[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKHGGHevSIXaDtkqZckkU0MTxLFful6pfn32PHvdGdS4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":20,"download_link":21,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":140,"fingerprints":184},"buddypress-password-strength-meter","BuddyPress Password Strength Meter","0.8","Mike Martel","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike_cowobo\u002F","\u003Cp>This plugin adds the WordPress password strength meter to the ‘Change Password’ field in the Profile->Settings screen in BuddyPress.\u003C\u002Fp>\n\u003Cp>Uses WordPress’s own password strength meter to calculate password strength.\u003C\u002Fp>\n","Password strength meter for the 'change password' screen in BuddyPress",10,5395,100,2,"",[17,18,19],"buddypress","password","strength","https:\u002F\u002Fgithub.com\u002Fmgmartel\u002FBuddyPress-Password-Strength-Meter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-password-strength-meter.0.8.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"mike_cowobo",7,70,89,30,86,"2026-04-04T12:32:38.569Z",[35,61,82,102,123],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":15,"download_link":57,"security_score":58,"vuln_count":14,"unpatched_count":22,"last_vuln_date":59,"fetched_at":60},"password-policy-manager","Password Policy Manager | Password Manager","2.0.6","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-password-policy-manager-to-enforce-wordpress-password-security\" rel=\"nofollow ugc\">Setup Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager#free-demo\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Enforce Strong and Secure Password Policies with Password Policy Manager\u003C\u002Fh3>\n\u003Cp>The miniOrange \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin helps you enforce strong and secure password policies with features like \u003Cstrong>password reset\u003C\u002Fstrong>, \u003Cstrong>password expiry\u003C\u002Fstrong>, \u003Cstrong>password score\u003C\u002Fstrong>, and \u003Cstrong>strong password rules\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can manage user passwords efficiently using the user password manager, password strength meter, and history manager to enhance overall password security.\u003Cbr \u002F>\nIn case of a breach, take quick action with one-click password reset, lock inactive users, and enforce random password rules.\u003C\u002Fp>\n\u003Cp>This ensures complete protection by securing passwords, and managing both active and lock inactive users to prevent password-based attacks.\u003Cbr \u002F>\nHave questions? Reach us at \u003Cstrong>mfasupport@xecurify.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What is the Password Policy Manager Plugin for WordPress?\u003C\u002Fh3>\n\u003Cp>WordPress plugin for password expiry, strength check, and secure policy enforcement. Easy to install and configure, this Password Security plugin secures your site without disrupting the user experience.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZnwEDbedz1A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress PPM Key Features (Free Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enforce strong passwords:\u003C\u002Fstrong> Force all users to create strong passwords according to the password policy set by the admin for high Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-policy-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Users password manager:\u003C\u002Fa>\u003C\u002Fstrong> User password manager allows the admin to manage the users’ passwords (like password strength, how many passwords are strong, etc) to check the Password Security. [password policy setup guide]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enforce password change:\u003C\u002Fstrong> Administrators can force users to change their password on their next login using this functionality use to enforce strong passwords on their users and ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">One click reset password:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to invalidate the current password and force their users to generate a new strong password. This can be done for all users in case of any breach. This will kill all the current sessions and users will be forced to set a new strong password via email hence reinforcing the Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-score-or-password-strength-checker-password-policy\" rel=\"nofollow ugc\">Password Score:\u003C\u002Fa>\u003C\u002Fstrong> It will show all the users’ password strengths. You can check whether the passwords being used are strong, medium or weak. Based on that you can use the enforce strong passwords feature to improve Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-expiry-time-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Auto Password Expiry:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to enforce a custom time-based password expiry to improve Password Security. Once the password has expired, the users will be forced to create a new password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password strength:\u003C\u002Fstrong> The admin can set the minimum and maximum length of the password. You can also add constraints that you want your users to follow while setting a strong password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Users:\u003C\u002Fstrong> There is no user limit on the password policy manager plugin and it can be used to create password policies for unlimited users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Which Key Features does Password Policy Manager support in the Enterprise Plan?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Role-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force specific users roles to create strong passwords according to the password policy set by the admin on their first login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based One-click password Reset and Logout:\u003C\u002Fstrong> Admin can reset passwords of users at once and terminate their logged-in sessions with just one click in case of any suspicious activity using the One-click reset password. Admin can then send password reset links over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect URL:\u003C\u002Fstrong> The admin can redirect their users to a different \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-custom-redirect-url-password-policy-manager-on-wordpress\" rel=\"nofollow ugc\">custom URL\u003C\u002Fa> using this functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active & Inactive Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all active as well as lock inactive users using this tool of the Password Policy Enterprise plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout Inactive Users:\u003C\u002Fstrong> When this setting is enabled, a user is logged out and their session is destroyed if they are inactive for more than the customizable set time limit.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> The Password Policy Manager Enterprise plugin is multisite compatible and can be used to create password policies for an entire multisite network.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For any customization-related queries, reach us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n\u003Ch3>Upgrade to miniOrange Password Policy Manager Premium Plan for Advanced Security\u003C\u002Fh3>\n\u003Cp>The premium plan of miniOrange WordPress Password Policy Manager gives you complete control over how users can secure passwords, helping you enforce policies across all roles, customize the login experience, and secure even the most complex WordPress setups.\u003C\u002Fp>\n\u003Cp>With the premium \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin offers advanced \u003Cstrong>password security features\u003C\u002Fstrong>, including role-based and user-based password policies. It also supports custom login forms like WooCommerce, Elementor, Ultimate Member, and more.\u003C\u002Fp>\n\u003Ch4>Premium Features List\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based and User-Based Password Policies:\u003C\u002Fa>\u003C\u002Fstrong> Admin can set different [role-based as well as user-based policies] and enforce password policy changes to ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force a specific set of users to create strong passwords according to the password policy set by the admin on their first login to maintain strong Password Security. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Enforce Password Change:\u003C\u002Fstrong> Administrators can enforce specific sets of roles to change their passwords on their next login using this configuration to enhance Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based One-click password Reset and Logout:\u003C\u002Fa>\u003C\u002Fstrong> Using [one-click reset password])  feature, the admin can reset passwords of all users \u002F particular roles at once and terminate all logged-in sessions with just one click in case of any suspicious activity. Admin can then send the password reset link over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-generate-random-password\" rel=\"nofollow ugc\">Generate Random Passwords:\u003C\u002Fa>\u003C\u002Fstrong> Generate random passwords generates a random strong password containing all variations to make the password security strong and secure against brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-apply-automatically-lock-inactive-user\" rel=\"nofollow ugc\">Automatically Lock Inactive Users:\u003C\u002Fa>\u003C\u002Fstrong> It will lock the user automatically if the user is inactive for the custom-specified time period. This can be set for particular roles as well as users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-history-management\" rel=\"nofollow ugc\">Password History Manager:\u003C\u002Fa>\u003C\u002Fstrong> It will manage the history of all the recently used passwords for each user, so no user can reuse a previous password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all Active Users using this setting of the Password Policy Premium plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login Forms Supported:\u003C\u002Fstrong>  The Premium plan also supports the following custom login forms: WooCommerce, Ultimate Member, Elementor Pro, BBPress, Gravity Forms, Ninja Forms, Buddy Press, User Registration, User Pro, MemberPress, and many others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Site:\u003C\u002Fstrong> The Password Policy Manager Premium plugin is single-site compatible and can be used to create password policies on only one site at a time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Why You Need to Register with miniOrange\u003C\u002Fh3>\n\u003Cp>Some advanced features in the \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin, like one-click password reset and random password generation.\u003Cbr \u002F>\nCore functionalities such as enforcing strong password policies, password expiry, password history, and locking inactive users work without registration.\u003C\u002Fp>\n\u003Cp>Customized solutions and active support for the miniOrange Password Policy Manager plugin are available. Email us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n","Enforce strong passwords with expiry, reset, score checks, inactive user lock, and user password management using Password Policy Manager.",6000,93974,88,14,"2025-10-20T08:18:00.000Z","6.8.5","4.6","5.3.0",[52,53,54,55,56],"password-security","password-strength","reset-password","secure-password","strong-password","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-policy-manager.2.0.6.zip",96,"2025-10-24 18:09:09","2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":45,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":15,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":60},"login-security-solution","Login Security Solution","0.56.0","Daniel Convissor","https:\u002F\u002Fprofiles.wordpress.org\u002Fconvissor\u002F","\u003Cp>A simple way to lock down login security for multisite and regular\u003Cbr \u002F>\nWordPress installations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Blocks brute force and dictionary attacks without inconveniencing\u003Cbr \u002F>\nlegitimate users or administrators\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tracks IP addresses, usernames, and passwords\u003C\u002Fli>\n\u003Cli>Monitors logins made by form submissions, XML-RPC requests and\u003Cbr \u002F>\nauth cookies\u003C\u002Fli>\n\u003Cli>If a login failure uses data matching a past failure, the plugin\u003Cbr \u002F>\nslows down response times.  The more failures, the longer the delay.\u003Cbr \u002F>\nThis limits attackers ability to effectively probe your site,\u003Cbr \u002F>\nso they’ll give up and go find an easier target.\u003C\u002Fli>\n\u003Cli>If an account seems breached, the “user” is immediately logged out\u003Cbr \u002F>\nand forced to use WordPress’ password reset utility.  This prevents\u003Cbr \u002F>\nany damage from being done and verifies the user’s identity.  But\u003Cbr \u002F>\nif the user is coming in from an IP address they have used in the\u003Cbr \u002F>\npast, an email is sent to the user making sure it was them logging in.\u003Cbr \u002F>\nAll without intervention by an administrator.\u003C\u002Fli>\n\u003Cli>Can notify the administrator of attacks and breaches\u003C\u002Fli>\n\u003Cli>Supports IPv6\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Thoroughly examines and enforces password strength.  Includes full\u003Cbr \u002F>\nUTF-8 character set support if PHP’s \u003Ccode>mbstring\u003C\u002Fcode> extension is enabled.\u003Cbr \u002F>\nThe tests have caught every password dictionary entry I’ve tried.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minimum length (customizable)\u003C\u002Fli>\n\u003Cli>Doesn’t match blog info\u003C\u002Fli>\n\u003Cli>Doesn’t match user data\u003C\u002Fli>\n\u003Cli>Must either have numbers, punctuation, upper and lower case characters\u003Cbr \u002F>\nor be very long.  Note: alphabets with only one case (e.g. Arabic,\u003Cbr \u002F>\nHebrew, etc.) are automatically exempted from the upper\u002Flower case\u003Cbr \u002F>\nrequirement.\u003C\u002Fli>\n\u003Cli>Non-sequential codepoints\u003C\u002Fli>\n\u003Cli>Non-sequential keystrokes (custom sequence files can be added)\u003C\u002Fli>\n\u003Cli>Not in the password dictionary files you’ve provided (if any)\u003C\u002Fli>\n\u003Cli>Decodes “leet” speak\u003C\u002Fli>\n\u003Cli>The password\u002Fphrase is not found by the \u003Ccode>dict\u003C\u002Fcode> dictionary\u003Cbr \u002F>\nprogram (if available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blocks discovering user names via the “?author=” query string\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Password aging (optional) (not recommended)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users need to change password every x days (customizable)\u003C\u002Fli>\n\u003Cli>Grace period for picking a new password (customizable)\u003C\u002Fli>\n\u003Cli>Remembers old passwords (quantity is customizable)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Administrators can require all users to change their passwords\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Done via a flag in each user’s database entry\u003C\u002Fli>\n\u003Cli>No mail is sent, keeping your server off of spam lists\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Logs out idle sessions (optional) (idle time is customizable)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Maintenance mode (optional)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Publicly viewable content remains visible\u003C\u002Fli>\n\u003Cli>Disables logins by all users, except administrators\u003C\u002Fli>\n\u003Cli>Logs out existing sessions, except administrators\u003C\u002Fli>\n\u003Cli>Disables posting of comments\u003C\u002Fli>\n\u003Cli>Useful for maintenance or emergency reasons\u003C\u002Fli>\n\u003Cli>This is separate from WordPress’ maintenance mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Prevents information disclosures from failed logins\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Improvements Over Similar WordPress Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multisite network support\u003C\u002Fli>\n\u003Cli>Monitors authentication cookies for bad user names and hashes\u003C\u002Fli>\n\u003Cli>Tracks logins from XML-RPC requests\u003C\u002Fli>\n\u003Cli>Adjusts WordPress’ password policy user interfaces\u003C\u002Fli>\n\u003Cli>Takes security seriously so the plugin itself does not open your site\u003Cbr \u002F>\nto SQL, HTML, or header injection vulnerabilities\u003C\u002Fli>\n\u003Cli>Notice-free code means no information disclosures if \u003Ccode>display_errors\u003C\u002Fcode>\u003Cbr \u002F>\nis on and \u003Ccode>error_reporting\u003C\u002Fcode> includes \u003Ccode>E_NOTICE\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Only loads files, actions, and filters needed for enabled options\u003Cbr \u002F>\nand the page’s context\u003C\u002Fli>\n\u003Cli>Provides an option to have deactivation remove all of this plugin’s\u003Cbr \u002F>\ndata from the database\u003C\u002Fli>\n\u003Cli>Uses WordPress’ features rather than fighting or overriding them\u003C\u002Fli>\n\u003Cli>No advertising, promotions, or beacons\u003C\u002Fli>\n\u003Cli>Proper internationalization support\u003C\u002Fli>\n\u003Cli>Clean, documented code\u003C\u002Fli>\n\u003Cli>Unit tests covering 100% of the main class\u003C\u002Fli>\n\u003Cli>Internationalized unit tests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For reference, the similar plugins include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F6scan-protection\u002F\" rel=\"ugc\">6Scan Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-wp-security\u002F\" rel=\"ugc\">Better WP Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenforce-strong-password\u002F\" rel=\"ugc\">Enforce Strong Password\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforce-strong-passwords\u002F\" rel=\"ugc\">Force Strong Passwords\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flimit-login-attempts\u002F\" rel=\"ugc\">Limit Login Attempts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-lock\u002F\" rel=\"ugc\">Login Lock\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-lockdown\u002F\" rel=\"ugc\">Login LockDown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpmc-lockdown\u002F\" rel=\"ugc\">PMC Lockdown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-login-lockdown\u002F\" rel=\"ugc\">Simple Login Lockdown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-security\u002F\" rel=\"ugc\">WP Login Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-security-2\u002F\" rel=\"ugc\">WP Login Security 2\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility with Other Plugins\u003C\u002Fh4>\n\u003Cp>Some plugins provide similar functionality.  These overlaps can lead to\u003Cbr \u002F>\nconflicts during program execution.  Please read the FAQ!\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Deutsche, Deutschland (German, Germany) (de_DE) by Christian Foellmann\u003C\u002Fli>\n\u003Cli>Français, français (French, France) (fr_FR) by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmermouy\" rel=\"nofollow ugc\">mermouy\u003C\u002Fa> and and Fx Bénard\u003C\u002Fli>\n\u003Cli>Italiano, Italia (Italian, Italy) (it_IT) by Daniele Passalacqua\u003C\u002Fli>\n\u003Cli>日本語, 日本国 (Japanese, Japan) (ja_JP) by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmotoyamayuki\u002F\" rel=\"nofollow ugc\">motoyamayuki\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Nederlands, Nederland (Dutch, Netherlands) (nl_NL) by Friso van Wieringen\u003C\u002Fli>\n\u003Cli>polski, Polska (Polish, Poland) (pl_PL) by Michał Seweryniak \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fminiol\" rel=\"nofollow ugc\">miniol\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Português, Brasil (Portugese, Brazil) (pt_BR) by Valdir Trombini\u003C\u002Fli>\n\u003Cli>suomi, Suomi (Finnish, Finland) (fi_FI) by Juha Remes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNewman101\" rel=\"nofollow ugc\">Newman101\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Source Code, Bugs, and Feature Requests\u003C\u002Fh4>\n\u003Cp>Development of this plugin happens on\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nPlease submit\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fissues\" rel=\"nofollow ugc\">bug and feature requests\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fpulls\" rel=\"nofollow ugc\">pull requests\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fwiki\" rel=\"nofollow ugc\">wiki entries\u003C\u002Fa>\u003Cbr \u002F>\nthere.\u003Cbr \u002F>\nReleases are then squashed and pushed to WordPress’\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-security-solution\u002F\" rel=\"nofollow ugc\">Plugins SVN repository\u003C\u002Fa>.\u003Cbr \u002F>\nThis division is necessary due having being chastised that “the Plugins SVN\u003Cbr \u002F>\nrepository is a release system, not a development system.”\u003C\u002Fp>\n\u003Cp>Old tickets are in the \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fquery?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id\" rel=\"nofollow ugc\">Plugins Trac\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Strong, Unique Passwords Are Important\u003C\u002Fh4>\n\u003Cp>Yeah, creating, storing\u002Fremembering, and using a \u003Cstrong>different\u003C\u002Fstrong>, \u003Cstrong>strong\u003C\u002Fstrong>\u003Cbr \u002F>\npassword for each site you use is a hassle.  \u003Cem>But it is absolutely\u003Cbr \u002F>\nnecessary.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Password lists get stolen on a regular basis from big name sites (like\u003Cbr \u002F>\nLinkedin for example!).  Criminals then have unlimited time to decode the\u003Cbr \u002F>\npasswords.  In general, 50% of those passwords are so weak they get figured\u003Cbr \u002F>\nout in a matter of seconds.  Plus there are computers on the Internet\u003Cbr \u002F>\ndedicated to pounding the sites with login attempts, hoping to get lucky.\u003C\u002Fp>\n\u003Cp>Many people use the same password for multiple sites.  Once an attacker\u003Cbr \u002F>\nfigures out your password on one site, they’ll try it on your accounts at\u003Cbr \u002F>\nother sites.  It gets ugly very fast.\u003C\u002Fp>\n\u003Cp>But don’t despair!  There are good, free tools that make doing the right\u003Cbr \u002F>\nthing a piece of cake.  For example: \u003Ca href=\"http:\u002F\u002Fwww.keepassx.org\u002F\" rel=\"nofollow ugc\">KeePassX\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fkeepass.info\u002F\" rel=\"nofollow ugc\">KeePass\u003C\u002Fa>,\u003Cbr \u002F>\nor \u003Ca href=\"https:\u002F\u002Fagilebits.com\u002Fonepassword\" rel=\"nofollow ugc\">1Password\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Securing Your WordPress Site is Important\u003C\u002Fh4>\n\u003Cp>You’re probably thinking “There’s nothing valuable on my website. No one\u003Cbr \u002F>\nwill bother breaking into it.”  What you need to realize is that attackers\u003Cbr \u002F>\nare going after your visitors.  They put stealth code on your website\u003Cbr \u002F>\nthat pushes malware into your readers’ browsers.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>According to SophosLabs more than 30,000 websites are infected\u003Cbr \u002F>\n  every day and 80% of those infected sites are legitimate.\u003Cbr \u002F>\n  Eighty-five percent of all malware, including viruses, worms,\u003Cbr \u002F>\n  spyware, adware and Trojans, comes from the web. Today,\u003Cbr \u002F>\n  drive-by downloads have become the top web threat.\u003C\u002Fp>\n\u003Cp>— \u003Ca href=\"http:\u002F\u002Fwww.sophos.com\u002Fen-us\u002Fsecurity-news-trends\u002Freports\u002Fsecurity-threat-report\u002Fhtml-08.aspx\" rel=\"nofollow ugc\">\u003Cem>Security Threat Report 2012\u003C\u002Fem>\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>So if your site does get cracked, not only do you waste hours cleaning up,\u003Cbr \u002F>\nyour reputation gets sullied, security software flags your site as dangerous,\u003Cbr \u002F>\nand worst of all, you’ve inadvertently helped infect the computers of your\u003Cbr \u002F>\nclients and friends.  Oh, and if the attack involves malware, that malware\u003Cbr \u002F>\nhas probably gotten itself into your computer.\u003C\u002Fp>\n\u003Ch3>Actions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>login_security_solution_insert_fail\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail\u003C\u002Fli>\n\u003Cli>login_security_solution_fail_tier_dos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The following filters allow customizing email subjects and messages.  If\u003Cbr \u002F>\neither the “subject”or “message” filters in a method returns an empty\u003Cbr \u002F>\nstring, the given method will skip calling \u003Ccode>wp_mail()\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>login_security_solution_notify_breach_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_message\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_user_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_user_message\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail_message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Unit Tests\u003C\u002Fh4>\n\u003Cp>A thorough set of unit tests are found in the \u003Ccode>tests\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Cp>The plugin needs to be installed and activated before running the tests.\u003C\u002Fp>\n\u003Cp>To execute the tests, \u003Ccode>cd\u003C\u002Fcode> into this plugin’s directory and\u003Cbr \u002F>\ncall \u003Ccode>phpunit tests\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Translations can be tested by changing the \u003Ccode>WPLANG\u003C\u002Fcode> value in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Please note that the tests make extensive use of database transactions.\u003Cbr \u002F>\nMany tests will be skipped if your \u003Ccode>wp_options\u003C\u002Fcode> and \u003Ccode>wp_usermeta\u003C\u002Fcode> tables\u003Cbr \u002F>\nare not using the \u003Ccode>InnoDB\u003C\u002Fcode> storage engine.\u003C\u002Fp>\n\u003Ch4>Removal\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>This plugin offers the ability to remove all of this plugin’s settings\u003Cbr \u002F>\nfrom your database.  Go to WordPress’ “Plugins” admin interface and\u003Cbr \u002F>\nclick the “Settings” link for this plugin.  In the “Deactivate” entry,\u003Cbr \u002F>\nclick the “Yes, delete the damn data” button and save the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use WordPress’ “Plugins” admin interface to click the “Deactivate” link\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Remove the \u003Ccode>login-security-solution\u003C\u002Fcode> directory from the server\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>In the event you didn’t pick the “Yes, delete the damn data” option or\u003Cbr \u002F>\nyou manually deleted the plugin, you can get rid of the settings by running\u003Cbr \u002F>\nthree queries.  These  queries are exapmles, using the default table name\u003Cbr \u002F>\nprefix of, \u003Ccode>wp_\u003C\u002Fcode>.  If you have changed your database prefix, adjust the\u003Cbr \u002F>\nqueries accordingly.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    DROP TABLE wp_login_security_solution_fail;\n\n    DELETE FROM wp_options WHERE option_name LIKE 'login-security-solution%';\n\n    DELETE FROM wp_usermeta WHERE meta_key LIKE 'login-security-solution%';= Inspiration and References =\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\n\u003Cp>Password Research\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2012\u002F08\u002Fpasswords-under-assault\u002F\" rel=\"nofollow ugc\">Why passwords have never been weaker — and crackers have never been stronger\u003C\u002Fa>, Dan Goodin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cl.cam.ac.uk\u002F~jcb82\u002Fdoc\u002FB12-IEEESP-evaluating_a_huge_password_corpus.pdf\" rel=\"nofollow ugc\">You can never have too many passwords: techniques for evaluating a huge corpus\u003C\u002Fa>, Joseph Bonneau\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cs.ru.nl\u002Fbachelorscripties\u002F2010\u002FMartin_Devillers___0437999___Analyzing_password_strength.pdf\" rel=\"nofollow ugc\">Analyzing Password Strength\u003C\u002Fa>, Martin Devillers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.imperva.com\u002Fdocs\u002FWP_Consumer_Password_Worst_Practices.pdf\" rel=\"nofollow ugc\">Consumer Password Worst Practices\u003C\u002Fa>, Imperva\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.bryanrite.com\u002Fpreventing-brute-force-attacks-on-your-web-login\u002F\" rel=\"nofollow ugc\">Preventing Brute Force Attacks on your Web Login\u003C\u002Fa>, Bryan Rite\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fxkcd.com\u002F936\u002F\" rel=\"nofollow ugc\">Password Strength\u003C\u002Fa>, Randall Munroe\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Technical Info\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdoc.infosnel.nl\u002Fextreme_utf-8.html\" rel=\"nofollow ugc\">The Extreme UTF-8 Table\u003C\u002Fa>, infosnel.nl\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc5952\" rel=\"nofollow ugc\">A Recommendation for IPv6 Address Text Representation\u003C\u002Fa>, Seiichi Kawamura and Masanobu Kawashima\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Password Lists\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdazzlepod.com\u002Fsite_media\u002Ftxt\u002Fpasswords.txt\" rel=\"nofollow ugc\">Dazzlepod Password List\u003C\u002Fa>, Dazzlepod\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.searchlores.org\u002Fcommonpass1.htm\" rel=\"nofollow ugc\">Common Passwords\u003C\u002Fa>, Fravia\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.whatsmypass.com\u002Fthe-top-500-worst-passwords-of-all-time\" rel=\"nofollow ugc\">The Top 500 Worst Passwords of All Time\u003C\u002Fa>, Mark Burnett\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>To Do\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Provide a user interface to the \u003Ccode>fail\u003C\u002Fcode> table.\u003C\u002Fli>\n\u003C\u002Ful>\n","Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.",4000,290214,54,"2017-11-28T10:46:00.000Z","4.4.34","3.3",[76,18,77,19,78],"login","passwords","strong","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-security-solution\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-solution.zip",85,{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":32,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":15,"tags":96,"homepage":99,"download_link":100,"security_score":101,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":60},"password-strength-for-woocommerce","Password Strength for WooCommerce","1.0.3","WP Zone","https:\u002F\u002Fprofiles.wordpress.org\u002Faspengrovestudios\u002F","\u003Cp>This plugin disables password strength enforcement in WooCommerce. Future versions may allow the user to change the minimum password strength rather than disabling it altogether.\u003C\u002Fp>\n\u003Cp>Disabling the minimum password strength is not recommended from a security standpoint. Use at your own risk!\u003C\u002Fp>\n\u003Cp>If you like this plugin, please consider leaving a comment or review.\u003C\u002Fp>\n\u003Ch3>You may also like these plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpzone.co\u002F\" rel=\"nofollow ugc\">WP Zone\u003C\u002Fa> has built a bunch of plugins, add-ons, and themes. Check out other favorites here on the repository and don’t forget to leave a 5-star review to help others in the community decide.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-sales-report-for-woocommerce\u002F\" rel=\"ugc\">Product Sales Report for WooCommerce\u003C\u002Fa> – setup a custom sales report for the products in your WooCommerce store with toggle sorting options. Including or excluding items based on date range, sale status, product category and id, define display order, choose what fields to include, and generate your report with a click.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexport-order-items-for-woocommerce\u002F\" rel=\"ugc\">Export Order Items for WooCommerce\u003C\u002Fa> – export the order details for each sale in your WooCommerce store. Simplify order fulfillment, generate accounting reports in a few clicks, and download into CSV format for readability and universal compatibility with Export Order Items.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freplace-image\u002F\" rel=\"ugc\">Replace Image\u003C\u002Fa> – keep the same URL when uploading to the WordPress media library\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforce-update-check-for-plugins-and-themes\u002F\" rel=\"ugc\">Force Update Check for Plugins and Themes\u003C\u002Fa> -force Update Check for Plugins and Themes forces WordPress to run a theme and plugin update check whenever you visit the WordPress updates page\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-sendgrid-for-emails\u002F\" rel=\"ugc\">Connect SendGrid for Emails\u003C\u002Fa> –  connect SendGrid for Emails is a third-party fork of (and a drop-in replacement for) the official SendGrid plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-and-javascript\u002F\" rel=\"ugc\">Custom CSS and JavaScript\u003C\u002Fa> – allows you to add custom site-wide CSS styles and JavaScript code to your WordPress site. Useful for overriding your theme’s styles and adding client-side functionality.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-registration-notification-emails\u002F\" rel=\"ugc\">Disable User Registration Notification Emails\u003C\u002Fa> – when this plugin is activated, it disables the notification sent to the admin email when a new user account is registered.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-upload-for-bbpress\u002F\" rel=\"ugc\">Inline Image Upload for BBPress\u003C\u002Fa> – enables the TinyMCE WYSIWYG editor for BBPress forum topics and replies and adds a button to the editor’s “Insert\u002Fedit image” dialog that allows forum users to upload images from their computer and insert them inline into their posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdonations-for-woocommerce\u002F\" rel=\"ugc\">Potent Donations for WooCommerce\u003C\u002Fa> – acceptance donations through your WooCommerce store\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortcodes-for-divi\u002F\" rel=\"ugc\">Shortcodes for Divi\u003C\u002Fa> – allows to use Divi Library layouts as shortcodes everywhere where text comes.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-export-and-import-for-woocommerce\u002F\" rel=\"ugc\">Stock Export and Import for WooCommerce\u003C\u002Fa> – generates reports on the stock status (in stock \u002F out of stock) and quantity of individual WooCommerce products.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-quiz-addon-for-lifterlms\u002F\" rel=\"ugc\">Random Quiz Generator for LifterLMS\u003C\u002Fa> – pull a random set of questions from your quiz so users never get the same question twice when retaking or setting up a practice quiz.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-and-divi-icons\u002F\" rel=\"ugc\">WP and Divi Icons\u003C\u002Fa> – adds over 660 custom outline SVG icons to your website. SVG icons are vector icons, so they are sharp and look good on any screen at any size.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-layouts\u002F\" rel=\"ugc\">WP Layouts\u003C\u002Fa> – the best way to organize, import, and export your layouts, especially if you have multiple websites.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-squish\u002F\" rel=\"ugc\">WP Squish\u003C\u002Fa> – reduce the amount of storage space consumed by your WordPress installation through the application of user-definable JPEG compression levels and image resolution limits to uploaded images.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To view WP Zone’s premium WordPress plugins and themes, visit our \u003Ca href=\"https:\u002F\u002Fwpzone.co\u002Fproduct\u002F\" rel=\"nofollow ugc\">WordPress products catalog page\u003C\u002Fa>\u003C\u002Fp>\n","Disables password strength enforcement in WooCommerce.",1000,27179,6,"2024-08-12T19:56:00.000Z","6.6.5","3.5",[18,53,97,98],"security","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-strength-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-strength-for-woocommerce.1.0.3.zip",92,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":15,"tags":117,"homepage":121,"download_link":122,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":60},"no-weak-passwords","No Weak Passwords","1.0.2","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>This plugin forbids any user to choose any password from the “common passwords list” obtained from http:\u002F\u002Fwww.openwall.com\u002Fpasswords\u002Fwordlists\u002F, and requires any who are already doing so to reset their passwords.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright 2012- David Anderson\u003C\u002Fp>\n\u003Cp>MIT License:\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining\u003Cbr \u002F>\na copy of this software and associated documentation files (the\u003Cbr \u002F>\n“Software”), to deal in the Software without restriction, including\u003Cbr \u002F>\nwithout limitation the rights to use, copy, modify, merge, publish,\u003Cbr \u002F>\ndistribute, sublicense, and\u002For sell copies of the Software, and to\u003Cbr \u002F>\npermit persons to whom the Software is furnished to do so, subject to\u003Cbr \u002F>\nthe following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be\u003Cbr \u002F>\nincluded in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,\u003Cbr \u002F>\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\u003Cbr \u002F>\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\u003Cbr \u002F>\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\u003Cbr \u002F>\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\u003Cbr \u002F>\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\u003Cbr \u002F>\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","This plugin forbids any user to choose any password from the \"common passwords list\" obtained from http:\u002F\u002Fwww.openwall.",400,9090,80,4,"2025-11-12T16:20:00.000Z","6.9.4","3.2",[118,119,53,77,120],"ban-passwords","ban-weak-passwords","weak-passwords","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-weak-passwords","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-weak-passwords.1.0.2.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":13,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":115,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":138,"download_link":139,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":60},"password-requirements","WP Password Policy","3.6.0","Teydea Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fteydeastudio\u002F","\u003Cp>\u003Cstrong>WP Password Policy lets you define and enforce password policies for all users on your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set rules for password length, complexity (uppercase, lowercase, digits, special characters), restricted characters, password expiration, and more. The plugin validates passwords on login, registration, password changes, and during active sessions — automatically redirecting users to reset non-compliant passwords.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key benefits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enforce password length and complexity rules from a single settings page.\u003C\u002Fli>\n\u003Cli>Set password expiration to ensure users update their passwords regularly.\u003C\u002Fli>\n\u003Cli>Require users to confirm their current password before making changes.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress multisite networks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you manage a personal blog, a membership site, or a multisite network, WP Password Policy helps you maintain consistent password standards across all user accounts.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">wppasswordpolicy.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why password policies matter\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Weak passwords remain one of the most common entry points for unauthorized access to WordPress sites. Enforcing password rules helps reduce this risk and supports compliance with security best practices.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Minimum password length\u003C\u002Fstrong> — Set and enforce the minimum number of characters for user passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum password length\u003C\u002Fstrong> — Limit password length to prevent denial-of-service attacks caused by hashing very long passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password complexity rules\u003C\u002Fstrong> — Require a mix of uppercase letters, lowercase letters, digits, special characters, and a minimum number of unique characters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consecutive username symbols\u003C\u002Fstrong> — Restrict how many consecutive characters from the username can appear in the password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restricted characters\u003C\u002Fstrong> — Block specific characters from being used in passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum password age\u003C\u002Fstrong> — Force users to update their passwords periodically (e.g., every 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum password age\u003C\u002Fstrong> — Prevent users from changing their password too frequently, discouraging rapid cycling back to an old password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require current password\u003C\u002Fstrong> — Add a “Current Password” field to the user profile screen and validate it before allowing password changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom password hints\u003C\u002Fstrong> — Replace the default WordPress password hint with a policy-specific hint based on active rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Health integration\u003C\u002Fstrong> — A Site Health test reports whether your plugin settings are properly configured.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite\u002Fnetwork support\u003C\u002Fstrong> — Works with both standard and multisite WordPress installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fai-integration\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">AI integration\u003C\u002Fa>\u003C\u002Fstrong> — On WordPress 6.9+ with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmcp-adapter\u002F\" rel=\"ugc\">MCP Adapter\u003C\u002Fa> plugin, list, configure, and delete password policies through natural language commands from any connected AI provider.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation-ready\u003C\u002Fstrong> — Localize the plugin into any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fpasswords-reuse-prevention\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Prevent password reuse\u003C\u002Fa>\u003C\u002Fstrong> — Block users from reusing their previous passwords, encouraging new, unique passwords every time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fdedicated-policies-by-user-and-or-role\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Custom password policies per role or user\u003C\u002Fa>\u003C\u002Fstrong> — Assign different password rules for administrators, editors, WooCommerce customers, or specific users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Frestricted-passwords-list\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Block common, weak passwords\u003C\u002Fa>\u003C\u002Fstrong> — Over 100,000 common passwords are blocked, preventing users from choosing easy-to-guess passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> — Enforce password policies on WooCommerce account pages, password reset, and registration forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member integration\u003C\u002Fstrong> — Enforce password policies within Ultimate Member registration and account forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support and updates\u003C\u002Fstrong> — Get premium email support and updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more about the PRO version at \u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Fpricing\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">wppasswordpolicy.com\u002Fpricing\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>See the plugin in action:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7g_hWHZ4IFs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Related Plugins\u003C\u002Fh3>\n\u003Cp>Looking for a way to force users to reset their passwords immediately? Check our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-reset-enforcement\u002F\" rel=\"ugc\">Password Reset Enforcement\u003C\u002Fa> plugin — it lets you require password resets site-wide, by role, or for individual users, with WP-CLI support for automation.\u003C\u002Fp>\n","Define and enforce password policies for your WordPress site with length, complexity, and expiration rules.",4554,1,"2026-03-13T23:03:00.000Z","6.6","7.4",[137,53,77,97,56],"password-policy","https:\u002F\u002Fwppasswordpolicy.com\u002F?utm_source=WP+Password+Policy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-requirements.3.6.0.zip",{"attackSurface":141,"codeSignals":161,"taintFlows":171,"riskAssessment":172,"analyzedAt":183},{"hooks":142,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":22,"unprotectedCount":22},[143,149,153],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","wp_enqueue_scripts","load_scripts","bp-password-strength-meter.php",81,{"type":144,"name":150,"callback":151,"file":147,"line":152},"bp_core_general_settings_before_submit","strength_indicator",82,{"type":144,"name":154,"callback":155,"file":147,"line":156},"bp_init","init",127,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":170},[],{"prepared":22,"raw":22,"locations":164},[],{"escaped":22,"rawEcho":132,"locations":166},[167],{"file":147,"line":168,"context":169},120,"raw output",[],[],{"summary":173,"deductions":174},"Based on the provided static analysis and vulnerability history, the \"buddypress-password-strength-meter\" plugin version 0.8 exhibits a strong security posture in several key areas. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the complete absence of dangerous functions, file operations, external HTTP requests, and known CVEs is highly encouraging. The fact that all SQL queries utilize prepared statements indicates good development practices for database interactions.\n\nHowever, a critical concern arises from the output escaping. With 100% of outputs not being properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by this plugin could potentially be manipulated to inject malicious scripts, which could then be executed in the context of other users' browsers. The lack of nonce and capability checks, while potentially less critical given the limited attack surface, also represents a missed opportunity for robust security, especially if new entry points were to be introduced in future versions. The vulnerability history being clean is a positive sign, but it cannot mitigate the immediate risk of unescaped output.\n\nIn conclusion, while the plugin demonstrates good security hygiene by avoiding common pitfalls like dangerous functions and un-prepared SQL, the glaring issue of unescaped output presents a substantial risk of XSS. This weakness, coupled with the lack of explicit authorization checks, outweighs the benefits of its limited attack surface. Addressing the output escaping immediately should be the top priority for this plugin.",[175,178,181],{"reason":176,"points":177},"All outputs unescaped",8,{"reason":179,"points":180},"No nonce checks",3,{"reason":182,"points":180},"No capability checks","2026-03-16T23:30:34.577Z",{"wat":185,"direct":196},{"assetPaths":186,"generatorPatterns":188,"scriptPaths":189,"versionParams":192},[187],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-password-strength-meter\u002F_inc\u002Fcss\u002Fbp-password-strength-meter.css",[],[190,191],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-password-strength-meter\u002F_inc\u002Fjs\u002Fpassword-strength-meter.js","\u002Fwp-content\u002Fplugins\u002Fbuddypress-password-strength-meter\u002F_inc\u002Fjs\u002Fuser-profile.js",[193,194,195],"bp-password-strength-meter\u002Fstyle.css?ver=","password-strength-meter.js?ver=","user-profile.js?ver=",{"cssClasses":197,"htmlComments":199,"htmlAttributes":200,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[198],"indicator-hint",[],[201,202],"id=\"user_login\"","id=\"pass-strength-result\"",[],[],[206,207,208],"\u003Cinput type=\"hidden\" id=\"user_login\"","\u003Cdiv id=\"pass-strength-result\"","\u003Cp class=\"description indicator-hint\""]