[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLiiHo0EGkjXTjV0UtnuZ0p-UQT3w9ABvrjXPchxDdP0":3,"$f8cYZoDxWcatLRNMAclFWLwzIYyFasXEUkgvEZtocoa4":252,"$fyIiJcVlWJwgfKA20THyS32d5A0P9Vy8qg-uMeUrRsrA":257},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":218},"devch-passkey-login","Devch Passkey Login","1.0.0","Devansh Chaudhary","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevansh2002\u002F","\u003Cp>Devch Passkey Login provides secure passkey-based login while preserving existing WordPress password login.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passkey registration and authentication (WebAuthn\u002FFIDO2)\u003C\u002Fli>\n\u003Cli>WordPress Multisite network support\u003C\u002Fli>\n\u003Cli>Network admin settings and audit log\u003C\u002Fli>\n\u003Cli>User profile passkey management\u003C\u002Fli>\n\u003Cli>Secure REST API endpoints under \u003Ccode>\u002Fwp-json\u002Fdevch-passkey-login\u002Fv1\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Password login remains available\u003C\u002Fli>\n\u003C\u002Ful>\n","Passwordless passkey authentication (WebAuthn\u002FFIDO2) for WordPress and WordPress Multisite.",0,83,"2026-04-03T09:34:00.000Z","6.9.4","6.3","7.4",[18,19,20,21,22],"login","multisite","passkey","security","webauthn","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevch-passkey-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevch-passkey-login.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"devansh2002",1,30,94,"2026-05-20T03:57:11.512Z",[37,58,82,102,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":14,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":32,"last_vuln_date":57,"fetched_at":27},"wp-webauthn","WP-WebAuthn","1.4.1","Axton","https:\u002F\u002Fprofiles.wordpress.org\u002Faxton\u002F","\u003Cp>WebAuthn is a new way for you to authenticate in web. It helps you replace your passwords with devices like Passkeys, USB Keys, fingerprint scanners, Windows Hello compatible cameras, FaceID\u002FTouchID and more. Using WebAuthn, you can login to your a website with a glance or touch.\u003C\u002Fp>\n\u003Cp>When using WebAuthn, you just need to click once and perform a simple verification on the authenticator, then you are logged in. \u003Cstrong>No password needed.\u003C\u002Fstrong> If your device supports Passkey, your authenticator can roam seamlessly across multiple devices for a more convenient login experience.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn is a plug-in for WordPress to enable WebAuthn on your site. Just download and install it, and you are in the future of web authentication.\u003C\u002Fp>\n\u003Cp>WP-WebAuthn also supports usernameless authentication.\u003C\u002Fp>\n\u003Cp>This plugin has 4 built-in shortcodes and 4 built-in Gutenberg blocks, so you can add components like register form to frontend pages.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"http:\u002F\u002Fdoc.flyhigher.top\u002Fwp-webauthn\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> before using the plugin.\u003C\u002Fp>\n\u003Cp>This plugin currently has \u003Cem>BETA\u003C\u002Fem> multisite support, if you find any issue in multisite, feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">open an issue\u003C\u002Fa> on GitHub.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP extensions gmp and mbstring are required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WebAuthn requires HTTPS connection or \u003Ccode>localhost\u003C\u002Fcode> to function normally.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can contribute to this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyrccondor\u002Fwp-webauthn\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please note that this plugin does NOT support Internet Explorer (including IE 11). To use FaceID or TouchID, you need to use iOS\u002FiPadOS 14+.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Security and Privacy\u003C\u002Fh4>\n\u003Cp>WebAuthn has become a W3C Recommendation since March 2019, which enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users using hardware authenticators. WebAuthn focuses on both security and privacy, it offers the possibility to create a secure authentication process without having to transfer any private data such as recognition data and fingerprint data. It will be the future of web authentication.\u003C\u002Fp>\n\u003Ch4>GDPR Friendly\u003C\u002Fh4>\n\u003Cp>When authenticating with WebAuthn, no private data will leave user’s device and no third-party involvement. The credentials transferred are not associate to any user’s information but only for authentication. It’s GDPR Friendly.\u003C\u002Fp>\n","WP-WebAuthn enables passwordless login through FIDO2 and U2F devices like Passkey, FaceID or Windows Hello for your site.",2000,23690,90,17,"2026-04-15T17:57:00.000Z","5.0",[52,18,20,21,22],"fido","https:\u002F\u002Fflyhigher.top","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-webauthn.1.4.1.zip",74,3,"2026-03-20 15:20:53",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":14,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":11,"last_vuln_date":81,"fetched_at":27},"login-with-ajax","Login With Ajax – Fast Logins, 2FA, Redirects","4.5.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>Login With Ajax is for sites that need user logins or registrations and would like to avoid the normal wordpress login pages, or add AJAX effects to the regular login pages. This plugin adds the capability of placing a login widget in the sidebar with smooth AJAX login effects.\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AJAX-powered logins, no screen refreshes!\n\u003Cul>\n\u003Cli>Login\u003C\u002Fli>\n\u003Cli>Registration\u003C\u002Fli>\n\u003Cli>Remember\u002FReset Password\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>PassKeys \u003Cstrong>(new in 4.4)\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Next-Generation security, no passwords required!\u003C\u002Fli>\n\u003Cli>Users can log in without a username AND password.\u003C\u002Fli>\n\u003Cli>Biometric support (fingerprint, face ID, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>2FA – Two-Factor Authentication\n\u003Cul>\n\u003Cli>TOTP – Time-based One-Time Password\u003C\u002Fli>\n\u003Cli>Scan a QR code with popular authenticator apps like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Email – Send a code to the user’s email address\u003C\u002Fli>\n\u003Cli>Backup Codes – Generate and use backup codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Integrate 2FA setup options in other plugin account pages\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>“AJAXify” other login forms\n\u003Cul>\n\u003Cli>Create a better login experience in the default WP login form with AJAX effects for logins, password recovery and registration.\u003C\u002Fli>\n\u003Cli>Regular WP login and registration forms\u003C\u002Fli>\n\u003Cli>WooCommerce login forms\u003C\u002Fli>\n\u003Cli>Events Manager login forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Many ways to display and customize your login form:\n\u003Cul>\n\u003Cli>Gutenberg Blocks\u003C\u002Fli>\n\u003Cli>Full-site editor compatible\u003C\u002Fli>\n\u003Cli>Widgets (classic and blocks)\u003C\u002Fli>\n\u003Cli>Shortcode\u003C\u002Fli>\n\u003Cli>Template Tags\u003C\u002Fli>\n\u003Cli>PHP API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Flexible templates and options\n\u003Cul>\n\u003Cli>Multiple templates to choose from\u003C\u002Fli>\n\u003Cli>Including Modal\u002FPop-Up login forms\u003C\u002Fli>\n\u003Cli>Responsive and Accessible!\u003C\u002Fli>\n\u003Cli>Choose a base color for each individual login form.\u003C\u002Fli>\n\u003Cli>Individual display options via all display methods (e.g. Gutenberg Blocks, Shortcode etc.)\u003C\u002Fli>\n\u003Cli>Create your own upgrade-safe templates, or override our own ones.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Login\u002FLogout redirections\n\u003Cul>\n\u003Cli>Redirect users to custom URLs on Login and Logout\u003C\u002Fli>\n\u003Cli>Redirect users with different roles to custom URLs\u003C\u002Fli>\n\u003Cli>WPML – Language-specific redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Modify registration email templates\u003C\u002Fli>\n\u003Cli>Other Features\n\u003Cul>\n\u003Cli>Disable CSS styling (via shortcode or PHP display methods)\u003C\u002Fli>\n\u003Cli>SSL-compatible\u003C\u002Fli>\n\u003Cli>Fallback mechanism, will still work on javascript-disabled browsers\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, MultiSite, BuddyPress and many other plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Developer Friendly\n\u003Cul>\n\u003Cli>Multiple PHP and JS hooks\u003C\u002Fli>\n\u003Cli>Overridable CSS and JS files\u003C\u002Fli>\n\u003Cli>Easy-to-customize and overridable template files\u003C\u002Fli>\n\u003Cli>Well-documented\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>First released in 2009, the oldest login plugin for WordPress, regularly maintained and updated since then!\u003C\u002Fp>\n\u003Ch4>Pro Add-On Features\u003C\u002Fh4>\n\u003Cp>As of version 4.0, \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002F\" rel=\"nofollow ugc\">we now offer a Pro add-on\u003C\u002Fa> which extends Login With AJAX with multiple new features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Security Features\u003C\u002Fem> – Harden the security of your login forms\n\u003Cul>\n\u003Cli>2FA – Additional Two-Factor Authentication Methods:\u003C\u002Fli>\n\u003Cli>SMS – Send a code to the user’s phone\u003C\u002Fli>\n\u003Cli>WhatsApp – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>Telegram – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>reCaptcha (v2, v2 Invisible and v3)\u003C\u002Fli>\n\u003Cli>Login limiter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cem>3rd Party Page Builder Blocks\u002FWidgets\u002FModules\u003C\u002Fem>\n\u003Cul>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>More on the way!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Help\u002FSupport\u003C\u002Fh4>\n\u003Cblockquote>\u003Cp> Version 4 is a major overhaul of the plugin, which has remained largely unchanged for 11 years yet remained a staple tool for logins to WordPress! Changes include a complete rewrite of login templates updated to modern stadnards and practices, as well as new WP features such as Gutenberg Blocks. \u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Cp>If you’re stuck, we strongly suggest visiting our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\u002F\" rel=\"nofollow ugc\">Documentation Site\u003C\u002Fa> which contains exensive information and advice on setup and troubleshooting.\u003C\u002Fp>\n\u003Cp>If you have any problems with the plugin after reading our \u003Ca href=\"https:\u002F\u002Fdoocs.loginwithajax.com\u002Ftroubleshooting\u002F\" rel=\"nofollow ugc\">Troubleshooting\u003C\u002Fa>, please visit our freely supported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Flogin-with-ajax\" rel=\"ugc\">community forums\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002Fgopro\u002F\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> for premium support.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Please visit our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\" rel=\"nofollow ugc\">documentation site\u003C\u002Fa>, which is regularly and extensively maintained and updated with all the information relevant to getting started, advanced setup and troubleshooting common issues.\u003C\u002Fp>\n","Add beautiful login forms with smooth AJAX login\u002Fregistration effects, 2FA support, custom redrection options and many more login-related features!",20000,1128486,92,166,"2025-12-03T15:37:00.000Z","4.8","5.2",[74,18,75,76,21],"2fa","passkeys","registration","https:\u002F\u002Floginwithajax.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-ajax.4.5.1.zip",99,6,"2024-04-10 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":14,"requires_at_least":95,"requires_php":16,"tags":96,"homepage":99,"download_link":100,"security_score":79,"vuln_count":32,"unpatched_count":11,"last_vuln_date":101,"fetched_at":27},"secure-passkeys","Secure Passkeys","1.2.4","Mohamed Endisha","https:\u002F\u002Fprofiles.wordpress.org\u002Fendisha\u002F","\u003Cp>Secure Passkeys is a powerful WordPress plugin that enables seamless passwordless authentication using WebAuthn technology. By eliminating the need for traditional passwords, it enhances security and improves the user login experience. With support for biometric authentication, security keys, and device-bound credentials, Secure Passkey provides a robust and user-friendly solution for modern authentication.\u003C\u002Fp>\n\u003Cp>Unlike traditional password-based authentication, Secure Passkey leverages cryptographic key pairs to ensure secure logins. The private key remains securely stored on the user’s device, while the public key is registered with the WordPress site. This method protects against phishing attacks and password breaches, ensuring that only authorized users can gain access.\u003C\u002Fp>\n\u003Cp>Secure Passkeys integrates effortlessly into WordPress, allowing users to register and manage their passkeys from their profile settings. Once registered, users can log in using their fingerprint, face recognition, or a hardware security key without the need to remember or enter a password.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login:\u003C\u002Fstrong> Secure authentication via WebAuthn with biometric devices, security keys, Touch ID, Face ID, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced User Experience:\u003C\u002Fstrong>  Password-free login for a smoother user journey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration Support:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WooCommerce login page\u003C\u002Fli>\n\u003Cli>MemberPress login form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads login form\u003C\u002Fli>\n\u003Cli>Ultimate Member login form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Management:\u003C\u002Fstrong>  Administrators can delete, activate, or deactivate users directly from plugin settings or user profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkeys Reminder Notice:\u003C\u002Fstrong>  New option to enable or disable the passkeys reminder notice in the WordPress admin area for users who have not yet enabled passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging:\u003C\u002Fstrong>  Monitor activity logs and track last login\u002Fregistration of passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys:\u003C\u002Fstrong> Supports multiple passkey registrations per user, with the option to set a registration limit or allow unlimited registrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Restrictions:\u003C\u002Fstrong> Restrict and exclude specific user roles from using passkey authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Settings:\u003C\u002Fstrong>  Adjust timeout settings for passkey registration and login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Verification:\u003C\u002Fstrong> Enforce user verification for enhanced security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Customization:\u003C\u002Fstrong> Easily customize frontend themes or add your own with basic frontend skills.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Support:\u003C\u002Fstrong> Supports pre-built themes like YOOtheme (UIkit) for frontend shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Embed passkey login and registration forms on custom frontend pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkey Display:\u003C\u002Fstrong> Show passkey details in admin user lists and profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Supports WordPress Multisite and single-site installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Optimization:\u003C\u002Fstrong>  Option to allow or disallow automatic deletion of old challenge records and activity logs (configurable schedule).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.0 or newer.\u003C\u002Fli>\n\u003Cli>PHP version 7.4 or newer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Secure Passkeys is licensed under the GNU General Public License v2 or later.\u003C\u002Fp>\n","Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.",1000,5726,96,18,"2026-01-30T19:50:00.000Z","6.0",[18,75,97,98,22],"passwordless","secure","https:\u002F\u002Fendisha.ly\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-passkeys.1.2.4.zip","2025-09-19 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":90,"downloaded":110,"rating":68,"num_ratings":111,"last_updated":112,"tested_up_to":14,"requires_at_least":95,"requires_php":113,"tags":114,"homepage":116,"download_link":117,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"two-factor-provider-webauthn","WebAuthn Provider for Two Factor","2.6.1","Volodymyr Kolesnykov","https:\u002F\u002Fprofiles.wordpress.org\u002Fvolodymyrkolesnykov\u002F","\u003Cp>This plugin adds WebAuthn and passkey support to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F\" rel=\"ugc\">Two Factor\u003C\u002Fa> plugin, providing a modern, secure authentication method.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for WebAuthn and passkeys (Windows Hello, Touch ID, YubiKeys, etc.)\u003C\u002Fli>\n\u003Cli>Backward compatibility with previously registered U2F security keys\u003C\u002Fli>\n\u003Cli>User-friendly settings and seamless authentication experience\u003C\u002Fli>\n\u003Cli>Customizable error logging and behavior via action hooks\u003C\u002Fli>\n\u003Cli>Works with the Two Factor plugin for flexible 2FA authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin enables users to register and use hardware security keys and platform authenticators for stronger protection against password-based attacks and phishing.\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsjinks\u002Fwp-two-factor-provider-webauthn\u002Fissues\" rel=\"nofollow ugc\">GitHub issues\u003C\u002Fa> to report bugs;\u003C\u002Fli>\n\u003Cli>the full source code with all development files is available on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsjinks\u002Fwp-two-factor-provider-webauthn\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","WebAuthn authentication provider for Two Factor plugin.",36620,11,"2026-03-12T08:17:00.000Z","8.1",[74,18,21,115,22],"two-factor","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-provider-webauthn.2.6.1.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":11,"num_ratings":11,"last_updated":128,"tested_up_to":14,"requires_at_least":50,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","7.2",[131,75,97,21,22],"authentication","https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",{"attackSurface":135,"codeSignals":200,"taintFlows":213,"riskAssessment":214,"analyzedAt":217},{"hooks":136,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":199,"entryPointCount":32,"unprotectedCount":11},[137,143,146,150,153,158,161,165,167,172,176,180,183,187],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_notices","closure","devch-passkey-login.php",24,{"type":138,"name":144,"callback":140,"file":141,"line":145},"plugins_loaded",52,{"type":138,"name":147,"callback":147,"file":148,"line":149},"admin_menu","includes\u002Fadmin\u002Fclass-passkey-login-admin.php",19,{"type":138,"name":151,"callback":152,"file":148,"line":126},"admin_init","register_settings",{"type":138,"name":154,"callback":155,"file":156,"line":157},"network_admin_menu","menu","includes\u002Fadmin\u002Fclass-passkey-login-network-admin.php",23,{"type":138,"name":159,"callback":160,"file":156,"line":142},"network_admin_edit_devch_passkey_login_network_settings","save_settings",{"type":138,"name":162,"callback":163,"file":164,"line":149},"show_user_profile","render","includes\u002Fadmin\u002Fclass-passkey-login-user-profile.php",{"type":138,"name":166,"callback":163,"file":164,"line":126},"edit_user_profile",{"type":138,"name":168,"callback":169,"file":170,"line":171},"rest_api_init","register_routes","includes\u002Fapi\u002Fclass-passkey-login-rest-api.php",34,{"type":173,"name":174,"callback":174,"priority":33,"file":175,"line":149},"filter","authenticate","includes\u002Fauth\u002Fclass-passkey-login-authenticator.php",{"type":138,"name":177,"callback":178,"file":179,"line":149},"login_form","render_login_button","includes\u002Ffrontend\u002Fclass-passkey-login-login-form.php",{"type":138,"name":181,"callback":182,"file":179,"line":126},"login_enqueue_scripts","enqueue_assets",{"type":138,"name":184,"callback":185,"priority":126,"file":186,"line":126},"wp_initialize_site","on_site_initialize","includes\u002Fmultisite\u002Fclass-passkey-login-site-manager.php",{"type":138,"name":188,"callback":189,"priority":190,"file":191,"line":149},"deleted_user","delete_user_credentials",10,"includes\u002Fmultisite\u002Fclass-passkey-login-user-sync.php",[],[],[195],{"tag":196,"callback":197,"file":198,"line":149},"devch_passkey_login_passkey_register","register_shortcode","includes\u002Ffrontend\u002Fclass-passkey-login-shortcodes.php",[],{"dangerousFunctions":201,"sqlUsage":202,"outputEscaping":205,"fileOperations":11,"externalRequests":11,"nonceChecks":56,"capabilityChecks":211,"bundledLibraries":212},[],{"prepared":203,"raw":11,"locations":204},28,[],{"escaped":206,"rawEcho":32,"locations":207},104,[208],{"file":148,"line":209,"context":210},71,"raw output",5,[],[],{"summary":215,"deductions":216},"The devch-passkey-login plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and the consistent use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin demonstrates good practices with a high percentage of properly escaped output and the presence of nonce and capability checks, indicating an effort to protect against common web vulnerabilities.  The limited attack surface, with only one shortcode and no AJAX handlers or REST API routes exposed without proper authentication, further bolsters its security.  The taint analysis showing zero flows with unsanitized paths is also a very positive indicator.  However, the very small sample size for taint analysis (0 flows) and the lack of any external HTTP requests or file operations, while generally good, mean that the plugin's behavior in these less common areas has not been thoroughly tested.  The absence of a vulnerability history is excellent, but it's important to note that this is for a single version and doesn't preclude future issues. Overall, this version appears to be well-secured, but continued vigilance and thorough testing of all implemented functionalities are always recommended.",[],"2026-04-16T14:18:25.502Z",{"wat":219,"direct":230},{"assetPaths":220,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[221,222,223],"\u002Fwp-content\u002Fplugins\u002Fdevch-passkey-login\u002Fassets\u002Fsrc\u002Fjs\u002Fpasskey-register.js","\u002Fwp-content\u002Fplugins\u002Fdevch-passkey-login\u002Fassets\u002Fsrc\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fdevch-passkey-login\u002Fassets\u002Fsrc\u002Fjs\u002Fpasskey-authenticate.js",[],[],[227,228,229],"devch-passkey-login\u002Fassets\u002Fsrc\u002Fcss\u002Flogin.css?ver=","devch-passkey-login\u002Fassets\u002Fsrc\u002Fjs\u002Fpasskey-authenticate.js?ver=","devch-passkey-login\u002Fassets\u002Fsrc\u002Fjs\u002Fpasskey-register.js?ver=",{"cssClasses":231,"htmlComments":239,"htmlAttributes":240,"restEndpoints":246,"jsGlobals":248,"shortcodeOutput":251},[232,233,234,235,236,237,238],"devch-passkey-login-delete-passkey","devch-passkey-login-register","devch-passkey-login-register-status","devch-passkey-login-login-wrap","devch-passkey-login-divider","devch-passkey-login-button-wrap","devch-passkey-login-label",[],[241,242,243,244,245],"data-credential-id","data-user-id","id=\"devch-passkey-login-assertion\"","name=\"devch_passkey_login_passkey_assertion\"","name=\"devch_passkey_login_passkey_nonce\"",[247],"\u002Fwp-json\u002Fdevch-passkey-login\u002Fv1",[249,250],"passkeyLoginRegister","passkeyLoginAuth",[],{"error":253,"url":254,"statusCode":255,"statusMessage":256,"message":256},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdevch-passkey-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":258},[259],{"version":6,"download_url":24,"svn_tag_url":260,"released_at":26,"has_diff":261,"diff_files_changed":262,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":263,"is_current":253},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdevch-passkey-login\u002Ftags\u002F1.0.0\u002F",false,[],[]]