[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTCju3gI6mb5rwNCCOyVWJBA4smNU9n7c90zkgUZBoY4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":76,"crawl_stats":38,"alternatives":83,"analysis":174,"fingerprints":592},"change-wp-admin-login","All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.","2.1.1","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>👑\u003Ca href=\"https:\u002F\u002Faiologin.com\u002Fpricing\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=check_out_premium_version\" rel=\"nofollow ugc\">Check Out Premium Version\u003C\u002Fa> | 📘\u003Ca href=\"https:\u002F\u002Faiologin.com\u002Fdocs\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=technical_documentation\" rel=\"nofollow ugc\">Technical Documentation\u003C\u002Fa> | 🧰\u003Ca href=\"https:\u002F\u002Faiologin.com\u002Ffeatures\u002F?utm_source=wp_org&utm_medium=readme&utm_campaign=see_all_features\" rel=\"nofollow ugc\">See all Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FkDWrQNvZO0s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Looking for a one-stop solution to protect and customize your WordPress login page (wp-admin)? If that’s what you need, then \u003Ca href=\"https:\u002F\u002Faiologin.com\u002F\" rel=\"nofollow ugc\">Download All in One Login Plugin NOW\u003C\u002Fa>]\u003C\u002Fp>\n\u003Cp>Over \u003Cstrong>70,000 website owners\u003C\u002Fstrong> already use All in One Login for their WordPress login security and customization. 🎉\u003C\u002Fp>\n\u003Cp>And the reason for that is obvious! 👇\u003C\u002Fp>\n\u003Cp>AIO Login is a \u003Cstrong>top-notch WordPress admin security plugin\u003C\u002Fstrong> that empowers you to secure and customize the WordPress wp-admin login page. Which means it offers robust security features and extensive customization options. 🤯\u003C\u002Fp>\n\u003Cp>So, if you really want to level up your WordPress login security, then \u003Cstrong>AIO Login is a must-have plugin.\u003C\u002Fstrong> 💯\u003C\u002Fp>\n\u003Cp>From changing the WP-Admin URL to integrating Google reCAPTCHA, \u003Cstrong>AIO Login provides everything you need\u003C\u002Fstrong> to secure and customize your WordPress login page.\u003C\u002Fp>\n\u003Cp>Isn’t that amazing? Wait until you see its features❕ 😃 🚀\u003C\u002Fp>\n\u003Ch3>Key Features Our Users 🤍 About All In One Login\u003C\u002Fh3>\n\u003Cp>The All in One Login plugin includes all the essential features that ensure the best WordPress login protection and customization.\u003C\u002Fp>\n\u003Cp>Let’s explore some of its key features: 👇\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Change WP-Admin URL\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Secure your site by changing the default WP-Admin URL. Hide the WordPress login page from hackers and prevent unauthorized access with a simple custom login URL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protect your WordPress login page from spam and bots. Add Google reCAPTCHA v2 or v3 to your WP-Admin for secure authentication and reduce automated login attempts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Limit Login Attempts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Prevent brute-force attacks by limiting failed login attempts. Lock out users after multiple failures and safeguard your WP-Admin with this WordPress limit login attempts plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️WordPress Login Customization [Free + Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Create a branded, customized WordPress login page. Use templates, custom logos, background images, and CSS to personalize the WP-Admin experience for better user engagement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Disable Common Usernames [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block weak or predictable usernames to improve WordPress login security. Force unique usernames and prevent attackers from exploiting common entries on your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Password Strength Checker [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enforce strong passwords for WordPress users. Set minimum length, character rules, and uppercase\u002Flowercase requirements to ensure secure credentials and prevent unauthorized WP-Admin access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Ban User\u002FIP Address [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block unwanted users or IP addresses instantly. Restrict access to your WordPress login page and protect WP-Admin from hackers using this IP and user ban plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ App-Based 2FA [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add two-factor authentication to WordPress login. Enhance security for WP-Admin and ensure only authorized users can access your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Temp Access URL [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Generate temporary access URLs for specific users. Control the number of visits and expiration to grant a short-term login without compromising WordPress site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Whitelist IP Addresses [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Allow only trusted IP addresses to access your WordPress login page. Restrict WP-Admin access to selected users, adding an extra security layer to your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ Social Login Integration [Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enable users to log in with Google, Facebook, Microsoft, or LINE. Simplify WordPress and WooCommerce registration while improving security and user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ User Enumeration [Free + Pro]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block attackers from discovering WordPress usernames through author or query string requests. This prevents exposure of valid usernames and strengthens login security against brute-force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>✔️ WooCommerce Login Integration [Coming Soon]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Allow customers to log in with social accounts on WooCommerce checkout and account pages. Enhance login security and user experience with Google, Facebook, LinkedIn, Microsoft, or LINE.\u003C\u002Fp>\n\u003Ch3>Don’t Miss Out on Social Login Integrations\u003C\u002Fh3>\n\u003Cp>All in One Login supports social integrations with leading platforms, making sign-in faster, easier, and more secure.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google Social Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Let users log in with one of the most widely used authentication methods worldwide. By enabling Google login, you reduce friction for users, making registration easier.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Facebook Social Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With billions of users globally, Facebook login is a familiar and trusted option for social logins. Allowing users to sign in with Facebook means faster onboarding and less abandonment at registration.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Microsoft Social Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for business and education-focused websites, Microsoft login provides secure authentication. It aligns with the tools professionals already use every day.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>LINE Social Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>LINE has around 184 monthly active users worldwide, which is a great option for websites targeting international audiences.\u003C\u002Fp>\n\u003Ch3>8 Key Reasons to Choose All in One Login 😎\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>⚡ Reason #1: Greater Security for Your WP-Admin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>AIO Login provides robust security features to protect your WP Admin page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Change WP-Admin URL:\u003C\u002Fstrong> Customize the WordPress default login path.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ban User\u002FIP Address:\u003C\u002Fstrong> Block unauthorized access instantly.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Detailed Activity Logs:\u003C\u002Fstrong> Monitor all login attempts\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Limit Login Attempts:\u003C\u002Fstrong> Prevent brute force attacks..\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Whitelist IP Addresses:\u003C\u002Fstrong> Restrict access to trusted IPs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #2: Intuitive Branding and User Engagement\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Create a better user experience with a customized WordPress login page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Templates:\u003C\u002Fstrong> Choose from a variety of templates.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Logo and Background:\u003C\u002Fstrong> Add your branding elements.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Color Customization:\u003C\u002Fstrong> Personalize color schemes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom CSS:\u003C\u002Fstrong> Advanced customization for WP-Admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Engagement:\u003C\u002Fstrong> Create a more engaging login page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #3: Brute Force Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protect your WordPress login page (wp-admin) from brute force attacks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Limits:\u003C\u002Fstrong> Set limits on login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Lockout:\u003C\u002Fstrong> Lock out users after failed attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Lockout Settings:\u003C\u002Fstrong> Customize lockout duration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent Unauthorized Access:\u003C\u002Fstrong> Secure your WP Admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-time Monitoring:\u003C\u002Fstrong> Track login attempts and threats.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #4: Spam Prevention and User Verification\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Prevent spam and unauthorized logins with Google reCAPTCHA integration.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>reCAPTCHA Integration:\u003C\u002Fstrong> Add an extra layer of security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizable Settings:\u003C\u002Fstrong> Choose between v2 and v3.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bot Prevention:\u003C\u002Fstrong> Keep your login page spam-free.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Verification:\u003C\u002Fstrong> Ensure only legitimate users access your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Enumeration:\u003C\u002Fstrong> Prevent your usernames & ID’s from millicious attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Security:\u003C\u002Fstrong> Protect against automated attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #5: Comprehensive Activity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Monitor all login activities for enhanced WordPress login security. See the username, IP address, date, time, lockout list, and more.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Address Ban:\u003C\u002Fstrong> Block specific IPs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Ban:\u003C\u002Fstrong> Prevent specific users from logging in.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Messages:\u003C\u002Fstrong> Display messages for banned users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Control:\u003C\u002Fstrong> Manage who can access your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immediate Action:\u003C\u002Fstrong> Take action against threats swiftly.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #6: Immediate Blocking of Suspicious Users\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Block suspicious users instantly to prevent unauthorized access to your WordPress login page and set a custom message on display for banned users.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-time Logs:\u003C\u002Fstrong> Track login attempts in real time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Activity:\u003C\u002Fstrong> Monitor user activities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Address Tracking:\u003C\u002Fstrong> Review IP addresses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Attempts:\u003C\u002Fstrong> Get details on failed attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Security Audits:\u003C\u002Fstrong> Conduct thorough security audits.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #7: Additional Layer of Security with Mobile-Based 2FA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add an extra layer of security with mobile-based 2FA.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>TOTP Apps Support:\u003C\u002Fstrong> Use Google Authenticator, FreeOTP, or Authy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Two-Factor Authentication:\u003C\u002Fstrong> Secure your login process.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Improved Security:\u003C\u002Fstrong> Ensure only authorized access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Convenient Setup:\u003C\u002Fstrong> Easy to set up and use.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Protection:\u003C\u002Fstrong> Strengthen your WP Admin security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ Reason #8: Simplified Access with Social Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Make logging in easier by allowing users to sign in with their existing social accounts.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multiple Platforms Supported:\u003C\u002Fstrong> Google, Facebook, LinkedIn, and Microsoft.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Faster Onboarding:\u003C\u002Fstrong> Reduce friction during registration and login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Improved User Experience:\u003C\u002Fstrong> No need to remember another password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Lower Abandonment Rates:\u003C\u002Fstrong> Minimize drop-offs at sign-in.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Seamless Integration:\u003C\u002Fstrong> Works smoothly with your WordPress site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faiologin.com\u002Fdocumentation\" rel=\"nofollow ugc\">Click here\u003C\u002Fa> to access our detailed, step-by-step technical documentation for complete security of your WordPress login page (wp-admin).\u003C\u002Fp>\n\u003Ch3>Need Help? Get Expert Assistance\u003C\u002Fh3>\n\u003Cp>Having trouble securing or customizing your WordPress login page (WP-Admin URL)? Don’t worry, our expert support team is here to help! 🤝\u003C\u002Fp>\n\u003Cp>Our dedicated support team is here to guide you through any issues, answer your questions, and assist you in using the plugin to its full potential.\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fobjectsws.atlassian.net\u002Fservicedesk\u002Fcustomer\u002Fportal\u002F35\u002Fgroup\u002F105\u002Fcreate\u002F362\" rel=\"nofollow ugc\">Reach out by opening a support ticket\u003C\u002Fa>, for fast and reliable help. We’re here for you!\u003C\u002Fp>\n","Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.",70000,1244829,70,34,"2026-01-22T06:09:00.000Z","6.9.4","4.6","7.4",[20,21,22,23,24],"custom-login","login","login-url","wp-login","wp-admin","https:\u002F\u002Faiologin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-wp-admin-login.2.1.1.zip",96,3,0,"2025-10-09 00:00:00","2026-03-15T15:16:48.613Z",[33,49,62],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-58595","wordpress-all-in-one-login-plugin-ip-sooofing-to-protection-mechanism-bypass","WordPress All In One Login Plugin \u003C= 2.0.8 - IP Sooofing to Protection Mechanism Bypass","The All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more. plugin for WordPress is vulnerable to IP Address Spoofing in version 2.0.8 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass login protection.",null,">=2.0.8 \u003C=2.0.8","2.0.9","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Protection Mechanism Failure","2025-10-15 15:56:20",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F42dacd44-f676-4d2d-ad7d-9dc5b4af6d8a?source=api-prod",7,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":42,"cvss_vector":56,"vuln_type":44,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2023-3604","change-wp-admin-login-protection-mechanism-failure-to-login-page-disclosure","Change WP Admin Login \u003C= 1.1.3 - Protection Mechanism Failure to Login Page Disclosure","The Change WP Admin Login plugin for WordPress is vulnerable to Protection Mechanism Failure in versions up to, and including, 1.1.3 via the 'filter_wp_login_php' function. This can allow unauthenticated attackers to find the URL of the login page even after it has been hidden by the plugin's functionality.","\u003C=1.1.3","1.1.4","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","2023-07-27 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9410b5b8-1bb2-42d7-8d4d-721131d392e3?source=api-prod",180,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":41,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":58,"references":73,"days_to_patch":75},"CVE-2022-1589","change-wp-admin-login-missing-authorization-checks","Change WP Admin Login \u003C= 1.0.9 - Missing Authorization Checks","The Change WP Admin Login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector","\u003C=1.0.9","1.1.0",5.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:R\u002FS:U\u002FC:L\u002FI:H\u002FA:N","Incorrect Authorization","2022-05-09 00:00:00",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F616c8ab8-3200-41fb-9d31-5d36873742cb?source=api-prod",624,{"slug":77,"display_name":7,"profile_url":8,"plugin_count":78,"total_installs":79,"avg_security_score":27,"avg_patch_time_days":80,"trust_score":81,"computed_at":82},"saadiqbal",84,1428520,287,76,"2026-04-03T23:37:06.255Z",[84,105,124,136,155],{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":16,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":102,"download_link":103,"security_score":104,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"rename-wp-admin-login","Rename wp-admin login","1.0.0","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>\u003Cem>Rename wp-admin login\u003C\u002Fem> is a plugin that allows us to rename wp-admin login URL to anything you want. It does not change WordPress core files, the plugin simply intercepts page requests and works on any WordPress website. After you activate this plugin the wp-admin URL and wp-login.php will become unavailable, so you should bookmark or remember the url. Disable this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002Freviews\u002F?filter=5\" rel=\"ugc\">Rate It\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fnunosarmento\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a problem?\u003C\u002Fstrong> Please write a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002F\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use the plugin\u003C\u002Fh3>\n\u003Cp>Go under Settings and then click on “Permalinks” and change your URL under “Rename wp-admin login”.\u003C\u002Fp>\n\u003Cp>Step 1: Add new login URL\u003C\u002Fp>\n\u003Cp>Step 2: Add redirect URL\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was forked\u002Fadapted\u002Ffixed\u002Fupdated from this plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-login\u002F – @ellatrix thank you for starting the base of my plugin.\u003C\u002Fp>\n","Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want",7000,17102,86,6,"2025-12-02T13:00:00.000Z","5.0","",[100,101,21,85,24],"change-wp-login","custom-login-url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-admin-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-admin-login.1.0.0.zip",100,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":104,"num_ratings":28,"last_updated":115,"tested_up_to":116,"requires_at_least":97,"requires_php":117,"tags":118,"homepage":122,"download_link":123,"security_score":104,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,"2025-07-01T05:30:00.000Z","6.8.5","7.2",[101,119,120,24,121],"hide-login","security","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":29,"downloaded":132,"rating":29,"num_ratings":29,"last_updated":133,"tested_up_to":16,"requires_at_least":97,"requires_php":117,"tags":134,"homepage":98,"download_link":135,"security_score":104,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",179,"2025-12-10T04:07:00.000Z",[101,21,120,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":27,"num_ratings":146,"last_updated":147,"tested_up_to":16,"requires_at_least":148,"requires_php":149,"tags":150,"homepage":98,"download_link":152,"security_score":153,"vuln_count":113,"unpatched_count":29,"last_vuln_date":154,"fetched_at":31},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,2101,"2026-01-12T08:47:00.000Z","4.1","7.0",[101,21,151,23,121],"rename","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"slug":156,"name":157,"version":87,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":29,"num_ratings":29,"last_updated":164,"tested_up_to":165,"requires_at_least":166,"requires_php":167,"tags":168,"homepage":171,"download_link":172,"security_score":173,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"hide-wp-admin-login","Hide WP Admin Login","AppAspect Technologies Pvt. Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fappaspect\u002F","\u003Cp>This plugin \u003Cem>Hide WP Admin Login\u003C\u002Fem> allows to change the default WordPress Admin URL from wp-login.php and wp-admin to anything you want. All original links turn the default theme to “404 Not Found” page without rename or change files in core, nor does it add rewrite rules. Secure your website in just minutes with the \u003Cem>Hide WP Admin Login\u003C\u002Fem> plugin. Protect your WordPress site against hacker bots and spammers. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n","Change WordPress wp-login.php URL to anything you want.",600,3118,"2023-12-18T09:22:00.000Z","6.4.8","5.6","7.1",[169,101,156,170],"change-login-url","wordpress-login-url","https:\u002F\u002Fappaspectshop.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-wp-admin-login.1.0.0.zip",85,{"attackSurface":175,"codeSignals":507,"taintFlows":541,"riskAssessment":580,"analyzedAt":591},{"hooks":176,"ajaxHandlers":383,"restRoutes":384,"shortcodes":504,"cronEvents":505,"entryPointCount":506,"unprotectedCount":29},[177,182,185,189,192,195,200,205,208,211,213,215,218,221,225,228,232,235,238,242,244,248,250,254,259,262,265,266,270,272,275,277,281,284,286,291,295,298,303,306,308,311,314,317,321,325,327,330,333,336,340,343,346,348,351,355,358,362,364,366,368,372,376,380],{"type":178,"name":179,"callback":180,"file":181,"line":14},"action","init","register_settings_tabs","includes\\admin\\class-admin.php",{"type":178,"name":183,"callback":183,"file":181,"line":184},"admin_enqueue_scripts",35,{"type":178,"name":183,"callback":186,"priority":187,"file":181,"line":188},"admin_mount_script",20,36,{"type":178,"name":190,"callback":190,"file":181,"line":191},"admin_menu",37,{"type":178,"name":193,"callback":193,"file":181,"line":194},"rest_api_init",39,{"type":178,"name":196,"callback":197,"file":198,"line":199},"aio_login__footer","closure","includes\\admin\\settings\\dashboard.php",173,{"type":178,"name":201,"callback":202,"file":203,"line":204},"admin_notices","admin_notices_incompatible","includes\\change-wp-admin-login\\class-change-wp-admin-login.php",122,{"type":178,"name":206,"callback":202,"file":203,"line":207},"network_admin_notices",123,{"type":178,"name":209,"callback":209,"file":203,"line":210},"admin_init",128,{"type":178,"name":201,"callback":201,"file":203,"line":212},129,{"type":178,"name":206,"callback":201,"file":203,"line":214},130,{"type":178,"name":216,"callback":216,"file":203,"line":217},"wpmu_options",138,{"type":178,"name":219,"callback":219,"file":203,"line":220},"update_wpmu_options",139,{"type":178,"name":222,"callback":222,"priority":223,"file":203,"line":224},"plugins_loaded",1,144,{"type":178,"name":226,"callback":226,"file":203,"line":227},"wp_loaded",145,{"type":229,"name":230,"callback":230,"priority":113,"file":203,"line":231},"filter","site_url",146,{"type":229,"name":233,"callback":233,"priority":113,"file":203,"line":234},"network_site_url",147,{"type":229,"name":236,"callback":236,"priority":113,"file":203,"line":237},"wp_redirect",148,{"type":229,"name":239,"callback":240,"file":203,"line":241},"site_option_welcome_email","welcome_email",149,{"type":178,"name":193,"callback":193,"file":203,"line":243},153,{"type":178,"name":179,"callback":245,"file":246,"line":247},"load_textdomain","includes\\class-aio-login.php",94,{"type":178,"name":179,"callback":249,"file":246,"line":153},"if_activation_hook_not_triggered",{"type":178,"name":251,"callback":252,"file":246,"line":253},"wp_initialize_site","new_site_registered",98,{"type":229,"name":255,"callback":256,"file":257,"line":258},"aio_login__wp_authenticate_user","wp_authenticate_user","includes\\google-recaptcha\\class-google-recaptcha.php",89,{"type":178,"name":260,"callback":260,"file":257,"line":261},"login_enqueue_scripts",90,{"type":178,"name":263,"callback":263,"file":257,"line":264},"login_form",91,{"type":178,"name":193,"callback":193,"file":257,"line":247},{"type":178,"name":179,"callback":267,"file":268,"line":269},"after_init","includes\\login-controller\\class-login-controller.php",67,{"type":178,"name":260,"callback":260,"file":268,"line":271},68,{"type":229,"name":256,"callback":256,"priority":273,"file":268,"line":274},999,69,{"type":178,"name":276,"callback":276,"priority":113,"file":268,"line":13},"wp_login_failed",{"type":229,"name":278,"callback":279,"file":268,"line":280},"login_errors","wp_login_failed_message",71,{"type":178,"name":263,"callback":282,"file":268,"line":283},"add_hidden_fields",72,{"type":178,"name":193,"callback":193,"file":268,"line":285},74,{"type":178,"name":260,"callback":287,"priority":288,"file":289,"line":290},"login_output",15,"includes\\login-customization\\class-login-customization-output.php",92,{"type":229,"name":292,"callback":293,"file":289,"line":294},"login_headerurl","login_header_url",93,{"type":178,"name":193,"callback":193,"file":296,"line":297},"includes\\login-customization\\class-login-customization.php",24,{"type":178,"name":299,"callback":300,"file":301,"line":302},"template_redirect","block_author_pages","includes\\user-enumeration-protection\\class-user-enumeration-protection.php",64,{"type":229,"name":304,"callback":305,"file":301,"line":269},"wp_sitemaps_users_query_args","disable_author_sitemaps",{"type":178,"name":299,"callback":307,"file":301,"line":271},"block_author_sitemap_urls",{"type":229,"name":309,"callback":310,"file":301,"line":274},"wp_sitemaps_providers","remove_users_sitemap_provider",{"type":229,"name":312,"callback":313,"priority":113,"file":301,"line":13},"wp_sitemaps_index_entry","filter_sitemap_index_entry",{"type":229,"name":315,"callback":316,"priority":113,"file":301,"line":285},"oembed_response_data","filter_oembed_response",{"type":229,"name":318,"callback":319,"priority":113,"file":301,"line":320},"rest_authentication_errors","protect_rest_api",79,{"type":229,"name":322,"callback":323,"file":301,"line":324},"rest_user_collection_params","filter_user_collection_params",80,{"type":229,"name":278,"callback":326,"file":301,"line":173},"generic_login_error",{"type":229,"name":328,"callback":329,"file":301,"line":94},"registration_errors","generic_registration_error",{"type":229,"name":331,"callback":332,"priority":113,"file":301,"line":264},"get_comment_author","filter_comment_author",{"type":229,"name":334,"callback":335,"priority":113,"file":301,"line":290},"get_comment_author_url","filter_comment_author_url",{"type":229,"name":337,"callback":338,"file":301,"line":339},"the_author","obfuscate_author_name",97,{"type":229,"name":341,"callback":342,"file":301,"line":253},"author_link","obfuscate_author_link",{"type":229,"name":344,"callback":338,"file":301,"line":345},"get_the_author",99,{"type":229,"name":347,"callback":338,"file":301,"line":104},"get_the_author_display_name",{"type":229,"name":349,"callback":342,"file":301,"line":350},"the_author_posts_link",101,{"type":229,"name":352,"callback":353,"file":301,"line":354},"the_content","obfuscate_author_in_content",102,{"type":178,"name":276,"callback":356,"file":301,"line":357},"log_failed_login",107,{"type":178,"name":359,"callback":360,"file":301,"line":361},"user_register","log_registration_attempt",108,{"type":229,"name":337,"callback":338,"file":301,"line":363},212,{"type":229,"name":347,"callback":338,"file":301,"line":365},213,{"type":229,"name":344,"callback":338,"file":301,"line":367},214,{"type":229,"name":369,"callback":370,"priority":113,"file":301,"line":371},"get_avatar","obfuscate_author_avatar",216,{"type":229,"name":373,"callback":374,"file":301,"line":375},"author_feed_link","__return_empty_string",217,{"type":178,"name":377,"callback":378,"file":301,"line":379},"wp_head","remove_author_meta",220,{"type":178,"name":377,"callback":381,"file":301,"line":382},"add_obfuscation_css",223,[],[385,393,398,405,410,415,421,426,431,435,440,444,448,453,457,460,464,467,473,477,482,487,492,496,500],{"namespace":386,"route":387,"methods":388,"callback":390,"permissionCallback":391,"file":181,"line":392},"aio-login\u002Fdashboard","\u002Fget-settings",[389],"GET","get_settings","get_api_permission",326,{"namespace":386,"route":394,"methods":395,"callback":396,"permissionCallback":391,"file":181,"line":397},"\u002Fget-counts",[389],"get_counts",336,{"namespace":399,"route":400,"methods":401,"callback":403,"permissionCallback":391,"file":181,"line":404},"aio-login\u002Fdashboard\u002Fupdate","\u002Flimit-login-attempts",[402],"POST","update_limit_login_attempts",346,{"namespace":399,"route":406,"methods":407,"callback":408,"permissionCallback":391,"file":181,"line":409},"\u002Ftwo-factor-authentication",[402],"update_two_factor_authentication",356,{"namespace":399,"route":411,"methods":412,"callback":413,"permissionCallback":391,"file":181,"line":414},"\u002Fblock-ip-address",[402],"update_block_ip_address",366,{"namespace":416,"route":417,"methods":418,"callback":419,"permissionCallback":391,"file":181,"line":420},"aio-login\u002Fdashboard\u002Flogs","\u002Flockouts",[389],"get_lockouts",376,{"namespace":416,"route":422,"methods":423,"callback":424,"permissionCallback":391,"file":181,"line":425},"\u002Ffailed-logins",[389],"get_failed_logins",386,{"namespace":386,"route":427,"methods":428,"callback":429,"permissionCallback":391,"file":181,"line":430},"\u002Fuser-enumeration-settings",[389],"get_user_enumeration_settings",397,{"namespace":399,"route":427,"methods":432,"callback":433,"permissionCallback":391,"file":181,"line":434},[402],"update_user_enumeration_settings",407,{"namespace":386,"route":436,"methods":437,"callback":438,"permissionCallback":391,"file":181,"line":439},"\u002Factivity-log-settings",[389],"get_activity_log_settings",418,{"namespace":399,"route":436,"methods":441,"callback":442,"permissionCallback":391,"file":181,"line":443},[402],"update_activity_log_settings",428,{"namespace":445,"route":387,"methods":446,"callback":390,"permissionCallback":391,"file":203,"line":447},"aio-login\u002Fchange-wp-admin-login",[389],685,{"namespace":445,"route":449,"methods":450,"callback":451,"permissionCallback":391,"file":203,"line":452},"\u002Fsave-settings",[402],"save_settings",695,{"namespace":454,"route":387,"methods":455,"callback":390,"permissionCallback":391,"file":257,"line":456},"aio-login\u002Fgrecaptcha",[389],232,{"namespace":454,"route":449,"methods":458,"callback":451,"permissionCallback":391,"file":257,"line":459},[402],242,{"namespace":461,"route":387,"methods":462,"callback":390,"permissionCallback":391,"file":268,"line":463},"aio-login\u002Flimit-login-attempts",[389],248,{"namespace":461,"route":449,"methods":465,"callback":451,"permissionCallback":391,"file":268,"line":466},[402],258,{"namespace":468,"route":469,"methods":470,"callback":471,"permissionCallback":391,"file":268,"line":472},"aio-login\u002Flogs","\u002Ffailed-login",[389],"get_failed_logs",268,{"namespace":468,"route":417,"methods":474,"callback":475,"permissionCallback":391,"file":268,"line":476},[389],"lockouts",278,{"namespace":478,"route":387,"methods":479,"callback":480,"permissionCallback":391,"file":296,"line":481},"aio-login\u002Fcustom-css",[389],"get_custom_css_settings",31,{"namespace":478,"route":483,"methods":484,"callback":485,"permissionCallback":391,"file":296,"line":486},"save-custom-css-settings",[402],"save_custom_css_settings",40,{"namespace":488,"route":387,"methods":489,"callback":490,"permissionCallback":391,"file":296,"line":491},"aio-login\u002Fbackground",[389],"get_background_settings",50,{"namespace":488,"route":449,"methods":493,"callback":494,"permissionCallback":391,"file":296,"line":495},[402],"save_background_settings",59,{"namespace":497,"route":387,"methods":498,"callback":499,"permissionCallback":391,"file":296,"line":274},"aio-login\u002Flogo",[389],"get_logo_settings",{"namespace":497,"route":449,"methods":501,"callback":502,"permissionCallback":391,"file":296,"line":503},[402],"save_logo_settings",78,[],[],25,{"dangerousFunctions":508,"sqlUsage":509,"outputEscaping":511,"fileOperations":29,"externalRequests":531,"nonceChecks":113,"capabilityChecks":532,"bundledLibraries":533},[],{"prepared":187,"raw":29,"locations":510},[],{"escaped":354,"rawEcho":512,"locations":513},8,[514,517,519,520,522,524,526,528],{"file":203,"line":515,"context":516},171,"raw output",{"file":203,"line":518,"context":516},390,{"file":203,"line":430,"context":516},{"file":203,"line":521,"context":516},410,{"file":203,"line":523,"context":516},427,{"file":203,"line":525,"context":516},440,{"file":527,"line":173,"context":516},"includes\\login-controller\\class-failed-login-activity-logs.php",{"file":529,"line":530,"context":516},"includes\\login-controller\\class-lockouts-activity-logs.php",114,2,5,[534,538],{"name":535,"version":536,"knownCves":537},"Freemius","1.0",[],{"name":539,"version":38,"knownCves":540},"DataTables",[],[542,561,569],{"entryPoint":543,"graph":544,"unsanitizedCount":29,"severity":560},"admin_init (includes\\change-wp-admin-login\\class-change-wp-admin-login.php:213)",{"nodes":545,"edges":557},[546,551],{"id":547,"type":548,"label":549,"file":203,"line":550},"n0","source","$_POST (x2)",282,{"id":552,"type":553,"label":554,"file":203,"line":555,"wp_function":556},"n1","sink","update_option() [Settings Manipulation]",283,"update_option",[558],{"from":547,"to":552,"sanitized":559},true,"low",{"entryPoint":562,"graph":563,"unsanitizedCount":29,"severity":560},"\u003Cclass-change-wp-admin-login> (includes\\change-wp-admin-login\\class-change-wp-admin-login.php:0)",{"nodes":564,"edges":567},[565,566],{"id":547,"type":548,"label":549,"file":203,"line":550},{"id":552,"type":553,"label":554,"file":203,"line":555,"wp_function":556},[568],{"from":547,"to":552,"sanitized":559},{"entryPoint":570,"graph":571,"unsanitizedCount":29,"severity":560},"\u003Cclass-lockouts-activity-logs> (includes\\login-controller\\class-lockouts-activity-logs.php:0)",{"nodes":572,"edges":578},[573,575],{"id":547,"type":548,"label":574,"file":529,"line":495},"$_POST",{"id":552,"type":553,"label":576,"file":529,"line":530,"wp_function":577},"echo() [XSS]","echo",[579],{"from":547,"to":552,"sanitized":559},{"summary":581,"deductions":582},"The \"change-wp-admin-login\" plugin, version 2.1.1, exhibits a generally strong security posture based on static analysis. A significant positive aspect is the complete absence of unprotected entry points across its REST API routes and AJAX handlers. Furthermore, all SQL queries are secured using prepared statements, and a high percentage of output is properly escaped, indicating good development practices in preventing common web vulnerabilities. The plugin also demonstrates diligent use of nonces and capability checks. However, the presence of two external HTTP requests warrants careful review to ensure these connections are not exploited for data exfiltration or other malicious purposes. The plugin also bundles Freemius and DataTables, which should be monitored for their own security vulnerabilities.\n\nDespite the current static analysis showing no critical or high severity issues, the plugin's vulnerability history is a significant concern. With three previously discovered medium severity vulnerabilities, all of which are now patched, it indicates a pattern of weaknesses that have required remediation. The common vulnerability types of \"Protection Mechanism Failure\" and \"Incorrect Authorization\" suggest that the plugin's core security features have been susceptible to bypass or misconfiguration in the past. While the current version has no unpatched vulnerabilities, this historical pattern necessitates ongoing vigilance and a proactive approach to security updates, as past issues can sometimes resurface or be exploited in new ways.",[583,585,587,589],{"reason":584,"points":28},"Bundled library: Freemius v1.0",{"reason":586,"points":28},"Bundled library: DataTables",{"reason":588,"points":532},"External HTTP requests present",{"reason":590,"points":288},"History of 3 medium severity CVEs","2026-03-16T17:14:42.366Z",{"wat":593,"direct":602},{"assetPaths":594,"generatorPatterns":597,"scriptPaths":598,"versionParams":599},[595,596],"\u002Fwp-content\u002Fplugins\u002Fchange-wp-admin-login\u002Fassets\u002Fcss\u002Fapp.css","\u002Fwp-content\u002Fplugins\u002Fchange-wp-admin-login\u002Fassets\u002Fjs\u002Fapp.js",[],[596],[600,601],"change-wp-admin-login\u002Fassets\u002Fcss\u002Fapp.css?ver=","change-wp-admin-login\u002Fassets\u002Fjs\u002Fapp.js?ver=",{"cssClasses":603,"htmlComments":606,"htmlAttributes":607,"restEndpoints":608,"jsGlobals":610,"shortcodeOutput":612},[604,605],"aio-login__app","aio-login__submenu-handler-styles",[],[],[609],"\u002Fwp-json\u002Faio-login\u002F",[611],"aio_login__app_object",[]]