[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fS-GkCLu4_7SnE06xZMQndDDMEtFuHETF7x3QJe7Iqhs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":144,"fingerprints":236},"emlg-tfa","EMLG TFA","1.1","wprj","https:\u002F\u002Fprofiles.wordpress.org\u002Fwprj\u002F","\u003Cp>When logging in, users will be required to enter a verification code that is sent to the email address associated with their WordPress account.\u003C\u002Fp>\n\u003Cp>The feature will not actually be active after the plugin installation, until one site administrator managed to successfully send a test email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Login email template\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can edit the template used when sending the login email to match your site design. But the template must contain the \u003Ccode>%CODE%\u003C\u002Fcode> placeholder otherwise it will not be saved. This string will be replaced by the actual code when a user log into your site\u003C\u002Fp>\n","Two-factor authentication via out of band email",0,882,"2023-02-24T09:00:00.000Z","6.1.10","6.0","7.4",[18,19,20,21,22],"2-factor-authentication","2fa","email-login","email-two-factor-authentication","login","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femlg-tfa.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,20,93,30,89,"2026-04-04T15:35:16.098Z",[37,56,78,101,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":15,"requires_php":48,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"secured-wp","Secured WP","2.3.2","wpsecuredcom","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsecuredcom\u002F","\u003Cp>Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported – instead of entering codes, your user can use simple login link from within their e-mail client.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WooCommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.\u003C\u002Fp>\n\u003Cp>List with currently supported features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Login redirection\u003C\u002Fstrong> – redirects the default wp-login.php to a slug of your choice\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login attempts\u003C\u002Fstrong> – counts the unsuccessful attempts, and locks user if there are too many\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA settings\u003C\u002Fstrong> – gives the ability to use two factor authentication and Out Of Band email link\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remember devices\u003C\u002Fstrong> – current device could be remembered for given amount of days and user wont be asked to login again before that\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Removes XML-RPC\u003C\u002Fstrong> from your WordPress site\u003C\u002Fli>\n\u003Cli>Custom shortcode ([wps_custom_settings]) can be used to give the users without access to the dashboard to setup the 2FA\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Login Redirection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2FA login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s\u002Fhe will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s\u002Fhe will be asked to provide the 2FA code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remember device setting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With that, user can use given device for the given amount of days without being asked to reenter the username\u002Fpass. The devices can be removed or checked from the default user settings page.\u003Cbr \u002F>\nThat setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.\u003Cbr \u002F>\nExample: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.\u003C\u002Fp>\n","Add two-factor authentication (2FA) for all your users with this easy to use plugin. Harden your website login page. Add whole new layer of security.",2689,"2026-02-04T09:09:00.000Z","6.9.4","8.1",[18,19,50,51,52],"login-redirect","secure-wp","secured-wordpress","https:\u002F\u002Fwp-secured.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecured-wp.2.3.2.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":47,"requires_at_least":69,"requires_php":23,"tags":70,"homepage":23,"download_link":75,"security_score":66,"vuln_count":76,"unpatched_count":11,"last_vuln_date":77,"fetched_at":27},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0",[19,71,72,73,74],"brute-force","firewall","login-security","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":47,"requires_at_least":91,"requires_php":16,"tags":92,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":11,"last_vuln_date":100,"fetched_at":27},"wp-2fa","WP 2FA – Two-factor authentication for WordPress","3.1.1.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>A free and easy-to-use two-factor authentication plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.\u003C\u002Fp>\n\u003Cp>Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvRlX_NNGeFo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-2fa-plugin-getting-started\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🔒 WP 2FA key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkeys support\u003C\u002Fstrong> for passwordless logins   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free two-factor authentication (2FA)\u003C\u002Fstrong> for all users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple 2FA methods\u003C\u002Fstrong> supported, including authenticator app (TOTP) and code over email  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer API\u003C\u002Fstrong> to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal 2FA app support\u003C\u002Fstrong> – works with Google Authenticator, Authy, and any TOTP-compatible app  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup codes\u003C\u002Fstrong> (16 digits) for recovery access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wizard-driven setup\u003C\u002Fstrong> – no technical knowledge required  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA policies\u003C\u002Fstrong> to enforce setup with grace periods or instant activation  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> for custom integrations and headless WordPress setups  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard-free setup\u003C\u002Fstrong> – users can configure 2FA without WP admin access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editable email templates\u003C\u002Fstrong> for full customization  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WP 2FA Premium and get even more benefits\u003C\u002Fh3>\n\u003Cp>The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.\u003C\u002Fp>\n\u003Cp>With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Check out WP 2FA Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything in the free version\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full white labeling capabilities\u003C\u002Fstrong> to change all text and visuals in the wizards, emails, SMS, and 2FA pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for multiple passkeys per user\u003C\u002Fstrong> for flexible passwordless logins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-setup email 2FA\u003C\u002Fstrong> that automatically enrolls users without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey hardware key support\u003C\u002Fstrong> for enterprise-grade security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional 2FA methods\u003C\u002Fstrong> such as SMS, email link, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted devices\u003C\u002Fstrong> so users can log in without 2FA for a configured period\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require 2FA on password reset\u003C\u002Fstrong> to strengthen account protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow next user login without 2FA\u003C\u002Fstrong> to help recover accounts locked out of authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click WooCommerce integration\u003C\u002Fstrong> to enable 2FA for customers and store admins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WP 2FA plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP 2FA Premium.\u003C\u002Fp>\n\u003Ch3>🛠️ Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of WP 2FA is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-2fa\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from email support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP 2FA\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins’ > ‘Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP 2FA’\u003C\u002Fli>\n\u003Cli>Install & activate WP 2FA from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the ‘\u002Fwp-content\u002Fplugins\u002F directory’\u003C\u002Fli>\n\u003Cli>Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-two-factor-authentication-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-security-authentication-plugins\u002F\" rel=\"nofollow ugc\">IsitWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftwo-factor-authentication-wordpress\u002F\" rel=\"nofollow ugc\">WP Astra\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmainwp.com\u002Fhow-to-use-the-wp-2fa-plugin-on-your-child-sites\u002F\" rel=\"nofollow ugc\">MainWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.fixrunner.com\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">FixRunner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.inmotionhosting.com\u002Fsupport\u002Fedu\u002Fwordpress\u002Fplugins\u002Fwp-2fa\u002F\" rel=\"nofollow ugc\">Inmotion Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmarmite.com\u002Fen\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">WP Marmite\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.",100000,1555592,94,162,"2026-02-25T13:18:00.000Z","5.5",[18,19,93,94,95],"google-authenticator","two-factor-authentication","wordpress-authentication","https:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-2fa.3.1.1.2.zip",95,9,"2025-11-03 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":23,"download_link":119,"security_score":120,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[19,118,73,74,94],"captcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":47,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":139,"download_link":140,"security_score":141,"vuln_count":142,"unpatched_count":11,"last_vuln_date":143,"fetched_at":27},"wp-hide-security-enhancer","WP Hide & Security Enhancer","2.8.3","nsp-code","https:\u002F\u002Fprofiles.wordpress.org\u002Fnsp-code\u002F","\u003Cp>Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.\u003C\u002Fp>\n\u003Cp>By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.\u003C\u002Fp>\n\u003Cp>WP-Hide has launched the \u003Cstrong>easiest way to completely hide your WordPress\u003C\u002Fstrong> core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No file and directory change!\u003C\u002Fstrong>\u003Cbr \u002F>\nNo file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real hide of WordPress core files and plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin not only allows you to change default URLs of you WordPress, but it also hides\u002Fblocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.\u003C\u002Fp>\n\u003Cp>You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPJstAU34SlQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Full plugin documentation available at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>When testing with WordPress theme and plugins detector services\u002Fsites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.\u003C\u002Fp>\n\u003Cp>Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.\u003Cbr \u002F>\nStatistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.\u003Cbr \u002F>\nOver 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking bots attacks useless.\u003C\u002Fp>\n\u003Cp>It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.\u003C\u002Fp>\n\u003Cp>Once configured, you need to \u003Cstrong>clear server cache data and\u002For any cache plugins\u003C\u002Fstrong> (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample usage\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F192011678\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main plugin functionality:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customizes Admin URL\u003C\u002Fli>\n\u003Cli>Blocks default admin URL\u003C\u002Fli>\n\u003Cli>Blocks any direct folder access to completely hide the structure\u003C\u002Fli>\n\u003Cli>Customize wp-login.php filename\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Email Verification Code\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Authenticator App\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Recovery Codes\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Shortcode for front-side user settings interface\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – My Account > Account Details – area for 2FA user settings interface\u003C\u002Fli>\n\u003Cli>Google Captcha \u003C\u002Fli>\n\u003Cli>Blocks default wp-login.php\u003C\u002Fli>\n\u003Cli>Blocks default wp-signup.php\u003C\u002Fli>\n\u003Cli>Blocks XML-RPC API\u003C\u002Fli>\n\u003Cli>Creates New XML-RPC paths\u003C\u002Fli>\n\u003Cli>Adjusts theme URL\u003C\u002Fli>\n\u003Cli>Creates New child Theme URL\u003C\u002Fli>\n\u003Cli>Changes theme style file name\u003C\u002Fli>\n\u003Cli>Cleans any headers for theme style file\u003C\u002Fli>\n\u003Cli>Customizes wp-include \u003C\u002Fli>\n\u003Cli>Blocks default wp-include paths\u003C\u002Fli>\n\u003Cli>Blocks default wp-content\u003C\u002Fli>\n\u003Cli>Customizes plugins URL\u003C\u002Fli>\n\u003Cli>Changes Individual plugin URL \u003C\u002Fli>\n\u003Cli>Blocks default plugins paths\u003C\u002Fli>\n\u003Cli>Creates New upload URL\u003C\u002Fli>\n\u003Cli>Blocks default upload URL\u003C\u002Fli>\n\u003Cli>Removes WordPress version\u003C\u002Fli>\n\u003Cli>Blocks Meta Generator\u003C\u002Fli>\n\u003Cli>Disables the emoji and required javascript code\u003C\u002Fli>\n\u003Cli>Removes pingback tag\u003C\u002Fli>\n\u003Cli>Removes wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Removes rsd_link Meta\u003C\u002Fli>\n\u003Cli>Removes wpemoji\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Minifies Html, Css, JavaScript\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Security Headers\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other plugin functionality will be blocked or interfered in any way by WP-Hide\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows to change the default Admin URL from \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>wp-admin\u003C\u002Fstrong> to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all \u003Cstrong>blocked URL\u003C\u002Fstrong> functionalities, without revealing the link existence at all.\u003C\u002Fp>\n\u003Cp>Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com\u002Fwp-content\u002Fplugins\u002Fwoocommerce\u002F into domain.com\u002Fecommerce\u002Fcdn\u002F or anything customized.\u003C\u002Fp>\n\u003Ch4>Plugin Sections\u003C\u002Fh4>\n\u003Cp>**Hide -> Scan\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exhaustive system security examination with analysis and improvements guidance and fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Theme\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Theme Path – Changes default theme path\u003C\u002Fli>\n\u003Cli>New Style File Path – Changes default style file name and path\u003C\u002Fli>\n\u003Cli>Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003Cli>Child – New Theme Path – Changes default child theme path\u003C\u002Fli>\n\u003Cli>Child – New Style File Path – Changes child theme style-sheet file path and name\u003C\u002Fli>\n\u003Cli>Child – Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP includes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Include Path – Changes default wp-include path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-include URL – Blocks default wp-include URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Content Path – Change default wp-content path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-content URL – Blocks the default content URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Plugin Path – Changes default wp-content\u002Fplugins path\u002FURL\u003C\u002Fli>\n\u003Cli>Block plugin URL – Blocks default wp-content\u002Fplugins URL\u003C\u002Fli>\n\u003Cli>New path \u002F URL for Every Active Plugin\u003C\u002Fli>\n\u003Cli>Customize path and name for any active plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Uploads\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Upload Path – Changes default media files path\u002FURL\u003C\u002Fli>\n\u003Cli>Block upload URL – Blocks default media files URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Comments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-comments-post.php Path\u003C\u002Fli>\n\u003Cli>Block wp-comments-post.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Author\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Author Path\u003C\u002Fli>\n\u003Cli>Prevent Access to Author Archives\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Search Path\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > XML-RPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New XML-RPC Path – Changes default XML-RPC path \u002F URL\u003C\u002Fli>\n\u003Cli>Block default xmlrpc.php – Blocks default XML-RPC URL\u003C\u002Fli>\n\u003Cli>Disable XML-RPC authentication – Filters whether XML-RPC methods require authentication\u003C\u002Fli>\n\u003Cli>Remove pingback – Removes pingback link tag from theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > JSON REST\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clean the REST API response\u003C\u002Fli>\n\u003Cli>Disable JSON REST V1 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Disable JSON REST V2 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Block any JSON REST calls – Any call for JSON REST API service will be blocked\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Disable JSON REST WP RSD endpoint from XML-RPC responses\u003C\u002Fli>\n\u003Cli>Disable Sends a Link header for the REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Root Files\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block license.txt – Blocks access to license.txt root file\u003C\u002Fli>\n\u003Cli>Block readme.html – Blocks access to readme.html root file\u003C\u002Fli>\n\u003Cli>Block wp-activate.php – Blocks access to wp-activate.php file\u003C\u002Fli>\n\u003Cli>Block wp-cron.php – Blocks outside access to wp-cron.php file\u003C\u002Fli>\n\u003Cli>Block wp-signup.php – Blocks default wp-signup.php file\u003C\u002Fli>\n\u003Cli>Block other wp-*.php files – Blocks other wp-.php files within WordPress Root\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > URL Slash\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>URL’s add Slash – Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Core\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling Directory Listing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Meta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Other Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Shortlink Meta\u003C\u002Fli>\n\u003Cli>Remove DNS Prefetch\u003C\u002Fli>\n\u003Cli>Remove Resource Hints\u003C\u002Fli>\n\u003Cli>Remove wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Remove feed_links Meta\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Remove rsd_link Meta\u003C\u002Fli>\n\u003Cli>Remove adjacent_posts_rel Meta\u003C\u002Fli>\n\u003Cli>Remove profile link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Block Detectors\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Detectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Emulate CMS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Emulate CMS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Admin Bar\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Admin Bar for specified urser roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Feed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove feed|rdf|rss|rss2|atom links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Robots.txt\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable admin URL within Robots.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Emoji\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Emoji\u003C\u002Fli>\n\u003Cli>Disable TinyMC Emoji\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Styles\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003Cli>Remove ID from link tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Scripts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Oembed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Oembed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Link Header\u003C\u002Fli>\n\u003Cli>Remove X-Powered-By Header\u003C\u002Fli>\n\u003Cli>Remove Server Header\u003C\u002Fli>\n\u003Cli>Remove X-Pingback Header\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove HTML Comments\u003C\u002Fli>\n\u003Cli>Minify Html, CSS, JavaScript\u003C\u002Fli>\n\u003Cli>Remove general classes from body tag\u003C\u002Fli>\n\u003Cli>Remove ID from Menu items\u003C\u002Fli>\n\u003Cli>Remove class from Menu items\u003C\u002Fli>\n\u003Cli>Remove general classes from post\u003C\u002Fli>\n\u003Cli>Remove general classes from images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > User Interactions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Mouse right click\u003C\u002Fli>\n\u003Cli>Disable Text Selection\u003C\u002Fli>\n\u003Cli>Disable Copy\u003C\u002Fli>\n\u003Cli>Disable Cut\u003C\u002Fli>\n\u003Cli>Disable Paste\u003C\u002Fli>\n\u003Cli>Disable Print\u003C\u002Fli>\n\u003Cli>Disable Print Screen\u003C\u002Fli>\n\u003Cli>Disable Developer Tools\u003C\u002Fli>\n\u003Cli>Disable View Source\u003C\u002Fli>\n\u003Cli>Disable Drag \u002F Drop\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > wp-login.php\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-login.php – Maps a new wp-login.php instead of the default one\u003C\u002Fli>\n\u003Cli>Block default wp-login.php – Blocks default wp-login.php file from being accessible\u003C\u002Fli>\n\u003Cli>Customize the default login page Logo image \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > Admin URL\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Admin URL – Creates a new admin URL instead of the default ”\u002Fwp-admin”. This also applies for admin-ajax.php calls\u003C\u002Fli>\n\u003Cli>Disable customized Admin Url redirect to the Login page\u003C\u002Fli>\n\u003Cli>Block default Admin Url – Blocks default admin URL and files from being accessible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable 2FA\u003C\u002Fli>\n\u003Cli>Enable the 2FA for specific roles\u003C\u002Fli>\n\u003Cli>Enforce User to Configure 2FA\u003C\u002Fli>\n\u003Cli>Primary option for Two-Factor\u003C\u002Fli>\n\u003Cli>Disable 2FA when using Temporary Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Email\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Auth App\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate Authenticator app (TOTP)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Recovery Codes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Recovery Codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Captcha\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Captcha V2\u003C\u002Fli>\n\u003Cli>Google Captcha V3\u003C\u002Fli>\n\u003Cli>CloudFlare Turnstile ( PRO )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Settings -> CDN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CDN Url – Sets-up CDN if applied. Some providers replace site assets with custom URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>HTTP Response Headers are a powerful tool to Harden Your Website Security.\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* X-Download-Options\u003Cbr \u002F>\n* X-Frame-Options (XFO)\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* X-XSS-Protection\u003C\u002Fp>\n\u003Cp>This free version works with Apache and IIS server types. For all server types, check with \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a basic version that can hide everything for basic sites, example \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa>. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.\u003C\u002Fp>\n\u003Cp>Anything wrong with this plugin on your site? Just use the forum or get in touch with us at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact\u003C\u002Fa> and we’ll check it out.\u003C\u002Fp>\n\u003Cp>A website example can be found at \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa> or our website \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin homepage at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">Nsp-Code\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Please help and translate this plugin to your language at \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code\u002FWP-Hide or if it helped with your project, why not leave a 5 star review on this board.\u003C\u002Fp>\n","Protect your website by concealing vulnerable WordPress traces, plugins, themes, login\u002Fadmin url. 2FA, Captcha, Firewall, Security Headers etc.",60000,3363758,86,275,"2026-03-06T08:34:00.000Z","4.0","5.4",[19,137,138,22,74],"headers","hide","https:\u002F\u002Fwp-hide.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-security-enhancer.2.8.3.zip",96,3,"2024-12-05 16:25:18",{"attackSurface":145,"codeSignals":197,"taintFlows":206,"riskAssessment":227,"analyzedAt":235},{"hooks":146,"ajaxHandlers":179,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":142,"unprotectedCount":142},[147,153,157,161,166,171,176],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","plugins_loaded","emlg_plugins_loaded","emlg-tfa.php",57,{"type":148,"name":154,"callback":154,"file":155,"line":156},"admin_menu","includes\\class-emlg-dashboard.php",18,{"type":148,"name":158,"callback":159,"file":155,"line":160},"admin_enqueue_scripts","enqueue_scripts",19,{"type":148,"name":162,"callback":163,"file":164,"line":165},"wp_mail_failed","mail_failed","includes\\class-emlg-email.php",87,{"type":167,"name":168,"callback":169,"file":164,"line":170},"filter","wp_mail_content_type","content_type",88,{"type":148,"name":172,"callback":173,"priority":55,"file":174,"line":175},"wp_authenticate","authenticate","includes\\class-emlg-login.php",33,{"type":167,"name":177,"callback":177,"priority":55,"file":174,"line":178},"template_include",34,[180,186,190],{"action":181,"nopriv":182,"callback":183,"hasNonce":182,"hasCapCheck":182,"file":184,"line":185},"emlg_check_email_cap",false,"check_email_capability","includes\\class-emlg-ajax.php",12,{"action":187,"nopriv":182,"callback":188,"hasNonce":182,"hasCapCheck":182,"file":184,"line":189},"emlg_preview_login_email","preview_login_email",13,{"action":191,"nopriv":182,"callback":192,"hasNonce":182,"hasCapCheck":182,"file":184,"line":193},"emlg_forms","forms",14,[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":11,"externalRequests":11,"nonceChecks":204,"capabilityChecks":204,"bundledLibraries":205},[],{"prepared":11,"raw":11,"locations":200},[],{"escaped":202,"rawEcho":11,"locations":203},22,[],1,[],[207],{"entryPoint":208,"graph":209,"unsanitizedCount":11,"severity":226},"\u003Csubmit-code> (views\\submit-code.php:0)",{"nodes":210,"edges":223},[211,217],{"id":212,"type":213,"label":214,"file":215,"line":216},"n0","source","$_GET (x2)","views\\submit-code.php",7,{"id":218,"type":219,"label":220,"file":215,"line":221,"wp_function":222},"n1","sink","echo() [XSS]",27,"echo",[224],{"from":212,"to":218,"sanitized":225},true,"low",{"summary":228,"deductions":229},"The emlg-tfa plugin, version 1.1, exhibits a mixed security posture. On the positive side, the code demonstrates good practices regarding SQL queries, exclusively using prepared statements, and all identified output operations are properly escaped. There is also a single nonce check and a single capability check present, indicating some awareness of security mechanisms. The absence of any recorded historical vulnerabilities or critical taint flows is also a positive sign.\n\nHowever, a significant concern arises from the attack surface. The plugin exposes three AJAX handlers, all of which lack authentication checks. This means that any unauthenticated user could potentially trigger these handlers, leading to a considerable risk if the handlers perform sensitive operations or can be manipulated to cause harm. While no dangerous functions, file operations, or external HTTP requests were detected, and no shortcodes or cron events contribute to the attack surface, the unprotected AJAX endpoints represent a clear vulnerability. The vulnerability history being clean could be due to the plugin's limited exposure or simply a lack of past security issues, but the current static analysis reveals a critical weakness that needs immediate attention.",[230,233],{"reason":231,"points":232},"AJAX handlers without auth checks",10,{"reason":234,"points":216},"Large attack surface without auth checks","2026-03-17T06:34:36.828Z",{"wat":237,"direct":248},{"assetPaths":238,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[239,240,241],"\u002Fwp-content\u002Fplugins\u002Femlg-tfa\u002Fcss\u002Fdashboard.css","\u002Fwp-content\u002Fplugins\u002Femlg-tfa\u002Fjs\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Femlg-tfa\u002Fcss\u002Femlg-login.css",[],[240],[245,246,247],"emlg-tfa\u002Fcss\u002Fdashboard.css?ver=","emlg-tfa\u002Fjs\u002Fdashboard.js?ver=","emlg-tfa\u002Fcss\u002Femlg-login.css?ver=",{"cssClasses":249,"htmlComments":250,"htmlAttributes":251,"restEndpoints":254,"jsGlobals":255,"shortcodeOutput":258},[4],[],[252,253],"data-emlg_options","data-emlg_codemirror_settings",[],[256,257],"window.emlg_options","window.emlg_codemirror_settings",[]]