[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$for-kMMUC-2cDvouGmN7xueJxlWMiG1XLg6HGB-OwwHY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":236},"custom-login-url-manager","Custom Login URL Manager – Hide Login Admin URL","1.1.2","WPDesigner","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdesignerpl\u002F","\u003Cp>Custom Login URL Manager allows you to secure your WordPress site by changing the default login URL (wp-login.php) to a custom URL. This helps protect against unauthorized login attempts and automated bots trying to access your admin panel.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL\u003C\u002Fstrong>: Replace the default WordPress login URL with a custom one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login URL Redirect\u003C\u002Fstrong>: Redirect unauthorized access attempts (e.g., wp-login.php or wp-admin) to a specified URL, such as a custom error page or homepage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Easily configure your login URL and redirect settings through the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Enhancement\u003C\u002Fstrong>: Hides the default login page, adding an extra layer of security to your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: .pot file included for easy translation into different languages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Languages\u003C\u002Fstrong>: Available in both English and Polish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Ch3>Donate Link\u003C\u002Fh3>\n\u003Cp>If you’d like to support the development of this plugin, consider donating at: https:\u002F\u002Fko-fi.com\u002Fwpdesigner\u003C\u002Fp>\n","Change the default WordPress login URL and redirect unauthorized attempts to a specified page for enhanced security.",0,1093,"","6.6.5","6.2","7.2.5",[18,19,20,21,22],"custom-login","login-redirect","login-url","security","wp-login-php","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-url-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url-manager.1.1.2.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"wpdesignerpl",2,96,30,91,"2026-04-04T04:30:19.596Z",[37,59,81,101,115],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,3,"2025-07-01T05:30:00.000Z","6.8.5","5.0","7.2",[53,54,21,55,22],"custom-login-url","hide-login","wp-admin","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":32,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":13,"download_link":78,"security_score":79,"vuln_count":45,"unpatched_count":11,"last_vuln_date":80,"fetched_at":58},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,2101,"2026-01-12T08:47:00.000Z","6.9.4","4.1","7.0",[53,75,76,77,22],"login","rename","wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":25,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":13,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"rename-wp-loginphp-to-anything-you-want","Rename wp-login.php to anything you want","2.0.1","travispluse","https:\u002F\u002Fprofiles.wordpress.org\u002Ftravispluse\u002F","\u003Cp>This plugin changes the way you login into your website.\u003C\u002Fp>\n\u003Cp>–loginsecurity includes–\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blocks IP after maximum retries allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Extended Lockout after maximum lockouts allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Email notification to admin after max lockouts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blacklist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Whitelist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Check logs of failed attempts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Create IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Delete IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Licensed under GNU GPL version 3\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Safe & Secure\u003Cbr \u002F>\u003C\u002Fp>\n","This plugin changes the way you login into your website.",500,8851,5,"2016-08-13T06:36:00.000Z","4.5.33","3.0",[96,53,75,97,22],"custom","login-custom","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-loginphp-to-anything-you-want\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-loginphp-to-anything-you-want.2.0.1.zip",85,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":45,"downloaded":109,"rating":11,"num_ratings":11,"last_updated":110,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":111,"homepage":13,"download_link":114,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",612,"2025-05-09T10:19:00.000Z",[112,53,113,21,55],"brute-force-protection","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":45,"downloaded":123,"rating":25,"num_ratings":124,"last_updated":13,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":132,"download_link":133,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"login-secure","Login Secure","1.0.1","Rizwan Abbasi","https:\u002F\u002Fprofiles.wordpress.org\u002Frizwanabbasi\u002F","\u003Ch3>Try it out on your free dummy site:\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fnew?pre-installed-plugin-slug=login-secure&redirect=options-general.php%3Fpage%3Dlogin-secure&ni=true\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003Cbr \u002F>\nLogin Secure is an easy-to-use and user-friendly WordPress plugin that secures your website from unauthorized users. Blocks default WordPress login URLs and require a special code in WordPress Login URL.\u003C\u002Fp>\n\u003Cp>After installing and activating the plugin, go to ‘Settings>>Login Secure’ link. Enter a unique string and click save changes.\u003Cbr \u002F>\nYour WordPress login URL will be the one displayed on that page.\u003C\u002Fp>\n\u003Cp>After storing a unique string, your default WordPress login URL will not work, even user can not log in by going to\u003Cbr \u002F>\nhttp:\u002F\u002Fexample.com\u002Fwp-admin where example.com is your WordPress installation link.\u003C\u002Fp>\n","Try it out on your free dummy site:",1252,1,"5.8.13","4.6","5.2.4",[129,130,53,131,21],"block-login-url","brute-force","secure-login","http:\u002F\u002Frizwanabbasi.com\u002Flogin-secure\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-secure.zip",{"attackSurface":135,"codeSignals":201,"taintFlows":228,"riskAssessment":229,"analyzedAt":235},{"hooks":136,"ajaxHandlers":197,"restRoutes":198,"shortcodes":199,"cronEvents":200,"entryPointCount":11,"unprotectedCount":11},[137,143,147,152,157,161,165,169,172,175,178,181,184,188,191,195],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_init","clumanager_register_settings","admin\\admin-settings.php",63,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_notices","clumanager_admin_notices",71,{"type":138,"name":148,"callback":149,"file":150,"line":151},"plugins_loaded","clumanager_load_textdomain","custom-login-url-manager.php",21,{"type":153,"name":154,"callback":155,"priority":45,"file":150,"line":156},"filter","gettext","clum_translate_plugin_description",32,{"type":138,"name":158,"callback":159,"file":150,"line":160},"admin_enqueue_scripts","clumanager_enqueue_admin_styles",35,{"type":138,"name":162,"callback":163,"file":150,"line":164},"admin_menu","clumanager_add_admin_menu",41,{"type":138,"name":148,"callback":166,"file":167,"line":168},"init","includes\\class-login-url-handler.php",12,{"type":138,"name":166,"callback":170,"priority":124,"file":167,"line":171},"handle_request",20,{"type":138,"name":173,"callback":174,"priority":124,"file":167,"line":151},"wp_loaded","handle_admin_access",{"type":153,"name":176,"callback":176,"priority":45,"file":167,"line":177},"site_url",22,{"type":153,"name":179,"callback":179,"priority":45,"file":167,"line":180},"network_site_url",23,{"type":153,"name":182,"callback":182,"priority":45,"file":167,"line":183},"wp_redirect",24,{"type":153,"name":185,"callback":186,"file":167,"line":187},"site_option_welcome_email","welcome_email",25,{"type":153,"name":189,"callback":189,"priority":45,"file":167,"line":190},"login_url",26,{"type":138,"name":144,"callback":192,"file":193,"line":194},"clumanager_show_notice","includes\\class-login-url-notice.php",11,{"type":138,"name":139,"callback":196,"file":193,"line":168},"clumanager_dismiss_notice",[],[],[],[],{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":11,"externalRequests":11,"nonceChecks":47,"capabilityChecks":11,"bundledLibraries":227},[],{"prepared":11,"raw":11,"locations":204},[],{"escaped":194,"rawEcho":168,"locations":206},[207,209,210,212,214,216,218,220,222,224,225,226],{"file":141,"line":180,"context":208},"raw output",{"file":141,"line":187,"context":208},{"file":141,"line":211,"context":208},28,{"file":213,"line":168,"context":208},"includes\\class-login-url-info.php",{"file":213,"line":215,"context":208},13,{"file":213,"line":217,"context":208},15,{"file":213,"line":219,"context":208},17,{"file":213,"line":221,"context":208},18,{"file":213,"line":223,"context":208},19,{"file":213,"line":171,"context":208},{"file":213,"line":151,"context":208},{"file":213,"line":183,"context":208},[],[],{"summary":230,"deductions":231},"The \"custom-login-url-manager\" plugin v1.1.2 demonstrates a generally good security posture with no reported vulnerabilities or known CVEs.  The static analysis reveals a minimal attack surface, with zero exposed entry points like AJAX handlers, REST API routes, or shortcodes.  The code also appears to handle SQL queries securely using prepared statements and includes a reasonable number of nonce checks.  However, there is a notable concern regarding output escaping, with almost half of the outputs not being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed to the user.\n\nWhile the plugin's vulnerability history is clean, the lack of robust output escaping is a significant weakness. The absence of any capability checks on entry points, though mitigated by the zero attack surface, could be a potential risk if the plugin were to be expanded in the future without proper authorization checks.  Therefore, while the current state is relatively safe due to the limited functionality and attack surface, the unescaped output presents a tangible risk that should be addressed.",[232],{"reason":233,"points":234},"Almost half of outputs are not properly escaped",8,"2026-03-17T05:42:03.201Z",{"wat":237,"direct":243},{"assetPaths":238,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[239],"\u002Fwp-content\u002Fplugins\u002Fcustom-login-url-manager\u002Fassets\u002Fcss\u002Fadmin-styles.css",[],[],[],{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[],[],[],[]]