[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9NBXmN-AxECrEMrzXck3sdZoIJPXCe2ahMppMvJEBX0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":141,"fingerprints":223},"captcha-ajax","Captcha Ajax","1.14.8","Alessandro Lin","https:\u002F\u002Fprofiles.wordpress.org\u002Falessandro12\u002F","\u003Cp>Captcha works fine with website cache.\u003Cbr \u002F>\nAdds Captcha Asynchronously anti-spam methods to WordPress. Include login form, registration form, lost passwordform and comments form. The asynchronously method allows captcha to work well when a page cache, server cache or plugin cache, is active.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcaptcha-ajax.eu\" rel=\"nofollow ugc\">View:\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Captcha for login form\u003C\u002Fli>\n\u003Cli>Captcha for login form obtained with the function wp_login_form(). Login form embedded in a page.\u003C\u002Fli>\n\u003Cli>Captcha for registration form\u003C\u002Fli>\n\u003Cli>Captcha for lost password form.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Captcha for comments form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Captcha for Contact Form 7\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Captcha for WPForms\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Captcha for Forminators form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Captcha for WooCommerce plugin. Login form, Lost Password form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select the letters type from the options – Capital letters, Small letters or Captial & Small letters.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Select the captcha type from the options – Alphanumeric, Alphabets or numbers.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select the captcha image. Default image or Black and white or Multicolor or Icons ( 27 icons available from fontawesome.com ) or Arithmetics. See images in screenshots.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Firewall. Limit rate of failed login attempts for each IP.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Firewall. The “who is” feature for IP owner is active.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>REST API\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Firewall details:\u003Cbr \u002F>\nLimit failed login attempts.\u003Cbr \u002F>\nTemporary blocks an Internet address from making further attempts after a specified limit on failed retries is reached.\u003Cbr \u002F>\nOption active for login form, login form embedded, registration form, lost password form. Select the feature in the dashboard.\u003C\u002Fp>\n\u003Cp>REST API details:\u003Cbr \u002F>\nThe following address, reachable with a browser:\u003Cbr \u002F>\n” https:\u002F\u002Fyour_site\u002Fwp-json\u002Fcaptcha-ajax\u002Fv1\u002Ftransients_expired ”\u003Cbr \u002F>\nwill cause the cleaning of expired transients.\u003Cbr \u002F>\nPerforms this task no more than once every 2 hours, further requests will be ignored.\u003C\u002Fp>\n\u003Cp>If your web site has a caching plugin installed or uses server-side caching, it is best to exclude the page from caching:\u003Cbr \u002F>\n” https:\u002F\u002Fyour_site\u002Fwp-json\u002Fcaptcha-ajax\u002Fv1\u002Ftransients_expired “\u003C\u002Fp>\n\u003Cp>REST API Filter for Exposing Menus Publicly in WordPress. Optional.\u003C\u002Fp>\n\u003Cp>Captcha for Contact Form 7 details:\u003Cbr \u002F>\n1. Install and activate CF7 and Captcha Ajax.\u003Cbr \u002F>\n2. Go to Captcha Ajax settings. CF7 yes and save.\u003Cbr \u002F>\n3. Create your contact form with CF7.\u003Cbr \u002F>\n4. Edit your new CF7 contact form:\u003Cbr \u002F>\n    Click on the line before [submit “Submit”]. This positions the cursor.\u003Cbr \u002F>\n    Click on the Captcha Ajax Tag.\u003Cbr \u002F>\n    Click on Insert Tag. This inserts the shortcode of Captcha Ajax.\u003Cbr \u002F>\n    Click on Save.\u003Cbr \u002F>\n5. Add the CF7 shortcode to the page, post or text widget and save.\u003Cbr \u002F>\n6. Cache. Purge if it is active.\u003Cbr \u002F>\nDone\u003C\u002Fp>\n\u003Cp>Captcha for WPForms details:\u003Cbr \u002F>\n1. Install and activate WPForms and Captcha Ajax.\u003Cbr \u002F>\n2. Go to Captcha Ajax settings. WPF yes and save.\u003Cbr \u002F>\n3. Create your contact form with WPForms.\u003Cbr \u002F>\n4. Add the WPForms shortcode to the page, post or text widget and save.\u003Cbr \u002F>\n5. Cache. Purge if it is active.\u003Cbr \u002F>\nDone\u003C\u002Fp>\n\u003Cp>Captcha for Forminator form details:\u003Cbr \u002F>\n1. Install and activate Forminator form and Captcha Ajax.\u003Cbr \u002F>\n2. Go to Captcha Ajax settings. Forminator yes and save.\u003Cbr \u002F>\n3. Create your contact form with Forminator.\u003Cbr \u002F>\n4. Add the Forminator shortcode to the page, post or text widget and save.\u003Cbr \u002F>\n5. Cache. Purge if it is active.\u003Cbr \u002F>\nDone\u003C\u002Fp>\n\u003Cp>Captcha for WooCommerce details:\u003Cbr \u002F>\nThis feature is synchronized with the WordPress Login.\u003Cbr \u002F>\nIf captcha for WordPress Login is enabled, captcha for WooCommerce Login module is also enabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Thanks for downloading and installing my plugin. You can show your appreciation and support future development by donating. https:\u002F\u002Fwww.paypal.me\u002Fa6419\u003C\u002Fp>\n","Captcha with Ajax method for sending code. Logins, Contact forms, Comments, WooCommerce. Firewall and REST API.",90,2964,94,3,"2026-03-13T11:02:00.000Z","6.9.4","5.0","7.2.24",[20,21,22,23,24],"ajax","captcha","login","post","security","https:\u002F\u002Fcaptcha-ajax.eu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptcha-ajax.1.14.8.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":27,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":13,"computed_at":36},"alessandro12",2,30,"2026-04-04T16:22:57.188Z",[38,62,84,106,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":34,"unpatched_count":60,"last_vuln_date":61,"fetched_at":30},"siteguard","SiteGuard WP Plugin","1.7.9","jp-secure","https:\u002F\u002Fprofiles.wordpress.org\u002Fjp-secure\u002F","\u003Cp>You can find docs, FAQ and more detailed information on \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin_en\u002F\" rel=\"nofollow ugc\">English Page\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.jp-secure.com\u002Fsiteguard_wp_plugin\u002F\" rel=\"nofollow ugc\">Japanese Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply install the SiteGuard WP Plugin, WordPress security is improved.\u003Cbr \u002F>\nThis plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.\u003C\u002Fp>\n\u003Cp>Notes\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not support the multisite function of WordPress.\u003C\u002Fli>\n\u003Cli>It only supports Apache 1.3, 2.x for Web servers.\u003C\u002Fli>\n\u003Cli>To use the CAPTCHA function, the expansion library “mbstring” and “gd” should be installed on php.\u003C\u002Fli>\n\u003Cli>To use the management page filter function and login page change function, “mod_rewrite” should be loaded on Apache.\u003C\u002Fli>\n\u003Cli>To use the WAF Tuning Support, WAF ( SiteGuard Server Edition ) should be installed on Apache.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are the following functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Page IP Filter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function for the protection against the attack to the management page (under wp-admin.)\u003Cbr \u002F>\nTo the access from the connection source IP address which does not login to the management page, 404 (Not Found) is returned.\u003Cbr \u002F>\nAt the login, the connection source IP address is recorded and the access to that page is allowed.\u003Cbr \u002F>\nThe connection source IP address which does not login for more than 24 hours is sequentially deleted.\u003Cbr \u002F>\nThe URL (under wp-admin) where this function is excluded can be specified.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rename Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nThe login page name (wp-login.php) is changed. The initial value is “login_\u003C5 random digits>” but it can be changed to a favorite name.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack,\u003Cbr \u002F>\nor to receive less comment spam. For the character of CAPTCHA, hiragana and alphanumeric characters can be selected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Lock\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against an illegal login attempt attack such as a brute force attack or a password list attack.\u003Cbr \u002F>\nEspecially, it is the function to prevent an automated attack. The connection source IP address the number of login failure of which reaches\u003Cbr \u002F>\nthe specified number within the specified period is blocked for the specified time.\u003Cbr \u002F>\nEach user account is not locked.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Alert\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to make it easier to notice unauthorized login. E-mail will be sent to a login user when logged in.\u003Cbr \u002F>\nIf you receive an e-mail to there is no logged-in idea, please suspect unauthorized login.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fail Once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to decrease the vulnerability against a password list attack. Even is the login input is correct, the first login must fail.\u003Cbr \u002F>\nAfter 5 seconds and later within 60 seconds, another correct login input make login succeed. At the first login failure, the following error message is displayed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Pingback\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The pingback function is disabled and its abuse is prevented.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Author Query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prevents leakage of user names due to “\u002F?author=” access.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Updates Notify\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Basic of security is that always you use the latest version. If WordPress core, plugins, and themes updates are needed , sends email to notify administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WAF Tuning Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is the function to create the rule to avoid the false detection in WordPress (including 403 error occurrence with normal access,)\u003Cbr \u002F>\nif WAF ( SiteGuard Server Edition ) by EG Secure Solutions is installed on a Web server. WAF prevents the attack from the outside against the Web server,\u003Cbr \u002F>\nbut for some WordPress or plugin functions, WAF may detect the attack which is actually not attack and block the function.\u003Cbr \u002F>\nBy creating the WAF exclude rule, the WAF protection function can be activated while the false detection for the specified function is prevented.\u003C\u002Fp>\n\u003Ch4>Translate\u003C\u002Fh4>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to sgdev@jp-secure.com so that We can bundle it into SiteGuard WP Plugin. You can download the latest \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Ftrunk\u002Flanguages\u002Fsiteguard.pot\" rel=\"nofollow ugc\">POT file\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsiteguard\u002Fbranches\u002Flanguages\u002F\" rel=\"nofollow ugc\">PO files in each language\u003C\u002Fa>.\u003C\u002Fp>\n","SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.",600000,5177761,86,15,"2025-12-04T04:47:00.000Z","3.9","",[21,54,55,56,24],"login-alert","login-lock","pingback","http:\u002F\u002Fwww.jp-secure.com\u002Fcont\u002Fproducts\u002Fsiteguard_wp_plugin\u002Findex_en.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsiteguard.1.7.9.zip",76,1,"2026-02-23 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":52,"download_link":82,"security_score":83,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[79,21,80,24,81],"2fa","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":11,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":52,"tags":98,"homepage":102,"download_link":103,"security_score":104,"vuln_count":60,"unpatched_count":28,"last_vuln_date":105,"fetched_at":30},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1369961,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[99,22,100,101,24],"google","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",85,"2022-08-16 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":77,"requires_at_least":17,"requires_php":77,"tags":119,"homepage":121,"download_link":122,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"login-security-recaptcha","Login Security Captcha","1.8.4","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,286646,98,20,"2026-03-11T00:40:00.000Z",[21,120,22,101,24],"cloudflare","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.4.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":114,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":16,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":52,"download_link":140,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-login-captcha","Simple Login Captcha","1.3.6","Nikolay Nikolov","https:\u002F\u002Fprofiles.wordpress.org\u002Fnnikolov\u002F","\u003Cp>A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.\u003C\u002Fp>\n\u003Cp>The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\" rel=\"nofollow ugc\">https:\u002F\u002Fnikolaydev.com\u002Fwp-login.php\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Simple\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No complicated features\u003C\u002Fli>\n\u003Cli>No settings\u003C\u002Fli>\n\u003Cli>No image generation\u003C\u002Fli>\n\u003Cli>No API\u003C\u002Fli>\n\u003Cli>No sessions\u003C\u002Fli>\n\u003Cli>No cookies\u003C\u002Fli>\n\u003Cli>No IP address detection\u003C\u002Fli>\n\u003Cli>No personal data collection\u003C\u002Fli>\n\u003Cli>No vulnerabilities in the programming code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Recommendation\u003C\u002Fh4>\n\u003Cp>Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-xml-rpc\u002F\" rel=\"ugc\">Disable XML-RPC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.\u003C\u002Fp>\n","Adds a simple 3-digit number captcha on the login form.",74617,78,17,"2025-12-04T15:24:00.000Z","3.5","5.2",[21,22,24,138,139],"simple","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-captcha.1.3.6.zip",{"attackSurface":142,"codeSignals":154,"taintFlows":207,"riskAssessment":208,"analyzedAt":222},{"hooks":143,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":28,"unprotectedCount":28},[144],{"type":145,"name":146,"callback":147,"file":148,"line":149},"filter","cron_schedules","CaptAjx\\wpCap_intervals","captcha-ajax.php",476,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":60,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":206},[],{"prepared":28,"raw":28,"locations":157},[],{"escaped":28,"rawEcho":159,"locations":160},22,[161,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204],{"file":148,"line":162,"context":163},200,"raw output",{"file":148,"line":165,"context":163},201,{"file":148,"line":167,"context":163},207,{"file":148,"line":169,"context":163},208,{"file":148,"line":171,"context":163},555,{"file":148,"line":173,"context":163},556,{"file":148,"line":175,"context":163},706,{"file":148,"line":177,"context":163},707,{"file":148,"line":179,"context":163},713,{"file":148,"line":181,"context":163},714,{"file":148,"line":183,"context":163},863,{"file":148,"line":185,"context":163},864,{"file":148,"line":187,"context":163},994,{"file":148,"line":189,"context":163},995,{"file":148,"line":191,"context":163},1310,{"file":148,"line":193,"context":163},1352,{"file":148,"line":195,"context":163},1358,{"file":148,"line":197,"context":163},1413,{"file":148,"line":199,"context":163},1497,{"file":148,"line":201,"context":163},1577,{"file":148,"line":203,"context":163},1610,{"file":148,"line":205,"context":163},1616,[],[],{"summary":209,"deductions":210},"The \"captcha-ajax\" plugin version 1.14.8 exhibits a mixed security posture. On the positive side, it demonstrates a strong adherence to secure coding practices regarding database interactions, with 100% of SQL queries utilizing prepared statements and no known historical vulnerabilities or CVEs. The absence of a significant attack surface through AJAX handlers, REST API routes, shortcodes, or cron events, and no identified critical or high severity taint flows, are also positive indicators.\n\nHowever, there are significant areas of concern. The most striking issue is that 0% of the 22 identified output points are properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the user's browser. Furthermore, the plugin performs a file operation without clear indication of sanitization or authorization checks, which could potentially lead to unauthorized file access or manipulation. The complete lack of nonce checks and capability checks on its entry points, though limited in number, also leaves the plugin vulnerable to CSRF attacks or unauthorized access if any entry points were to become exposed in the future.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and historical exploits, the critical deficiency in output escaping and the potential risks associated with file operations and lack of authorization checks on entry points create significant security weaknesses. These issues need to be addressed to improve the plugin's overall security.",[211,214,217,220],{"reason":212,"points":213},"No output escaping for 22 outputs",18,{"reason":215,"points":216},"File operation without clear security checks",8,{"reason":218,"points":219},"No nonce checks on entry points",7,{"reason":221,"points":219},"No capability checks on entry points","2026-03-16T21:18:51.882Z",{"wat":224,"direct":229},{"assetPaths":225,"generatorPatterns":226,"scriptPaths":227,"versionParams":228},[],[],[],[],{"cssClasses":230,"htmlComments":231,"htmlAttributes":232,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":235},[],[],[],[],[],[]]