[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHAi_N0yZ_A6fIc1LTdv8ZBOODB6-bt7rml0HZIlxJoc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":121,"fingerprints":211},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",0,179,"2025-12-10T04:07:00.000Z","6.9.4","5.0","7.2",[18,19,20,21,22],"custom-login-url","login","security","wp-login","wp-admin","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"yasirkhalifa",5,2610,30,94,"2026-04-04T01:10:28.999Z",[37,55,72,90,104],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":15,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,3,"2025-07-01T05:30:00.000Z","6.8.5",[18,51,20,22,52],"hide-login","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":14,"requires_at_least":15,"requires_php":23,"tags":68,"homepage":70,"download_link":71,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"rename-wp-admin-login","Rename wp-admin login","1.0.0","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>\u003Cem>Rename wp-admin login\u003C\u002Fem> is a plugin that allows us to rename wp-admin login URL to anything you want. It does not change WordPress core files, the plugin simply intercepts page requests and works on any WordPress website. After you activate this plugin the wp-admin URL and wp-login.php will become unavailable, so you should bookmark or remember the url. Disable this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002Freviews\u002F?filter=5\" rel=\"ugc\">Rate It\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fnunosarmento\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a problem?\u003C\u002Fstrong> Please write a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002F\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use the plugin\u003C\u002Fh3>\n\u003Cp>Go under Settings and then click on “Permalinks” and change your URL under “Rename wp-admin login”.\u003C\u002Fp>\n\u003Cp>Step 1: Add new login URL\u003C\u002Fp>\n\u003Cp>Step 2: Add redirect URL\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was forked\u002Fadapted\u002Ffixed\u002Fupdated from this plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-login\u002F – @ellatrix thank you for starting the base of my plugin.\u003C\u002Fp>\n","Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want",7000,17102,86,6,"2025-12-02T13:00:00.000Z",[69,18,19,56,22],"change-wp-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-admin-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-admin-login.1.0.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":65,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":23,"tags":86,"homepage":23,"download_link":88,"security_score":89,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"unauthorised-login-redirect","Unauthorised Login Redirect","0.3.9.1","RSimpson","https:\u002F\u002Fprofiles.wordpress.org\u002Frsimpson\u002F","\u003Cp>This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL of your specification, with every other request being redirected to a different URL of your specification.\u003C\u002Fp>\n","This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL.",200,5874,4,"2023-12-21T03:14:00.000Z","6.4.8","4.3",[19,87,20,21,22],"redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funauthorised-login-redirect.zip",85,{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":45,"downloaded":98,"rating":11,"num_ratings":11,"last_updated":99,"tested_up_to":49,"requires_at_least":15,"requires_php":16,"tags":100,"homepage":23,"download_link":103,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",612,"2025-05-09T10:19:00.000Z",[101,18,102,20,22],"brute-force-protection","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":45,"downloaded":112,"rating":11,"num_ratings":11,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":119,"download_link":120,"security_score":89,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"swiftninjapro-wp-login-whitelist-ip","WP-Login and WP-Admin Whitelist","1.11.1","SwiftNinjaPro","https:\u002F\u002Fprofiles.wordpress.org\u002Fswiftninjapro\u002F","\u003Cp>A Plugin That only allows whitelisted IP’s, or optionally whitelisted browsers, to access wp-login.\u003Cbr \u002F>\nThis plugin does Not effect front-end login plugins.\u003Cbr \u002F>\nIf an IP is not whitelisted, the wp-login page will be killed and replaced with a message saying “your IP\u002FBrowser is not whitelisted”, or optionally redirect the user to 404 page instead.\u003C\u002Fp>\n\u003Cp>A better way to hide wp-login. You can add a list of admin IP’s to this plugin, where you want to allow usage of wp-login.\u003Cbr \u002F>\nEven if you have other users that login, its better to use another plugin for a more secure front end login, and this plugin will only allow a specific list of IP’s to access the wp-login page.\u003Cbr \u002F>\nYou can also (optionally) have this plugin attempt to redirect anyone to 404 page, if they try and access wp-login without the right IP.\u003Cbr \u002F>\nYou can also choose to disable the 404 redirect, and instead tell users there IP is not whitelisted, and that they should contact the admin if this is in error.\u003Cbr \u002F>\nThe plugin does Not block wp-admin, so once logged in, you can still edit your site on the go.\u003Cbr \u002F>\nThe plugin also has an option to whitelist your favorite common browsers to wp-login. This means you can keep users from accessing the wp-login page, simply because there using Internet Explore, and not what you chose to allow.\u003Cbr \u002F>\nThere is another option (which may return false positives), that attempts to check if the source of an IP is commonly used by a proxy server, and can block proxy IP’s to try and reduce spoofing.\u003C\u002Fp>\n","A Plugin That only allows whitelisted IP's, or optionally whitelisted browsers, to access wp-login, or optionally wp-admin.",2507,"2020-11-04T18:56:00.000Z","5.5.18","3.0.1","5.2.4",[19,20,118,21,22],"whitelist","https:\u002F\u002Fwww.swiftninjapro.com\u002Fplugins\u002Fwordpress\u002F?plugin=swiftninjapro-wp-login-whitelist-ip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswiftninjapro-wp-login-whitelist-ip.zip",{"attackSurface":122,"codeSignals":194,"taintFlows":202,"riskAssessment":203,"analyzedAt":210},{"hooks":123,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":11,"unprotectedCount":11},[124,130,133,138,142,145,148,152,155,159,163,167,171,175,179,183,186],{"type":125,"name":126,"callback":127,"priority":11,"file":128,"line":129},"action","init","chlu_block_wp_admin","change-hide-login-url.php",23,{"type":125,"name":126,"callback":131,"file":128,"line":132},"chlu_add_rewrite_rule",24,{"type":134,"name":135,"callback":136,"file":128,"line":137},"filter","auth_redirect_scheme","chlu_override_auth_redirect",25,{"type":125,"name":139,"callback":140,"file":128,"line":141},"template_redirect","chlu_serve_custom_login_url",26,{"type":125,"name":126,"callback":143,"file":128,"line":144},"chlu_block_direct_wp_login",27,{"type":125,"name":139,"callback":146,"file":128,"line":147},"chlu_block_wp_admin_template_redirect",28,{"type":134,"name":149,"callback":150,"priority":45,"file":128,"line":151},"login_url","chlu_filter_login_url",29,{"type":134,"name":153,"callback":154,"priority":45,"file":128,"line":33},"lostpassword_url","chlu_filter_lostpassword_url",{"type":134,"name":156,"callback":157,"file":128,"line":158},"register_url","chlu_filter_register_url",31,{"type":134,"name":160,"callback":161,"priority":25,"file":128,"line":162},"site_url","chlu_replace_wp_login_in_site_url",32,{"type":125,"name":164,"callback":165,"file":128,"line":166},"login_form","chlu_fix_login_form_action",33,{"type":125,"name":168,"callback":169,"file":128,"line":170},"login_form_login","chlu_show_checkemail_message",34,{"type":125,"name":172,"callback":173,"file":128,"line":174},"after_switch_theme","chlu_flush_rewrite_rules",35,{"type":125,"name":176,"callback":177,"file":128,"line":178},"admin_menu","chlu_add_admin_menu",38,{"type":125,"name":180,"callback":181,"file":128,"line":182},"admin_init","chlu_register_settings",39,{"type":125,"name":126,"callback":184,"file":128,"line":185},"chlu_final_block_wp_login",42,{"type":125,"name":187,"callback":188,"file":128,"line":189},"login_enqueue_scripts","closure",151,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":201},[],{"prepared":11,"raw":11,"locations":197},[],{"escaped":199,"rawEcho":11,"locations":200},12,[],[],[],{"summary":204,"deductions":205},"Based on the static analysis, the 'change-hide-login-url' plugin v1.2 exhibits an exceptionally strong security posture. The absence of any identified dangerous functions, direct SQL queries (all use prepared statements), external HTTP requests, file operations, and a complete lack of taint flows with unsanitized paths are significant strengths.  Furthermore, all identified output operations are properly escaped, indicating a good defense against cross-site scripting vulnerabilities.\n\nThe plugin's attack surface is reported as zero, with no AJAX handlers, REST API routes, shortcodes, or cron events. While this drastically reduces the potential for external exploitation, it also raises a slight concern regarding extensibility and potential future development.  The complete absence of nonce checks and capability checks on entry points, while seemingly benign given the reported zero attack surface, is a notable omission. If the plugin were to introduce new entry points in the future, these checks would be critical for preventing unauthorized access and actions.\n\nWith no recorded vulnerabilities in its history, the plugin appears to be stable and has not been a target or a source of known security flaws.  In conclusion, 'change-hide-login-url' v1.2 is demonstrably secure according to the provided static analysis data, with its primary strengths lying in its clean code and absence of exploitable flaws. The only minor point of caution is the lack of authentication checks on entry points, which, while not an immediate issue given the current zero attack surface, represents a potential area for future development to address.",[206,208],{"reason":207,"points":31},"Missing nonce checks on entry points",{"reason":209,"points":31},"Missing capability checks on entry points","2026-03-17T06:23:26.905Z",{"wat":212,"direct":219},{"assetPaths":213,"generatorPatterns":214,"scriptPaths":215,"versionParams":217},[],[],[216],"\u002Fwp-content\u002Fplugins\u002Fchange-hide-login-url\u002Flogin-fix.js",[218],"change-hide-login-url\u002Flogin-fix.js?ver=",{"cssClasses":220,"htmlComments":222,"htmlAttributes":223,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":227},[221],"message",[],[],[],[226],"chlu-login-fix",[]]