[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frgP_3H3ZfBpx9FG5qPB_WZIVxxLg79gKYukI_nyVbAE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":137,"fingerprints":427},"cloudbridge-2fa","Cloudbridge 2FA","1.0.5","joho68","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoho68\u002F","\u003Cp>This plugin provides uncomplicated 2FA plugin for WordPress. It will allow you\u003Cbr \u002F>\nto require a second, one time password or OTP, code to be entered when certain\u003Cbr \u002F>\n(or all) users attempt to log in to WordPress.\u003C\u002Fp>\n\u003Cp>It will send a six-digit code via e-mail to the user attempting to log in. The\u003Cbr \u002F>\ncode has a limited lifetime (defaults to 15 minutes). Once a code has been\u003Cbr \u002F>\nconsumed, it is considered invalid.\u003C\u002Fp>\n\u003Cp>You may configure that only certain roles are required to use 2FA, and it is\u003Cbr \u002F>\nrecommended that you enable 2FA for those users with privileged access.\u003C\u002Fp>\n\u003Cp>You may also configure the plugin to allow certain roles to enable an OTP code\u003Cbr \u002F>\nbypass, which will set a cookie in that user’s web browser. The cookies are\u003Cbr \u002F>\npartially based on the username, so several users can share the same browser,\u003Cbr \u002F>\nbut still be required to always enter the OTP code, or bypass it if the cookie\u003Cbr \u002F>\nis present.\u003C\u002Fp>\n\u003Cp>You can add custom text to the OTP code entry form, and you can add custom text\u003Cbr \u002F>\nto the OTP code e-mail message.\u003C\u002Fp>\n\u003Cp>The plugin can be configured to allow it to be handled\u002Fmanaged only by specific\u003Cbr \u002F>\nusers, thus making it harder for someone to accidentally or intentionally\u003Cbr \u002F>\ndeactivate it. The implemented solution for this is by no means waterproof. If\u003Cbr \u002F>\nsomeone, for example, has access to your WordPress installation by means of FTP\u003Cbr \u002F>\nor similar, the plugin files can be physically removed (or moved out of your\u003Cbr \u002F>\nWordPress installation), which basically deactivates the plugin as well.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The Cloudbridge 2FA Plugin was written by Joaquim Homrighausen while converting caffeine into code.\u003C\u002Fp>\n\u003Cp>Cloudbridge 2FA is sponsored by \u003Ca href=\"https:\u002F\u002Fwebbplatsen.se\" rel=\"nofollow ugc\">WebbPlatsen i Sverige AB\u003C\u002Fa>, Sweden.\u003C\u002Fp>\n\u003Cp>Commercial support and customizations for this plugin is available from WebbPlatsen i Sverige AB in Sweden.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful, the author is happy to receive a donation, good review, or just a kind word.\u003C\u002Fp>\n\u003Cp>If there is something you feel to be missing from this plugin, or if you have found a problem with the code or a feature, please do not hesitate to reach out to support@webbplatsen.se.\u003C\u002Fp>\n\u003Cp>This plugin can also be downloaded from \u003Ca href=\"https:\u002F\u002Fcode.webbplatsen.net\u002Fwordpress\u002Fcloudbridge-2fa\u002F\" rel=\"nofollow ugc\">code.webbplatsen.net\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoho1968\u002FCloudbridge-2FA\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>More detailed documentation is available at \u003Ca href=\"https:\u002F\u002Fcode.webbplatsen.net\u002Fdocumentation\u002Fcloudbridge-2fa\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fcode.webbplatsen.net\u002Fdocumentation\u002Fcloudbridge-2fa\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Kudos to Kev Quirk for \u003Ca href=\"https:\u002F\u002Fsimplecss.org\u002F\" rel=\"nofollow ugc\">Simple CSS\u003C\u002Fa>\u003C\u002Fp>\n","Uncomplicated 2FA plugin for WordPress. Tested with WordPress 5.5+ and PHP 7.4+.",0,1177,"2025-12-08T11:56:00.000Z","6.9.4","5.4.0","7.4",[18,19,20],"2fa","passwords","security","https:\u002F\u002Fcode.webbplatsen.net\u002Fwordpress\u002Fcloudbridge-2fa\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudbridge-2fa.1.0.5.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},5,190,30,94,"2026-04-04T17:25:36.980Z",[34,57,79,99,118],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":31,"num_ratings":44,"last_updated":45,"tested_up_to":14,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":52,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":11,"last_vuln_date":56,"fetched_at":25},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,4829,"2025-12-20T21:06:00.000Z","4.7","7.0",[18,49,50,51,20],"firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":75,"download_link":76,"security_score":54,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":25},"really-simple-ssl","Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)","9.5.8","Really Simple Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Freallysimpleplugins\u002F","\u003Cp>Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.\u003C\u002Fp>\n\u003Ch3>Really simple, Effective and Performant WordPress Security\u003C\u002Fh3>\n\u003Cp>Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features.\u003C\u002Fp>\n\u003Cp>We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy-to-use:\u003C\u002Fstrong> 1-minute configuration with short onboarding setup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Ch4>Easy SSL Migration\u003C\u002Fh4>\n\u003Cp>Migrates your website to HTTPS and enforces SSL in just one click.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>301 redirect via PHP or .htaccess\u003C\u002Fli>\n\u003Cli>Secure cookies\u003C\u002Fli>\n\u003Cli>Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation.\u003C\u002Fli>\n\u003Cli>Server Health Check: Your server configuration is every bit as important for your website security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress Hardening\u003C\u002Fh4>\n\u003Cp>Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent code execution in the uploads folder\u003C\u002Fli>\n\u003Cli>Prevent login feedback and disable user enumeration\u003C\u002Fli>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Username restrictions (block ‘admin’ and public names)\u003C\u002Fli>\n\u003Cli>and much more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Detection\u003C\u002Fh4>\n\u003Cp>Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action.\u003C\u002Fp>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email.\u003C\u002Fp>\n\u003Ch3>Improve Security with Really Simple Security Pro\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002F\" rel=\"nofollow ugc\">Protect your site with all essential security features by upgrading to Really Simple Security Pro.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Advanced SSL enforcement\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end.\u003C\u002Fli>\n\u003Cli>Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Firewall\u003C\u002Fh4>\n\u003Cp>Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors.\u003C\u002Fli>\n\u003Cli>Region blocking – Only allow\u002Fblock access to your site from specific regions.\u003C\u002Fli>\n\u003Cli>Automated and customisable Firewall rules.\u003C\u002Fli>\n\u003Cli>IP blocklist and allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers\u003C\u002Fh4>\n\u003Cp>Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc.\u003C\u002Fli>\n\u003Cli>Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers.\u003C\u002Fli>\n\u003Cli>Automatically generate your WordPress-tailored Content Security Policy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Vulnerability Measures\u003C\u002Fh4>\n\u003Cp>When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps.\u003C\u002Fli>\n\u003Cli>Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Site Hardening\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose a custom login URL\u003C\u002Fli>\n\u003Cli>Automated File Permissions check and fixer\u003C\u002Fli>\n\u003Cli>Rename and randomize your database prefix\u003C\u002Fli>\n\u003Cli>Change the debug.log file location to a non-public folder\u003C\u002Fli>\n\u003Cli>Disable application passwords\u003C\u002Fli>\n\u003Cli>Control admin creation\u003C\u002Fli>\n\u003Cli>Disable HTTP methods, reducing HTTP requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protection\u003C\u002Fh4>\n\u003Cp>Secure your website’s login process and user accounts with powerful security measures.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Step verification (Email login)\u003C\u002Fli>\n\u003Cli>2FA (two factor authentication) with TOTP\u003C\u002Fli>\n\u003Cli>Passwordless login with passkey login\u003C\u002Fli>\n\u003Cli>Enforce strong passwords and frequent password change\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha)\u003C\u002Fp>\n\u003Ch4>Access Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Restrict access to your site for specific regions.\u003C\u002Fli>\n\u003Cli>Add specific IP addresses or IP ranges to the Blocklist or Allowlist.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Useful Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fknowledge-base-overview\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Freally-simple-ssl.com\u002Fdefinitions\u002F\" rel=\"nofollow ugc\">Security Definitions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">Translate Really Simple Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Fissues\" rel=\"nofollow ugc\">Issues & pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FReally-Simple-Plugins\u002Freally-simple-ssl\u002Flabels\u002Ffeature%20request\" rel=\"nofollow ugc\">Feature requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Love Really Simple Security?\u003C\u002Fh3>\n\u003Cp>If you want to support the continuing development of this plugin, please consider buying \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Really Simple Security Pro\u003C\u002Fa>, which includes some excellent security features and premium support.\u003C\u002Fp>\n\u003Ch3>About Really Simple Plugins\u003C\u002Fh3>\n\u003Cp>Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by \u003Ca href=\"https:\u002F\u002Fwww.really-simple-ssl.com\u002Fabout-us\" rel=\"nofollow ugc\">Really Simple Plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For generating SSL certificates, Really Simple Security uses the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffbett\u002Fle-acme2-php\u002F\" rel=\"nofollow ugc\">le acme2 PHP\u003C\u002Fa> Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Freally-simple-plugins\u002Freally-simple-ssl\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> as well!\u003C\u002Fp>\n","Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.",3000000,205655178,98,8803,"2026-02-26T10:57:00.000Z","6.6",[18,72,20,73,74],"https","two-factor","vulnerabilities","https:\u002F\u002Freally-simple-ssl.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-ssl.9.5.8.zip",3,"2026-03-15 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":67,"num_ratings":89,"last_updated":90,"tested_up_to":14,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":92,"download_link":96,"security_score":67,"vuln_count":97,"unpatched_count":11,"last_vuln_date":98,"fetched_at":25},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,1441,"2026-01-12T16:01:00.000Z","3.0","",[18,94,49,95,20],"brute-force","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":73,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":54,"num_ratings":108,"last_updated":109,"tested_up_to":14,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":116,"download_link":117,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"Two Factor","0.15.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.  There are no site-wide settings for this plugin.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FIDO U2F Security Keys\u003C\u002Fstrong> – Use physical security keys (requires HTTPS)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No global settings\u003C\u002Fstrong>: This plugin operates on a per-user basis only. For more, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Ftwo-factor\u002Fissues\u002F249\" rel=\"nofollow ugc\">GH#249\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Hardware-based authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Register physical security keys (USB, NFC, or Bluetooth)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Requirements\u003C\u002Fstrong>: HTTPS connection required, compatible browser needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Support\u003C\u002Fstrong>: Chrome, Firefox, Edge (varies by key type)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users with security keys who want maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F Security Keys require an HTTPS connection to function\u003C\u002Fli>\n\u003Cli>Other methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F requires a compatible browser and may not work on all devices\u003C\u002Fli>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode>action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.",100000,1526344,199,"2026-02-17T13:21:00.000Z","6.8","7.2",[18,113,114,20,115],"authentication","mfa","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.15.0.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":46,"requires_php":47,"tags":132,"homepage":92,"download_link":135,"security_score":136,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5",[18,133,95,20,134],"captcha","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"attackSurface":138,"codeSignals":233,"taintFlows":396,"riskAssessment":415,"analyzedAt":426},{"hooks":139,"ajaxHandlers":229,"restRoutes":230,"shortcodes":231,"cronEvents":232,"entryPointCount":11,"unprotectedCount":11},[140,146,149,152,157,162,166,170,174,179,183,187,191,195,199,202,206,209,213,216,221,225],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","admin_notices","cb2fa_admin_alert_missing_mbstring","cloudbridge-2fa.php",148,{"type":141,"name":142,"callback":147,"file":144,"line":148},"cb2fa_admin_alert_plugin_activated",152,{"type":141,"name":142,"callback":150,"file":144,"line":151},"cb2fa_admin_alert_missing_openssl",217,{"type":153,"name":154,"callback":155,"file":144,"line":156},"filter","all_plugins","cb2fa_hide_plugin",1311,{"type":141,"name":158,"callback":159,"priority":160,"file":144,"line":161},"add_option","cb2fa_admin_debug_add_option",10,1951,{"type":141,"name":163,"callback":164,"priority":160,"file":144,"line":165},"update_option","cb2fa_admin_debug_update_option",1952,{"type":141,"name":167,"callback":168,"priority":160,"file":144,"line":169},"updated_option","cb2fa_admin_debug_updated_option",1953,{"type":141,"name":171,"callback":172,"file":144,"line":173},"init","setup_locale",2213,{"type":153,"name":175,"callback":176,"priority":177,"file":144,"line":178},"authenticate","cb2fa_post_wp_authenticate",21,2217,{"type":141,"name":180,"callback":181,"priority":160,"file":144,"line":182},"login_form","cb2fa_login_form",2218,{"type":141,"name":184,"callback":185,"file":144,"line":186},"admin_enqueue_scripts","cb2fa_setup_admin_css",2222,{"type":141,"name":188,"callback":189,"file":144,"line":190},"admin_menu","cb2fa_menu",2223,{"type":141,"name":192,"callback":193,"file":144,"line":194},"admin_init","cb2fa_settings",2224,{"type":141,"name":196,"callback":197,"file":144,"line":198},"show_user_profile","cb2fa_user_profile_factor_settings",2225,{"type":141,"name":200,"callback":197,"file":144,"line":201},"edit_user_profile",2226,{"type":141,"name":203,"callback":204,"file":144,"line":205},"personal_options_update","cb2fa_save_user_profile_factor_settings",2227,{"type":141,"name":207,"callback":204,"file":144,"line":208},"edit_user_profile_update",2228,{"type":141,"name":210,"callback":211,"file":144,"line":212},"wp_enqueue_scripts","cb2fa_setup_public_css",2231,{"type":141,"name":171,"callback":214,"file":144,"line":215},"cb2fa_setup_other",2234,{"type":153,"name":217,"callback":218,"file":219,"line":220},"wp_mail_content_type","set_html_mail_content_type","include\\class_cb2fa_login.inc.php",418,{"type":153,"name":222,"callback":223,"file":219,"line":224},"wp_mail_from","set_mail_from_address",419,{"type":153,"name":226,"callback":227,"file":219,"line":228},"wp_mail_from_name","set_mail_from_name",420,[],[],[],[],{"dangerousFunctions":234,"sqlUsage":235,"outputEscaping":237,"fileOperations":394,"externalRequests":11,"nonceChecks":28,"capabilityChecks":77,"bundledLibraries":395},[],{"prepared":11,"raw":11,"locations":236},[],{"escaped":238,"rawEcho":239,"locations":240},103,76,[241,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392],{"file":144,"line":242,"context":243},642,"raw output",{"file":144,"line":245,"context":243},650,{"file":144,"line":247,"context":243},658,{"file":144,"line":249,"context":243},1025,{"file":144,"line":251,"context":243},1026,{"file":144,"line":253,"context":243},1032,{"file":144,"line":255,"context":243},1033,{"file":144,"line":257,"context":243},1039,{"file":144,"line":259,"context":243},1040,{"file":144,"line":261,"context":243},1046,{"file":144,"line":263,"context":243},1058,{"file":144,"line":265,"context":243},1059,{"file":144,"line":267,"context":243},1296,{"file":144,"line":269,"context":243},1469,{"file":144,"line":271,"context":243},1470,{"file":144,"line":273,"context":243},1472,{"file":144,"line":275,"context":243},1478,{"file":144,"line":277,"context":243},1479,{"file":144,"line":279,"context":243},1481,{"file":144,"line":281,"context":243},1486,{"file":144,"line":283,"context":243},1493,{"file":144,"line":285,"context":243},1500,{"file":144,"line":287,"context":243},1506,{"file":144,"line":289,"context":243},1514,{"file":144,"line":291,"context":243},1515,{"file":144,"line":293,"context":243},1522,{"file":144,"line":295,"context":243},1523,{"file":144,"line":297,"context":243},1552,{"file":144,"line":299,"context":243},1553,{"file":144,"line":301,"context":243},1570,{"file":144,"line":303,"context":243},1572,{"file":144,"line":305,"context":243},1573,{"file":144,"line":307,"context":243},1575,{"file":144,"line":309,"context":243},1582,{"file":144,"line":311,"context":243},1585,{"file":144,"line":313,"context":243},1587,{"file":144,"line":315,"context":243},1590,{"file":144,"line":317,"context":243},1591,{"file":144,"line":319,"context":243},1593,{"file":144,"line":321,"context":243},1600,{"file":144,"line":323,"context":243},1603,{"file":144,"line":325,"context":243},1605,{"file":144,"line":327,"context":243},1607,{"file":144,"line":329,"context":243},1611,{"file":144,"line":331,"context":243},1614,{"file":144,"line":333,"context":243},1616,{"file":144,"line":335,"context":243},1626,{"file":144,"line":337,"context":243},1629,{"file":144,"line":339,"context":243},1634,{"file":144,"line":341,"context":243},1637,{"file":144,"line":343,"context":243},1638,{"file":144,"line":345,"context":243},1639,{"file":144,"line":347,"context":243},1644,{"file":144,"line":349,"context":243},1646,{"file":144,"line":351,"context":243},1655,{"file":144,"line":353,"context":243},1658,{"file":144,"line":355,"context":243},1662,{"file":144,"line":357,"context":243},1666,{"file":144,"line":359,"context":243},1779,{"file":144,"line":361,"context":243},1911,{"file":144,"line":363,"context":243},1918,{"file":144,"line":365,"context":243},1920,{"file":144,"line":367,"context":243},1928,{"file":144,"line":369,"context":243},1930,{"file":144,"line":371,"context":243},2151,{"file":219,"line":373,"context":243},452,{"file":219,"line":375,"context":243},591,{"file":219,"line":377,"context":243},592,{"file":219,"line":379,"context":243},602,{"file":219,"line":381,"context":243},605,{"file":219,"line":383,"context":243},609,{"file":219,"line":385,"context":243},610,{"file":219,"line":387,"context":243},647,{"file":219,"line":389,"context":243},657,{"file":219,"line":391,"context":243},660,{"file":219,"line":393,"context":243},681,1,[],[397],{"entryPoint":398,"graph":399,"unsanitizedCount":77,"severity":414},"\u003Cclass_cb2fa_login.inc> (include\\class_cb2fa_login.inc.php:0)",{"nodes":400,"edges":411},[401,406],{"id":402,"type":403,"label":404,"file":219,"line":405},"n0","source","$_REQUEST (x3)",231,{"id":407,"type":408,"label":409,"file":219,"line":377,"wp_function":410},"n1","sink","echo() [XSS]","echo",[412],{"from":402,"to":407,"sanitized":413},false,"low",{"summary":416,"deductions":417},"The cloudbridge-2fa v2.0.1 plugin exhibits a generally good security posture, primarily due to the absence of known historical vulnerabilities and the implementation of several security best practices. The code analysis reveals a lack of dangerous functions and all SQL queries utilize prepared statements, which significantly reduces the risk of common injection attacks. Furthermore, the presence of nonce and capability checks, although limited in number, indicates an awareness of access control mechanisms. The plugin also avoids external HTTP requests and bundled libraries, further limiting potential attack vectors.\n\nHowever, there are areas for concern. The static analysis highlights that only 58% of output is properly escaped, leaving a significant portion vulnerable to Cross-Site Scripting (XSS) attacks. While the taint analysis shows only one flow with unsanitized paths, the fact that it exists at all warrants attention, especially given the lack of detail on its severity. The presence of one file operation without further context is also a minor concern. The vulnerability history being completely empty is a positive sign but doesn't guarantee future immunity. Overall, while the plugin avoids many common pitfalls, the unescaped output and the single unsanitized taint flow represent the most immediate security risks that should be addressed.",[418,421,423],{"reason":419,"points":420},"Unescaped output detected",8,{"reason":422,"points":28},"Flow with unsanitized paths",{"reason":424,"points":425},"File operations present",2,"2026-03-17T06:17:08.854Z",{"wat":428,"direct":441},{"assetPaths":429,"generatorPatterns":434,"scriptPaths":435,"versionParams":436},[430,431,432,433],"\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-login-styles.css","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-admin-styles.css","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-login-scripts.js","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-admin-scripts.js",[],[],[437,438,439,440],"\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-login-styles.css?ver=","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-admin-styles.css?ver=","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-login-scripts.js?ver=","\u002Fwp-content\u002Fplugins\u002Fcloudbridge-2fa\u002Finclude\u002Fcb2fa-admin-scripts.js?ver=",{"cssClasses":442,"htmlComments":451,"htmlAttributes":455,"restEndpoints":458,"jsGlobals":460,"shortcodeOutput":464},[443,444,445,446,447,448,449,450],"cloudbridge2fa-login-button","cloudbridge2fa-login-input","cloudbridge2fa-admin-form-section","cloudbridge2fa-admin-field-label","cloudbridge2fa-admin-field-input","cloudbridge2fa-admin-alert","cb2fa-login-error-message","cb2fa-admin-notice",[452,453,454],"\u003C!-- Cloudbridge 2FA -->","\u003C!-- Cloudbridge 2FA Login Form -->","\u003C!-- Cloudbridge 2FA Admin Settings -->",[456,457],"data-cb2fa-action","data-cb2fa-user-id",[459],"\u002Fwp-json\u002Fcloudbridge-2fa\u002Fv1\u002Fvalidate-code",[461,462,463],"Cloudbridge2FA","cb2fa_ajax_object","Cloudbridge_2FA_Admin",[]]