[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxUD3cYUFOAFzgSrS_NYYAuyyGFnWyxb2crDxRTWQxL4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":139,"fingerprints":332},"better-login-security-and-history","Better Login Security and History","1.0","trieuvinh1508","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrieuvinh1508\u002F","\u003Cp>Login with captcha.\u003Cbr \u002F>\nProtect your login page from Brute-force attacks also you can track login history.\u003Cbr \u002F>\nFeatures:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Captcha on the admin login page to protect against auto-hacking.\u003C\u002Fli>\n\u003Cli>You can set the number of failed logins to show Captcha or showing it always.\u003C\u002Fli>\n\u003Cli>Login Blocker option to block the login processe for a period of time after specific number of failed logins.\u003C\u002Fli>\n\u003Cli>Login history to show all login processes in details.\u003C\u002Fli>\n\u003C\u002Ful>\n","By this smart plugin you can protect your login page from Brute-force attacks also you can track login history",30,3319,100,2,"2014-10-31T07:23:00.000Z","4.0.38","3.0.1","",[20,21,22,23],"captcha","history","login","security","http:\u002F\u002Fwww.tieuthutrieugia.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-login-security-and-history.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":33,"computed_at":34},1,84,"2026-04-05T15:02:20.655Z",[36,59,81,103,121],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":14,"unpatched_count":32,"last_vuln_date":58,"fetched_at":29},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,86,15,"2025-12-04T04:47:00.000Z","6.9.4","3.9",[20,52,53,54,23],"login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,"2026-02-23 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":18,"download_link":79,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[76,20,77,23,78],"2fa","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":100,"download_link":101,"security_score":26,"vuln_count":32,"unpatched_count":27,"last_vuln_date":102,"fetched_at":29},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1369961,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[97,22,98,99,23],"google","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip","2022-08-16 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":74,"requires_at_least":116,"requires_php":74,"tags":117,"homepage":119,"download_link":120,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"login-security-recaptcha","Login Security Captcha","1.8.4","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,286646,98,20,"2026-03-11T00:40:00.000Z","5.0",[20,118,22,99,23],"cloudflare","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.4.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":111,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":49,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":18,"download_link":138,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simple-login-captcha","Simple Login Captcha","1.3.6","Nikolay Nikolov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnnikolov\u002F","\u003Cp>A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.\u003C\u002Fp>\n\u003Cp>The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Simple\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No complicated features\u003C\u002Fli>\n\u003Cli>No settings\u003C\u002Fli>\n\u003Cli>No image generation\u003C\u002Fli>\n\u003Cli>No API\u003C\u002Fli>\n\u003Cli>No sessions\u003C\u002Fli>\n\u003Cli>No cookies\u003C\u002Fli>\n\u003Cli>No IP address detection\u003C\u002Fli>\n\u003Cli>No personal data collection\u003C\u002Fli>\n\u003Cli>No vulnerabilities in the programming code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommendation\u003C\u002Fh4>\n\u003Cp>Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-xml-rpc\u002F\" rel=\"ugc\">Disable XML-RPC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.\u003C\u002Fp>\n","Adds a simple 3-digit number captcha on the login form.",74617,78,17,"2025-12-04T15:24:00.000Z","3.5","5.2",[20,22,23,136,137],"simple","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-captcha.1.3.6.zip",{"attackSurface":140,"codeSignals":180,"taintFlows":276,"riskAssessment":317,"analyzedAt":331},{"hooks":141,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":27,"unprotectedCount":27},[142,147,153,157,160,164,168,172],{"type":143,"name":144,"callback":145,"file":146,"line":131},"action","login_form","WPTV__show_captcha","better-login-security-history.php",{"type":148,"name":149,"callback":150,"priority":151,"file":146,"line":152},"filter","wp_authenticate_user","WPTV__captcha_check",10,18,{"type":143,"name":154,"callback":155,"file":146,"line":156},"wp_login_failed","WPTV__login_failed",19,{"type":143,"name":158,"callback":159,"priority":151,"file":146,"line":114},"wp_login","WPTV__login_success",{"type":143,"name":161,"callback":162,"file":146,"line":163},"wp_logout","WPTV__logout",21,{"type":143,"name":165,"callback":166,"file":146,"line":167},"login_head","WPTV__check_block_login",22,{"type":143,"name":169,"callback":170,"file":146,"line":171},"admin_menu","WPTV__admin_menu",23,{"type":143,"name":173,"callback":174,"file":146,"line":175},"admin_head","header_code",24,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":190,"fileOperations":32,"externalRequests":27,"nonceChecks":27,"capabilityChecks":32,"bundledLibraries":275},[],{"prepared":183,"raw":14,"locations":184},9,[185,188],{"file":146,"line":186,"context":187},193,"$wpdb->get_var() with variable interpolation",{"file":189,"line":156,"context":187},"option_page1.php",{"escaped":47,"rawEcho":191,"locations":192},41,[193,196,198,200,202,204,206,209,211,213,215,218,220,222,224,226,228,231,233,235,236,237,239,240,243,245,247,248,249,251,253,255,257,259,262,263,265,267,269,271,273],{"file":146,"line":194,"context":195},54,"raw output",{"file":146,"line":197,"context":195},56,{"file":146,"line":199,"context":195},59,{"file":146,"line":201,"context":195},61,{"file":146,"line":203,"context":195},91,{"file":146,"line":205,"context":195},183,{"file":207,"line":208,"context":195},"controls\\cf_checkbox.php",152,{"file":207,"line":210,"context":195},164,{"file":207,"line":212,"context":195},177,{"file":207,"line":214,"context":195},224,{"file":216,"line":217,"context":195},"controls\\cf_ckeckboxlist.php",135,{"file":216,"line":219,"context":195},136,{"file":216,"line":221,"context":195},138,{"file":216,"line":223,"context":195},139,{"file":216,"line":225,"context":195},142,{"file":216,"line":227,"context":195},143,{"file":229,"line":230,"context":195},"controls\\cf_datemenu.php",43,{"file":229,"line":232,"context":195},47,{"file":234,"line":194,"context":195},"controls\\cf_dropdown.php",{"file":234,"line":197,"context":195},{"file":234,"line":201,"context":195},{"file":238,"line":197,"context":195},"controls\\cf_tab.php",{"file":238,"line":201,"context":195},{"file":241,"line":242,"context":195},"functions.php",241,{"file":189,"line":244,"context":195},66,{"file":189,"line":246,"context":195},70,{"file":189,"line":246,"context":195},{"file":189,"line":246,"context":195},{"file":189,"line":250,"context":195},73,{"file":189,"line":252,"context":195},74,{"file":189,"line":254,"context":195},81,{"file":189,"line":256,"context":195},88,{"file":189,"line":258,"context":195},93,{"file":260,"line":261,"context":195},"option_page2.php",64,{"file":260,"line":130,"context":195},{"file":260,"line":264,"context":195},83,{"file":260,"line":266,"context":195},89,{"file":260,"line":268,"context":195},94,{"file":260,"line":270,"context":195},108,{"file":260,"line":272,"context":195},109,{"file":260,"line":274,"context":195},110,[],[277,296,304],{"entryPoint":278,"graph":279,"unsanitizedCount":32,"severity":295},"clogica_visitor_country (functions.php:369)",{"nodes":280,"edges":292},[281,286],{"id":282,"type":283,"label":284,"file":241,"line":285},"n0","source","$_SERVER",373,{"id":287,"type":288,"label":289,"file":241,"line":290,"wp_function":291},"n1","sink","file_get_contents() [SSRF\u002FLFI]",388,"file_get_contents",[293],{"from":282,"to":287,"sanitized":294},false,"medium",{"entryPoint":297,"graph":298,"unsanitizedCount":32,"severity":295},"\u003Cfunctions> (functions.php:0)",{"nodes":299,"edges":302},[300,301],{"id":282,"type":283,"label":284,"file":241,"line":285},{"id":287,"type":288,"label":289,"file":241,"line":290,"wp_function":291},[303],{"from":282,"to":287,"sanitized":294},{"entryPoint":305,"graph":306,"unsanitizedCount":315,"severity":316},"\u003Coption_page1> (option_page1.php:0)",{"nodes":307,"edges":313},[308,310],{"id":282,"type":283,"label":309,"file":189,"line":47},"$_GET (x5)",{"id":287,"type":288,"label":311,"file":189,"line":246,"wp_function":312},"echo() [XSS]","echo",[314],{"from":282,"to":287,"sanitized":294},5,"low",{"summary":318,"deductions":319},"The \"better-login-security-and-history\" plugin v1.0 exhibits a mixed security posture.  On one hand, the absence of known CVEs and a lack of critical or high-severity issues in the taint analysis are positive indicators. The plugin also demonstrates some good practices, with a significant portion of its SQL queries using prepared statements and a capability check present.  However, several areas raise concerns. The low percentage of properly escaped output (27%) suggests a potential for cross-site scripting (XSS) vulnerabilities if user-controlled data is rendered without sufficient sanitization. Furthermore, the taint analysis revealing all three analyzed flows with unsanitized paths, even if not classified as critical or high, warrants attention. The presence of file operations without further details on their implementation is also a potential risk.  The complete lack of nonce checks across all entry points, coupled with zero unescaped outputs or direct SQL queries identified as raw, might indicate that the plugin either has no user-facing interactive features that would typically require nonces, or that the entry points are not being effectively identified by the static analysis tools. Given the limited attack surface reported and the lack of historical vulnerabilities, the overall risk appears to be moderate, with the primary concern being the potential for XSS due to insufficient output escaping.",[320,323,326,329],{"reason":321,"points":322},"Low percentage of properly escaped output",6,{"reason":324,"points":325},"All taint flows have unsanitized paths",8,{"reason":327,"points":328},"File operations without clear sanitization",4,{"reason":330,"points":315},"No nonce checks across entry points","2026-03-16T22:33:50.322Z",{"wat":333,"direct":340},{"assetPaths":334,"generatorPatterns":336,"scriptPaths":337,"versionParams":338},[335],"\u002Fwp-content\u002Fplugins\u002Fbetter-login-security-and-history\u002Fstyle.css",[],[],[339],"better-login-security-and-history\u002Fstyle.css?ver=",{"cssClasses":341,"htmlComments":346,"htmlAttributes":347,"restEndpoints":348,"jsGlobals":349,"shortcodeOutput":356},[342,343,344,345],"tabs","active","tabContainer","tabContent",[],[],[],[350,351,352,353,354,355],"WPTV__is_captcha","WPTV__get_url_path","WPTV__add_login_row","WPTV__increment_show_captcha_option","WPTV__is_blocked","WPTV__login_blocked_msg",[]]