[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fu4q9zKjvqk8av9nCI-X9sQf0Yfc1u2gyCOPEaigaOP8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":235},"better-quick-login","Better Quick Login","1.2.1","Chema","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeambulando\u002F","\u003Cp>The Quick Login plugin provides a convenient way for users to log in to your WordPress site without using a password. It allows users to request a login link via email, eliminating the need for a username and password. This plugin is especially useful for sites where user convenience and security are top priorities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simplified login process, only input user name or email. No Password needed.\u003C\u002Fli>\n\u003Cli>Option to force one session per user (limit subscribers to one active session at a time)\u003C\u002Fli>\n\u003Cli>Customizable login form (can be enabled\u002Fdisabled)\u003C\u002Fli>\n\u003Cli>Auto-login via unique tokens and email links\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA support for enhanced security\u003C\u002Fli>\n\u003Cli>Widget option for adding the login form to your site’s sidebar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To add the Quick Login form to your content, you can use the provided shortcode: \u003Ccode>[bqlc_quicklogin]\u003C\u002Fcode>. You can also use the custom block named “Quick Login Block” in the Gutenberg editor.\u003C\u002Fp>\n\u003Cp>To customize plugin settings, navigate to ‘Quick Login’ under the ‘Settings’ menu in the WordPress dashboard. You can also enable reCAPTCHA for added security.\u003C\u002Fp>\n\u003Cp>To add the Quick Login form to your site’s sidebar, you can use the provided widget named “Quick Login Widget.”\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or feature requests, please visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fquick-login\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, consider \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fchema\u002F10EUR\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> to support our work. Thank you!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The Quick Login plugin is developed by [Chema].\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL2 license. See \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">License details\u003C\u002Fa>.\u003C\u002Fp>\n","Passwordless login system for WordPress.",0,948,"2024-11-21T20:57:00.000Z","6.7.5","6.0","8.0",[18,19,20,21,22],"auth","authentication","login","passwordless","quick-login","https:\u002F\u002Fgarridodiaz.com\u002Fbetter-quick-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-quick-login.1.2.1.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"deambulando",5,90,30,88,"2026-04-05T02:04:48.578Z",[37,57,78,100,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":33,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1177,"2025-11-24T22:55:00.000Z","6.8.5","3.9","",[51,19,21,52,53],"2fa","secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",100,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":56,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",20,2392,1,"2022-08-29T22:06:00.000Z","5.8.13","5.5.1","7.3",[19,20,73,21,74],"magiclink","security","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":56,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":49,"download_link":99,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-direct-login-link","WP Direct Login Link","2.0","amitsmartweb","https:\u002F\u002Fprofiles.wordpress.org\u002Famitsmartweb\u002F","\u003Cp>Secure your website with WP Direct Login Link. Users rarely are using strong passwords and your website is vulnerable to attacks. With our plugin, you can allow them to login without a password.\u003C\u002Fp>\n\u003Cp>After submitting the email address. User’s receive a secure login link via email with expiration time (between 1 to 60 minutes). When the user accesses the link, it will automatically login without asking a password. You can also enhance the security by restricting users to login from the same IP address that requested the link.\u003C\u002Fp>\n\u003Ch4>What does the plugin do?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User can add Direct login Form or replace the default wordpress login form from wordpress login page;\u003C\u002Fli>\n\u003Cli>Send secure login on user email.\u003C\u002Fli>\n\u003Cli>Settings for, how many times user login with link.\u003C\u002Fli>\n\u003Cli>Settings for, how many times user login with link.\u003C\u002Fli>\n\u003Cli>Show all login user’s report that login with Direct login form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n","Create a secure way to login by Link.",10,2157,4,"2024-08-14T19:16:00.000Z","6.6.5","3.4.4","5.5",[94,95,96,97,98],"loginbylink","loginbyurl","passwordless-authentication","without-password","wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-direct-login-link.2.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":11,"downloaded":108,"rating":11,"num_ratings":11,"last_updated":109,"tested_up_to":14,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":49,"download_link":115,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":116},"1-click-passwordless-login","1-Click PasswordLess Login","1.0.0","xplodman","https:\u002F\u002Fprofiles.wordpress.org\u002Fxplodman\u002F","\u003Cp>\u003Cstrong>1-Click PasswordLess Login\u003C\u002Fstrong> allows users to log in \u003Cstrong>without passwords\u003C\u002Fstrong>, using secure \u003Cstrong>magic links\u003C\u002Fstrong>.\u003Cbr \u002F>\nEnhance security and user experience by eliminating traditional password-based logins.\u003C\u002Fp>\n\u003Ch3>🔥 Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Users log in via a secure, one-time-use email link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong> – Works seamlessly with WooCommerce login forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set Expiry Time\u003C\u002Fstrong> – Magic links expire after a configurable time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Email Notifications\u003C\u002Fstrong> – Modify login email subject and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum Login Attempts\u003C\u002Fstrong> – Limit failed login attempts before lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Dashboard Widget\u003C\u002Fstrong> – View login statistics inside WordPress admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Protection\u003C\u002Fstrong> – Prevent brute-force attacks with login attempt tracking.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Setup:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 1-Click Login\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Configure authentication settings (expiry time, lockout, WooCommerce integration).\u003C\u002Fli>\n\u003Cli>Start using passwordless authentication!\u003C\u002Fli>\n\u003C\u002Fol>\n","A secure and simple 1-click passwordless login system for WordPress. No more passwords – just magic links!",699,"2025-02-23T15:40:00.000Z","5.6","7.4",[19,20,113,21,114],"one-click-login","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F1-click-passwordless-login.1.0.0.zip","2026-03-15T14:54:45.397Z",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":11,"downloaded":125,"rating":11,"num_ratings":11,"last_updated":49,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":49,"download_link":135,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":136},"authyo-passwordless-login","Authyo Passwordless Login","1.0.3","Konceptwise Digital Media Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonceptwise\u002F","\u003Cp>Authyo Passwordless Login enables secure \u003Cstrong>OTP login for WordPress\u003C\u002Fstrong> using email-based one-time passwords. It replaces traditional passwords with a modern \u003Cstrong>passwordless authentication system\u003C\u002Fstrong> that improves login security and simplifies the user experience.\u003C\u002Fp>\n\u003Cp>Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.\u003C\u002Fp>\n\u003Cp>This plugin is officially developed and maintained by \u003Cstrong>Konceptwise Digital Media Pvt. Ltd.\u003C\u002Fstrong> and uses \u003Cstrong>Authyo’s secure OTP authentication infrastructure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With Authyo Passwordless Login, WordPress administrators can implement \u003Cstrong>passwordless login\u003C\u002Fstrong>, improve \u003Cstrong>account security\u003C\u002Fstrong>, and eliminate risks related to password leaks or weak credentials.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Passwordless login for WordPress using email OTP\u003C\u002Fli>\n\u003Cli>No passwords stored or required\u003C\u002Fli>\n\u003Cli>Secure token-based authentication (single-use and time-limited)\u003C\u002Fli>\n\u003Cli>OTP delivered via Authyo’s secure email service\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback Method:\u003C\u002Fstrong> Optional two-factor authenticator app if email OTP fails\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login page\u003C\u002Fli>\n\u003Cli>AJAX-powered login flow (no page reloads)\u003C\u002Fli>\n\u003Cli>Automatic dashboard redirect after successful login\u003C\u002Fli>\n\u003Cli>Enable or disable passwordless login anytime\u003C\u002Fli>\n\u003Cli>Compatible with custom login URL plugins (e.g., WPS Hide Login)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>This plugin is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress sites that want \u003Cstrong>OTP login instead of passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Improving \u003Cstrong>WordPress login security\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enabling \u003Cstrong>passwordless authentication\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Preventing password brute-force attacks\u003C\u002Fli>\n\u003Cli>Membership websites and user portals\u003C\u002Fli>\n\u003Cli>Sites that want a \u003Cstrong>simple two-factor authentication alternative\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>User enters their email address on the WordPress login page\u003C\u002Fli>\n\u003Cli>Authyo sends a one-time password (OTP) via email\u003C\u002Fli>\n\u003Cli>User verifies the OTP\u003C\u002Fli>\n\u003Cli>WordPress logs the user in automatically using a secure single-use token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No password is required during the login process.\u003C\u002Fp>\n\u003Ch3>About Konceptwise & Authyo\u003C\u002Fh3>\n\u003Cp>Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authyo\u003C\u002Fstrong> is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.\u003C\u002Fp>\n\u003Cp>This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>How to Use Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FcStBvoHTzro?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– User email address (sent to Authyo API when requesting OTP)\u003Cbr \u002F>\n– OTP code (sent to Authyo API for verification)\u003Cbr \u002F>\n– Mask ID (returned by Authyo API, used for OTP verification)\u003C\u002Fp>\n\u003Cp>When data is sent:\u003Cbr \u002F>\n– When the user requests an OTP: Email address is sent to Authyo API\u003Cbr \u002F>\n– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API\u003C\u002Fp>\n\u003Cp>Authentication Flow:\u003Cbr \u002F>\n– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions\u003Cbr \u002F>\n– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking\u003Cbr \u002F>\n– The token is stored temporarily in WordPress transients and expires after 5 minutes\u003Cbr \u002F>\n– The token allows WordPress to complete authentication without requiring a password\u003Cbr \u002F>\n– Token is deleted immediately after verification (single-use security)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\n– To verify ownership of the provided email address through OTP verification\u003Cbr \u002F>\n– After successful OTP verification, a secure browser-bound login token is generated\u003Cbr \u002F>\n– The token allows WordPress to authenticate users without passwords\u003C\u002Fp>\n\u003Cp>Data Storage:\u003Cbr \u002F>\n– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)\u003Cbr \u002F>\n– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)\u003Cbr \u002F>\n– No user data is permanently stored by this plugin\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fterms-service\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An active Authyo account with API credentials\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Getting Authyo API Credentials\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Sign up for an account at https:\u002F\u002Fauthyo.io\u003C\u002Fli>\n\u003Cli>Log in to your Authyo dashboard\u003C\u002Fli>\n\u003Cli>Navigate to your application settings\u003C\u002Fli>\n\u003Cli>Copy your \u003Cstrong>App ID\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Plugin Setup\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enable \u003Cstrong>Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enter your Authyo API credentials:\n\u003Cul>\n\u003Cli>Authyo App ID\u003C\u002Fli>\n\u003Cli>Authyo Client ID\u003C\u002Fli>\n\u003Cli>Authyo Client Secret\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once configured, the passwordless login form will appear on your WordPress login page.\u003C\u002Fp>\n","Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.",245,"6.9.4","5.0","7.2",[130,131,132,133,134],"email-otp","otp-login","passwordless-login","two-factor-authentication","wordpress-otp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthyo-passwordless-login.1.0.3.zip","2026-03-15T10:48:56.248Z",{"attackSurface":138,"codeSignals":214,"taintFlows":228,"riskAssessment":229,"analyzedAt":234},{"hooks":139,"ajaxHandlers":206,"restRoutes":207,"shortcodes":208,"cronEvents":213,"entryPointCount":67,"unprotectedCount":11},[140,146,149,152,155,158,162,166,170,174,178,182,185,189,193,198,202],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","init","addPluginTextDomain","better-quick-login.php",26,{"type":141,"name":142,"callback":147,"file":144,"line":148},"loginRequest",27,{"type":141,"name":142,"callback":150,"file":144,"line":151},"autoLogin",28,{"type":141,"name":142,"callback":153,"file":144,"line":154},"registerCustomBlock",29,{"type":141,"name":142,"callback":156,"priority":157,"file":144,"line":33},"forceOneSessionPerUser",99,{"type":141,"name":159,"callback":160,"file":144,"line":161},"admin_notices","displayDonationMessage",31,{"type":141,"name":163,"callback":164,"file":144,"line":165},"admin_head","addDonationMessageJS",32,{"type":141,"name":167,"callback":168,"file":144,"line":169},"login_header","customLoginForm",33,{"type":141,"name":171,"callback":172,"file":144,"line":173},"widgets_init","registerLoginWidget",34,{"type":141,"name":175,"callback":176,"file":144,"line":177},"enqueue_block_editor_assets","enqueueBlockAssets",35,{"type":141,"name":179,"callback":180,"file":144,"line":181},"wp_enqueue_scripts","enqueueStyles",36,{"type":141,"name":183,"callback":180,"file":144,"line":184},"login_enqueue_scripts",37,{"type":141,"name":186,"callback":187,"file":144,"line":188},"admin_init","registerPluginSettings",38,{"type":141,"name":190,"callback":191,"file":144,"line":192},"admin_menu","addAdminMenu",39,{"type":194,"name":195,"callback":196,"priority":86,"file":144,"line":197},"filter","plugin_row_meta","addPluginRowMeta",41,{"type":194,"name":199,"callback":200,"file":144,"line":201},"plugin_action_links_better-quick-login\u002Fbetter-quick-login.php","addSettingLinks",42,{"type":194,"name":203,"callback":204,"file":144,"line":205},"the_content","displayMessage",43,[],[],[209],{"tag":210,"callback":211,"file":144,"line":212},"bqlc_quicklogin","loginForm",40,[],{"dangerousFunctions":215,"sqlUsage":216,"outputEscaping":218,"fileOperations":11,"externalRequests":11,"nonceChecks":220,"capabilityChecks":11,"bundledLibraries":227},[],{"prepared":11,"raw":11,"locations":217},[],{"escaped":219,"rawEcho":220,"locations":221},22,2,[222,224],{"file":144,"line":32,"context":223},"raw output",{"file":225,"line":226,"context":223},"templates\\login-form.php",12,[],[],{"summary":230,"deductions":231},"The 'better-quick-login' v1.2.1 plugin demonstrates a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and file operations, along with a high percentage of properly escaped output, are positive indicators. The presence of nonce checks further strengthens its defense against common web attacks.  The plugin also has no known historical vulnerabilities, suggesting a history of secure development.  However, a notable area for concern is the complete lack of capability checks. While nonce checks prevent basic tampering, they do not restrict access to functionality based on user roles.  This could be a significant weakness if the shortcode or any other entry point exposes sensitive actions that should be permissioned.  The attack surface is currently minimal and appears to be protected by nonces, but the lack of role-based access control remains a potential risk.",[232],{"reason":233,"points":86},"Missing capability checks","2026-03-17T07:24:54.190Z",{"wat":236,"direct":244},{"assetPaths":237,"generatorPatterns":239,"scriptPaths":240,"versionParams":242},[238],"\u002Fwp-content\u002Fplugins\u002Fbetter-quick-login\u002Fcss\u002Fstyles.css",[],[241],"\u002Fwp-content\u002Fplugins\u002Fbetter-quick-login\u002Fblocks\u002Fquick-login-block.js",[243],"better-quick-login\u002Fcss\u002Fstyles.css?ver=1.0",{"cssClasses":245,"htmlComments":246,"htmlAttributes":259,"restEndpoints":262,"jsGlobals":263,"shortcodeOutput":265},[],[247,248,249,250,251,252,253,254,255,256,257,258],"\u003C!-- Better Quick Login Form -->","\u003C!-- \u002F.Better Quick Login Form -->","\u003C!-- Logged in as -->","\u003C!-- \u002F.Logged in as -->","\u003C!-- Message -->","\u003C!-- \u002F.Message -->","\u003C!-- Donation Message -->","\u003C!-- \u002F.Donation Message -->","\u003C!-- Quick Login Block -->","\u003C!-- \u002F.Quick Login Block -->","\u003C!-- Better Quick Login Widget -->","\u003C!-- \u002F.Better Quick Login Widget -->",[260,261],"data-bqlc-nonce","data-bqlc-action",[],[264],"quick_login_block",[266],"[bqlc_quicklogin]"]