[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQu924KL5b6i9CPG-LnNMG-tSav47UjSZEOyG2jgeWZc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":150,"fingerprints":281},"block-wp-login","Block wp-login","1.5.5","Oliver Campion","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomainsupport\u002F","\u003Ch4>Block Access to wp-login.php\u003C\u002Fh4>\n\u003Cp>This plugin does the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Locates wp-login.php in your WordPress installation and duplicates it\u003C\u002Fli>\n\u003Cli>Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login\u003C\u002Fli>\n\u003Cli>Will email the site admin if an administrator signs in with an un-recognised IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.\u003C\u002Fp>\n\u003Cp>Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers.\u003C\u002Fp>\n","This plugin completely blocks access to wp-login.php and creates a new secret login URL",600,19911,94,9,"2025-12-04T12:47:00.000Z","6.9.4","3.5.0","5.6",[20,21,22,23,24],"block-hackers","login-security","secure","security","security-plugin","https:\u002F\u002Fwebd.uk\u002Fsupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-wp-login.1.5.5.zip",99,1,0,"2019-06-27 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-07ea9b9b-e28f-484f-9338-8d40f3f8d6d2-block-wp-login","block-wp-login-cross-site-request-forgery","Block WP Login \u003C= 1.3.0 - Cross-Site Request Forgery","The Block WP Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the 'bwpl_configure_slug()' function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.3.0","1.3.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F07ea9b9b-e28f-484f-9338-8d40f3f8d6d2?source=api-prod",1671,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"domainsupport",12,43270,100,869,79,"2026-04-04T02:41:44.082Z",[58,75,96,115,133],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":53,"downloaded":66,"rating":29,"num_ratings":29,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":73,"download_link":74,"security_score":53,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"virus-finder","Virus Finder","1.0.36","wphospital.hu","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressvirusremoval\u002F","\u003Cp>Find viruses in your website with wphospital.hu. The plugin analyze all files, and shows the suspicious and virus files.\u003Cbr \u002F>\nAfter you can check it manually, and you can solve the problem!\u003C\u002Fp>\n","Find viruses in your WordPress easily. Virus scan, malware finder.",12182,"2026-01-16T09:17:00.000Z","7.0","2.8","",[21,22,23,24,72],"wordpress-security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvirus-finder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirus-finder.1.0.36.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":16,"requires_at_least":88,"requires_php":68,"tags":89,"homepage":92,"download_link":93,"security_score":94,"vuln_count":51,"unpatched_count":29,"last_vuln_date":95,"fetched_at":31},"bulletproof-security","BulletProof Security","7.1","AITpro","https:\u002F\u002Fprofiles.wordpress.org\u002Faitpro\u002F","\u003Cp>WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BulletProof Security is a proactive security plugin that automatically fixes 100+ known issues\u002Fconflicts with other plugins\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fsetup-wizard-autofix\u002F\" title=\"BPS Setup Wizard AutoFix\" rel=\"nofollow ugc\">BPS Setup Wizard AutoFix\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Installation and Setup Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRZ1ARaEE0_I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring\u003C\u002Fli>\n\u003Cli>JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Pro Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Quarantine Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Real-time File Monitor (IDPS)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>DB Monitor Intrusion Detection System (IDS)\u003C\u002Fli>\n\u003Cli>DB Diff Tool: data comparison tool\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Status & Info: extensive database status & info\u003C\u002Fli>\n\u003Cli>Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updated in Real-time\u003C\u002Fli>\n\u003Cli>JTC Anti-Spam|Anti-Hacker\u003C\u002Fli>\n\u003Cli>Uploads Folder Anti-Exploit Guard (UAEG)\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Custom php.ini Website Security\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring w\u002FDashboard Alerting|Status Display & additional options\u002Ffeatures\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>File|Folder Lock: File Locking | Detect & Lock Folders that were not created by you\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>PHP Error Logging\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Pro-Tools: 16 mini-plugins\u003C\u002Fli>\n\u003Cli>Heads Up Dashboard Status Display\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ait-pro.com\u002Fbps-features\u002F\" title=\"BulletProof Security Features\" rel=\"nofollow ugc\">View All BulletProof Security Pro Feature Details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Recommended Video Tutorials\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#custom-code\" title=\"BulletProof Security Custom Code Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Custom Code Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#security-log-firewall\" title=\"BulletProof Security Security Log Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Security Log Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Info\u003C\u002Fh3>\n\u003Cp>For details about BulletProof Security plugin features and frequently asked questions see the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fbulletproof-security-plugin-frequently-asked-questions\u002F\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">BulletProof Security Plugin Frequently Asked Questions\u003C\u002Fa> forum topic. Extensive Help Info can be found on the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fread-me-first-free\u002F#bps-free-general-troubleshooting\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">AIT-pro.com Forum\u003C\u002Fa> website and by clicking the Question Mark Help buttons on BulletProof Security plugin pages.\u003C\u002Fp>\n","WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...",30000,4509595,96,674,"2025-12-08T15:11:00.000Z","5.0",[90,21,91,22,23],"firewall","malware-scanner","https:\u002F\u002Fforum.ait-pro.com\u002Fread-me-first\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulletproof-security.7.1.zip",89,"2026-01-06 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":113,"download_link":114,"security_score":53,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"user-name-security","SX User Name Security","2.4","Daniel Roch","https:\u002F\u002Fprofiles.wordpress.org\u002Fconfridin\u002F","\u003Cp>WordPress show your WordPress login and ID in several places. It’s time to fix this !\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress automaticaly uses “User login” to fill in the “User Display Name”.\u003C\u002Fli>\n\u003Cli>WordPress also allows everyone to use the same value for Nickname, Display Name and Login.\u003C\u002Fli>\n\u003Cli>The body_class function also shows to everyone your User ID and Login on author pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A hacker can easily see then use your “NickName” or “Display Name” to find your real login. Once activated, SX User Name Security will prevent WordPress from showing those informations, and will warn you if you need to fix old users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Features\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Body_class function:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Removes User ID from body_class function (front-end users pages)\u003C\u002Fli>\n\u003Cli>Removes User Nicename from body_class function (front-end users pages)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Current User informations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin changes “Display Name” and “Nickname” to a random value (like ‘Ticibe T. Aduvoguripe’, ‘Lagubo N. Agigerovibe’ or ‘Datela N. Orejadavino’) if they are identiqual to user login\u003C\u002Fli>\n\u003Cli>If not, it changes “Display Name” to “Nickname” or “Nickname” to “Display Name” if one of them is identiqual to user login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>New Registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display Name and Nickname are changed to random value during user registration.\u003C\u002Fli>\n\u003Cli>Nicename is also changed (it’s used to generate the user permalink on the front-end). For previous user, a notice has been added to use another plugin to safely change old nicenames.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Other information:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All functions are translated into french and english.\u003C\u002Fp>\n\u003Cp>You can find me here on \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\" rel=\"nofollow ugc\">SeoMix\u003C\u002Fa>, and here is the official french post about this plugin \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Find here our other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fseo-key\u002F\" rel=\"nofollow ugc\">SEOKEY WordPress SEO plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fsecupress\u002F\" rel=\"nofollow ugc\">SecuPress Security plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di …",1000,19435,80,13,"2025-04-24T15:26:00.000Z","6.8.5","4.6","5.2.4",[22,23,24,72],"https:\u002F\u002Fwww.seomix.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-name-security.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":85,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":70,"tags":129,"homepage":131,"download_link":132,"security_score":53,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"integrity-checker","Integrity Checker","0.10.0","Erik Torsner","https:\u002F\u002Fprofiles.wordpress.org\u002Feriktorsner\u002F","\u003Cp>Integrity-checker uses a mix of traditional and new techniques to scan your website for potential issues. First and foremost, it verifies that all installed code is identical to it’s original version. By comparing WordPress core, plugins and themes in your installation with the original versions available at wordpress.org, Integrity-checker can quickly determine if there are any changes you need to be aware of. Integrity-checker also lets you compare your local version to the original to help you determine if you’ve been hacked.\u003C\u002Fp>\n\u003Cp>Additionally, Integrity-checker scans all installed files for permission issues. Ensuring correct permissions is vital for WordPress security, as with any PHP based web application.\u003C\u002Fp>\n\u003Cp>Lastly, Integrity-checker will look through some of the basic WordPress configuration to look for common security problems like user enumeration, directory index weak credentials etc.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Helps you track down hacked WordPress files in core, plugins and themes  \u003C\u002Fli>\n\u003Cli>Makes it easy to find issues with file permissions\u003C\u002Fli>\n\u003Cli>Detects common configuration problems\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd party software\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtdowling\u002Fcron-expression\" rel=\"nofollow ugc\">cron-expression\u003C\u002Fa> copyright Michael Dowling, see \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fmtdowling\u002Fcron-expression\u002Fv1.1.0\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Cron-expression is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchrisboulton\u002Fphp-diff\" rel=\"nofollow ugc\">php-diff\u003C\u002Fa> copyright Chris Boulton under the \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FBSD-3-Clause\" rel=\"nofollow ugc\">BSD license\u003C\u002Fa>. php-diff is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002F\" rel=\"nofollow ugc\">silexphp\u002FPimple\u003C\u002Fa> copyright Fabien Potencier, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002Fblob\u002Fv3.0.2\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Pimple is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdatatables.net\" rel=\"nofollow ugc\">DataTables\u003C\u002Fa> 1.10.13 copyright 2008-2016 SpryMedia Ltd. Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fdatatables.net\u002Flicense\" rel=\"nofollow ugc\">datatables.net\u002Flicense\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\" rel=\"nofollow ugc\">jqCron.js\u003C\u002Fa> Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\u002Fblob\u002Fmaster\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fp>\n","The WordPress Integrity Checker checks your WordPress installation by detecting modified files, permissions issues and other common problems.",200,12158,6,"2025-10-13T08:49:00.000Z","4.7.32","4.4",[130,22,23,24],"checksum","https:\u002F\u002Fwww.wpessentials.io\u002Fplugins\u002Fintegrity-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrity-checker.0.10.0.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":53,"num_ratings":28,"last_updated":143,"tested_up_to":144,"requires_at_least":128,"requires_php":145,"tags":146,"homepage":148,"download_link":149,"security_score":53,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"guardiankey","GuardianKey","5.7","gbernardes","https:\u002F\u002Fprofiles.wordpress.org\u002Fgbernardes\u002F","\u003Cp>GuardianKey is a service to protect systems in real-time against authentication attacks. It implements GK Auth Security for login protection and GKTinc dissuasion challenges, helping detect and block malicious accesses, and notify the legitimate user and the system administrator.\u003C\u002Fp>\n\u003Cp>Beyond the security, the GuardianKey solution provides a good user experience, because the user is not required to provide extra information or to execute tasks during the login. When GKTinc is enabled, the challenge runs automatically during login, with server-side validation in the plugin.\u003C\u002Fp>\n\u003Cp>GuardianKey’s approach provides a risk assessment in real-time. The events and risks can be explored in the GuardianKey’s administration panel.\u003C\u002Fp>\n\u003Ch3>How GuardianKey works\u003C\u002Fh3>\n\u003Cp>The GuardianKey detection engine analyzes the events sent by your online system to the GuardianKey servers.\u003C\u002Fp>\n\u003Cp>The detection engine uses Machine Learning and our secret mathematical risk formula to combine the following three analysis approaches: Threat Intelligence, Behavioral Profiling, and Psychometric Profiling. Using these three pillars, our engine computes a risk for each event sent by the protected systems. In real time, the online attempt can be blocked, an extra requirement can be requested to the user, or notifications can be triggered.\u003C\u002Fp>\n\u003Cp>All data sent to GuardianKey servers are doubly encrypted, and NOT send passwords or sensitive data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More information at https:\u002F\u002Fguardiankey.io\u002F\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Plugin Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install GuardianKey from WordPress plugin directory, and activate plugin\u003C\u002Fli>\n\u003Cli>Go to https:\u002F\u002Fpanel.guardiankey.io\u002Fauth\u002Fregister, and create account in GuardianKey\u003C\u002Fli>\n\u003Cli>Access GuardianKey panel (https:\u002F\u002Fpanel.guardiankey.io\u002F) and go to Settings->Authgroups->edit\u002Fview\u002FDeploy information and get keys\u003C\u002Fli>\n\u003Cli>Access Administration->Tools->GuardianKey in your WP and put keys of GuardianKey\u003C\u002Fli>\n\u003Cli>Configure GKTinc by filling API Key, Protection Group Hash ID, and Default Challenge Level\u003C\u002Fli>\n\u003Cli>If you want notify users, change “Notify Users” option to “yes”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Using GuardianKey\u003C\u002Fh3>\n\u003Cp>Access https:\u002F\u002Fpanel.guardiankey.io and login using the credentials sent to your e-mail address during the registration. You can recover the pass if you forgot it.\u003C\u002Fp>\n\u003Cp>GKTinc is optional and can be enabled in the plugin settings. When enabled, the plugin loads the GKTinc JS setup, injects the config generated by the SDK, and validates each login server-side.\u003C\u002Fp>\n\u003Cp>There is a documentation for the panel available at https:\u002F\u002Fguardiankey.io\u002Fdocs\u003C\u002Fp>\n","GuardianKey is a service to protect systems in real-time against authentication attacks. It implements GK Auth Security for login protection and GKTin …",20,5103,"2026-02-06T17:14:00.000Z","6.9.0","5.5",[147,20,21,23],"authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fguardiankey\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguardiankey.5.7.zip",{"attackSurface":151,"codeSignals":225,"taintFlows":244,"riskAssessment":272,"analyzedAt":280},{"hooks":152,"ajaxHandlers":216,"restRoutes":222,"shortcodes":223,"cronEvents":224,"entryPointCount":28,"unprotectedCount":28},[153,159,162,168,172,176,180,183,187,190,194,195,197,199,201,204,206,208,211],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","admin_init","bwpl_configure_slug","block-wp-login.php",32,{"type":154,"name":155,"callback":160,"file":157,"line":161},"bwpl_new_wordpress_version",39,{"type":163,"name":164,"callback":165,"priority":166,"file":157,"line":167},"filter","login_url","bwpl_change_login_url",10,43,{"type":163,"name":169,"callback":170,"priority":166,"file":157,"line":171},"logout_url","bwpl_change_logout_url",44,{"type":163,"name":173,"callback":174,"priority":166,"file":157,"line":175},"wp_redirect","bwpl_change_login_redirect",45,{"type":163,"name":177,"callback":178,"priority":166,"file":157,"line":179},"logout_redirect","bwpl_change_logout_redirect",46,{"type":163,"name":181,"callback":170,"priority":166,"file":157,"line":182},"lostpassword_url",47,{"type":154,"name":184,"callback":185,"file":157,"line":186},"admin_notices","bwpl_setup_admin_notice",51,{"type":154,"name":184,"callback":188,"file":157,"line":189},"bwplCommon::admin_notices",58,{"type":154,"name":191,"callback":192,"priority":166,"file":157,"line":193},"wp_login","bwpl_class::wp_login",63,{"type":163,"name":164,"callback":165,"priority":166,"file":157,"line":53},{"type":163,"name":169,"callback":170,"priority":166,"file":157,"line":196},101,{"type":163,"name":177,"callback":178,"priority":166,"file":157,"line":198},102,{"type":163,"name":181,"callback":170,"priority":166,"file":157,"line":200},103,{"type":163,"name":169,"callback":202,"file":157,"line":203},"bwpl_reset_logout_url",465,{"type":163,"name":177,"callback":202,"file":157,"line":205},466,{"type":163,"name":181,"callback":202,"file":157,"line":207},467,{"type":154,"name":184,"callback":209,"file":157,"line":210},"bwpl_admin_notice_email_html",614,{"type":163,"name":212,"callback":213,"priority":166,"file":214,"line":215},"plugin_row_meta","anonymous","includes\\class-bwpl-common.php",283,[217],{"action":218,"nopriv":219,"callback":220,"hasNonce":219,"hasCapCheck":219,"file":157,"line":221},"dismiss_bwpl_notice_handler",false,"bwplCommon::ajax_notice_handler",59,[],[],[],{"dangerousFunctions":226,"sqlUsage":227,"outputEscaping":230,"fileOperations":242,"externalRequests":29,"nonceChecks":242,"capabilityChecks":28,"bundledLibraries":243},[],{"prepared":228,"raw":29,"locations":229},4,[],{"escaped":231,"rawEcho":228,"locations":232},140,[233,236,238,240],{"file":157,"line":234,"context":235},203,"raw output",{"file":157,"line":237,"context":235},221,{"file":214,"line":239,"context":235},487,{"file":214,"line":241,"context":235},488,2,[],[245,264],{"entryPoint":246,"graph":247,"unsanitizedCount":29,"severity":263},"bwpl_configure_slug (block-wp-login.php:75)",{"nodes":248,"edges":260},[249,254],{"id":250,"type":251,"label":252,"file":157,"line":253},"n0","source","$_POST",136,{"id":255,"type":256,"label":257,"file":157,"line":258,"wp_function":259},"n1","sink","update_option() [Settings Manipulation]",153,"update_option",[261],{"from":250,"to":255,"sanitized":262},true,"low",{"entryPoint":265,"graph":266,"unsanitizedCount":29,"severity":263},"\u003Cblock-wp-login> (block-wp-login.php:0)",{"nodes":267,"edges":270},[268,269],{"id":250,"type":251,"label":252,"file":157,"line":253},{"id":255,"type":256,"label":257,"file":157,"line":258,"wp_function":259},[271],{"from":250,"to":255,"sanitized":262},{"summary":273,"deductions":274},"The 'block-wp-login' v1.5.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all its SQL queries and shows a high percentage of properly escaped output. The absence of external HTTP requests and the presence of nonce and capability checks are also strengths. However, a significant concern arises from the single unprotected AJAX handler, which presents an immediate attack vector. The plugin's vulnerability history includes one high-severity Cross-Site Request Forgery (CSRF) in the past, although it is currently unpatched. While the current static analysis did not reveal critical or high severity taint flows, the unprotected AJAX endpoint combined with the past CSRF vulnerability suggests a potential for exploitation if new vulnerabilities are introduced or if the existing protection mechanisms are bypassed.",[275,277],{"reason":276,"points":166},"Unprotected AJAX handler",{"reason":278,"points":279},"Past high severity CVE (CSRF)",15,"2026-03-16T19:29:13.456Z",{"wat":282,"direct":291},{"assetPaths":283,"generatorPatterns":285,"scriptPaths":286,"versionParams":288},[284],"\u002Fwp-content\u002Fplugins\u002Fblock-wp-login\u002Fcss\u002Fbwpl.css",[],[287],"\u002Fwp-content\u002Fplugins\u002Fblock-wp-login\u002Fjs\u002Fbwpl.js",[289,290],"block-wp-login\u002Fcss\u002Fbwpl.css?ver=","block-wp-login\u002Fjs\u002Fbwpl.js?ver=",{"cssClasses":292,"htmlComments":293,"htmlAttributes":298,"restEndpoints":301,"jsGlobals":302,"shortcodeOutput":304},[],[294,295,296,297,294,295],"\u003C!-- wp:paragraph -->","\u003C!-- \u002Fwp:paragraph -->","\u003C!-- wp:image {\"id\":123,\"sizeSlug\":\"full\",\"linkDestination\":\"media\"} -->","\u003C!-- \u002Fwp:image -->",[299,300],"data-bwpl-option","data-bwpl-option-value",[],[303],"bwpl_admin",[]]