu.com\u003Cbr \u002F>\n\u003Cstrong>Website:\u003C\u002Fstrong> https:\u002F\u002Fgreyfu.com\u003C\u002Fp>\n","A lightweight captcha that protects your WordPress login page from automated bot attacks using a simple math challenge.",112,"2025-12-03T15:52:00.000Z","5.5",[18,90,19,20,21],"brute-force-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgreyfu-login-captcha.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":14,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":110,"download_link":111,"security_score":112,"vuln_count":113,"unpatched_count":11,"last_vuln_date":114,"fetched_at":27},"all-in-one-wp-security-and-firewall","All-In-One Security (AIOS) – Security and Firewall","5.4.6","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Ch3>THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios&utm_creative_format=description\" rel=\"nofollow ugc\">All-in-One Security (AIOS)\u003C\u002Fa> is a WordPress security plugin from the same, trusted team that brought you UpdraftPlus.\u003C\u002Fp>\n\u003Cp>It’s called ‘All-In-One’ because it’s packed full of ways to keep your WordPress website(s) safe and secure.\u003C\u002Fp>\n\u003Cp>It includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login security features\u003C\u002Fstrong> keep bots at bay. Lock out users based on a configurable number of login attempts, get two-factor authentication and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File and database security.\u003C\u002Fstrong> Get notified of file changes that occur outside of normal operations. Block access to key files and scan files and folders to spot insecure permissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall.\u003C\u002Fstrong> Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam prevention.\u003C\u002Fstrong> Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit log.\u003C\u002Fstrong> View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated and more.\u003C\u002Fp>\n\u003Ch4>WHY ALL-IN-ONE SECURITY?\u003C\u002Fh4>\n\u003Cp>AIOS has a near-perfect \u003Cstrong>4.7 \u002F 5-star user rating\u003C\u002Fstrong> across more than 1 million installs.\u003C\u002Fp>\n\u003Cp>Great for beginners and experts alike. AIOS guides you logically and clearly through each of its features which are all clearly explained. Security features are marked as basic, intermediate and advanced. Each step increases your security score. Turn them on and watch your protection grow!\u003C\u002Fp>\n\u003Cp>We have a large support team of software developers. That means we have the availability and the skillset to help you with the trickiest of queries.\u003C\u002Fp>\n\u003Cp>We comb the WordPress plugin directory for support tickets daily – most queries are responded to within 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Excellent plugin with numerous well-thought-out options for making a website more secure. I have been using it for years and am very happy with it. I recently had a small problem setting up a website and – even as a non-premium user – I received support very quickly. Highly recommended!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>For even more ways to stay safe and secure, upgrade to \u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002Fpricing?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios_premium&utm_creative_format=description\" rel=\"nofollow ugc\">AIOS Premium\u003C\u002Fa> – it packs a punch security-wise, whilst being \u003Cstrong>extremely cost-competitive\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>LOGIN SECURITY\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication (TFA)\u003C\u002Fstrong> – Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detect and manage ‘admin’ usernames\u003C\u002Fstrong> – Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify and correct identical login and display names\u003C\u002Fstrong> – Detect cases where the display name matches the username and provide guidance to improve login security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent user enumeration\u003C\u002Fstrong> – Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control login attempts\u003C\u002Fstrong> – Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lockout durations, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force user logout\u003C\u002Fstrong> – Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually approve new registrations\u003C\u002Fstrong> – Review and approve new user registrations to prevent spam and fake sign-ups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance WordPress salt security\u003C\u002Fstrong> – Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002F\u003Cbr \u002F>\n\u003Cstrong>Monitor and manage active sessions\u003C\u002Fstrong> – If a user is logged in who shouldn’t be, log them out or add them to a blacklist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SPAM PREVENTION\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block spam coming from bots\u003C\u002Fstrong> – Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor spam IP addresses\u003C\u002Fstrong> – Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block based on a configurable number of comments left.\u003C\u002Fp>\n\u003Ch4>FILE \u002F DATABASE Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Scan and fix file permissions\u003C\u002Fstrong> – Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable PHP file editing\u003C\u002Fstrong> – Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect sensitive files\u003C\u002Fstrong> – Prevent access to files like readme.html that might reveal information about your WordPress installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File change scanner\u003C\u002Fstrong> – Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent image hotlinking\u003C\u002Fstrong> – Prevent other websites from displaying your images via hotlinking and protect server bandwidth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure database backups\u003C\u002Fstrong> – Perform a database backup via UpdraftPlus from AIOS. Change the default ‘wp_’ prefix to hide your WordPress database from hackers.\u003C\u002Fp>\n\u003Ch4>FIREWALL\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Get .htaccess firewall rules\u003C\u002Fstrong> – Deny access to the .htaccess and wp-config.php files. Disable the server signature and limit file uploads to a configurable size.**\u003C\u002Fp>\n\u003Cp>Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get PHP firewall rules\u003C\u002Fstrong> – PHP firewall rules prevent malicious users from exploiting well-known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and Atom feeds and avoid cross-site scripting (XSS) attacks.\u003Cbr \u002F>\nBlock fake Google bots and POST requests made by bots – Block fake Google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Utilise 6G firewall rules\u003C\u002Fstrong> – Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>And more\u003C\u002Fstrong> – Blacklist (and whitelist) IP ranges and user agents and block unauthorized access to data by disabling REST API access for non-logged-in requests.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION ENHANCED [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong> is included in the free plugin. Upgrade to Premium if you’d like to:\u003Cbr \u002F>\nRequire TFA after a set time period – Mandate TFA for all admins or other roles after their accounts reach a specified age.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control how often TFA is required\u003C\u002Fstrong> – Set TFA to be required after a certain number of days on trusted devices instead of every login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customise design layout\u003C\u002Fstrong> – Adjust the TFA design to match your website’s existing layout and branding.\u003Cbr \u002F>\nEmergency codes – Generate one-time use emergency codes to regain access if you lose your TFA device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Multisite Compatible\u003C\u002Fstrong> – Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with login forms\u003C\u002Fstrong> – Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme My Login’ without additional coding.\u003C\u002Fp>\n\u003Ch4>SMART 404 BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block IPs based on 404 errors\u003C\u002Fstrong> – Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 Configuration\u003C\u002Fstrong> – Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g., 10 errors within 10 minutes).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 block by URL string\u003C\u002Fstrong> – Instantly block an IP address if a 404 event includes a specific URL string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 whitelisting\u003C\u002Fstrong> – Prevent particular IP addresses from being permanently blocked due to 404 events.\u003C\u002Fp>\n\u003Ch4>COUNTRY BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block traffic to the entire site or to specific pages or posts\u003C\u002Fstrong> – Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelist some users from blocked countries\u003C\u002Fstrong> – Whitelist IP addresses or IP ranges even if they are part of a blocked country.\u003C\u002Fp>\n\u003Ch4>MALWARE SCANNING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Automatic malware scanning\u003C\u002Fstrong> – Detect and protect against the latest malware, trojans, and spyware.\u003Cbr \u002F>\nAlerts you to blacklisting by search engines – Monitor your site for blacklisting by search engines due to malicious code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response time monitoring\u003C\u002Fstrong> – Keep track of your website’s response time to identify and address any performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Uptime monitoring\u003C\u002Fstrong> – Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advice and malware removal\u003C\u002Fstrong> – Need hands-on advice and support for malware removal? Our team of genuine cybersecurity experts is here to help.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notification if something’s amiss\u003C\u002Fstrong> – Receive notifications about any issues with your site so you can address problems before they escalate.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cp>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you are a developer and you need some extra hooks or filters for this plugin then let us know.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All-In-One Security plugin can be translated to any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently available translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Hungarian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.\u003C\u002Fp>\n\u003Cp>The collected information is stored on your server. No information is transmitted to third parties or remote server locations.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n","Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.",1000000,36139406,94,1693,"2026-01-28T22:15:00.000Z","5.0","5.6",[108,55,109,21,56],"firewall","malware-scanning","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-security-and-firewall.5.4.6.zip",93,26,"2024-02-08 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":34,"num_ratings":30,"last_updated":125,"tested_up_to":14,"requires_at_least":126,"requires_php":57,"tags":127,"homepage":131,"download_link":132,"security_score":133,"vuln_count":134,"unpatched_count":70,"last_vuln_date":135,"fetched_at":27},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,"2025-12-04T04:47:00.000Z","3.9",[19,128,129,130,21],"login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,2,"2026-02-23 00:00:00",{"attackSurface":137,"codeSignals":188,"taintFlows":196,"riskAssessment":249,"analyzedAt":255},{"hooks":138,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":11,"unprotectedCount":11},[139,145,149,153,159,163,168,172,177,180],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","init","AdaptiveLoginAction_Action_init","adaptive-login-action.php",27,{"type":140,"name":146,"callback":147,"file":143,"line":148},"login_enqueue_scripts","AdaptiveLoginAction_Action_login_enqueue_scripts",36,{"type":140,"name":150,"callback":151,"file":143,"line":152},"login_form","AdaptiveLoginAction_Action_login_form",53,{"type":154,"name":155,"callback":156,"priority":157,"file":143,"line":158},"filter","wp_authenticate_user","AdaptiveLoginAction_Filter_wp_authenticate_user",10,280,{"type":140,"name":160,"callback":161,"priority":157,"file":143,"line":162},"wp_login","AdaptiveLoginAction_Action_wp_login",375,{"type":140,"name":164,"callback":165,"priority":166,"file":143,"line":167},"wp_login_failed","AdaptiveLoginAction_Action_wp_login_failed",9999,445,{"type":154,"name":169,"callback":170,"file":143,"line":171},"login_errors","AdaptiveLoginAction_Filter_login_errors",536,{"type":140,"name":173,"callback":174,"file":175,"line":176},"admin_menu","AdaptiveLoginAction_Action_admin_menu","includes\\admin\\admin.php",12,{"type":140,"name":178,"callback":179,"file":175,"line":48},"admin_enqueue_scripts","AdaptiveLoginAction_Action_admin_enqueue_scripts",{"type":154,"name":181,"callback":182,"file":175,"line":183},"plugin_action_links_adaptive-login-action\u002Fadaptive-login-action.php","AdaptiveLoginAction_Filter_plugin_action_links",39,[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":11,"externalRequests":11,"nonceChecks":70,"capabilityChecks":70,"bundledLibraries":195},[],{"prepared":70,"raw":11,"locations":191},[],{"escaped":193,"rawEcho":11,"locations":194},119,[],[],[197,222,234],{"entryPoint":198,"graph":199,"unsanitizedCount":70,"severity":221},"AdaptiveLoginAction_Action_login_form (adaptive-login-action.php:54)",{"nodes":200,"edges":217},[201,206,210],{"id":202,"type":203,"label":204,"file":143,"line":205},"n0","source","$_REQUEST",253,{"id":207,"type":208,"label":209,"file":143,"line":205},"n1","transform","→ AdaptiveLoginAction_Update_UserLastLoginData_by_ID()",{"id":211,"type":212,"label":213,"file":214,"line":215,"wp_function":216},"n2","sink","update_option() [Settings Manipulation]","includes\\functions.php",197,"update_option",[218,220],{"from":202,"to":207,"sanitized":219},false,{"from":207,"to":211,"sanitized":219},"low",{"entryPoint":223,"graph":224,"unsanitizedCount":233,"severity":221},"\u003Cadaptive-login-action> (adaptive-login-action.php:0)",{"nodes":225,"edges":230},[226,228,229],{"id":202,"type":203,"label":227,"file":143,"line":205},"$_REQUEST (x3)",{"id":207,"type":208,"label":209,"file":143,"line":205},{"id":211,"type":212,"label":213,"file":214,"line":215,"wp_function":216},[231,232],{"from":202,"to":207,"sanitized":219},{"from":207,"to":211,"sanitized":219},3,{"entryPoint":235,"graph":236,"unsanitizedCount":11,"severity":221},"\u003Coptions> (includes\\admin\\options.php:0)",{"nodes":237,"edges":246},[238,242],{"id":202,"type":203,"label":239,"file":240,"line":241},"$_REQUEST (x4)","includes\\admin\\options.php",23,{"id":207,"type":212,"label":243,"file":240,"line":244,"wp_function":245},"echo() [XSS]",167,"echo",[247],{"from":202,"to":207,"sanitized":248},true,{"summary":250,"deductions":251},"The adaptive-login-action v3.11 plugin exhibits a strong security posture based on the provided static analysis.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface and no unprotected entry points.  Furthermore, the code demonstrates excellent adherence to security best practices by using prepared statements for all SQL queries, properly escaping all output, and including nonce and capability checks.  The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security.  The taint analysis revealed two flows with unsanitized paths, but these were not flagged as critical or high severity, suggesting a low risk of exploitation in these specific instances.  The plugin also has no recorded vulnerability history, which is a positive indicator of its overall stability and security diligence.  While the two unsanitized path flows are a minor concern, the plugin's design and the lack of historical vulnerabilities point to a generally secure and well-maintained component.",[252],{"reason":253,"points":254},"Unsanitized paths in taint analysis",5,"2026-03-17T06:57:30.119Z",{"wat":257,"direct":264},{"assetPaths":258,"generatorPatterns":260,"scriptPaths":261,"versionParams":262},[259],"\u002Fwp-content\u002Fplugins\u002Fadaptive-login-action\u002Fstyle.css",[],[],[263],"adaptive-login-action\u002Fstyle.css?ver=",{"cssClasses":265,"htmlComments":272,"htmlAttributes":273,"restEndpoints":276,"jsGlobals":277,"shortcodeOutput":278},[266,267,268,269,270,271],"adaptive-login-action_threshold","adaptive-login-action_blocked","adaptive-login-action_blocked_timeout","adaptive-login-action_security_field_ip","adaptive-login-action_field_secretkey","adaptive-login-action_trusted_field_ip",[],[274,275],"id=\"adaptive-login-action_secretkey\"","name=\"adaptive-login-action_secretkey\"",[],[],[]]