[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnFUBysMKpqtCeWZRKb-yJWYy8nUm2QdrvaQYtIoj73c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":125,"fingerprints":167},"basic-auth-for-wp-admin","Basic Auth for WP-Admin","1.0","Walid Sadfi","https:\u002F\u002Fprofiles.wordpress.org\u002Fevolurise\u002F","\u003Cp>This plugin adds an additional layer of security to your WordPress website by adding a basic authentication HTTP to the wp-admin and wp-login pages. This means that before accessing these pages, users will be prompted to enter a username and password. This can help to prevent unauthorized access to your website’s backend.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was developed by Evolurise (https:\u002F\u002Fwww.evolurise.com\u002F)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.",0,2481,"","6.1.10","3.0","5.6.20",[18,19,20,21],"basic-auth","security","wp-login","wp-admin","https:\u002F\u002Fwww.evolurise.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-auth-for-wp-admin.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"evolurise",2,8,94,"2026-04-04T09:02:51.487Z",[35,56,74,95,112],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":13,"tags":50,"homepage":13,"download_link":53,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"unauthorised-login-redirect","Unauthorised Login Redirect","0.3.9.1","RSimpson","https:\u002F\u002Fprofiles.wordpress.org\u002Frsimpson\u002F","\u003Cp>This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL of your specification, with every other request being redirected to a different URL of your specification.\u003C\u002Fp>\n","This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL.",200,5874,86,4,"2023-12-21T03:14:00.000Z","6.4.8","4.3",[51,52,19,20,21],"login","redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funauthorised-login-redirect.zip",85,"2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":24,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":49,"requires_php":13,"tags":69,"homepage":72,"download_link":73,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"va-simple-basic-auth","VA Simple Basic Auth","1.1.0","kuck1u","https:\u002F\u002Fprofiles.wordpress.org\u002Fkuck1u\u002F","\u003Cp>This plugin the very simple.\u003Cbr \u002F>\nSimply by enabling the plugin can set up a basic auth to dashboard and login page.\u003Cbr \u002F>\nAuth information of Basic Auth is your WordPress user name and password.\u003C\u002Fp>\n\u003Ch4>Requires\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.3 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.4 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute!\u003C\u002Fh4>\n\u003Cp>You can fork the plugin from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvisualive\u002Fva-simple-basic-auth\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Simply by enabling the plugin can set up a basic auth to dashboard and login page.",70,9328,1,"2016-09-25T07:53:00.000Z","4.6.30",[70,18,71,19,21],"auth","basicauth","https:\u002F\u002Fgithub.com\u002FVisuAlive\u002Fva-simple-basic-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fva-simple-basic-auth.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":24,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,3,"2025-07-01T05:30:00.000Z","6.8.5","5.0","7.2",[90,91,19,21,92],"custom-login-url","hide-login","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":82,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":110,"download_link":111,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"swiftninjapro-wp-login-whitelist-ip","WP-Login and WP-Admin Whitelist","1.11.1","SwiftNinjaPro","https:\u002F\u002Fprofiles.wordpress.org\u002Fswiftninjapro\u002F","\u003Cp>A Plugin That only allows whitelisted IP’s, or optionally whitelisted browsers, to access wp-login.\u003Cbr \u002F>\nThis plugin does Not effect front-end login plugins.\u003Cbr \u002F>\nIf an IP is not whitelisted, the wp-login page will be killed and replaced with a message saying “your IP\u002FBrowser is not whitelisted”, or optionally redirect the user to 404 page instead.\u003C\u002Fp>\n\u003Cp>A better way to hide wp-login. You can add a list of admin IP’s to this plugin, where you want to allow usage of wp-login.\u003Cbr \u002F>\nEven if you have other users that login, its better to use another plugin for a more secure front end login, and this plugin will only allow a specific list of IP’s to access the wp-login page.\u003Cbr \u002F>\nYou can also (optionally) have this plugin attempt to redirect anyone to 404 page, if they try and access wp-login without the right IP.\u003Cbr \u002F>\nYou can also choose to disable the 404 redirect, and instead tell users there IP is not whitelisted, and that they should contact the admin if this is in error.\u003Cbr \u002F>\nThe plugin does Not block wp-admin, so once logged in, you can still edit your site on the go.\u003Cbr \u002F>\nThe plugin also has an option to whitelist your favorite common browsers to wp-login. This means you can keep users from accessing the wp-login page, simply because there using Internet Explore, and not what you chose to allow.\u003Cbr \u002F>\nThere is another option (which may return false positives), that attempts to check if the source of an IP is commonly used by a proxy server, and can block proxy IP’s to try and reduce spoofing.\u003C\u002Fp>\n","A Plugin That only allows whitelisted IP's, or optionally whitelisted browsers, to access wp-login, or optionally wp-admin.",2507,"2020-11-04T18:56:00.000Z","5.5.18","3.0.1","5.2.4",[51,19,109,20,21],"whitelist","https:\u002F\u002Fwww.swiftninjapro.com\u002Fplugins\u002Fwordpress\u002F?plugin=swiftninjapro-wp-login-whitelist-ip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswiftninjapro-wp-login-whitelist-ip.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":11,"num_ratings":11,"last_updated":121,"tested_up_to":122,"requires_at_least":87,"requires_php":88,"tags":123,"homepage":13,"download_link":124,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",179,"2025-12-10T04:07:00.000Z","6.9.4",[90,51,19,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",{"attackSurface":126,"codeSignals":146,"taintFlows":157,"riskAssessment":158,"analyzedAt":166},{"hooks":127,"ajaxHandlers":142,"restRoutes":143,"shortcodes":144,"cronEvents":145,"entryPointCount":11,"unprotectedCount":11},[128,134,138],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","init","basic_auth_for_wp_admin","wp-admin-basic-auth.php",30,{"type":129,"name":135,"callback":136,"file":132,"line":137},"admin_init","basic_auth_for_wp_admin_options_init",31,{"type":129,"name":139,"callback":140,"file":132,"line":141},"admin_menu","basic_auth_for_wp_admin_menu",117,[],[],[],[],{"dangerousFunctions":147,"sqlUsage":148,"outputEscaping":150,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":66,"bundledLibraries":156},[],{"prepared":11,"raw":11,"locations":149},[],{"escaped":82,"rawEcho":30,"locations":151},[152,155],{"file":132,"line":153,"context":154},72,"raw output",{"file":132,"line":24,"context":154},[],[],{"summary":159,"deductions":160},"The 'basic-auth-for-wp-admin' plugin v1.0 presents a strong initial security posture based on static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. The code analysis shows a commendable lack of dangerous functions, file operations, and external HTTP requests. Furthermore, SQL queries are exclusively handled using prepared statements, and there's a single capability check present, indicating an awareness of WordPress security best practices.\n\nHowever, the analysis does reveal a couple of areas for concern. While the majority of output is properly escaped, a small percentage (17%) remains unescaped, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these outputs. Additionally, the complete absence of nonce checks across any entry points is a notable weakness. While there are no direct entry points identified in this analysis, if future updates introduce them without nonce protection, it could expose the site to CSRF attacks.\n\nThe vulnerability history being entirely clear of any recorded CVEs is a positive indicator. This suggests either a history of secure development for this plugin or that it hasn't been a target for widespread vulnerability research. However, the absence of historical data should not be interpreted as absolute security; it merely means no public vulnerabilities have been recorded. Overall, the plugin demonstrates good foundational security practices but has minor weaknesses in output escaping and a potential for future vulnerability due to the lack of nonce checks.",[161,163],{"reason":162,"points":84},"Unescaped output detected",{"reason":164,"points":165},"No nonce checks implemented",5,"2026-03-17T05:51:09.925Z",{"wat":168,"direct":174},{"assetPaths":169,"generatorPatterns":171,"scriptPaths":172,"versionParams":173},[170],"\u002Fwp-content\u002Fplugins\u002Fbasic-auth-for-wp-admin\u002Fstyles_admin.css",[],[],[],{"cssClasses":175,"htmlComments":177,"htmlAttributes":178,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":183},[176],"wrap_basic_auth",[],[179,180],"id=\"basic_auth_for_wp_admin_username\"","id=\"basic_auth_for_wp_admin_password\"",[],[],[]]