[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftxTug1_uzrnKqo-OAe23_8adckSiN9schM3qu0LXilM":3,"$f9hDJ4NFP1rgypLilmcdReKK-U8s7E0l-qDHcgfe8EkI":327,"$f_xcc0QdqmTcb3su3H70abc2FVNXRM1WDUuG_zJnl-zc":331},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":139,"fingerprints":301},"check-login-lite","Check Login Lite","1.0.1","dynamokh","https:\u002F\u002Fprofiles.wordpress.org\u002Fdynamokh\u002F","\u003Cp>Check Login Lite enhances your WordPress login security with multiple protective features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>✅ \u003Cstrong>IP whitelist \u002F blacklist management\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>🌍 \u003Cstrong>Country-based access restrictions (up to 5 countries allowed)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>✉️ \u003Cstrong>Email alerts when unfamiliar IP logs in\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>💬 \u003Cstrong>Discord webhook notification support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>🔐 \u003Cstrong>Pseudo Basic Authentication system\u003C\u002Fstrong> for emergency lockdown\u003C\u002Fli>\n\u003Cli>🧠 \u003Cstrong>Automatic country list update\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>📜 \u003Cstrong>Login history log\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No need for advanced setup. Simple UI inside WordPress admin dashboard.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses third-party services only to provide the features you configure.\u003C\u002Fp>\n\u003Ch4>1. countriesnow.space (country list generation)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Service URL: \u003Ccode>https:\u002F\u002Fcountriesnow.space\u002Fapi\u002Fv0.1\u002Fcountries\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Used for: Building and refreshing the selectable country list used in admin settings.\u003C\u002Fli>\n\u003Cli>Data sent: No personal data is intentionally sent by the plugin for this request.\u003C\u002Fli>\n\u003Cli>When sent: On activation and when refreshing the country list file.\u003C\u002Fli>\n\u003Cli>Terms: \u003Ccode>https:\u002F\u002Fgithub.com\u002FMartinsOnuoha\u002FcountriesNowAPI\u002Fblob\u002Fmaster\u002FLICENSE\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Privacy: A dedicated privacy policy URL is not publicly provided by this service provider as of March 23, 2026.\u003C\u002Fli>\n\u003Cli>Additional references: \u003Ccode>https:\u002F\u002Fcountriesnow.space\u002F\u003C\u002Fcode> \u002F \u003Ccode>https:\u002F\u002Fdocumenter.getpostman.com\u002Fview\u002F1134062\u002FT1LJjU52?version=latest\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. freeipapi.com (IP geolocation)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Service URL pattern: \u003Ccode>https:\u002F\u002Ffree.freeipapi.com\u002Fapi\u002Fjson\u002F{IP}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Used for: Determining country from IP for admin access restriction and login alert context.\u003C\u002Fli>\n\u003Cli>Data sent: The IP address being checked (current request IP).\u003C\u002Fli>\n\u003Cli>When sent: During admin access checks, settings page rendering, and login alert evaluation.\u003C\u002Fli>\n\u003Cli>Terms: \u003Ccode>https:\u002F\u002Ffreeipapi.com\u002Fterms\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Privacy: \u003Ccode>https:\u002F\u002Ffreeipapi.com\u002Fprivacy\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3. Notification providers (optional, admin-configured)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Services: Discord Webhook, Slack Webhook, Chatwork API\u003C\u002Fli>\n\u003Cli>Used for: Sending security alert messages and emergency authentication credentials.\u003C\u002Fli>\n\u003Cli>Data sent: Site URL, username, login IP\u002Fcountry, emergency token\u002FURL, and configured message body.\u003C\u002Fli>\n\u003Cli>When sent: Only when an alert\u002Fsecurity event occurs and the corresponding provider is configured.\u003C\u002Fli>\n\u003Cli>Discord Terms\u002FPrivacy: \u003Ccode>https:\u002F\u002Fdiscord.com\u002Fterms\u003C\u002Fcode> \u002F \u003Ccode>https:\u002F\u002Fdiscord.com\u002Fprivacy\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Slack Terms\u002FPrivacy: \u003Ccode>https:\u002F\u002Fslack.com\u002Fterms-of-service\u003C\u002Fcode> \u002F \u003Ccode>https:\u002F\u002Fslack.com\u002Fprivacy-policy\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Chatwork Terms\u002FPrivacy: \u003Ccode>https:\u002F\u002Fgo.chatwork.com\u002Fen\u002Fterms.html\u003C\u002Fcode> \u002F \u003Ccode>https:\u002F\u002Fgo.chatwork.com\u002Fen\u002Fprivacy.html\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does not include behavioral tracking or analytics for end users by default. Notification delivery is administrator-configured and event-driven.\u003C\u002Fp>\n","A powerful security plugin to monitor login attempts, restrict access by IP or country, and receive alerts via email or Discord.",0,130,"2026-04-06T13:32:00.000Z","6.9.4","5.0","7.4",[18,19,20,21,22],"chatwork","discord","email","security","slack","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheck-login-lite.1.0.1.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,94,"2026-05-20T02:06:51.462Z",[36,56,75,101,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"hey-notify","Hey Notify","2.1.1","FireTree Design","https:\u002F\u002Fprofiles.wordpress.org\u002Ffiretree\u002F","\u003Cp>Get notified when things happen in WordPress.\u003C\u002Fp>\n\u003Ch4>Notifications can be sent to:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Slack\u003C\u002Fli>\n\u003Cli>Discord\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Notifications for:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts\n\u003Cul>\n\u003Cli>Draft\u003C\u002Fli>\n\u003Cli>Pending\u003C\u002Fli>\n\u003Cli>Scheduled\u003C\u002Fli>\n\u003Cli>Published\u003C\u002Fli>\n\u003Cli>Trashed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Pages\n\u003Cul>\n\u003Cli>Draft\u003C\u002Fli>\n\u003Cli>Pending\u003C\u002Fli>\n\u003Cli>Scheduled\u003C\u002Fli>\n\u003Cli>Published\u003C\u002Fli>\n\u003Cli>Trashed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Post Types\n\u003Cul>\n\u003Cli>Draft\u003C\u002Fli>\n\u003Cli>Pending\u003C\u002Fli>\n\u003Cli>Scheduled\u003C\u002Fli>\n\u003Cli>Published\u003C\u002Fli>\n\u003Cli>Trashed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Comments\n\u003Cul>\n\u003Cli>New Comment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Users\n\u003Cul>\n\u003Cli>New User\u003C\u002Fli>\n\u003Cli>Administrator Login\u003C\u002Fli>\n\u003Cli>Failed Administrator Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>System Events\n\u003Cul>\n\u003Cli>WordPress Updates\u003C\u002Fli>\n\u003Cli>Plugin Updates\u003C\u002Fli>\n\u003Cli>Plugin Activation\u003C\u002Fli>\n\u003Cli>Plugin Deactivation\u003C\u002Fli>\n\u003Cli>Theme Updates\u003C\u002Fli>\n\u003Cli>Theme Change\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Hey Notify Pro\u003C\u002Fh4>\n\u003Cp>Stay in the know with \u003Ca href=\"https:\u002F\u002Fheynotifywp.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Hey Notify Pro\u003C\u002Fa>. Premium features to keep you up to date with everything happening on your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customize notification messages.\u003C\u002Fli>\n\u003Cli>Native integration with Gravity Forms.\u003C\u002Fli>\n\u003Cli>Native integration with Ninja Forms.\u003C\u002Fli>\n\u003Cli>Sales notifications from Easy Digital Downloads.\u003C\u002Fli>\n\u003C\u002Ful>\n","Get notified when things happen in WordPress.",200,6057,5,"2025-06-27T22:56:00.000Z","6.8.5","4.3","7.2",[52,19,20,53,22],"alert","notifications","https:\u002F\u002Fheynotifywp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhey-notify.2.1.1.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":11,"num_ratings":11,"last_updated":66,"tested_up_to":48,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":74},"update-notification","Update Notification","1.6","TAKAHIRO","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrooveline\u002F","\u003Cp>このプラグインは、WordPressの記事やページを更新した際に Discord、ChatWork、Slack、Telegram、Guilded、Google Chat に更新通知を送るプラグインです。\u003C\u002Fp>\n\u003Cp>対応サービス:\u003Cbr \u002F>\n* Discord\u003Cbr \u002F>\n* ChatWork\u003Cbr \u002F>\n* Slack\u003Cbr \u002F>\n* Telegram\u003Cbr \u002F>\n* Guilded\u003Cbr \u002F>\n* Google Chat\u003C\u002Fp>\n\u003Cp>各サービスごとにWebhook URLなどの必要な情報を設定できます。また、どの投稿タイプで通知を有効にするかを選択できます。\u003C\u002Fp>\n","WordPressの記事やページを更新した際に Discord、ChatWork、Slack、Telegram、Guilded、Google Chat に更新通知を送ることができます。",20,3414,"2025-06-19T08:17:00.000Z","5.1.1","5.3",[18,19,70,22,71],"guilded","telegram","https:\u002F\u002Finexio.jp\u002Finxresults\u002Finx-update-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notification.1.6.zip","2026-04-06T09:54:40.288Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":11,"last_vuln_date":100,"fetched_at":27},"aryo-activity-log","Activity Log – Monitor & Record User Changes","2.11.2","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cstrong>AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If someone is trying to hack your site\u003C\u002Fli>\n\u003Cli>When a post was published, and who published it\u003C\u002Fli>\n\u003Cli>If a plugin\u002Ftheme was activated\u002Fdeactivated\u003C\u002Fli>\n\u003Cli>Suspicious admin activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.\u003C\u002Fp>\n\u003Cp>If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New! Introducing Email Logging\u003C\u002Fstrong> – Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Export to CSV\u003C\u002Fstrong> – Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Privacy and GDPR Compliance\u003C\u002Fstrong> – We provide the tools to help you adhere to GDPR compliance standards, including Export\u002FErasure of data via the WordPress Privacy Tools.\u003C\u002Fp>\n\u003Ch3>With the Activity Log you can record:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> – Core updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pages\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tags\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomies\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menus\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comments\u003C\u002Fstrong> – Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – Login, logout, login failed, update profile, registered, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins\u003C\u002Fstrong> – Installed, updated, activated, deactivated, changed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Themes\u003C\u002Fstrong> – Installed, updated, deleted, activated, changed (Editor and Customizer)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets\u003C\u002Fstrong> – Added to sidebar, deleted from sidebar, order widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setting\u003C\u002Fstrong> – General, writing, reading, discussion, media, permalinks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options\u003C\u002Fstrong> – Extended custom settings for 3rd party plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u003C\u002Fstrong> – Exported activity log file\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Track products, orders, customers, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Forums, topics, replies, taxonomies, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emails sent from WordPress site\u003C\u002Fstrong> – Sending successful, sending failed\u003C\u002Fli>\n\u003Cli>There’s more, of course, but you get the point…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each event recorded by the activity log, the following details are also logged:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date and time of occurrence\u003C\u002Fli>\n\u003Cli>User and user role responsible for the change\u003C\u002Fli>\n\u003Cli>Source IP address from which the change originated\u003C\u002Fli>\n\u003Cli>Affected object where the change occurred\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin doesn\\’t require any kind of setup; it works right out of the box (just another reason people love it)!\u003C\u002Fp>\n\u003Ch3>Data Storage and Performance Optimization\u003C\u002Fh3>\n\u003Cp>In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website’s performance, ensuring seamless operation even during peak traffic periods.\u003C\u002Fp>\n\u003Ch3>Uninstall Clean-up\u003C\u002Fh3>\n\u003Cp>We understand the importance of maintaining a clean and efficient database environment. That’s why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What users have to say\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>“Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fblog.hubspot.com\u002Fwebsite\u002F8-best-plugins-tracking-user-activity-wordpress\" rel=\"nofollow ugc\">HubSpot.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Fplugins\u002Fwordpress-activity-log-plugins\u002F\" rel=\"nofollow ugc\">WPAstra.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.malcare.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Malcare.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Fbest-free-wordpress-plugins-july-2014\" rel=\"nofollow ugc\">ManageWP.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fartdriver.com\u002Fblog\u002Fwordpress-site-hacked-solution-time\" rel=\"nofollow ugc\">Artdriver.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.freshtechtips.com\u002F2014\u002F01\u002Fbest-audit-trail-plugins-for-wordpress.html\" rel=\"nofollow ugc\">FreshTechTips.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Ftips-tricks\u002F5-best-ways-to-monitor-wordpress-activity-via-the-dashboard\" rel=\"nofollow ugc\">ElegantThemes.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributions:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Would you like to contribute to this plugin?\u003C\u002Fstrong> You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpojome\u002Factivity-log\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. And, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.",200000,4007371,86,74,"2024-11-12T14:55:00.000Z","6.7.5","6.0","7.0",[92,93,94,21,95],"activity-log","audit-log","email-log","user-log","https:\u002F\u002Factivitylog.io\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faryo-activity-log.2.11.2.zip",85,9,"2024-11-20 17:10:23",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":11,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":23,"tags":114,"homepage":118,"download_link":119,"security_score":98,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"update-notifier","Update Notifier","1.4.1","Jon Cave","https:\u002F\u002Fprofiles.wordpress.org\u002Fduck_\u002F","\u003Cp>If you don’t check your admin panel on your WordPress install very often (maybe because you prefer to use remote publishing) or you want to make sure\u003Cbr \u002F>\nthat your clients’ WordPress installations are updated, then this is the plugin for you. You don’t have to login to your admin panel regularly,\u003Cbr \u002F>\nsuscribe to an RSS feed, or do anything apart from installing this plugin to be notified when an update to WordPress is released.\u003C\u002Fp>\n\u003Cp>All you have to do is install Update Notifier and forget it until you receive an email telling you to update.\u003C\u002Fp>\n\u003Cp>To change Update Notifier’s options, go to Update Notifier under the main Settings menu. From there you can add a secondary email address\u003Cbr \u002F>\nwhich will also receive update notifications and you can activate update notifications for themes and plugins.\u003C\u002Fp>\n","Sends email notifications if a new version of WordPress available. Notifications about updates for plugins and themes can also be sent.",700,18185,"2010-09-20T12:13:00.000Z","3.0.5","3.0",[115,20,116,21,117],"admin","notification","upgrade","http:\u002F\u002Flionsgoroar.co.uk\u002Fwordpress\u002Fupdate-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notifier.1.4.1.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":25,"num_ratings":130,"last_updated":131,"tested_up_to":90,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"host-header-injection-fix","Host Header Injection Fix","3.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>👉 Enables custom headers for WP email notifications\u003C\u002Fp>\n\u003Cp>👉 Also provides a “set it and forget it” security fix for WP \u003C 5.5\u003C\u002Fp>\n\u003Cp>👉 Uses only 50KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As of WordPress 5.5, this plugin no longer is necessary to fix the \u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">host-header security issue\u003C\u002Fa> reported in \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">Ticket #25239\u003C\u002Fa> \u003Cstrong>finally\u003C\u002Fstrong> is fixed, and mentioned in this post \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2020\u002F07\u002Fwordpress-5-5-beta-4\u002F\" rel=\"ugc\">WordPress 5.5 Beta 4\u003C\u002Fa>. Thank You WordPress devs!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is this plugin still useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Yes, it enables you to choose the “From”, “Name”, and “Return-Path” headers for all WP notification emails. And for versions of WordPress less than 5.5, this plugin continues to fix the host-header injection security issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This simple plugin does three things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sets custom From, Name, and Return-Path for WP notifications\u003C\u002Fli>\n\u003Cli>Fixes a security vulnerability in WordPress versions \u003C 5.5\u003C\u002Fli>\n\u003Cli>Fixes a bug where invalid email addresses may be generated (in WordPress versions \u003C 5.5)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Choose from the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use WordPress defaults (insecure for WP \u003C 5.5)\u003C\u002Fli>\n\u003Cli>Use “Email Address” from WP General Settings\u003C\u002Fli>\n\u003Cli>Use a custom name and address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plus there is an option to use the specified From address as the Return-Path header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The security issue fixed by this plugin has been known about since way back in WordPress version 2.3. There has been some talk about fixing, but nothing has been implemented. While the issue does not affect all sites, it does affect a good percentage of them, including some of my own projects. So, not wanting to get hacked, I decided to write my own solution. Hopefully this issue gets fixed in a future version of WordPress, and this plugin will become unnecessary.\u003C\u002Fp>\n\u003Cp>As a bonus, setting an explicit From address resolves a long-standing bug whereby an invalid email address is generated under the following conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A “From” address is not set, \u003C\u002Fli>\n\u003Cli>And the \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> is empty\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So by explicitly setting a “From” address, we prevent this bug from happening.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Issue\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>What is the security issue addressed by this plugin? Follows is a quick summary. To learn more in-depth, check out the resources linked in the next section.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP uses \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> to set the “From” header in email notifications\u003C\u002Fli>\n\u003Cli>This includes sensitive email notifications like password resets and user registration\u003C\u002Fli>\n\u003Cli>In some cases, an attacker could modify the “From” header and intercept the email\u003C\u002Fli>\n\u003Cli>Using the intercepted email, an attacker could gain access to your site and wreak havoc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Infos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This security vulnerability is well-known and has been around for a looong time. To learn more, check out these articles:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">WP Core Trac Ticket\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">Exploit Box Info\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.exploit-db.com\u002Fexploits\u002F41963\" rel=\"nofollow ugc\">Exploit Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Host Header Injection Fix is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Sets custom headers for WP notification emails. Also fixes a security issue with WP versions \u003C 5.5.",500,25533,6,"2026-03-27T17:15:00.000Z","4.7","5.6.20",[20,135,136,116,21],"headers","injection","https:\u002F\u002Fperishablepress.com\u002Fhost-header-injection-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-header-injection-fix.3.5.zip",{"attackSurface":140,"codeSignals":194,"taintFlows":244,"riskAssessment":295,"analyzedAt":300},{"hooks":141,"ajaxHandlers":173,"restRoutes":174,"shortcodes":191,"cronEvents":192,"entryPointCount":193,"unprotectedCount":31},[142,148,152,157,161,165,169],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","add_menu_page","check-login-lite.php",50,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_enqueue_scripts","enqueue_scripts",51,{"type":143,"name":153,"callback":154,"priority":155,"file":146,"line":156},"wp_login","handle_login",10,52,{"type":143,"name":158,"callback":159,"file":146,"line":160},"admin_init","restrict_wp_admin_access",53,{"type":143,"name":162,"callback":163,"priority":11,"file":146,"line":164},"init","pseudo_basic_auth_check",54,{"type":143,"name":166,"callback":167,"file":146,"line":168},"rest_api_init","register_basic_auth_rest",55,{"type":143,"name":170,"callback":171,"file":146,"line":172},"admin_notices","show_admin_warning",56,[],[175,184],{"namespace":176,"route":177,"methods":178,"callback":180,"permissionCallback":181,"file":182,"line":183},"checloli\u002Fv1","\u002Fbasic_auth_confirm",[179],"GET","rest_basic_auth_confirm","__return_true","includes\u002FCheckLoginLite\u002FAuth.php",135,{"namespace":176,"route":185,"methods":186,"callback":188,"permissionCallback":189,"file":182,"line":190},"\u002Fforce_basic_auth",[187],"POST","rest_force_basic_auth","can_force_basic_auth",141,[],[],2,{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":31,"externalRequests":155,"nonceChecks":242,"capabilityChecks":31,"bundledLibraries":243},[],{"prepared":11,"raw":11,"locations":197},[],{"escaped":199,"rawEcho":200,"locations":201},171,19,[202,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240],{"file":203,"line":204,"context":205},"includes\u002FCheckLoginLite\u002FUtils.php",580,"raw output",{"file":203,"line":207,"context":205},595,{"file":203,"line":209,"context":205},597,{"file":203,"line":211,"context":205},602,{"file":203,"line":213,"context":205},613,{"file":203,"line":215,"context":205},615,{"file":203,"line":217,"context":205},632,{"file":203,"line":219,"context":205},635,{"file":203,"line":221,"context":205},637,{"file":203,"line":223,"context":205},644,{"file":203,"line":225,"context":205},647,{"file":203,"line":227,"context":205},649,{"file":203,"line":229,"context":205},653,{"file":203,"line":231,"context":205},685,{"file":203,"line":233,"context":205},696,{"file":203,"line":235,"context":205},708,{"file":203,"line":237,"context":205},724,{"file":203,"line":239,"context":205},735,{"file":203,"line":241,"context":205},746,11,[],[245,281],{"entryPoint":246,"graph":247,"unsanitizedCount":11,"severity":280},"render_settings_page (includes\u002FCheckLoginLite\u002FUtils.php:157)",{"nodes":248,"edges":275},[249,254,260,264,268,272],{"id":250,"type":251,"label":252,"file":203,"line":253},"n0","source","$_POST (x6)",318,{"id":255,"type":256,"label":257,"file":203,"line":258,"wp_function":259},"n1","sink","update_option() [Settings Manipulation]",320,"update_option",{"id":261,"type":251,"label":262,"file":203,"line":263},"n2","$_POST",531,{"id":265,"type":256,"label":266,"file":203,"line":215,"wp_function":267},"n3","echo() [XSS]","echo",{"id":269,"type":251,"label":270,"file":203,"line":271},"n4","$_SERVER",172,{"id":273,"type":256,"label":266,"file":203,"line":274,"wp_function":267},"n5",621,[276,278,279],{"from":250,"to":255,"sanitized":277},true,{"from":261,"to":265,"sanitized":277},{"from":269,"to":273,"sanitized":277},"low",{"entryPoint":282,"graph":283,"unsanitizedCount":11,"severity":280},"\u003CUtils> (includes\u002FCheckLoginLite\u002FUtils.php:0)",{"nodes":284,"edges":291},[285,286,287,288,289,290],{"id":250,"type":251,"label":252,"file":203,"line":253},{"id":255,"type":256,"label":257,"file":203,"line":258,"wp_function":259},{"id":261,"type":251,"label":262,"file":203,"line":263},{"id":265,"type":256,"label":266,"file":203,"line":215,"wp_function":267},{"id":269,"type":251,"label":270,"file":203,"line":271},{"id":273,"type":256,"label":266,"file":203,"line":274,"wp_function":267},[292,293,294],{"from":250,"to":255,"sanitized":277},{"from":261,"to":265,"sanitized":277},{"from":269,"to":273,"sanitized":277},{"summary":296,"deductions":297},"The check-login-lite v1.0.1 plugin exhibits a generally good security posture, with several strengths observed. The absence of dangerous functions, a lack of raw SQL queries (all using prepared statements), and a high percentage of properly escaped output are positive indicators.  Furthermore, the presence of nonces and capability checks suggests an awareness of common WordPress security practices. The plugin also has a clean vulnerability history with no recorded CVEs, which is a strong sign of its stability and security over time.\n\nHowever, there are specific areas that introduce risk. The most significant concern is the presence of a REST API route without a permission callback. This means that potentially sensitive data or functionality could be accessed or manipulated by unauthenticated users, creating a direct attack vector. While the total number of entry points is low and most are protected, this single unprotected endpoint is a notable weakness. The plugin also performs external HTTP requests, which, depending on the nature of these requests, could introduce risks if the external services are compromised or if the data sent is not properly sanitized.\n\nIn conclusion, check-login-lite v1.0.1 demonstrates good underlying security principles. Its clean vulnerability history and reliance on prepared statements are commendable. The primary weakness lies in an unprotected REST API endpoint, which requires immediate attention to mitigate the risk of unauthorized access or manipulation. The external HTTP requests should also be reviewed for potential vulnerabilities.",[298],{"reason":299,"points":155},"REST API route without permission callback","2026-04-16T14:53:24.102Z",{"wat":302,"direct":311},{"assetPaths":303,"generatorPatterns":306,"scriptPaths":307,"versionParams":308},[304,305],"\u002Fwp-content\u002Fplugins\u002Fcheck-login-lite\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fcheck-login-lite\u002Fmain.js",[],[305],[309,310],"check-login-lite\u002Fmain.css?ver=","check-login-lite\u002Fmain.js?ver=",{"cssClasses":312,"htmlComments":315,"htmlAttributes":319,"restEndpoints":322,"jsGlobals":324,"shortcodeOutput":326},[313,314],"checloli-login-form","checloli-admin-warning",[316,317,318],"\u003C!-- Main plugin logic -->","\u003C!-- Basic Auth Form -->","\u003C!-- END Basic Auth Form -->",[320,321],"data-checloli-nonce","data-checloli-action",[323],"\u002Fwp-json\u002Fchecloli\u002Fv1\u002Fauth",[325],"checloli_vars",[],{"error":277,"url":328,"statusCode":329,"statusMessage":330,"message":330},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcheck-login-lite\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":193,"versions":332},[333,339],{"version":6,"download_url":24,"svn_tag_url":334,"released_at":26,"has_diff":335,"diff_files_changed":336,"diff_lines":26,"trac_diff_url":337,"vulnerabilities":338,"is_current":277},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcheck-login-lite\u002Ftags\u002F1.0.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcheck-login-lite%2Ftags%2F1.0.0&new_path=%2Fcheck-login-lite%2Ftags%2F1.0.1",[],{"version":340,"download_url":341,"svn_tag_url":342,"released_at":26,"has_diff":335,"diff_files_changed":343,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":344,"is_current":335},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheck-login-lite.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcheck-login-lite\u002Ftags\u002F1.0.0\u002F",[],[]]