[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhffPe6ylazIa40vjF4By2QtUWsnSjcBNEozV3tiDyhc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":141,"fingerprints":304},"authyo-passwordless-login","Authyo Passwordless Login","1.0.3","Konceptwise Digital Media Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonceptwise\u002F","\u003Cp>Authyo Passwordless Login enables secure \u003Cstrong>OTP login for WordPress\u003C\u002Fstrong> using email-based one-time passwords. It replaces traditional passwords with a modern \u003Cstrong>passwordless authentication system\u003C\u002Fstrong> that improves login security and simplifies the user experience.\u003C\u002Fp>\n\u003Cp>Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.\u003C\u002Fp>\n\u003Cp>This plugin is officially developed and maintained by \u003Cstrong>Konceptwise Digital Media Pvt. Ltd.\u003C\u002Fstrong> and uses \u003Cstrong>Authyo’s secure OTP authentication infrastructure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With Authyo Passwordless Login, WordPress administrators can implement \u003Cstrong>passwordless login\u003C\u002Fstrong>, improve \u003Cstrong>account security\u003C\u002Fstrong>, and eliminate risks related to password leaks or weak credentials.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Passwordless login for WordPress using email OTP\u003C\u002Fli>\n\u003Cli>No passwords stored or required\u003C\u002Fli>\n\u003Cli>Secure token-based authentication (single-use and time-limited)\u003C\u002Fli>\n\u003Cli>OTP delivered via Authyo’s secure email service\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback Method:\u003C\u002Fstrong> Optional two-factor authenticator app if email OTP fails\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login page\u003C\u002Fli>\n\u003Cli>AJAX-powered login flow (no page reloads)\u003C\u002Fli>\n\u003Cli>Automatic dashboard redirect after successful login\u003C\u002Fli>\n\u003Cli>Enable or disable passwordless login anytime\u003C\u002Fli>\n\u003Cli>Compatible with custom login URL plugins (e.g., WPS Hide Login)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>This plugin is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress sites that want \u003Cstrong>OTP login instead of passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Improving \u003Cstrong>WordPress login security\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enabling \u003Cstrong>passwordless authentication\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Preventing password brute-force attacks\u003C\u002Fli>\n\u003Cli>Membership websites and user portals\u003C\u002Fli>\n\u003Cli>Sites that want a \u003Cstrong>simple two-factor authentication alternative\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>User enters their email address on the WordPress login page\u003C\u002Fli>\n\u003Cli>Authyo sends a one-time password (OTP) via email\u003C\u002Fli>\n\u003Cli>User verifies the OTP\u003C\u002Fli>\n\u003Cli>WordPress logs the user in automatically using a secure single-use token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No password is required during the login process.\u003C\u002Fp>\n\u003Ch3>About Konceptwise & Authyo\u003C\u002Fh3>\n\u003Cp>Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authyo\u003C\u002Fstrong> is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.\u003C\u002Fp>\n\u003Cp>This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>How to Use Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FcStBvoHTzro?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– User email address (sent to Authyo API when requesting OTP)\u003Cbr \u002F>\n– OTP code (sent to Authyo API for verification)\u003Cbr \u002F>\n– Mask ID (returned by Authyo API, used for OTP verification)\u003C\u002Fp>\n\u003Cp>When data is sent:\u003Cbr \u002F>\n– When the user requests an OTP: Email address is sent to Authyo API\u003Cbr \u002F>\n– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API\u003C\u002Fp>\n\u003Cp>Authentication Flow:\u003Cbr \u002F>\n– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions\u003Cbr \u002F>\n– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking\u003Cbr \u002F>\n– The token is stored temporarily in WordPress transients and expires after 5 minutes\u003Cbr \u002F>\n– The token allows WordPress to complete authentication without requiring a password\u003Cbr \u002F>\n– Token is deleted immediately after verification (single-use security)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\n– To verify ownership of the provided email address through OTP verification\u003Cbr \u002F>\n– After successful OTP verification, a secure browser-bound login token is generated\u003Cbr \u002F>\n– The token allows WordPress to authenticate users without passwords\u003C\u002Fp>\n\u003Cp>Data Storage:\u003Cbr \u002F>\n– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)\u003Cbr \u002F>\n– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)\u003Cbr \u002F>\n– No user data is permanently stored by this plugin\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fterms-service\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An active Authyo account with API credentials\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Getting Authyo API Credentials\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Sign up for an account at https:\u002F\u002Fauthyo.io\u003C\u002Fli>\n\u003Cli>Log in to your Authyo dashboard\u003C\u002Fli>\n\u003Cli>Navigate to your application settings\u003C\u002Fli>\n\u003Cli>Copy your \u003Cstrong>App ID\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Plugin Setup\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enable \u003Cstrong>Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enter your Authyo API credentials:\n\u003Cul>\n\u003Cli>Authyo App ID\u003C\u002Fli>\n\u003Cli>Authyo Client ID\u003C\u002Fli>\n\u003Cli>Authyo Client Secret\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once configured, the passwordless login form will appear on your WordPress login page.\u003C\u002Fp>\n","Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.",0,245,"","6.9.4","5.0","7.2",[18,19,20,21,22],"email-otp","otp-login","passwordless-login","two-factor-authentication","wordpress-otp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthyo-passwordless-login.1.0.3.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":30,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"konceptwise",10,30,94,"2026-04-04T13:46:11.827Z",[35,59,78,96,119],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":14,"requires_at_least":48,"requires_php":13,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":11,"last_vuln_date":57,"fetched_at":58},"user-verification","User Verification by PickPlugins","2.0.46","PickPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpickplugins\u002F","\u003Cp>User Verification – Complete WordPress User Authentication & Security Plugin\u003C\u002Fp>\n\u003Ch3>User Verification by \u003Ca href=\"http:\u002F\u002Fwww.pickplugins.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.pickplugins.com\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fitem\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fsupport\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpickplugins.com\u002Fdocumentation\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Secure Your WordPress Site with Advanced User Verification & Authentication\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Verification\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides multiple layers of user authentication and spam protection to safeguard your website from unauthorized access and malicious registrations.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>Email Verification System\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mandatory Email Verification\u003C\u002Fstrong>: Ensure all new users verify their email addresses before accessing your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Pages\u003C\u002Fstrong>: Choose custom redirect pages for successful and failed verifications  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Login\u003C\u002Fstrong>: Seamlessly log users in after successful email verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Control\u003C\u002Fstrong>: Exclude specific user roles (like Administrators) from verification requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Enable\u002Fdisable email verification with simple toggle controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Magic Login (Passwordless Authentication)\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>🆕 NEW Feature\u003C\u002Fstrong>: Enable secure passwordless login for enhanced user experience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email-Based Authentication\u003C\u002Fstrong>: Users receive login links directly in their inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Key Length\u003C\u002Fstrong>: Set secure authentication key length (default: 6 characters)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attempt Limits\u003C\u002Fstrong>: Configure maximum login attempts for security (default: 3 attempts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Pages\u003C\u002Fstrong>: Set specific pages for successful logins, failures, and magic login forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Verification Integration\u003C\u002Fstrong>: Require verified emails for magic login access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Implementation\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_magic_login_form]\u003C\u002Fcode> for frontend display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>OTP (One-Time Password) Login\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMS\u002FEmail OTP\u003C\u002Fstrong>: Secure one-time password authentication system\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable OTP Length\u003C\u002Fstrong>: Customize OTP length (default: 6 digits)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Character Flexibility\u003C\u002Fstrong>: Support for numbers, uppercase, lowercase, and special characters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Success\u002FError Messages\u003C\u002Fstrong>: Personalized user feedback for OTP processes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Login Redirects\u003C\u002Fstrong>: Direct users to specific pages after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Integration\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_otp_login_form]\u003C\u002Fcode> implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Advanced Spam Protection\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain Blocking\u003C\u002Fstrong>: Block registrations from specific email domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Allowlist\u003C\u002Fstrong>: Allow only approved email domains for registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username Protection\u003C\u002Fstrong>: Block specific usernames from registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Domain Management\u003C\u002Fstrong>: Easy-to-use interface for managing blocked\u002Fallowed domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>reCAPTCHA Integration\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong>: Complete bot protection with checkbox verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Implementation Points\u003C\u002Fstrong>: Add reCAPTCHA to login, registration, password reset, and comment forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with site key and secret key\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>User Management Tools\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unverified User Cleanup\u003C\u002Fstrong>: Automatically delete unverified user accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Existing User Verification\u003C\u002Fstrong>: Mark existing users as verified with customizable intervals\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Status Monitoring\u003C\u002Fstrong>: Track verification status across your user base\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Email Customization\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Email Templates\u003C\u002Fstrong>: Personalize verification and notification emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPAutoP Support\u003C\u002Fstrong>: Enable\u002Fdisable automatic paragraph formatting in emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Communications\u003C\u002Fstrong>: Add your logo and customize email appearance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Email Types\u003C\u002Fstrong>: Templates for registration, verification, OTP, magic login, and activation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>E-commerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce login, registration, and password reset forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer Protection\u003C\u002Fstrong>: Prevent fake customer registrations and protect customer data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Experience\u003C\u002Fstrong>: Maintain smooth checkout process while ensuring security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong>: Protect exclusive content with verified users only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce Stores\u003C\u002Fstrong>: Prevent fake customer accounts and fraudulent orders  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Corporate Websites\u003C\u002Fstrong>: Ensure legitimate user registrations for business platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Forums\u003C\u002Fstrong>: Maintain quality user base with verified members\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Educational Platforms\u003C\u002Fstrong>: Secure student and instructor account creation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any WordPress Site\u003C\u002Fstrong>: Enhance security for blogs, portfolios, and business websites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚡ Easy Setup & Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Intuitive admin dashboard for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Ready\u003C\u002Fstrong>: Simple shortcodes for frontend form implementation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Configuration\u003C\u002Fstrong>: Enable\u002Fdisable features with simple toggle switches\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Documentation\u003C\u002Fstrong>: Detailed setup guides and troubleshooting support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 Technical Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Compatibility\u003C\u002Fstrong>: Works with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 7.4+ Support\u003C\u002Fstrong>: Modern PHP compatibility for optimal performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: All forms and interfaces work perfectly on mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Multi-language support for global websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Clean code structure with hooks and filters for customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Default Email Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Professional Setup\u003C\u002Fstrong>: Comes with pre-configured professional email settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom From Address\u003C\u002Fstrong>: Set your preferred sender email (e.g., public.nurhasan@gmail.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Sender Name\u003C\u002Fstrong>: Customize sender name (default: wordpress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Variety\u003C\u002Fstrong>: Multiple email templates for different verification scenarios\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Choose User Verification?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Complete Security Solution\u003C\u002Fstrong>: Multiple authentication methods in one plugin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Spam Guarantee\u003C\u002Fstrong>: Advanced filtering eliminates fake registrations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Experience Focused\u003C\u002Fstrong>: Smooth verification process that doesn’t frustrate legitimate users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly Customizable\u003C\u002Fstrong>: Adapt every aspect to match your site’s needs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regular Updates\u003C\u002Fstrong>: Continuously updated with new features and security improvements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Support\u003C\u002Fstrong>: Dedicated support for setup and troubleshooting\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation & Usage\u003C\u002Fh3>\n\u003Cp>Simply install the plugin, configure your preferred verification methods, and add the provided shortcodes to your pages. The plugin integrates seamlessly with WordPress default forms and popular plugins like WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Transform your WordPress site security today with User Verification – the most comprehensive user authentication plugin available.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Ch3>Spam Protection by [https:\u002F\u002Fisspammy.com](http:\u002F\u002Fisspammy.com)\u003C\u002Fh3>\n\u003Cp>isspammy.com is owned by PickPlugins and it’s used to protect spam users from login in, registering, commenting, posting reviews and etc. Once you mark a comment as spam it will send a request to isspammy.com and it will create a record for this mail and marked as spam, so later when the same email is used to post a comment it will block them as a spammer. isspammy.com is commited to keep user email private and only accessible when requested.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002FAbout Us\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Email verification for user registration to protect spam.",5000,330832,90,63,"2026-02-14T03:45:00.000Z","4.1",[18,50,51,52,20],"email-validation","email-verification","hide-login","http:\u002F\u002Fpickplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-verification.zip",87,3,"2026-03-23 00:00:00","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":24,"num_ratings":69,"last_updated":70,"tested_up_to":14,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":13,"download_link":77,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":58},"ventraconnect-social-login","VentraConnect – Social Login, Magic Link & Email OTP (Passwordless)","1.2.0","Fahad Aslam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahdaslam\u002F","\u003Cp>VentraConnect provides a \u003Cstrong>unified login system\u003C\u002Fstrong> for WordPress: Social Login + Magic Link + Email OTP.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Social Login\u003C\u002Fstrong> with 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> with \u003Cstrong>Magic Link\u003C\u002Fstrong> and \u003Cstrong>Email OTP\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Can run in \u003Cstrong>Login only\u003C\u002Fstrong> mode (existing users) or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (allow new accounts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guardrails (optional):\u003C\u002Fstrong> prevent spam accounts by letting \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> log existing users in, but optionally blocking them from creating new users. This stops random visitors from turning your login screen into an open registration form, while your normal WordPress registration and any custom onboarding forms continue to work as usual.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works out-of-the-box on the default WordPress login\u002Fregistration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>) and also supports shortcodes for custom pages and page builders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No proxy servers. No third-party tracking.\u003C\u002Fstrong> VentraConnect connects directly to each provider using official OAuth flows.\u003C\u002Fp>\n\u003Cp>| \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002Fwhat-is-ventraconnect-social-login\u002F\" rel=\"nofollow ugc\">Setup\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro Addon\u003C\u002Fa> |\u003C\u002Fp>\n\u003Ch3>Best for\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sites that want \u003Cstrong>faster logins\u003C\u002Fstrong> and fewer abandoned registrations by offering Social Login + passwordless login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> that want modern social + passwordless login on the login, checkout and My Account pages (Pro add-on).\u003C\u002Fli>\n\u003Cli>Sites that are getting \u003Cstrong>spam registrations\u003C\u002Fstrong> and want Guardrails to control who can create new accounts from the default \u003Ccode>wp-login.php\u003C\u002Fcode> screen.\u003C\u002Fli>\n\u003Cli>Sites that want to add \u003Cstrong>passwordless login\u003C\u002Fstrong> (Magic Link \u002F Email OTP) as an option, without removing the classic username\u002Fpassword login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features (Free)\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Social Login\u003C\u002Fstrong>\u003Cbr \u002F>\n– 15+ providers (Google, Facebook, X\u002FTwitter, LinkedIn, Microsoft, GitHub, and more)\u003Cbr \u002F>\n– Adds login buttons to core WordPress login & registration screens (\u003Ccode>wp-login.php\u003C\u002Fcode>)\u003Cbr \u002F>\n– Shortcodes for custom pages, page builders, and custom login pages\u003Cbr \u002F>\n– Account linking + unlinking (connect multiple providers to one WordPress user)\u003Cbr \u002F>\n– Optional profile sync (name + avatar)\u003Cbr \u002F>\n– Button styles: Light, Dark, Minimal, plus icon-only layouts\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Passwordless Login (Magic Link + Email OTP)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Built-in security: expiry, resend throttling, single-use links, max attempt limits\u003Cbr \u002F>\n– Flexible behavior: \u003Cstrong>Login only\u003C\u002Fstrong> mode or \u003Cstrong>Login & Register\u003C\u002Fstrong> mode (per method)\u003Cbr \u002F>\n– Per-method redirect overrides (same page, referrer, homepage, custom URL)\u003Cbr \u002F>\n– Custom emails: edit sender name, subject, and message templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guardrails (Spam & signup control)\u003C\u002Fstrong>\u003Cbr \u002F>\n– Prevent spam accounts by controlling whether \u003Cstrong>Social Login, Magic Link and Email OTP\u003C\u002Fstrong> are allowed to create new users\u003Cbr \u002F>\n– Keep your login screen focused on \u003Cstrong>login\u003C\u002Fstrong> only, while still letting existing users sign in with all three methods\u003Cbr \u002F>\n– Your normal WordPress registration form and other registration\u002Fonboarding flows continue to work as usual\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– Basic redirect options for social + passwordless login\u003Cbr \u002F>\n– Diagnostics\u002Flogging to debug OAuth and login issues\u003Cbr \u002F>\n– Email notifications (user + admin) when a new account is created via social login\u003C\u002Fp>\n\u003Ch3>Pro Add-on (Optional)\u003C\u002Fh3>\n\u003Cp>The Pro add-on extends the same login system into popular plugins and adds advanced control:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> for login, checkout and My Account, with Guardrails-aware flows and context-based shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LMS integrations\u003C\u002Fstrong>: LearnDash, LifterLMS, LearnPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership\u002Fcommunity integrations\u003C\u002Fstrong>: MemberPress, Ultimate Member, Paid Memberships Pro (PMPro), BuddyPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Mode (Off, Recommended, Strict)\u003C\u002Fstrong> to control how aggressively passwords are phased out on supported forms while keeping an admin fallback\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced redirect rules\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & login insights\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Additional \u003Cstrong>diagnostics\u002Flogging\u003C\u002Fstrong> for complex setups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro features require the separate \u003Ca href=\"https:\u002F\u002Fwpventra.com\u002F\" rel=\"nofollow ugc\">VentraConnect Social Login Pro\u003C\u002Fa> add-on.\u003C\u002Fp>\n\u003Ch3>Supported Social Providers\u003C\u002Fh3>\n\u003Cp>Google, Facebook, X (Twitter), LinkedIn, Microsoft, GitHub, Discord, Reddit, Slack, Twitch, Spotify, TikTok, Amazon, Yahoo, WordPress.com, LINE.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user clicks a Social Login button, or requests a Magic Link \u002F Email OTP.\u003C\u002Fli>\n\u003Cli>For Social Login, the user authenticates with the provider via official OAuth; for Magic Link \u002F OTP, they verify ownership of their email address.\u003C\u002Fli>\n\u003Cli>VentraConnect receives basic profile or email data and looks for an existing WordPress user.\u003C\u002Fli>\n\u003Cli>If the email matches an existing user, the login methods are linked to that account and the user is logged in. If not, a new user may be created (subject to your Guardrails and registration settings).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>VentraConnect Social Login is an OAuth client only.\u003C\u002Fp>\n\u003Cp>During login:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The user is redirected to the selected provider such as Google or Facebook.\u003C\u002Fli>\n\u003Cli>The provider authenticates the user.\u003C\u002Fli>\n\u003Cli>The provider returns an authorization token to your site.\u003C\u002Fli>\n\u003Cli>VentraConnect retrieves basic profile data:\n\u003Cul>\n\u003Cli>Provider user ID\u003C\u002Fli>\n\u003Cli>Email address\u003C\u002Fli>\n\u003Cli>Display name\u003C\u002Fli>\n\u003Cli>Avatar URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No user data is sent to or stored on servers owned by the plugin author.\u003Cbr \u002F>\nAll communication happens directly between your WordPress site and the provider official APIs.\u003C\u002Fp>\n\u003Ch3>Provider Domains Used\u003C\u002Fh3>\n\u003Cp>Google\u003Cbr \u002F>\naccounts.google.com\u003Cbr \u002F>\noauth2.googleapis.com\u003Cbr \u002F>\npeople.googleapis.com\u003C\u002Fp>\n\u003Cp>Facebook\u003Cbr \u002F>\ngraph.facebook.com\u003C\u002Fp>\n\u003Cp>Microsoft\u003Cbr \u002F>\nlogin.microsoftonline.com\u003Cbr \u002F>\ngraph.microsoft.com\u003C\u002Fp>\n\u003Cp>TikTok\u003Cbr \u002F>\nopen.tiktokapis.com\u003C\u002Fp>\n\u003Cp>Reddit\u003Cbr \u002F>\nwww.reddit.com\u003Cbr \u002F>\noauth.reddit.com\u003C\u002Fp>\n\u003Cp>LINE\u003Cbr \u002F>\naccess.line.me\u003Cbr \u002F>\napi.line.me\u003C\u002Fp>\n\u003Cp>Slack\u003Cbr \u002F>\nslack.com\u003C\u002Fp>\n\u003Cp>Discord\u003Cbr \u002F>\ndiscord.com\u003C\u002Fp>\n\u003Cp>Twitch\u003Cbr \u002F>\nid.twitch.tv\u003Cbr \u002F>\napi.twitch.tv\u003C\u002Fp>\n\u003Cp>GitHub\u003Cbr \u002F>\ngithub.com\u003Cbr \u002F>\napi.github.com\u003C\u002Fp>\n\u003Cp>Amazon\u003Cbr \u002F>\nwww.amazon.com\u003Cbr \u002F>\napi.amazon.com\u003C\u002Fp>\n\u003Cp>Yahoo\u003Cbr \u002F>\napi.login.yahoo.com\u003C\u002Fp>\n\u003Cp>WordPress.com\u003Cbr \u002F>\npublic-api.wordpress.com\u003C\u002Fp>\n\u003Cp>LinkedIn\u003Cbr \u002F>\nwww.linkedin.com\u003Cbr \u002F>\napi.linkedin.com\u003C\u002Fp>\n\u003Cp>Each provider has its own Terms of Service and Privacy Policy. You are responsible for complying with those terms when enabling a provider.\u003C\u002Fp>\n","Social login with 15+ providers plus passwordless login (Magic Link & Email OTP), with Guardrails to block spam registrations.",20,584,2,"2026-02-25T12:07:00.000Z","6.2","7.4",[18,74,75,20,76],"magic-link","oauth","social-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fventraconnect-social-login.1.2.0.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":72,"tags":90,"homepage":94,"download_link":95,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":58},"password-less-login","Password Less Login","1.0.0.1","Sadekur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadekur\u002F","\u003Cp>\u003Cstrong>Password Less Login\u003C\u002Fstrong> is a passwordless and OTP-based login system for WordPress.\u003Cbr \u002F>\nEvery user — both existing and new — must verify their identity using a \u003Cstrong>One-Time Password (OTP)\u003C\u002Fstrong> sent to their email before being logged in.\u003C\u002Fp>\n\u003Cp>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user enters their email address.\u003C\u002Fli>\n\u003Cli>The plugin sends a \u003Cstrong>6-digit OTP\u003C\u002Fstrong> to that email.\u003C\u002Fli>\n\u003Cli>The user enters the OTP:\n\u003Cul>\n\u003Cli>If the email exists \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user is securely logged in.\u003C\u002Fli>\n\u003Cli>If the email is new \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user provides a username, verifies the OTP, and a new account is created automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The OTP is valid for \u003Cstrong>10 minutes\u003C\u002Fstrong> and expires after use.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin never logs in users without OTP verification.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication for All Users\u003C\u002Fstrong> – Both existing and new users must verify the OTP before login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Securely log in using only your email and OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto User Registration\u003C\u002Fstrong> – New users can register instantly after OTP verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary OTP (10 Minutes)\u003C\u002Fstrong> – Each OTP expires after 10 minutes and can only be used once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Protects REST API endpoints from unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Email Handling\u003C\u002Fstrong> – Emails are hashed when stored in transients to protect user data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience\u003C\u002Fstrong> – Clean, minimal login flow with conditional fields for existing vs. new users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Password Less Login?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No passwords to remember or reset.\u003C\u002Fli>\n\u003Cli>OTP verification ensures true ownership of email.\u003C\u002Fli>\n\u003Cli>Protects against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Simple setup – works with the native WordPress login page.\u003C\u002Fli>\n\u003Cli>Modern and user-friendly design.\u003C\u002Fli>\n\u003Cli>Reduces “Forgot Password” support requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to your WordPress login page.\u003C\u002Fli>\n\u003Cli>Enter your email address and click “Send OTP”.\u003C\u002Fli>\n\u003Cli>Check your email for the OTP.\u003C\u002Fli>\n\u003Cli>Enter the OTP in the login form:\n\u003Cul>\n\u003Cli>If your account exists, you’ll be logged in.\u003C\u002Fli>\n\u003Cli>If not, you’ll be prompted to provide a username before registration and login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>You’ll be redirected to your dashboard after successful verification.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL license. You are free to use and modify it.\u003C\u002Fp>\n\u003Cp>For support, contact: \u003Ca href=\"mailto:sadekur0rahman@gmail.com\" rel=\"nofollow ugc\">sadekur0rahman@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n","A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.",229,"2026-01-07T16:26:00.000Z","6.8.5","5.9",[91,92,19,20,93],"easy-login","email-authentication","secure-login","https:\u002F\u002Fgithub.com\u002Fsadekur\u002Fpassword-less-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-less-login.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":32,"num_ratings":106,"last_updated":107,"tested_up_to":14,"requires_at_least":15,"requires_php":108,"tags":109,"homepage":114,"download_link":115,"security_score":116,"vuln_count":117,"unpatched_count":11,"last_vuln_date":118,"fetched_at":58},"all-in-one-wp-security-and-firewall","All-In-One Security (AIOS) – Security and Firewall","5.4.6","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Ch3>THE TOP RATED WORDPRESS SECURITY AND FIREWALL PLUGIN\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios&utm_creative_format=description\" rel=\"nofollow ugc\">All-in-One Security (AIOS)\u003C\u002Fa> is a WordPress security plugin from the same, trusted team that brought you UpdraftPlus.\u003C\u002Fp>\n\u003Cp>It’s called ‘All-In-One’ because it’s packed full of ways to keep your WordPress website(s) safe and secure.\u003C\u002Fp>\n\u003Cp>It includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login security features\u003C\u002Fstrong> keep bots at bay. Lock out users based on a configurable number of login attempts, get two-factor authentication and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File and database security.\u003C\u002Fstrong> Get notified of file changes that occur outside of normal operations. Block access to key files and scan files and folders to spot insecure permissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Firewall.\u003C\u002Fstrong> Get PHP, .htaccess and 6G firewall rules courtesy of Perishable Press. Spot and block fake Google Bots and more!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam prevention.\u003C\u002Fstrong> Prevent annoying spam comments and reduce unnecessary load on the server. Automatically and permanently block IP addresses that exceed a set number of spam comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Audit log.\u003C\u002Fstrong> View events happening on your WordPress website. Find out if a plugin or theme has been added, removed, updated and more.\u003C\u002Fp>\n\u003Ch4>WHY ALL-IN-ONE SECURITY?\u003C\u002Fh4>\n\u003Cp>AIOS has a near-perfect \u003Cstrong>4.7 \u002F 5-star user rating\u003C\u002Fstrong> across more than 1 million installs.\u003C\u002Fp>\n\u003Cp>Great for beginners and experts alike. AIOS guides you logically and clearly through each of its features which are all clearly explained. Security features are marked as basic, intermediate and advanced. Each step increases your security score. Turn them on and watch your protection grow!\u003C\u002Fp>\n\u003Cp>We have a large support team of software developers. That means we have the availability and the skillset to help you with the trickiest of queries.\u003C\u002Fp>\n\u003Cp>We comb the WordPress plugin directory for support tickets daily – most queries are responded to within 24 hours.\u003C\u002Fp>\n\u003Cp>\u003Cem>Excellent plugin with numerous well-thought-out options for making a website more secure. I have been using it for years and am very happy with it. I recently had a small problem setting up a website and – even as a non-premium user – I received support very quickly. Highly recommended!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>For even more ways to stay safe and secure, upgrade to \u003Ca href=\"https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002Fpricing?utm_source=aios-wp-dir&utm_medium=referral&utm_campaign=plugin-dir&utm_content=aios_premium&utm_creative_format=description\" rel=\"nofollow ugc\">AIOS Premium\u003C\u002Fa> – it packs a punch security-wise, whilst being \u003Cstrong>extremely cost-competitive\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>LOGIN SECURITY\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication (TFA)\u003C\u002Fstrong> – Require TFA for specific user roles. Supports Google Authenticator, Microsoft Authenticator, Authy, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detect and manage ‘admin’ usernames\u003C\u002Fstrong> – Identify default ‘admin’ usernames and guide users to change them to protect against brute force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify and correct identical login and display names\u003C\u002Fstrong> – Detect cases where the display name matches the username and provide guidance to improve login security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent user enumeration\u003C\u002Fstrong> – Block unauthorised access to URLs that can reveal sensitive information such as usernames or other details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control login attempts\u003C\u002Fstrong> – Prevent brute force attacks by limiting the number of failed login attempts. Choose how many login attempts are allowed, set lockout durations, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Force user logout\u003C\u002Fstrong> – Automatically log out users after a specified period of time. Unattended sessions are closed, reducing the risk of unauthorised access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually approve new registrations\u003C\u002Fstrong> – Review and approve new user registrations to prevent spam and fake sign-ups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance WordPress salt security\u003C\u002Fstrong> – Adds 64 extra characters to WordPress salts, rotating them weekly. Makes cracking passwords virtually impossible, even if your database is stolen.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u002F\u003Cbr \u002F>\n\u003Cstrong>Monitor and manage active sessions\u003C\u002Fstrong> – If a user is logged in who shouldn’t be, log them out or add them to a blacklist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SPAM PREVENTION\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block spam coming from bots\u003C\u002Fstrong> – Reduce the load on your server and improve the user experience by automatically blocking spam comments from bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor spam IP addresses\u003C\u002Fstrong> – Monitor the IP addresses of people or bots leaving spam comments. Choose which ones to block based on a configurable number of comments left.\u003C\u002Fp>\n\u003Ch4>FILE \u002F DATABASE Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Scan and fix file permissions\u003C\u002Fstrong> – Scan for insecure file permissions. Click once to fix issues and safeguard critical files and folders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable PHP file editing\u003C\u002Fstrong> – Disable editing of PHP files (such as plugins and themes) via the dashboard. It’s often the first tool that attackers use as it allows for code execution.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect sensitive files\u003C\u002Fstrong> – Prevent access to files like readme.html that might reveal information about your WordPress installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File change scanner\u003C\u002Fstrong> – Get notified of any file changes which occur on your system. Exclude files and folders which change as part of normal operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prevent image hotlinking\u003C\u002Fstrong> – Prevent other websites from displaying your images via hotlinking and protect server bandwidth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure database backups\u003C\u002Fstrong> – Perform a database backup via UpdraftPlus from AIOS. Change the default ‘wp_’ prefix to hide your WordPress database from hackers.\u003C\u002Fp>\n\u003Ch4>FIREWALL\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Get .htaccess firewall rules\u003C\u002Fstrong> – Deny access to the .htaccess and wp-config.php files. Disable the server signature and limit file uploads to a configurable size.**\u003C\u002Fp>\n\u003Cp>Block access to the debug.log file and prevent Apache servers from listing the contents of a directory when an index.php file is not present\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get PHP firewall rules\u003C\u002Fstrong> – PHP firewall rules prevent malicious users from exploiting well-known vulnerabilities in XML-RPC. Safeguard your content by disabling RSS and Atom feeds and avoid cross-site scripting (XSS) attacks.\u003Cbr \u002F>\nBlock fake Google bots and POST requests made by bots – Block fake Google bots and stop bots from making POST requests by blocking IP addresses where the user-agent and referrer fields are blank.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Utilise 6G firewall rules\u003C\u002Fstrong> – Employ flexible blacklist rules to reduce the number of malicious URL requests that hit your website (courtesy of Perishable Press).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>And more\u003C\u002Fstrong> – Blacklist (and whitelist) IP ranges and user agents and block unauthorized access to data by disabling REST API access for non-logged-in requests.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION ENHANCED [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong> is included in the free plugin. Upgrade to Premium if you’d like to:\u003Cbr \u002F>\nRequire TFA after a set time period – Mandate TFA for all admins or other roles after their accounts reach a specified age.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control how often TFA is required\u003C\u002Fstrong> – Set TFA to be required after a certain number of days on trusted devices instead of every login.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customise design layout\u003C\u002Fstrong> – Adjust the TFA design to match your website’s existing layout and branding.\u003Cbr \u002F>\nEmergency codes – Generate one-time use emergency codes to regain access if you lose your TFA device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Multisite Compatible\u003C\u002Fstrong> – Ensure compatibility with WordPress multisite networks and their sub-sites for consistent TFA application.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with login forms\u003C\u002Fstrong> – Integrate TFA with various login forms, including WooCommerce, Affiliates-WP, Elementor Pro, bbPress, and ‘Theme My Login’ without additional coding.\u003C\u002Fp>\n\u003Ch4>SMART 404 BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block IPs based on 404 errors\u003C\u002Fstrong> – Detect hackers probing your URLs via script and bots by the 404 errors they leave behind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 Configuration\u003C\u002Fstrong> – Set a figure for the maximum number of 404 events allowed before an IP address is blocked. Choose a time period within which the 404 events must occur (e.g., 10 errors within 10 minutes).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 block by URL string\u003C\u002Fstrong> – Instantly block an IP address if a 404 event includes a specific URL string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart 404 whitelisting\u003C\u002Fstrong> – Prevent particular IP addresses from being permanently blocked due to 404 events.\u003C\u002Fp>\n\u003Ch4>COUNTRY BLOCKING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Block traffic to the entire site or to specific pages or posts\u003C\u002Fstrong> – Useful if you’re an e-commerce site and you want to block sales to some countries for shipping or tax reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whitelist some users from blocked countries\u003C\u002Fstrong> – Whitelist IP addresses or IP ranges even if they are part of a blocked country.\u003C\u002Fp>\n\u003Ch4>MALWARE SCANNING [Premium]\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Automatic malware scanning\u003C\u002Fstrong> – Detect and protect against the latest malware, trojans, and spyware.\u003Cbr \u002F>\nAlerts you to blacklisting by search engines – Monitor your site for blacklisting by search engines due to malicious code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Response time monitoring\u003C\u002Fstrong> – Keep track of your website’s response time to identify and address any performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Uptime monitoring\u003C\u002Fstrong> – Checks your website’s uptime every 5 minutes and alerts you immediately if your site or server goes down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advice and malware removal\u003C\u002Fstrong> – Need hands-on advice and support for malware removal? Our team of genuine cybersecurity experts is here to help.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notification if something’s amiss\u003C\u002Fstrong> – Receive notifications about any issues with your site so you can address problems before they escalate.\u003C\u002Fp>\n\u003Ch4>Plugin Support\u003C\u002Fh4>\n\u003Cp>If you have a question or problem with the All-In-One Security plugin, post it on the support forum and we will help you. Premium customers can log queries directly with the team via https:\u002F\u002Fteamupdraft.com\u002Fall-in-one-security\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you are a developer and you need some extra hooks or filters for this plugin then let us know.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All-In-One Security plugin can be translated to any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently available translations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Hungarian\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy Policy\u003C\u002Fh4>\n\u003Cp>This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity.\u003C\u002Fp>\n\u003Cp>The collected information is stored on your server. No information is transmitted to third parties or remote server locations.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Go to the settings menu after you activate the plugin and follow the instructions.\u003C\u002Fp>\n","Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.",1000000,36139406,1693,"2026-01-28T22:15:00.000Z","5.6",[110,111,112,113,21],"firewall","login-security","malware-scanning","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-security-and-firewall.5.4.6.zip",93,26,"2024-02-08 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":14,"requires_at_least":132,"requires_php":72,"tags":133,"homepage":137,"download_link":138,"security_score":116,"vuln_count":139,"unpatched_count":11,"last_vuln_date":140,"fetched_at":58},"better-wp-security","Solid Security – Password, Two Factor Authentication, and Brute Force Protection","9.4.6","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Ch4>Reduce your WordPress website’s risk to nearly zero with Solid Security\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fwporg-security-ithemes\" rel=\"nofollow ugc\">Formerly iThemes Security. Looking for iThemes? Learn more here.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24\u002F7\u002F365 threat.\u003C\u002Fp>\n\u003Cp>You need a proactive, strategic approach to WordPress website security that protects your site from brute force attacks, malware infections, and other cyber threats.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsolid-security-pro\" rel=\"nofollow ugc\">Solid Security\u003C\u002Fa> shields your site from cyberattacks and prevents security vulnerabilities. It automatically locks out bad users identified by our Brute Force Protection Network that is nearly 1 million sites strong and leverages your own blacklist. It secures and protects your most commonly attacked part of your WordPress website – user login authentication.\u003C\u002Fp>\n\u003Cp>With Patchstack integration (Pro) protects your site before you even have a chance to address vulnerabilities and before a plugin or theme vendor or developer can even issue a patch.\u003C\u002Fp>\n\u003Cp>That’s 24\u002F7\u002F365 always-on truly Solid Security.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Welcome to Solid Security, Part of the SolidWP Suite\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F863249227?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch4>🌐 Secure your Website in Minutes\u003C\u002Fh4>\n\u003Cp>The Solid Security setup and onboarding experience allows anyone to secure their WordPress website in under 10 minutes, regardless of technical acumen. Knowing that you have enabled all the right security settings for your website will leave you feeling like your site has never been more secure.\u003C\u002Fp>\n\u003Ch4>📚 Security Site Templates to Fit Your Type of Site\u003C\u002Fh4>\n\u003Cp>Enabling the correct security settings based on the type of website you are building or maintaining is essential for proper security. An eCommerce site requires a different level of security than a basic blog. Solid Security Site Templates make it quick and easy to apply the right security settings for your website.\u003C\u002Fp>\n\u003Cp>Choose from six different site templates to apply the type of security your site needs:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Ecommerce\u003C\u002Fstrong> – websites that sell products or services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network\u003C\u002Fstrong> – websites that connect people or communities\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Non-Profit\u003C\u002Fstrong> – websites that promote your cause and collect donations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blog\u003C\u002Fstrong> – websites that share your thoughts or start a conversation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Portfolio\u003C\u002Fstrong> – websites that showcase your craft\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brochure\u003C\u002Fstrong> – simple websites that promote your business\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>⌚ Real-Time Website Security Dashboard\u003C\u002Fh4>\n\u003Cp>Every day, lots of activity is happening on your website that you can’t see. Many of these activities can be related to your site’s security, so monitoring these events is vital to keeping your site secure.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsolid-security-pro\" rel=\"nofollow ugc\">Solid Security Pro\u003C\u002Fa> plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The Solid Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro).\u003C\u002Fp>\n\u003Ch4>🗝️ WordPress Login Security\u003C\u002Fh4>\n\u003Cp>Setting up and maintaining proper WordPress configurations and managing user account access are essential aspects of hardening your site against threats and vulnerabilities. Basic and Pro include features that address both of these factors.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Two Factor Authentication (2FA)\u003C\u002Fstrong> – Make your WordPress login nearly impenetrable to attack by requiring users to enter a security code along with a password to login. The Solid Security plugin allows you to add two-factor authentication to your WordPress login with several authentication methods, including mobile apps like Authy and Google Authenticator, email, and backup codes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Password Requirements\u003C\u002Fstrong> – Create and enforce a password policy for your users in less than a minute.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA\u003C\u002Fstrong> (Pro) – Stop bad bots from engaging in abusive activities on your website, such as attempting to break into your website using compromised passwords, posting spam, or even scraping your content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Passwordless Logins\u003C\u002Fstrong> (Pro) – WordPress security made easy. Secure your user accounts with 2fa & strong passwords while allowing real users login with a click of a mouse.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Trusted Devices\u003C\u002Fstrong> (Pro) – Identify the devices you and other users use to block session hijacking attacks and limit Administrator privileges to Trusted Devices.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Automated Vulnerability Patching\u003C\u002Fstrong> (Pro) – Solid Security Pro includes Patchstack which patches vulnerabilities before you have a chance to and applies fixes even before a plugin developer or vendor has issued a patch.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fwporgpasswordless\" rel=\"nofollow ugc\">passwordless login is the future\u003C\u002Fa> and how Solid Security can help you implement it today.\u003C\u002Fp>\n\u003Ch4>👨‍👩‍👧‍👦 The Right Amount of Security for Every User Level\u003C\u002Fh4>\n\u003Cp>Different types of user levels require different levels of security. During the Solid Security setup process, you can identify your website’s key user groups. Once the different types of users are identified, you can apply the level of security that is just right for each user group.\u003C\u002Fp>\n\u003Cp>Here are a couple of examples of how User Groups are useful for securing your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>For Clients\u003C\u002Fstrong> – Let’s say you are configuring Solid Security on a client’s website. You will decide whether or not they are required to use two-factor authentication and if they should have access to the Solid Security settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>For Customers\u003C\u002Fstrong> – If you have an eCommerce website, you will decide whether or not you want to protect customer accounts with a password policy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privilege Escalation\u003C\u002Fstrong> (Pro) also adds a safe, secure way to grant temporary admin-level access to your website.\u003C\u002Fp>\n\u003Ch4>🤖 Block Bad Bots & Ban User Agents with Lockouts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ban Users\u003C\u002Fstrong> (Basic and Pro) – Permanently block repeat offenders from accessing your site.\u003Cbr \u002F>\nLocal Brute Force Protection – Automatically identify and stop the most common method of attack on WordPress sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Local Brute Force Protection\u003C\u002Fstrong> (Basic and Pro) – Automatically identify and stop the most common method of attack on WordPress sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Network Brute Force Protection\u003C\u002Fstrong> (Basic and Pro) – The network is the Solid Security community and is nearly one million websites strong. If someone tries to break into websites in the Solid Security community, Solid Security will block them across the network.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Magic Links\u003C\u002Fstrong> (Pro) – Security shouldn’t get in your way. Magic Links allow you to log in to your WordPress site while your username is locked out by the Solid Security Local Brute Force Protection feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔍 Monitor Your Site’s Security Health\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>File Change Detection\u003C\u002Fstrong> (Basic and Pro) – Solid Security logs changes made to your website that can help detect malicious activity on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Scanner (Basic and Pro)\u003C\u002Fstrong> – Schedule checks to run four times per day (Basic) or hourly (Pro) for known vulnerabilities of WordPress core file, plugins and themes. Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Patchstack integration (Pro)\u003C\u002Fstrong> – Automated virtual patching of some vulnerabilities before you even have a chance to address them yourself, and before a plugin or theme vendor or developer can even issue a patch.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Scanner\u003C\u002Fstrong> (Pro) – Unlock Version Management to automatically apply a patch to vulnerable software detected by the Site Scan when one is available.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Logging\u003C\u002Fstrong> (Pro) – Keep a record of user activity in your WordPress security logs, including login\u002Flogout, user registration, adding\u002Fremoving plugins, switching themes, changes to posts and pages, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Version Management\u003C\u002Fstrong> (Pro) – The Version Management feature in Solid Security Pro allows you to auto-update WordPress, plugins, and themes. Beyond that, Version Management also has options to harden your website when you are running outdated software and scan for old websites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🧠 Smarter, More Actionable Vulnerability Prioritization\u003C\u002Fh4>\n\u003Cp>Not all vulnerabilities pose the same level of risk, and the traditional Common Vulnerability Scoring System (CVSS) score doesn’t always reflect the realities of running a WordPress site.\u003C\u002Fp>\n\u003Cp>Solid Security now uses the Patchstack Priority score, which goes beyond CVSS to provide a real-world risk assessment tailored to WordPress. It factors in how likely a vulnerability is to be exploited and its actual impact on your site.\u003C\u002Fp>\n\u003Cp>With Patchstack Priority, you get a clearer picture of what really matters, helping you focus on the vulnerabilities that pose the greatest risk, and worry less about noise from low-impact issues.\u003C\u002Fp>\n\u003Ch4>🛠️ Website Security Utilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enforce SSL\u003C\u002Fstrong> – Force all connections to the website to be made over SSL\u002FTLS.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Database Backups\u003C\u002Fstrong> – Create backups of your WordPress database. (Not a complete backup.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Geolocation\u003C\u002Fstrong> (Pro) – Improve Trusted Devices by connecting to an external location or mapping API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Advanced Security Tools\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Identify Server IPs\u003C\u002Fstrong> – Prevent issues caused by inadvertently locking out your server IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change User ID 1\u003C\u002Fstrong> – Change the user ID for the first WordPress user, potentially preventing attacks that assume the user with ID1 exists and is an administrator.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change Database Prefix\u003C\u002Fstrong> – Change the database prefix that WordPress uses, potentially preventing attacks that assume the database prefix is “wp_”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Check File Permission\u003C\u002Fstrong> – See the file and directory permissions of key areas of your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Config Rules\u003C\u002Fstrong> – View or flush the server security rules generated by Solid Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>wp-config.php Rules\u003C\u002Fstrong> – View or flush the wp-config.php security rules generated by Solid Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change WordPress Salts\u003C\u002Fstrong> – Secure your site after a successful attack by changing the WordPress salts used to secure cookies and security tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> – change the login URL of your site, making it harder for bots to find your login page and attack it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛟 Need Help?\u003C\u002Fh4>\n\u003Cp>Free support may be available with the community’s help in the WordPress.org support forums. Our Solid Security support team provides top-notch technical support to all our Solid Security Basic users there.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-help-center\" rel=\"nofollow ugc\">Our Help Center will help you become an iThemes Security expert.\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get additional peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with Solid Security Pro.\u003C\u002Fp>\n\u003Ch4>Recover From a Hacked Site\u003C\u002Fh4>\n\u003Cp>Solid Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of a hack or security breach. Use Solid Security to create and email database backups on a customizable schedule.\u003C\u002Fp>\n\u003Cp>For complete site backups and the ability to restore or move WordPress to a new host or domain, check out \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-basic-solid-backups\" rel=\"nofollow ugc\">Solid Backups\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Solid Central Integration\u003C\u002Fh4>\n\u003Cp>Manage more than one WordPress site? Release lockouts and keep your themes, plugins, and WordPress core up to date from one dashboard with \u003Ca href=\"https:\u002F\u002Fgo.solidwp.com\u002Fsecurity-basic-solid-central\" rel=\"nofollow ugc\">Solid Central\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>*Zippia. “30 Crucial Cybersecurity Statistics [2023]: Data, Trends And More” Zippia.com. Jun. 15, 2023, https:\u002F\u002Fwww.zippia.com\u002Fadvice\u002Fcybersecurity-statistics\u002F\u003C\u002Fp>\n\u003Cp>**https:\u002F\u002Fblog.checkpoint.com\u002F2023\u002F01\u002F05\u002F38-increase-in-2022-global-cyberattacks\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Released under the terms of the GNU General Public License.\u003C\u002Fp>\n","Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.",700000,37290141,92,3981,"2026-02-25T12:43:00.000Z","6.5",[134,135,136,113,21],"brute-force-protection","malware","password-protection","https:\u002F\u002Fsolidwp.com\u002Fproducts\u002Fsecurity","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-wp-security.9.4.6.zip",19,"2024-06-20 00:00:00",{"attackSurface":142,"codeSignals":260,"taintFlows":295,"riskAssessment":296,"analyzedAt":303},{"hooks":143,"ajaxHandlers":210,"restRoutes":243,"shortcodes":252,"cronEvents":257,"entryPointCount":258,"unprotectedCount":259},[144,150,154,158,162,166,170,172,175,177,182,185,188,192,195,198,202,205,207],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_notices","closure","authyo-passwordless-login.php",21,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_menu","add_settings_page",137,{"type":145,"name":155,"callback":156,"file":148,"line":157},"admin_init","register_settings",138,{"type":145,"name":159,"callback":160,"file":148,"line":161},"admin_enqueue_scripts","enqueue_admin_assets",139,{"type":145,"name":163,"callback":164,"file":148,"line":165},"login_init","init",142,{"type":145,"name":167,"callback":168,"file":148,"line":169},"login_enqueue_scripts","enqueue_login_assets",154,{"type":145,"name":146,"callback":147,"file":148,"line":171},259,{"type":145,"name":164,"callback":147,"priority":173,"file":148,"line":174},1,276,{"type":145,"name":146,"callback":147,"file":148,"line":176},291,{"type":145,"name":178,"callback":179,"file":180,"line":181},"login_footer","add_authyo_login_form","includes\\class-authyo-login.php",25,{"type":145,"name":159,"callback":183,"file":184,"line":67},"enqueue_scripts","includes\\class-authyo-passwordless-feedback.php",{"type":145,"name":186,"callback":187,"file":184,"line":117},"rest_api_init","register_rest_endpoints",{"type":145,"name":189,"callback":190,"priority":30,"file":184,"line":191},"update_option_authyo_passwordless_login_settings","handle_settings_save_tracking_hook",29,{"type":145,"name":193,"callback":194,"priority":30,"file":184,"line":31},"add_option_authyo_passwordless_login_settings","handle_settings_add_tracking_hook",{"type":145,"name":146,"callback":196,"file":184,"line":197},"maybe_show_email_subscription_popup",33,{"type":145,"name":167,"callback":199,"file":200,"line":201},"enqueue_assets","includes\\modules\\google-auth\\class-authyo-google-auth.php",43,{"type":145,"name":203,"callback":199,"file":200,"line":204},"wp_enqueue_scripts",46,{"type":145,"name":159,"callback":160,"file":200,"line":206},49,{"type":208,"name":209,"callback":147,"priority":30,"file":200,"line":153},"filter","script_loader_tag",[211,216,219,223,225,229,233,237,241],{"action":212,"nopriv":213,"callback":214,"hasNonce":213,"hasCapCheck":213,"file":148,"line":215},"authyo_passwordless_login_send_otp",false,"ajax_send_otp",145,{"action":212,"nopriv":217,"callback":214,"hasNonce":213,"hasCapCheck":213,"file":148,"line":218},true,146,{"action":220,"nopriv":213,"callback":221,"hasNonce":213,"hasCapCheck":213,"file":148,"line":222},"authyo_passwordless_login_verify_otp","ajax_verify_otp",147,{"action":220,"nopriv":217,"callback":221,"hasNonce":213,"hasCapCheck":213,"file":148,"line":224},148,{"action":226,"nopriv":213,"callback":227,"hasNonce":217,"hasCapCheck":217,"file":184,"line":228},"authyo_passwordless_submit_deactivation_feedback","handle_feedback_submission",23,{"action":230,"nopriv":213,"callback":231,"hasNonce":217,"hasCapCheck":217,"file":184,"line":232},"authyo_passwordless_submit_email_subscription","handle_email_subscription",34,{"action":234,"nopriv":213,"callback":235,"hasNonce":217,"hasCapCheck":213,"file":184,"line":236},"authyo_passwordless_dismiss_email_subscription","handle_email_subscription_dismiss",35,{"action":238,"nopriv":213,"callback":239,"hasNonce":217,"hasCapCheck":213,"file":200,"line":240},"authyo_google_auth_verify","ajax_verify_google_auth",52,{"action":238,"nopriv":217,"callback":239,"hasNonce":217,"hasCapCheck":213,"file":200,"line":242},53,[244],{"namespace":245,"route":246,"methods":247,"callback":249,"permissionCallback":250,"file":184,"line":251},"authyo-passwordless\u002Fv1","\u002Fdeactivation-feedback",[248],"POST","handle_feedback_submission_rest","verify_permission",168,[253],{"tag":254,"callback":255,"file":148,"line":256},"authyo_login","shortcode_login_form",151,[],11,4,{"dangerousFunctions":261,"sqlUsage":262,"outputEscaping":268,"fileOperations":11,"externalRequests":56,"nonceChecks":292,"capabilityChecks":293,"bundledLibraries":294},[],{"prepared":11,"raw":69,"locations":263},[264,267],{"file":265,"line":139,"context":266},"uninstall.php","$wpdb->query() with variable interpolation",{"file":265,"line":149,"context":266},{"escaped":242,"rawEcho":30,"locations":269},[270,273,275,277,280,282,284,286,288,290],{"file":148,"line":271,"context":272},262,"raw output",{"file":148,"line":274,"context":272},294,{"file":148,"line":276,"context":272},309,{"file":278,"line":279,"context":272},"includes\\class-authyo-settings.php",172,{"file":278,"line":281,"context":272},174,{"file":278,"line":283,"context":272},182,{"file":278,"line":285,"context":272},186,{"file":278,"line":287,"context":272},253,{"file":278,"line":289,"context":272},256,{"file":278,"line":291,"context":272},257,6,9,[],[],{"summary":297,"deductions":298},"The 'authyo-passwordless-login' v1.0.3 plugin presents a mixed security posture. While it boasts no recorded vulnerabilities and a low number of external HTTP requests, the static analysis reveals several areas for concern. A significant portion of its attack surface, specifically 4 out of 9 AJAX handlers, lacks authentication checks. Additionally, both SQL queries within the plugin are not using prepared statements, which is a common vector for SQL injection vulnerabilities. The plugin also has a good output escaping rate at 84%, but this still leaves room for potential cross-site scripting (XSS) vulnerabilities in the remaining 16% of outputs. The absence of any taint analysis findings and a clean vulnerability history are positive indicators, suggesting that active exploitation of known issues is unlikely. However, the presence of unprotected entry points and raw SQL queries represent actionable risks that could be exploited by an attacker.",[299,301],{"reason":300,"points":30},"AJAX handlers without auth checks",{"reason":302,"points":30},"Raw SQL queries without prepared statements","2026-03-17T06:03:29.083Z",{"wat":305,"direct":314},{"assetPaths":306,"generatorPatterns":309,"scriptPaths":310,"versionParams":311},[307,308],"\u002Fwp-content\u002Fplugins\u002Fauthyo-passwordless-login\u002Fassets\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fauthyo-passwordless-login\u002Fassets\u002Fjs\u002Flogin.js",[],[308],[312,313],"authyo-passwordless-login\u002Fassets\u002Fcss\u002Flogin.css?ver=","authyo-passwordless-login\u002Fassets\u002Fjs\u002Flogin.js?ver=",{"cssClasses":315,"htmlComments":316,"htmlAttributes":317,"restEndpoints":320,"jsGlobals":322,"shortcodeOutput":324},[],[],[318,319],"data-authyo-login-url","data-authyo-nonce",[321],"\u002Fwp-json\u002Fauthyo-passwordless-login\u002Fv1\u002Fsettings",[323],"authyoPasswordlessLogin",[325],"[authyo_login]"]