[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxJlti3U7PZZFi2Eky0x_mNUMIbUNYX-0otKCBIJCn7s":3,"$fNuEj1VJI2ktTsmjOppLlgt6fwg-w6BW_ZmWTo20xxp8":208,"$fTOqs1uoJR75O1ftIAeBIyLg_MM7eS0qppyMTqONLDDo":213},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":130,"fingerprints":185},"ah-jwt-auth","AH JWT Auth","1.5.4","andrewheberle","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewheberle\u002F","\u003Cp>This plugin allows sign in to WordPress using a JSON Web Token (JWT) contained in a HTTP Header that is added by a reverse proxy\u003Cbr \u002F>\nthat sits in front of your WordPress deployment.\u003C\u002Fp>\n\u003Cp>Authentication and optionally role assignment is handled by claims contained in the JWT.\u003C\u002Fp>\n\u003Cp>Verification of the JWT is handled by either:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a shared secret key\u003C\u002Fli>\n\u003Cli>retrieving a JSON Web Key Set (JWKS) from a configured URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>During the login process if the user does not exist an account will be created with a matching role from the JWT.\u003C\u002Fp>\n\u003Cp>If the JWT did not contain a role claim then user is created with the role set in the plugin settings (by default this is the subscriber role).\u003C\u002Fp>\n","This plugin allows sign in to WordPress using a JSON Web Token (JWT) contained in a HTTP Header.",10,2435,0,"2025-03-05T04:43:00.000Z","6.7.5","4.7","7.0",[19,20,21,22,23],"auth","authentication","jwt","login","sso","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fah-jwt-auth.1.5.4.zip",92,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,88,"2026-05-20T04:32:01.876Z",[37,55,73,93,111],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":24,"tags":49,"homepage":51,"download_link":52,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":54},"jwt-authenticator","JWT Authenticator","1.1","Shawn","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawnxlw\u002F","\u003Cp>This plugin integrates JWT authentication and automates user creation. The plugin is written for AAF Rapid Connect, but can be used for other providers too.\u003C\u002Fp>\n\u003Cp>Here is how this plugin works:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Generate a secrete key with command: tr -dc ‘[[:alnum:][:punct:]]’ \u003C \u002Fdev\u002Furandom | head -c32 ;echo\u003C\u002Fli>\n\u003Cli>Register the key and call back URL http:\u002F\u002Fyoursite.com\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Fcallback with your authentication provider.\u003C\u002Fli>\n\u003Cli>Specify authentication and user creation parameters. Those marked with * are required.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin integrates JWT authentication and automates user creation.",1727,"2016-12-01T17:58:00.000Z","4.6.30","3.2",[20,21,22,23,50],"token","https:\u002F\u002Fshawnwang.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authenticator.zip",85,"2026-04-16T10:56:18.058Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":24,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":72},"twelve-legs-marketing-sso","Twelve Legs Marketing SSO","1.0.2","websitetwelvelegsmarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebsitetwelvelegsmarketing\u002F","\u003Cp>TWL SSO is a secure single sign-on plugin for WordPress that enables seamless authentication using RS256 JWT tokens from an external SSO application.\u003Cbr \u002F>\nThis plugin provides login security features and is designed for allowing Twelve Legs Marketing centralized authentication management.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Sign In\u003C\u002Fstrong>: Agency employees can log into websites they manage from a central dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Just-in-Time User Provisioning\u003C\u002Fstrong>: Automatic user creation and role assignment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Validation\u003C\u002Fstrong>: Full RS256 signature verification with JWKS endpoint integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Key Rotation\u003C\u002Fstrong>: Support key rotation through JWKS endpoint\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Management\u003C\u002Fstrong>: Flexible role assignment from JWT claims\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer Validation\u003C\u002Fstrong>: Enhanced security through referrer validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audience Validation\u003C\u002Fstrong>: Ensures tokens are valid for the specific WordPress site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Expiration\u003C\u002Fstrong>: Built-in token expiration and clock skew tolerance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Validation\u003C\u002Fstrong>: Comprehensive email validation with optional allowlist\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong>: JWKS caching for improved performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Referrer validation to prevent unauthorized access\u003C\u002Fli>\n\u003Cli>JWT signature verification using public key cryptography\u003C\u002Fli>\n\u003Cli>Issuer validation to ensure tokens come from trusted sources\u003C\u002Fli>\n\u003Cli>Audience validation to prevent token reuse across sites\u003C\u002Fli>\n\u003Cli>Token expiration validation with configurable leeway\u003C\u002Fli>\n\u003Cli>Email format validation and filtering via hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress installations managed centrally by agency\u003C\u002Fli>\n\u003Cli>Organization using Google for external identity provider\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch4>Authentication Flow\u003C\u002Fh4>\n\u003Col>\n\u003Cli>User clicks login link from SSO application sso.twelvelegsmarketing.com\u003C\u002Fli>\n\u003Cli>SSO application redirects to WordPress with JWT token: \u003Ccode>\u002Fwp-login.php?action=twl_sso&token=JWT_TOKEN\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugin validates the JWT token signature and claims\u003C\u002Fli>\n\u003Cli>Plugin extracts user information from JWT claims\u003C\u002Fli>\n\u003Cli>Plugin creates or retrieves WordPress user\u003C\u002Fli>\n\u003Cli>Plugin assigns appropriate role based on JWT claims\u003C\u002Fli>\n\u003Cli>User is logged into WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>JWT Claims\u003C\u002Fh4>\n\u003Cp>The plugin expects the following JWT claims:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> or \u003Ccode>sub\u003C\u002Fcode>: User’s email address\u003C\u002Fli>\n\u003Cli>\u003Ccode>iss\u003C\u002Fcode>: Issuer (must match allowed issuers)\u003C\u002Fli>\n\u003Cli>\u003Ccode>aud\u003C\u002Fcode>: Audience (must match WordPress site URL)\u003C\u002Fli>\n\u003Cli>\u003Ccode>exp\u003C\u002Fcode>: Expiration time\u003C\u002Fli>\n\u003Cli>\u003Ccode>nbf\u003C\u002Fcode>: Not before time (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_role\u003C\u002Fcode>: WordPress role to assign (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>name\u003C\u002Fcode>: User’s display name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>given_name\u003C\u002Fcode>: User’s first name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>family_name\u003C\u002Fcode>: User’s last name (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>The plugin automatically configures itself based on the WordPress environment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Production\u003C\u002Fstrong>: Only allows \u003Ccode>https:\u002F\u002Fsso.twelvelegsmarketing.com\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development\u002FStaging\u003C\u002Fstrong>: Also allows \u003Ccode>https:\u002F\u002Flocalhost:8443\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>You can customize the plugin behavior using WordPress filters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>twl_sso_allow_email\u003C\u002Fcode>: Filter to control which email addresses are allowed\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_roles\u003C\u002Fcode>: Filter to control which roles can be assigned\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_issuers\u003C\u002Fcode>: Filter to control which issuers are allowed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact Twelve Legs Marketing at https:\u002F\u002Ftwelvelegsmarketing.com\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All authentication is handled through secure JWT tokens from your configured SSO provider.\u003C\u002Fp>\n","Single sign-on plugin for WordPress that accepts RS256 JWTs from the TWL SSO application for secure authentication.",202,"2025-10-22T14:34:00.000Z","6.8.5","5.8","8.0",[20,21,22,69,23],"single-sign-on","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwelve-legs-marketing-sso.1.0.2.zip",100,"2026-04-06T09:54:40.288Z",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":26,"num_ratings":83,"last_updated":84,"tested_up_to":65,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":90,"download_link":91,"security_score":26,"vuln_count":32,"unpatched_count":13,"last_vuln_date":92,"fetched_at":54},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",10000,664671,64,"2025-05-08T16:01:00.000Z","5.5","7.2",[20,88,22,89,23],"google","oauth","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip","2022-12-01 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":15,"requires_at_least":85,"requires_php":106,"tags":107,"homepage":24,"download_link":110,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":54},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,120101,90,15,"2026-02-20T14:59:00.000Z","7.4",[20,108,89,109,23],"google-login","sign-in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":65,"requires_at_least":124,"requires_php":17,"tags":125,"homepage":128,"download_link":129,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":54},"firebase-authentication","Firebase Authentication","1.6.8","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Cstrong>WordPress Firebase Authentication Plugin\u003C\u002Fstrong> allows you to login to WordPress sites using your Firebase user login credentials or via Social Login.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa> works using the default WordPress login page. We support \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-woocommerce-integration\u002F\" rel=\"nofollow ugc\">Firebase WooCommerce Integration\u003C\u002Fa> and other third-party login pages along with custom login forms.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-into-wordpress-using-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa>\u003C\u002Fstrong> : WordPress login using Firebase authentication user login credentials\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Create Users\u003C\u002Fstrong> : After login using Firebase login credentials, new user automatically gets created in WordPress\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-premium-and-enterprise-plugin-features\u002F\" rel=\"nofollow ugc\">Configurable login options\u003C\u002Fa>\u003C\u002Fstrong> :\u003Cbr \u002F>\nProvide option to login with,\u003Cbr \u002F>\na) Only Firebase credentials\u003Cbr \u002F>\nb) Only WordPress credentials\u003Cbr \u002F>\nc) Both Firebase and WordPress credentials\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Register WooCommerce Users to Firebase\u003C\u002Fstrong> : Provide an option to sync a WordPress user to Firebase whenever an end-user registers into the WordPress site via the WooCommerce registration form. User is created in Firebase with only an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Phone Authentication method\u003C\u002Fstrong> : Users will be asked to enter OTP provided via Firebase to login into WordPress (Passwordless login). This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-social-login-integration-for-wordpress\" rel=\"nofollow ugc\">Support for Firebase Social Login\u003C\u002Fa>\u003C\u002Fstrong> : With Firebase authentication, users will be provided an option to login in to WordPress using selected social login providers\u003Cbr \u002F>\nProviders supported are:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-google-using-firebase-authentication\" rel=\"nofollow ugc\">Google\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-facebook-using-firebase-authentication\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-apple-using-firebase-authentication\" rel=\"nofollow ugc\">Apple\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Github\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Microsoft\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Firebase WooCommerce Integration\u003C\u002Fstrong> : Integrate WooCommerce with the WordPress Firebase Authentication plugin and allow users to log in to your WooCommerce site using firebase login credentials on WooCommerce Checkout and My account page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwoocommerce-cloud-firestore-integration\" rel=\"nofollow ugc\">WordPress Firestore Integration\u003C\u002Fa>\u003C\u002Fstrong>: Sync WordPress User Meta to Cloud Firestore Collections, WooCommerce products, orders, subscription sync to Firebase database.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Social Login buttons Shortcode\u003C\u002Fstrong> : Use a shortcode to place Firebase social login buttons anywhere in your Theme or Plugin\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Sync Firebase UID to WordPress\u003C\u002Fstrong> : Users can map email, Firebase user-id to their WordPress user profile using this WordPress Firebase Authentication feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Redirect Login and Logout URL\u003C\u002Fstrong> : Automatically Redirect users after successful login\u002Flogout. This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Login and Registration form Shortcode\u003C\u002Fstrong> : Using login form shortcode, users can enter their Firebase credentials to login into the WP site, and using the registration form shortcode, users can register into the WordPress site, and that user is also auto created in Firebase with an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WP Hooks for Different Events\u003C\u002Fstrong> : WordPress Firebase authentication provides support for different hooks for user defined functions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>  \u003Cstrong>WordPress login with Firebase JWT\u003C\u002Fstrong>: WordPress login with Firebase JWT allows you to create a user login session on a WordPress site using their Firebase JWT token, eliminating the need to enter their login credentials again. This is highly recommended when there are multiple websites\u002Fapplications and the user is already logged in to any of them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows login into WordPress using Firebase user credentials and maps Firebase user data to WordPress user profile.",500,26362,80,20,"2025-05-20T17:48:00.000Z","3.0.1",[20,126,21,22,127],"firebase","woocommerce-integration","http:\u002F\u002Ffirebase-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirebase-authentication.1.6.8.zip",{"attackSurface":131,"codeSignals":164,"taintFlows":173,"riskAssessment":174,"analyzedAt":184},{"hooks":132,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":13,"unprotectedCount":13},[133,139,143,148,152,155],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_init","register_settings_action","includes\\class-ahjwtauthadmin.php",28,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_menu","options_menu_action",29,{"type":134,"name":144,"callback":145,"file":146,"line":147},"admin_notices","ahjwtauth_admin_notice","includes\\class-ahjwtauthsignin.php",37,{"type":134,"name":149,"callback":150,"file":146,"line":151},"login_head","ahjwtauth_log_user_in",38,{"type":134,"name":149,"callback":153,"file":146,"line":154},"ahjwtauth_schedule_refresh_jwks",39,{"type":134,"name":156,"callback":156,"file":146,"line":157},"ahjwtauth_refresh_jwks",40,[],[],[],[162],{"hook":156,"callback":156,"file":146,"line":163},136,{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":13,"externalRequests":32,"nonceChecks":13,"capabilityChecks":171,"bundledLibraries":172},[],{"prepared":13,"raw":13,"locations":167},[],{"escaped":169,"rawEcho":13,"locations":170},14,[],2,[],[],{"summary":175,"deductions":176},"The ah-jwt-auth plugin v1.5.4 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and the plugin's track record of no recorded vulnerabilities further bolster this assessment.  The code demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all outputs. There are no identified dangerous functions, file operations, or taint flows, which are significant indicators of a secure codebase. The attack surface is also minimal, with no unprotected entry points.  \n\nHowever, a few areas warrant attention. The presence of a single cron event, while not explicitly flagged as unprotected, represents a potential entry point that could be further scrutinized. The plugin also makes one external HTTP request, which, depending on its purpose and destination, could introduce external dependencies or risks if not handled with proper validation and security considerations. The lack of any nonce checks is a concern, especially if the cron event or external HTTP request could be triggered or manipulated by unauthenticated users. While capability checks are present, their effectiveness in securing all potential actions associated with the cron event or HTTP request cannot be definitively determined without further context.",[177,180,182],{"reason":178,"points":179},"External HTTP requests made",5,{"reason":181,"points":171},"Cron events present",{"reason":183,"points":11},"No nonce checks","2026-03-16T23:52:54.978Z",{"wat":186,"direct":197},{"assetPaths":187,"generatorPatterns":191,"scriptPaths":192,"versionParams":193},[188,189,190],"\u002Fwp-content\u002Fplugins\u002Fah-jwt-auth\u002Fassets\u002Fcss\u002Fahjwt-auth-admin.css","\u002Fwp-content\u002Fplugins\u002Fah-jwt-auth\u002Fassets\u002Fjs\u002Fahjwt-auth-admin.js","\u002Fwp-content\u002Fplugins\u002Fah-jwt-auth\u002Fassets\u002Fjs\u002Fahjwt-auth-frontend.js",[],[189,190],[194,195,196],"ah-jwt-auth\u002Fassets\u002Fcss\u002Fahjwt-auth-admin.css?ver=","ah-jwt-auth\u002Fassets\u002Fjs\u002Fahjwt-auth-admin.js?ver=","ah-jwt-auth\u002Fassets\u002Fjs\u002Fahjwt-auth-frontend.js?ver=",{"cssClasses":198,"htmlComments":201,"htmlAttributes":202,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":207},[199,200],"ahjwt-auth-admin-page","ahjwt-auth-settings-fields",[],[203],"data-ahjwt-auth-action",[],[206],"ahJwtAuthFrontend",[],{"error":209,"url":210,"statusCode":211,"statusMessage":212,"message":212},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fah-jwt-auth\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":214},[]]