[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-9luwDmjDPagrND-wdj41Ds-bmVO3p8qPqnIbd1Q1YM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":131,"fingerprints":264},"dolutech-passwordless-login","Dolutech Passwordless Login","1.1.0","Lucas Catão Moraes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdolutech\u002F","\u003Cp>Este plugin substitui o formulário de login padrão do WordPress por um sistema de autenticação sem senha mais seguro.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursos principais:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Login sem senha via link seguro enviado por e-mail\u003Cbr \u002F>\n* Autenticação de dois fatores (2FA) via TOTP (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Códigos de backup para recuperação de acesso\u003Cbr \u002F>\n* Verificação de IP para segurança adicional\u003Cbr \u002F>\n* Rate limiting para prevenir ataques de força bruta\u003Cbr \u002F>\n* Painel de configurações completo no wp-admin\u003Cbr \u002F>\n* Opção de tornar 2FA obrigatório para perfis específicos\u003C\u002Fp>\n\u003Cp>O link de login expira imediatamente após o primeiro uso ou após o tempo configurado (padrão 15 minutos). A autenticação só é permitida pelo mesmo IP que solicitou o login.\u003C\u002Fp>\n","Permite login seguro sem senha com tecnologia passwordless e autenticação de dois fatores (2FA) via TOTP.",0,390,"2025-09-02T19:34:00.000Z","6.8.5","6.5","8.2",[18,19,20,21,22],"2fa","authentication","login","passwordless","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdolutech-passwordless-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolutech-passwordless-login.1.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"dolutech",3,40,30,94,"2026-04-04T04:03:23.710Z",[37,60,76,96,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[18,54,55,22,56],"captcha","login-security","two-factor-authentication","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":33,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":57,"tags":71,"homepage":74,"download_link":75,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1177,"2025-11-24T22:55:00.000Z","3.9",[18,19,21,72,73],"secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":25,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":93,"download_link":94,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",20,2392,1,"2022-08-29T22:06:00.000Z","5.8.13","5.5.1","7.3",[19,20,92,21,22],"magiclink","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":47,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":112,"download_link":113,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"llavero-io","Llavero.io","0.1.4","davidnoguera","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidnoguera\u002F","\u003Cp>Llavero.io es un servicio creado por Webempresa.com con el propósito de facilitar en WordPress una protección extra en momento de hacer login.\u003C\u002Fp>\n\u003Cp>El plugin crea un segundo factor de autenticación que permite vincular la cuenta de tu blog WordPress a tu dispositivo móvil, de forma que nadie pueda hacer login en tu cuenta sin antes validar el acceso desde tu móvil, a través e una notificación Push a tu dispositivo.\u003C\u002Fp>\n\u003Cp>Llavero.io permite definir horarios de autocierre de forma que a esas horas nadie pueda loguearse aunque tenga tu contraseña correcta, por ejemplo mientras estás durmiendo o de vacaciones.\u003C\u002Fp>\n\u003Cp>El administrador del blog podrá sobreescribir los valores de los usuarios y obligar a que cada usuario solo pueda acceder durante unos horarios específicos definidos por él.\u003C\u002Fp>\n\u003Cp>Puedes ver una guía de inicio rápido para empezar a usar Llavero.io en este enlace: https:\u002F\u002Fllavero.io\u002Fempieza-a-usar-llavero-wordpress\u002F\u003C\u002Fp>\n\u003Cp>El plugin no rastrea ningún tipo de información de los usuarios, el uso de APIs externas es tan solo para establecer un estado de abierto y cerrado de la cuenta asociada, en ningún momento se obtiene información de WordPress para almacenarla en serviores externos.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spanish – default, always included\u003C\u002Fli>\n\u003C\u002Ful>\n","Este plugin permite vincular las cuentas de usuario de WordPress con Llavero.io para tener un segundo factor de authenticación (2FA) en el login de lo &hellip;",10,1991,4,"2018-03-03T04:21:00.000Z","4.9.29","4.6","5.3",[18,19,20,22],"https:\u002F\u002Fllavero.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fllavero-io.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":104,"downloaded":122,"rating":11,"num_ratings":11,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":129,"download_link":130,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"passclip-auth-for-wordpress","PassClip Auth for WordPress","1.0.5","Passlogy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpasslogy\u002F","\u003Cp>You need strong password to protect your site. However, how do you remember it or is it really strong?\u003Cbr \u002F>\n“PassClip Auth” provides really strong password that is also easy to remember.\u003Cbr \u002F>\nOnce you make your “pattern”, you can get your password using “PassClip”. And the password will change every 30 seconds(at the shortest).\u003C\u002Fp>\n\u003Ch4>Get and sign up for PassClip\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fwww.passclip.com\u002F\" rel=\"nofollow ugc\">the page about PassClip\u003C\u002Fa> and install PassClip on your smart phone.\u003C\u002Fli>\n\u003Cli>Activate your PassClip by registering your “pattern” and email address.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Sign up for PassClip Auth(PCA)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Input PassClip Code “paauth” in your PassClip. That makes a new slot in your PassClip.\u003C\u002Fli>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fmember.passclip.com\u002Fmember\u002Fui\u002F\" rel=\"nofollow ugc\">PassClip Auth member’s page\u003C\u002Fa> and log in with your email address and password which the slot shows you.\u003C\u002Fli>\n\u003Cli>Make your “PassClip Code”. And then you get your “PassClip Auth app service id(PCA app service id)”. You need both “code” and “id” to use this plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to apply PassClip Auth to your site\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin to your WordPress.\u003C\u002Fli>\n\u003Cli>Go to PassClip Auth Options Setting from the menu.\u003C\u002Fli>\n\u003Cli>Input the PassClip Auth app service id(PCA app service id), PassClip Code and other items in the setting page and click the “Save Change” button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to log in to WordPress site with PassClip Auth\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Users register PassClip Code of your site in their PassClip. That makes a new slot to get password to log in to your site.\u003C\u002Fli>\n\u003Cli>Show the password in PassClip (tap the new slot).\u003C\u002Fli>\n\u003Cli>In login form of your site, users enter email address and password in the slot. (\u003Cstrong>Users do not need general WordPress password.\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Click the “Log in” button.\u003C\u002Fli>\n\u003C\u002Fol>\n","\"PassClip Auth\" provides strong and easy authentication. \"PassClip Auth for WordPress\" is the plugin to launch PassClip Auth to Wo &hellip;",2199,"2019-12-27T07:42:00.000Z","5.3.21","4.5","5.3.3",[18,20,128,22,56],"otp","https:\u002F\u002Fwww.passclip.com\u002Fja\u002Fpca\u002Fpca_for_wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassclip-auth-for-wordpress.1.0.6.zip",{"attackSurface":132,"codeSignals":206,"taintFlows":231,"riskAssessment":258,"analyzedAt":263},{"hooks":133,"ajaxHandlers":185,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":106,"unprotectedCount":11},[134,140,144,148,151,155,159,164,167,171,175,178,182],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","init","dolupalo_init_2fa_counter","dolutech-passwordless-login.php",36,{"type":135,"name":141,"callback":142,"file":138,"line":143},"plugins_loaded","dolupalo_load_plugin_classes",45,{"type":135,"name":145,"callback":146,"file":138,"line":147},"admin_init","dolupalo_process_smtp_recheck",220,{"type":135,"name":145,"callback":149,"file":138,"line":150},"dolupalo_process_activation_token",255,{"type":135,"name":152,"callback":153,"file":138,"line":154},"admin_notices","dolupalo_activation_notice",315,{"type":135,"name":156,"callback":157,"file":138,"line":158},"login_init","dolupalo_login_init_handler",383,{"type":135,"name":160,"callback":161,"file":162,"line":163},"admin_menu","add_admin_menu","includes\\class-admin-settings.php",31,{"type":135,"name":145,"callback":165,"file":162,"line":166},"init_settings",32,{"type":135,"name":168,"callback":169,"file":162,"line":170},"admin_enqueue_scripts","enqueue_admin_scripts",33,{"type":135,"name":172,"callback":173,"file":162,"line":174},"show_user_profile","render_user_profile_section",53,{"type":135,"name":176,"callback":173,"file":162,"line":177},"edit_user_profile",54,{"type":135,"name":179,"callback":180,"file":162,"line":181},"personal_options_update","save_user_profile_section",55,{"type":135,"name":183,"callback":180,"file":162,"line":184},"edit_user_profile_update",56,[186,192,196,199],{"action":187,"nopriv":188,"callback":189,"hasNonce":190,"hasCapCheck":190,"file":162,"line":191},"dolupalo_toggle_2fa",false,"ajax_toggle_2fa",true,34,{"action":193,"nopriv":188,"callback":194,"hasNonce":190,"hasCapCheck":190,"file":162,"line":195},"dolupalo_verify_totp","ajax_verify_totp",35,{"action":197,"nopriv":188,"callback":198,"hasNonce":190,"hasCapCheck":190,"file":162,"line":139},"dolupalo_regenerate_backup_codes","ajax_regenerate_backup_codes",{"action":200,"nopriv":188,"callback":201,"hasNonce":190,"hasCapCheck":190,"file":162,"line":202},"dolupalo_get_otpauth","ajax_get_otpauth",37,[],[],[],{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":11,"externalRequests":86,"nonceChecks":229,"capabilityChecks":212,"bundledLibraries":230},[],{"prepared":11,"raw":11,"locations":209},[],{"escaped":211,"rawEcho":212,"locations":213},78,7,[214,217,219,221,223,225,227],{"file":138,"line":215,"context":216},358,"raw output",{"file":138,"line":218,"context":216},605,{"file":138,"line":220,"context":216},622,{"file":138,"line":222,"context":216},624,{"file":138,"line":224,"context":216},626,{"file":162,"line":226,"context":216},205,{"file":162,"line":228,"context":216},212,12,[],[232,250],{"entryPoint":233,"graph":234,"unsanitizedCount":11,"severity":249},"dolupalo_login_init_handler (dolutech-passwordless-login.php:385)",{"nodes":235,"edges":247},[236,241],{"id":237,"type":238,"label":239,"file":138,"line":240},"n0","source","$_SERVER",393,{"id":242,"type":243,"label":244,"file":138,"line":245,"wp_function":246},"n1","sink","wp_redirect() [Open Redirect]",395,"wp_redirect",[248],{"from":237,"to":242,"sanitized":190},"low",{"entryPoint":251,"graph":252,"unsanitizedCount":11,"severity":249},"\u003Cdolutech-passwordless-login> (dolutech-passwordless-login.php:0)",{"nodes":253,"edges":256},[254,255],{"id":237,"type":238,"label":239,"file":138,"line":240},{"id":242,"type":243,"label":244,"file":138,"line":245,"wp_function":246},[257],{"from":237,"to":242,"sanitized":190},{"summary":259,"deductions":260},"The \"dolutech-passwordless-login\" v1.1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any reported vulnerabilities in its history is a significant positive indicator. Furthermore, the code demonstrates good security practices, with all SQL queries utilizing prepared statements, a high percentage of output being properly escaped, and a robust number of nonce and capability checks. The attack surface, while containing AJAX handlers, is fully protected by authentication checks, and there are no concerning taint analysis flows. The plugin also avoids the risks associated with bundled libraries and file operations. \n\nHowever, the presence of a single external HTTP request represents a potential, albeit minor, point of concern. While the static analysis doesn't indicate any immediate risks from this request (e.g., lack of sanitization), it introduces an external dependency that could become a vector for future vulnerabilities if not properly managed or if the external service is compromised. \n\nIn conclusion, this plugin appears to be well-secured with strong adherence to fundamental WordPress security principles. The limited external interaction is a minor weakness that, in the absence of any historical vulnerabilities or critical code signals, does not significantly elevate the overall risk. Continued monitoring for any future CVEs or introduction of new external dependencies would be prudent.",[261],{"reason":262,"points":31},"External HTTP requests detected","2026-03-17T07:00:46.019Z",{"wat":265,"direct":278},{"assetPaths":266,"generatorPatterns":271,"scriptPaths":272,"versionParams":273},[267,268,269,270],"\u002Fwp-content\u002Fplugins\u002Fdolutech-passwordless-login\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdolutech-passwordless-login\u002Fassets\u002Fjs\u002Fadmin-script.js","\u002Fwp-content\u002Fplugins\u002Fdolutech-passwordless-login\u002Fassets\u002Fjs\u002Ffrontend-script.js","\u002Fwp-content\u002Fplugins\u002Fdolutech-passwordless-login\u002Fassets\u002Fjs\u002Ftotp-script.js",[],[],[274,275,276,277],"dolutech-passwordless-login\u002Fassets\u002Fcss\u002Fstyle.css?ver=","dolutech-passwordless-login\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=","dolutech-passwordless-login\u002Fassets\u002Fjs\u002Ffrontend-script.js?ver=","dolutech-passwordless-login\u002Fassets\u002Fjs\u002Ftotp-script.js?ver=",{"cssClasses":279,"htmlComments":284,"htmlAttributes":288,"restEndpoints":292,"jsGlobals":297,"shortcodeOutput":301},[280,281,282,283],"dolupalo-login-form-wrapper","dolupalo-admin-settings-page","dolupalo-qr-code-container","dolupalo-2fa-setup-message",[285,286,287],"\u003C!-- START Dolutech Passwordless Login Section -->","\u003C!-- END Dolutech Passwordless Login Section -->","\u003C!-- Dolutech Passwordless Login - QR Code Placeholder -->",[289,290,291],"data-dolupalo-login-url","data-dolupalo-ajax-url","data-dolupalo-nonce",[293,294,295,296],"\u002Fwp-json\u002Fdolutech-passwordless-login\u002Fv1\u002Frequest-login","\u002Fwp-json\u002Fdolutech-passwordless-login\u002Fv1\u002Fverify-token","\u002Fwp-json\u002Fdolutech-passwordless-login\u002Fv1\u002Fenable-2fa","\u002Fwp-json\u002Fdolutech-passwordless-login\u002Fv1\u002Fdisable-2fa",[298,299,300],"dolupalo_ajax_object","dolupalo_login_params","dolupalo_totp_params",[302,303],"[dolutech_passwordless_login_form]","[dolutech_passwordless_login_status]"]