[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsaTyDOgPevj2r74lMUAzSeeJp1kydPLyTxhvtgDT0P0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":132,"fingerprints":204},"dmarcreport-domain-auth-checker","DMARCREPORT Domain Auth Checker","1.7.2","DuoCircle LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fduocircle\u002F","\u003Cp>DMARCREPORT Domain Auth Checker lets you embed interactive email authentication record checkers on any WordPress page or post using a simple shortcode. All DNS lookups run locally through PHP’s native \u003Ccode>dns_get_record()\u003C\u002Fcode> function. The MTA-STS checker also fetches the domain’s MTA-STS policy file over HTTPS (see External Services below).\u003C\u002Fp>\n\u003Ch4>SPF Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Analyze SPF records for any domain\u003C\u002Fli>\n\u003Cli>Monitor DNS lookup count (RFC 7208 limit of 10)\u003C\u002Fli>\n\u003Cli>View SPF record structure in an interactive tree\u003C\u002Fli>\n\u003Cli>Per-mechanism lookup count breakdown\u003C\u002Fli>\n\u003Cli>Health status indicator (Good \u002F At Limit \u002F Critical)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DMARC Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Analyze DMARC policies and configuration\u003C\u002Fli>\n\u003Cli>Interactive DMARC record builder\u003C\u002Fli>\n\u003Cli>Tag parsing with descriptions\u003C\u002Fli>\n\u003Cli>DKIM and SPF alignment checks\u003C\u002Fli>\n\u003Cli>Reporting configuration (rua\u002Fruf) verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>TLS-RPT Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check SMTP TLS Reporting configuration\u003C\u002Fli>\n\u003Cli>Validate mailto: and https: reporting endpoints\u003C\u002Fli>\n\u003Cli>Health scoring for TLS-RPT setup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BIMI Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify Brand Indicators for Message Identification setup\u003C\u002Fli>\n\u003Cli>Visual logo preview\u003C\u002Fli>\n\u003Cli>VMC (Verified Mark Certificate) detection\u003C\u002Fli>\n\u003Cli>Custom selector support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MTA-STS Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify MTA-STS DNS TXT record\u003C\u002Fli>\n\u003Cli>Fetch and parse the MTA-STS policy file\u003C\u002Fli>\n\u003Cli>Mode detection (enforce\u002Ftesting\u002Fnone)\u003C\u002Fli>\n\u003Cli>MX host listing from policy\u003C\u002Fli>\n\u003Cli>Max age analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Common Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Copy to clipboard for domains and record values\u003C\u002Fli>\n\u003Cli>Fully responsive design (desktop and mobile)\u003C\u002Fli>\n\u003Cli>URL deep linking — share results via \u003Ccode>?domain=example.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Visual health indicators for all checkers\u003C\u002Fli>\n\u003Cli>Powered by dmarcreport.com watermark\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use the \u003Ccode>[dmarcreport_domain_auth_checker]\u003C\u002Fcode> shortcode with the \u003Ccode>type\u003C\u002Fcode> attribute:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>SPF\u003C\u002Fstrong> (default): \u003Ccode>[dmarcreport_domain_auth_checker]\u003C\u002Fcode> or \u003Ccode>[dmarcreport_domain_auth_checker type=\"spf\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DMARC\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"dmarc\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TLS-RPT\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"tlsrpt\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BIMI\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"bimi\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MTA-STS\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"mta-sts\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All checkers support the \u003Ccode>?domain=example.com\u003C\u002Fcode> URL parameter for deep linking and auto-analysis.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin performs DNS lookups and, for the MTA-STS checker, an HTTPS request to the domain being analyzed. No data is sent to any third-party API or service operated by the plugin author.\u003C\u002Fp>\n\u003Ch4>DNS lookups\u003C\u002Fh4>\n\u003Cp>When a user submits a domain for analysis, the plugin uses PHP’s built-in \u003Ccode>dns_get_record()\u003C\u002Fcode> function to query DNS records directly from your WordPress server. The domain name entered by the user is sent as a standard DNS query. This happens each time a user clicks the analyze button for any checker (SPF, DMARC, TLS-RPT, BIMI, or MTA-STS).\u003C\u002Fp>\n\u003Cp>DNS lookups are handled by your server’s configured DNS resolver and are not routed through any external API.\u003C\u002Fp>\n\u003Ch4>MTA-STS policy file fetch\u003C\u002Fh4>\n\u003Cp>The MTA-STS checker fetches the domain’s MTA-STS policy file by making an HTTPS GET request to:\u003Cbr \u002F>\n    https:\u002F\u002Fmta-sts.{domain}\u002F.well-known\u002Fmta-sts.txt\u003C\u002Fp>\n\u003Cp>This request is sent to the web server of the domain being analyzed (not to a third-party service). It is made each time a user analyzes a domain using the MTA-STS checker. Only the HTTP request itself is sent — no additional user data, cookies, or tracking information is included.\u003C\u002Fp>\n\u003Cp>Since this request goes directly to the analyzed domain’s own web server, there is no third-party service provider with separate terms of use or privacy policy. The connection uses HTTPS with SSL verification enabled.\u003C\u002Fp>\n\u003Ch4>Outbound links\u003C\u002Fh4>\n\u003Cp>The plugin includes links to \u003Ca href=\"https:\u002F\u002Fdmarcreport.com\" rel=\"nofollow ugc\">dmarcreport.com\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fautospf.com\" rel=\"nofollow ugc\">autospf.com\u003C\u002Fa> (services by the plugin author, DuoCircle). These appear as “Powered by” watermarks and pricing call-to-action buttons within the checker interface. They are standard hyperlinks that open in a new browser tab when clicked by the user — no data is sent to these sites automatically by the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdmarcreport.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">dmarcreport.com Terms and Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdmarcreport.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">dmarcreport.com Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fautospf.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">autospf.com Terms and Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fautospf.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">autospf.com Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Check SPF, DMARC, BIMI, MTA-STS and TLS-RPT records for any domain. Embed email authentication checkers with a shortcode.",0,111,"","6.9.4","5.0","7.4",[18,19,20,21,22],"bimi","dmarc","email-authentication","mta-sts","spf","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdmarcreport-domain-auth-checker.1.7.2.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"duocircle",1,30,94,"2026-04-04T14:05:39.742Z",[35,56,75,95,114],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"deliverability","Deliverability – pass DKIM, SPF, DMARC & more","1.8.0","Top Deliverability","https:\u002F\u002Fprofiles.wordpress.org\u002Ftopdeliverability\u002F","\u003Cp>Our Deliverability Plugin for WordPress allows you to easily authenticate emails generated from your website with a DKIM signature.\u003C\u002Fp>\n\u003Cp>But our Deliverability Plugin does much more than that! In fact, it’s packed with incredible email security and email deliverability features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SPF authentication check, monitor and troubleshoot\u003C\u002Fli>\n\u003Cli>DKIM authentication implementation, check, monitor and troubleshoot\u003C\u002Fli>\n\u003Cli>DMARC authentication check, monitor and troubleshoot\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s always a good practice to authenticate your domain, but if your domain has a DMARC record and your website runs on WordPress you almost certainly need this plugin.\u003C\u002Fp>\n\u003Cp>The Deliverability plugin will take your Email Deliverability to a whole new level.\u003C\u002Fp>\n\u003Cp>This plugin is designed and written by experts and is easy to use and understand.\u003C\u002Fp>\n\u003Cp>It reduces security risk by checking for shortcomings in your email setup, and by implementing and enforcing the latest recommended Email security practices and techniques.\u003C\u002Fp>\n\u003Cp>Fully compatible with Contact-Form 7, WPForms, BuddyPress, WP Mail SMTP and more.\u003C\u002Fp>\n","Check and improve your Email Deliverability. Pass DMARC by DKIM-signing your emails without an external SMTP. Comply with Google & Yahoo requirements!",800,11120,84,15,"2025-09-15T12:59:00.000Z","6.6.5","5.9",[36,51,19,52,22],"dkim","email","https:\u002F\u002Ftopdeliverability.com\u002Fplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdeliverability.1.8.0.zip","2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":24,"num_ratings":30,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"mailsure","Mailsure","1.0","corytrevor","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorytrevor\u002F","\u003Ch3>Test email sending, SPF, DKIM & DMARC\u003C\u002Fh3>\n\u003Cp>Mailsure provides a simple one-click email authentication test to check if WordPress is able to send properly authenticated emails.\u003C\u002Fp>\n\u003Cp>Also included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a test email to any address\u003C\u002Fli>\n\u003Cli>Mail server IP blacklist check via \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002F\" rel=\"nofollow ugc\">MXToolbox\u003C\u002Fa>. View their privacy policy \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002Fprivacypolicy.aspx\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin settings are in Tools -> Mailsure\u003C\u002Fp>\n","Test email sending, SPF, DKIM & DMARC",50,786,"2024-07-12T10:18:00.000Z","6.5.8","6.0","7.1",[51,19,52,20,71],"test-email","https:\u002F\u002Fmailsure.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailsure.1.0.zip",92,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":14,"requires_at_least":68,"requires_php":16,"tags":88,"homepage":93,"download_link":94,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"rfs-email-verification-for-gravity-forms","RFS Email Verification for Gravity Forms","1.2.0","Rafal Puczel of RFS WP","https:\u002F\u002Fprofiles.wordpress.org\u002Frafal84\u002F","\u003Cblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frfswp.com\u002Fdocs\u002Frfs-email-verification-for-gravity-forms\u002F\" rel=\"nofollow ugc\">Documentation \u002F User Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Frfswp.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Frfswp.com\u002Fplugins\u002Frfs-email-verification-for-gravity-forms\u002F\" rel=\"nofollow ugc\">Home Page\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>This plugins is an add-on for Gravity Forms.\u003C\u002Fstrong> Requires Gravity Form plugin to work.\u003C\u002Fp>\n\u003Cp>RFS Email Verification for Gravity Forms adds and OTP (One Time Password) email verification functionality to your form. It allows you to easily verify or athenticate your users \u002F customers \u002F clients. The unique code is sent to a user’s email address and needs to be entered in order to submit the form. It’s also great way to avoid spam users submitting your forms. It supports both single and multi-page forms.\u003C\u002Fp>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Single page form support\u003C\u002Fli>\n\u003Cli>Multi-page form support. Limited in free version, requires the email and verification code fields to be on the same page of multi-page form.\u003C\u002Fli>\n\u003Cli>Email and verification code fields on the same page\u003C\u002Fli>\n\u003Cli>Auto-generated unique verification code\u003C\u002Fli>\n\u003Cli>Verification code settings for length, characters type and input mask\u003C\u002Fli>\n\u003Cli>Custom text for “send code” button\u003C\u002Fli>\n\u003Cli>Custom email subject\u003C\u002Fli>\n\u003Cli>Custom email “from” address\u003C\u002Fli>\n\u003Cli>Unlimited plugin updates\u003C\u002Fli>\n\u003Cli>Plugin support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>DEVELOPER OPTIONS\u003C\u002Fh3>\n\u003Cp>The addon includes custom hooks and filters. You can find the details in plugin \u003Ca href=\"https:\u002F\u002Frfswp.com\u002Fdocs\u002Frfs-email-verification-for-gravity-forms\u002F#for-developers\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>[+] PREMIUM FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom email message\u003C\u002Fli>\n\u003Cli>Fields merge tags support for more personalized message. Lets you include other form field values, like Name to be included in the email message.\u003C\u002Fli>\n\u003Cli>Email and verification code fields on different pages. Ask for an email on the first page and let user enter the code on the next.\u003C\u002Fli>\n\u003Cli>Automatically go to the next page after sending the code. Nice feature for multi-page forms.\u003C\u002Fli>\n\u003Cli>Resend button. Allow users to resend the code in case they didn’t get it or expired. Otherwise they need to reload the page.\u003C\u002Fli>\n\u003Cli>Custom text for “resend code” button\u003C\u002Fli>\n\u003Cli>Resend interval. Locks the “resend” button for a few seconds to prevent multiple clicks of a button in a row, which would result in sending multiple emails.\u003C\u002Fli>\n\u003Cli>Custom expiry time for verification code. By default it expires after 2 minutes.\u003C\u002Fli>\n\u003Cli>Premium support (6-months included)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TRANSLATION READY\u003C\u002Fh3>\n\u003Cp>Do you speak another language? Want to contribute in a meaningful way to our plugin? Contact us if you’d like to help translating the plugin into your language.\u003C\u002Fp>\n\u003Ch3>SUPPORT\u003C\u002Fh3>\n\u003Cp>Having issues with the plugin? Contact us through the \u003Ca href=\"https:\u002F\u002Frfswp.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">website\u003C\u002Fa>.\u003C\u002Fp>\n","OTP (One Time Password) Email Verification for Gravity Forms. Verify or authenticate your users. It’s also great way to avoid spam.",20,1269,60,2,"2026-02-25T10:44:00.000Z",[20,89,90,91,92],"email-verification","forms","gravity-forms","spam-protection","https:\u002F\u002Frfswp.com\u002F\u002Fplugins\u002Frfs-email-verification-for-gravity-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frfs-email-verification-for-gravity-forms.1.2.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":11,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":112,"download_link":113,"security_score":74,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"ols-2fa","OLS 2FA","1.0.2","One Loop Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Foneloopdev\u002F","\u003Cp>OLS 2FA is a lightweight plugin that enhances your website’s security by adding email two-factor authentication (2FA). When users log in, they receive a unique authentication code by email to verify their identity before accessing their account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Adds a second layer of authentication using email verification.\u003Cbr \u002F>\n– Simple setup with easy-to-follow instructions.\u003Cbr \u002F>\n– Compatible with WordPress default login flow.\u003C\u002Fp>\n\u003Ch4>Release Notes:\u003C\u002Fh4>\n\u003Cp>Before updating the plugin please check \u003Ca href=\"https:\u002F\u002Foneloopstudio.com\u002Fwordpress-plugins\u002Fols-2fa\u002F\" rel=\"nofollow ugc\">our latest release notes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>Go to \u003Cstrong>One Loop Studio > 2FA Email\u003C\u002Fstrong> to configure.\u003C\u002Fli>\n\u003Cli>Enable 2FA Email.\u003C\u002Fli>\n\u003Cli>Once enabled, You need to verify if you can receive email.\u003C\u002Fli>\n\u003Cli>Now its enabled and ready to go.\u003C\u002Fli>\n\u003C\u002Fol>\n","OLS 2FA is a lightweight plugin that enhances your website's security by adding email two-factor authentication (2FA).",529,"2024-12-09T08:31:00.000Z","6.7.5","6.1","5.5",[109,20,110,111],"2fa","security","two-factor-authentication","https:\u002F\u002Foneloopstudio.com\u002Fwordpress-plugins\u002Fols-2fa\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fols-2fa.1.0.2.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":11,"downloaded":122,"rating":11,"num_ratings":11,"last_updated":123,"tested_up_to":124,"requires_at_least":49,"requires_php":16,"tags":125,"homepage":130,"download_link":131,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":55},"password-less-login","Password Less Login","1.0.0.1","Sadekur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadekur\u002F","\u003Cp>\u003Cstrong>Password Less Login\u003C\u002Fstrong> is a passwordless and OTP-based login system for WordPress.\u003Cbr \u002F>\nEvery user — both existing and new — must verify their identity using a \u003Cstrong>One-Time Password (OTP)\u003C\u002Fstrong> sent to their email before being logged in.\u003C\u002Fp>\n\u003Cp>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user enters their email address.\u003C\u002Fli>\n\u003Cli>The plugin sends a \u003Cstrong>6-digit OTP\u003C\u002Fstrong> to that email.\u003C\u002Fli>\n\u003Cli>The user enters the OTP:\n\u003Cul>\n\u003Cli>If the email exists \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user is securely logged in.\u003C\u002Fli>\n\u003Cli>If the email is new \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user provides a username, verifies the OTP, and a new account is created automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The OTP is valid for \u003Cstrong>10 minutes\u003C\u002Fstrong> and expires after use.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin never logs in users without OTP verification.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication for All Users\u003C\u002Fstrong> – Both existing and new users must verify the OTP before login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Securely log in using only your email and OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto User Registration\u003C\u002Fstrong> – New users can register instantly after OTP verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary OTP (10 Minutes)\u003C\u002Fstrong> – Each OTP expires after 10 minutes and can only be used once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Protects REST API endpoints from unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Email Handling\u003C\u002Fstrong> – Emails are hashed when stored in transients to protect user data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience\u003C\u002Fstrong> – Clean, minimal login flow with conditional fields for existing vs. new users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Password Less Login?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No passwords to remember or reset.\u003C\u002Fli>\n\u003Cli>OTP verification ensures true ownership of email.\u003C\u002Fli>\n\u003Cli>Protects against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Simple setup – works with the native WordPress login page.\u003C\u002Fli>\n\u003Cli>Modern and user-friendly design.\u003C\u002Fli>\n\u003Cli>Reduces “Forgot Password” support requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to your WordPress login page.\u003C\u002Fli>\n\u003Cli>Enter your email address and click “Send OTP”.\u003C\u002Fli>\n\u003Cli>Check your email for the OTP.\u003C\u002Fli>\n\u003Cli>Enter the OTP in the login form:\n\u003Cul>\n\u003Cli>If your account exists, you’ll be logged in.\u003C\u002Fli>\n\u003Cli>If not, you’ll be prompted to provide a username before registration and login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>You’ll be redirected to your dashboard after successful verification.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL license. You are free to use and modify it.\u003C\u002Fp>\n\u003Cp>For support, contact: \u003Ca href=\"mailto:sadekur0rahman@gmail.com\" rel=\"nofollow ugc\">sadekur0rahman@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n","A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.",229,"2026-01-07T16:26:00.000Z","6.8.5",[126,20,127,128,129],"easy-login","otp-login","passwordless-login","secure-login","https:\u002F\u002Fgithub.com\u002Fsadekur\u002Fpassword-less-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-less-login.zip",{"attackSurface":133,"codeSignals":187,"taintFlows":195,"riskAssessment":196,"analyzedAt":203},{"hooks":134,"ajaxHandlers":153,"restRoutes":154,"shortcodes":179,"cronEvents":184,"entryPointCount":185,"unprotectedCount":186},[135,141,145,149],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","wp_enqueue_scripts","enqueue_assets","dmarcreport-domain-auth-checker.php",117,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_menu","add_admin_menu",123,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_init","register_settings",126,{"type":136,"name":150,"callback":151,"file":139,"line":152},"rest_api_init","register_rest_routes",129,[],[155,163,167,171,175],{"namespace":156,"route":157,"methods":158,"callback":160,"permissionCallback":161,"file":139,"line":162},"dmarcreport-domain-auth-checker\u002Fv1","\u002Fdmarc\u002Fanalyze",[159],"POST","analyze","__return_true",153,{"namespace":156,"route":164,"methods":165,"callback":160,"permissionCallback":161,"file":139,"line":166},"\u002Ftlsrpt\u002Fanalyze",[159],164,{"namespace":156,"route":168,"methods":169,"callback":160,"permissionCallback":161,"file":139,"line":170},"\u002Fbimi\u002Fanalyze",[159],175,{"namespace":156,"route":172,"methods":173,"callback":160,"permissionCallback":161,"file":139,"line":174},"\u002Fmta-sts\u002Fanalyze",[159],196,{"namespace":156,"route":176,"methods":177,"callback":160,"permissionCallback":161,"file":139,"line":178},"\u002Fspf\u002Fanalyze",[159],207,[180],{"tag":181,"callback":182,"file":139,"line":183},"dmarcreport_domain_auth_checker","render_shortcode",120,[],6,5,{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":191,"fileOperations":11,"externalRequests":30,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":194},[],{"prepared":11,"raw":11,"locations":190},[],{"escaped":192,"rawEcho":11,"locations":193},8,[],[],[],{"summary":197,"deductions":198},"The 'dmarcreport-domain-auth-checker' plugin v1.7.2 exhibits a concerning security posture due to a significant number of unprotected entry points, particularly within its REST API routes. While the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all its output, the lack of permission callbacks on five REST API routes creates a substantial attack surface. This means that any user, regardless of their role or capabilities, could potentially interact with these API endpoints, leading to unintended consequences or information disclosure. The absence of nonce checks on AJAX handlers, though there are none recorded, further contributes to this concern, as it represents a potential avenue for CSRF attacks if AJAX functionality were to be introduced or expanded without proper security measures. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of its past security, but this should not overshadow the immediate risks identified in the current code analysis.",[199,201],{"reason":200,"points":83},"5 REST API routes without permission callbacks",{"reason":202,"points":186},"0 Nonce checks on AJAX handlers","2026-03-17T05:42:11.817Z",{"wat":205,"direct":214},{"assetPaths":206,"generatorPatterns":209,"scriptPaths":210,"versionParams":211},[207,208],"\u002Fwp-content\u002Fplugins\u002Fdmarcreport-domain-auth-checker\u002Fdist\u002Fjs\u002Fapp.js","\u002Fwp-content\u002Fplugins\u002Fdmarcreport-domain-auth-checker\u002Fdist\u002Fcss\u002Fapp.css",[],[207],[212,213],"\u002Fwp-content\u002Fplugins\u002Fdmarcreport-domain-auth-checker\u002Fdist\u002Fjs\u002Fapp.js?ver=","\u002Fwp-content\u002Fplugins\u002Fdmarcreport-domain-auth-checker\u002Fdist\u002Fcss\u002Fapp.css?ver=",{"cssClasses":215,"htmlComments":216,"htmlAttributes":217,"restEndpoints":219,"jsGlobals":225,"shortcodeOutput":227},[],[],[218],"data-type",[220,221,222,223,224],"\u002Fwp-json\u002Fdmarcreport-domain-auth-checker\u002Fv1\u002Fspf\u002Fanalyze","\u002Fwp-json\u002Fdmarcreport-domain-auth-checker\u002Fv1\u002Fdmarc\u002Fanalyze","\u002Fwp-json\u002Fdmarcreport-domain-auth-checker\u002Fv1\u002Ftlsrpt\u002Fanalyze","\u002Fwp-json\u002Fdmarcreport-domain-auth-checker\u002Fv1\u002Fbimi\u002Fanalyze","\u002Fwp-json\u002Fdmarcreport-domain-auth-checker\u002Fv1\u002Fmta-sts\u002Fanalyze",[226],"drdauthcConfig",[228],"\u003Cdiv id=\"dmarcreport-domain-auth-checker-app\""]