[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-k2pvmeO0sA-PCbdBDq29PUdZC1oNjJnOVgpa-2Ph3I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":44,"crawl_stats":34,"alternatives":52,"analysis":159,"fingerprints":239},"custom-login-url","Custom Login URL","1.0.3","Greg Winiarski","https:\u002F\u002Fprofiles.wordpress.org\u002Fgwin\u002F","\u003Cp>Custom Login URL (CLU) is a lightweight plugin that allows to customize default WP login, registration and password\u003Cbr \u002F>\nreminder URLs without modifying any files, simple and swift.\u003C\u002Fp>\n\u003Cp>Why would anyone would want to use this plugin? Well, after developing some sites it turned\u003Cbr \u002F>\nout that site owners do not want to reveal to customers that they are using WordPress, hence the plugin that will mask\u003Cbr \u002F>\noriginal URLs.\u003C\u002Fp>\n\u003Cp>What the plugin can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>change \u002Fwp-login.php to for example \u002Fuser\u002Flogin\u002F\u003C\u002Fli>\n\u003Cli>change \u002Fwp-login.php?action=register to for example \u002Fuser\u002Fregister\u002F\u003C\u002Fli>\n\u003Cli>change \u002Fwp-login.php?action=lostpassword to for example \u002Fuser\u002Fremind\u002F\u003C\u002Fli>\n\u003Cli>change \u002Fwp-login.php?action=logout to for example \u002Fuser\u002Flogout\u002F\u003C\u002Fli>\n\u003Cli>you can define your own custom paths for each URL above\u003C\u002Fli>\n\u003Cli>set successfull login and logout redirect URLs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In order to make the plugin work you need to have Permalinks enabled in WP Settings.\u003C\u002Fp>\n","Whitelabel your site by hiding wp-login.php in the login and registration URLs",1000,49777,76,18,"2025-09-15T13:23:00.000Z","6.8.5","6.0","",[4,20],"custom-registration-url","https:\u002F\u002Fsimpliko.pl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url.1.0.3.zip",99,1,0,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":6,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":43},"CVE-2025-58969","custom-login-url-missing-authorization","Custom Login URL \u003C= 1.0.2 - Missing Authorization","The Custom Login URL plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clu_options_validate() function in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to update plugin settings.",null,"\u003C=1.0.2","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-09-26 20:17:44",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F40d6a34b-cad5-4908-b57e-be1138531172?source=api-prod",5,{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"gwin",4,6140,83,6,88,"2026-04-04T02:51:21.722Z",[53,78,97,122,141],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":18,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":25,"last_vuln_date":77,"fetched_at":27},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","6.9.4","4.1","7.0",[4,70,71,72,73],"login","rename","wp-login","wp-login-php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,10,"2024-06-24 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":49,"last_updated":89,"tested_up_to":66,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"rename-wp-admin-login","Rename wp-admin login","1.0.0","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>\u003Cem>Rename wp-admin login\u003C\u002Fem> is a plugin that allows us to rename wp-admin login URL to anything you want. It does not change WordPress core files, the plugin simply intercepts page requests and works on any WordPress website. After you activate this plugin the wp-admin URL and wp-login.php will become unavailable, so you should bookmark or remember the url. Disable this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002Freviews\u002F?filter=5\" rel=\"ugc\">Rate It\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fnunosarmento\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a problem?\u003C\u002Fstrong> Please write a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002F\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use the plugin\u003C\u002Fh3>\n\u003Cp>Go under Settings and then click on “Permalinks” and change your URL under “Rename wp-admin login”.\u003C\u002Fp>\n\u003Cp>Step 1: Add new login URL\u003C\u002Fp>\n\u003Cp>Step 2: Add redirect URL\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was forked\u002Fadapted\u002Ffixed\u002Fupdated from this plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-login\u002F – @ellatrix thank you for starting the base of my plugin.\u003C\u002Fp>\n","Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want",7000,17102,86,"2025-12-02T13:00:00.000Z","5.0",[92,4,70,79,93],"change-wp-login","wp-admin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-admin-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-admin-login.1.0.0.zip",100,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":88,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":117,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":25,"last_vuln_date":121,"fetched_at":27},"login-page-styler","Login Page Styler – Custom WordPress Login Page Customizer & Security","7.1.2","Zia Imtiaz","https:\u002F\u002Fprofiles.wordpress.org\u002Fzia-imtiaz\u002F","\u003Cp>\u003Cstrong>Login Page Styler\u003C\u002Fstrong> is a powerful WordPress plugin that allows you to completely customize and secure your WordPress login page.\u003C\u002Fp>\n\u003Cp>Create a professional branded login experience while improving login security and protecting your website from unauthorized access.\u003C\u002Fp>\n\u003Cp>Whether you want to change your login logo, background, login URL, or add reCAPTCHA protection, Login Page Styler makes it simple with an easy-to-use interface.\u003C\u002Fp>\n\u003Cp>Perfect for website owners, developers, agencies, and businesses that want a professional login page without coding.\u003C\u002Fp>\n\u003Cp>🔥 \u003Cstrong>Login Page Customization Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Custom WordPress login page design\u003Cbr \u002F>\n• Upload your own login logo\u003Cbr \u002F>\n• Custom login backgrounds (images, videos, gradients)\u003Cbr \u002F>\n• Pre-designed login page templates\u003Cbr \u002F>\n• Custom CSS and JavaScript support\u003Cbr \u002F>\n• Google Fonts support\u003Cbr \u002F>\n• Fully responsive login page design\u003C\u002Fp>\n\u003Cp>🔐 \u003Cstrong>Login Security Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Custom WordPress login URL\u003Cbr \u002F>\n• Google reCAPTCHA protection\u003Cbr \u002F>\n• Limit login attempts\u003Cbr \u002F>\n• IP address blocking\u003Cbr \u002F>\n• Region blocking\u003Cbr \u002F>\n• Login activity logs\u003Cbr \u002F>\n• Brute force attack protection\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Login Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Track login activity with detailed logs including:\u003C\u002Fp>\n\u003Cp>• User login time\u003Cbr \u002F>\n• User roles\u003Cbr \u002F>\n• IP address\u003Cbr \u002F>\n• Location data\u003Cbr \u002F>\n• Failed login attempts\u003C\u002Fp>\n\u003Cp>This helps administrators monitor suspicious login behavior.\u003C\u002Fp>\n\u003Cp>⚡ \u003Cstrong>Performance & Ease of Use\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>• Lightweight plugin\u003Cbr \u002F>\n• No coding required\u003Cbr \u002F>\n• Fast loading login pages\u003Cbr \u002F>\n• Beginner-friendly settings panel\u003Cbr \u002F>\n• Compatible with most WordPress themes\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>Why Use Login Page Styler\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A default WordPress login page looks generic and provides limited security options.\u003C\u002Fp>\n\u003Cp>Login Page Styler helps you:\u003C\u002Fp>\n\u003Cp>• Build trust with branded login pages\u003Cbr \u002F>\n• Improve website security\u003Cbr \u002F>\n• Prevent brute-force attacks\u003Cbr \u002F>\n• Monitor login activity\u003Cbr \u002F>\n• Customize login design easily\u003C\u002Fp>\n\u003Ch3>Upgrade to Pro\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Cstrong>Login Page Styler Pro\u003C\u002Fstrong> to unlock advanced features:\u003C\u002Fp>\n\u003Cp>• Premium login templates\u003Cbr \u002F>\n• Social login integration\u003Cbr \u002F>\n• Two-factor authentication\u003Cbr \u002F>\n• Advanced login security\u003Cbr \u002F>\n• Priority support\u003C\u002Fp>\n\u003Cp>👉 https:\u002F\u002Fpluginnestwp.website\u002F\u003C\u002Fp>\n","Customize and secure your WordPress login page with logo, backgrounds, templates, custom login URL, reCAPTCHA protection, and login activity logs — no &hellip;",3000,237870,174,"2026-03-08T15:20:00.000Z","6.7.5","4.0","5.3",[113,4,114,115,116],"custom-login-page","login-logo","login-page-customizer","wordpress-login-page","https:\u002F\u002Fpluginnestwp.website\u002Fcustom-login-page-styler\u002F\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-page-styler.7.1.2.zip",97,3,"2025-01-30 00:00:00",{"slug":123,"name":124,"version":81,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":25,"num_ratings":25,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":140,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"hide-wp-admin-login","Hide WP Admin Login","AppAspect Technologies Pvt. Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fappaspect\u002F","\u003Cp>This plugin \u003Cem>Hide WP Admin Login\u003C\u002Fem> allows to change the default WordPress Admin URL from wp-login.php and wp-admin to anything you want. All original links turn the default theme to “404 Not Found” page without rename or change files in core, nor does it add rewrite rules. Secure your website in just minutes with the \u003Cem>Hide WP Admin Login\u003C\u002Fem> plugin. Protect your WordPress site against hacker bots and spammers. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n","Change WordPress wp-login.php URL to anything you want.",600,3118,"2023-12-18T09:22:00.000Z","6.4.8","5.6","7.1",[136,4,123,137],"change-login-url","wordpress-login-url","https:\u002F\u002Fappaspectshop.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-wp-admin-login.1.0.0.zip",85,{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":96,"num_ratings":43,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":18,"tags":154,"homepage":157,"download_link":158,"security_score":140,"vuln_count":25,"unpatched_count":25,"last_vuln_date":34,"fetched_at":27},"rename-wp-loginphp-to-anything-you-want","Rename wp-login.php to anything you want","2.0.1","travispluse","https:\u002F\u002Fprofiles.wordpress.org\u002Ftravispluse\u002F","\u003Cp>This plugin changes the way you login into your website.\u003C\u002Fp>\n\u003Cp>–loginsecurity includes–\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blocks IP after maximum retries allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Extended Lockout after maximum lockouts allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Email notification to admin after max lockouts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blacklist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Whitelist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Check logs of failed attempts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Create IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Delete IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Licensed under GNU GPL version 3\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Safe & Secure\u003Cbr \u002F>\u003C\u002Fp>\n","This plugin changes the way you login into your website.",500,8851,"2016-08-13T06:36:00.000Z","4.5.33","3.0",[155,4,70,156,73],"custom","login-custom","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-loginphp-to-anything-you-want\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-loginphp-to-anything-you-want.2.0.1.zip",{"attackSurface":160,"codeSignals":197,"taintFlows":204,"riskAssessment":230,"analyzedAt":238},{"hooks":161,"ajaxHandlers":193,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":25,"unprotectedCount":25},[162,168,171,175,179,185,189],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","init","clu_init_urls","custom-login-url.php",12,{"type":163,"name":164,"callback":169,"file":166,"line":170},"clu_init_redirect",13,{"type":163,"name":172,"callback":173,"file":166,"line":174},"generate_rewrite_rules","clu_generate_rewrite_rules",14,{"type":163,"name":176,"callback":177,"file":166,"line":178},"admin_init","clu_admin_init",19,{"type":180,"name":181,"callback":182,"file":183,"line":184},"filter","login_redirect","clu_login_redirect","functions.php",51,{"type":180,"name":186,"callback":187,"priority":76,"file":183,"line":188},"site_url","clu_site_url",54,{"type":180,"name":190,"callback":191,"priority":76,"file":183,"line":192},"wp_redirect","clu_wp_redirect",55,[],[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":25,"externalRequests":25,"nonceChecks":24,"capabilityChecks":25,"bundledLibraries":203},[],{"prepared":25,"raw":25,"locations":200},[],{"escaped":167,"rawEcho":25,"locations":202},[],[],[205,222],{"entryPoint":206,"graph":207,"unsanitizedCount":24,"severity":36},"clu_init_redirect (functions.php:168)",{"nodes":208,"edges":219},[209,214],{"id":210,"type":211,"label":212,"file":183,"line":213},"n0","source","$_GET",187,{"id":215,"type":216,"label":217,"file":183,"line":218,"wp_function":190},"n1","sink","wp_redirect() [Open Redirect]",205,[220],{"from":210,"to":215,"sanitized":221},false,{"entryPoint":223,"graph":224,"unsanitizedCount":24,"severity":36},"\u003Cfunctions> (functions.php:0)",{"nodes":225,"edges":228},[226,227],{"id":210,"type":211,"label":212,"file":183,"line":213},{"id":215,"type":216,"label":217,"file":183,"line":218,"wp_function":190},[229],{"from":210,"to":215,"sanitized":221},{"summary":231,"deductions":232},"The 'custom-login-url' plugin, version 1.0.3, exhibits a generally strong security posture based on the static analysis. It demonstrates excellent adherence to secure coding practices, with no detected dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The absence of file operations and external HTTP requests further minimizes potential attack vectors.  The presence of a nonce check is also a positive sign for input validation.\n\nHowever, a significant concern arises from the taint analysis, which identified two flows with unsanitized paths. While these are not currently classified as critical or high severity, unsanitized paths can be a precursor to vulnerabilities, especially if they interact with user-supplied input that is not adequately validated.  Furthermore, the plugin's vulnerability history indicates a past medium severity vulnerability attributed to missing authorization. Although there are no currently unpatched vulnerabilities, this history suggests a pattern where authorization checks might be overlooked or implemented incorrectly.\n\nIn conclusion, while the static code analysis reveals a technically sound implementation with strong defenses against common vulnerabilities, the presence of unsanitized paths in taint analysis and the historical pattern of missing authorization vulnerabilities are notable weaknesses. Future development should prioritize thorough sanitization of all user inputs and robust authorization checks on all functionalities, especially those that modify or expose sensitive data or settings. The plugin's strengths lie in its secure handling of SQL and output, but these must be complemented by vigilant path sanitization and authorization.",[233,236],{"reason":234,"points":235},"Flows with unsanitized paths identified",8,{"reason":237,"points":76},"Past medium vulnerability (Missing Authorization)","2026-03-16T18:47:00.433Z",{"wat":240,"direct":247},{"assetPaths":241,"generatorPatterns":243,"scriptPaths":244,"versionParams":245},[242],"\u002Fwp-content\u002Fplugins\u002Fcustom-login-url\u002Fcss\u002Fstyle.css",[],[],[246],"custom-login-url\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":248,"htmlComments":249,"htmlAttributes":250,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":253},[],[],[],[],[],[]]