[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcy54sEjUv7037YruxxwwOMC0NOqo-t07mTZSU0tepCE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":146,"fingerprints":176},"force-login-pro","Force Login Pro","0.0.4","Brandon Hubbard","https:\u002F\u002Fprofiles.wordpress.org\u002Fbhubbard\u002F","\u003Cp>Keep your WordPress site secure by requiring all visitors to first login to your site. Simply turn it on and it works out of the box.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\u003C\u002Fp>\n","A simple WordPress plugin to force login.",10,1249,100,1,"2021-05-19T17:29:00.000Z","5.7.15","5.0","7.0",[20,21,22,23,24],"login","privacy","protected","protection","security","https:\u002F\u002Fgithub.com\u002Faccessnetworks\u002Fforce-login-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-login-pro.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":27,"computed_at":38},"bhubbard",4,90,87,30,"2026-04-03T20:56:24.474Z",[40,65,87,110,126],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":35,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":28,"last_vuln_date":64,"fetched_at":30},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,368,"2026-03-11T17:54:00.000Z","6.9.4","5.6","7.4",[56,57,58,24,59],"antispam","brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",98,3,"2024-07-11 00:00:00",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":35,"num_ratings":75,"last_updated":76,"tested_up_to":52,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":82,"download_link":83,"security_score":84,"vuln_count":85,"unpatched_count":28,"last_vuln_date":86,"fetched_at":30},"jonradio-private-site","My Private Site","4.1.0","David Gewirtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgewirtz\u002F","\u003Cp>\u003Cstrong>My Private Site\u003C\u002Fstrong> makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust.\u003C\u002Fp>\n\u003Cp>Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles.\u003C\u002Fp>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Family sites and school projects\u003C\u002Fstrong>: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development and staging sites\u003C\u002Fstrong>: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clubs, groups, and internal blogs\u003C\u002Fstrong>: Create a private online space for members or staff without the overhead of a complex membership system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Digital Fortress protection\u003C\u002Fh3>\n\u003Cp>My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make your entire WordPress site private with a single setting  \u003C\u002Fli>\n\u003Cli>Redirect logged-out visitors automatically to the login page  \u003C\u002Fli>\n\u003Cli>Choose where users land after login (requested page, home, dashboard, or custom URL)  \u003C\u002Fli>\n\u003Cli>Support user self-registration on private sites when enabled  \u003C\u002Fli>\n\u003Cli>Protect registration with built-in spam controls and optional reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Optionally block unauthenticated access to the WordPress REST API  \u003C\u002Fli>\n\u003Cli>Simple, no-code setup using standard WordPress settings \u003C\u002Fli>\n\u003Cli>Privacy shortcode lets you selectively show or hide content within a page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in AI Crawler Defense\u003C\u002Fh3>\n\u003Cp>The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated \u003Cstrong>AI Crawler Defense\u003C\u002Fstrong> features:\u003Cbr \u002F>\n* \u003Cstrong>NoAI and NoImageAI tags\u003C\u002Fstrong>: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training.\u003Cbr \u002F>\n* \u003Cstrong>Block GPTBot\u003C\u002Fstrong>: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site.\u003Cbr \u002F>\n* \u003Cstrong>Really Simple Licensing (RSL)\u003C\u002Fstrong>: Publish a machine-readable license that explicitly prohibits AI training on your content.\u003C\u002Fp>\n\u003Cp>These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you’re not using any other site privacy features.\u003C\u002Fp>\n\u003Ch3>Watch the Video Overview and Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fjry3DHD-OB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium Add-ons\u003C\u002Fh3>\n\u003Cp>Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost.\u003C\u002Fp>\n\u003Cp>Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you’re using any site privacy features.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB6s8O9VZLc0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-public-pages\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Public Pages 2.0\u003C\u002Fstrong>\u003C\u002Fa>: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fu7BuYtzS_pI\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-advanced-ai-defense\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced AI Crawler Defense\u003C\u002Fstrong>\u003C\u002Fa>: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FEb4qQDafaRk\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-visitor-intelligence\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visitor Intelligence\u003C\u002Fstrong>\u003C\u002Fa>: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FTTK8bGVD8pM\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-guest-access\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Guest Access\u003C\u002Fstrong>\u003C\u002Fa>: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fj1vYV8lhqcc\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-block-ip\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Block IP\u003C\u002Fstrong>\u003C\u002Fa>: Block unwanted visitors by IP address or range with full IPv4\u002FIPv6 support, configurable scope, and fast enforcement to secure your WordPress site. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FvsxLqYXWITs\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-tags-and-categories\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Tags & Categories\u003C\u002Fstrong>\u003C\u002Fa>: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FdEv7lXxU5lo\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-selective-content\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Selective Content\u003C\u002Fstrong>\u003C\u002Fa>: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FexgJrJJSCNY\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-pricing\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Digital Fortress Bundle\u003C\u002Fstrong>\u003C\u002Fa>: All add-ons are available in bundle form.  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FB6s8O9VZLc0\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limits\u003C\u002Fh3>\n\u003Cp>This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing.\u003C\u002Fp>\n\u003Ch3>Support Note\u003C\u002Fh3>\n\u003Cp>Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">open a ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Mailing List\u003C\u002Fh3>\n\u003Cp>If you’d like to keep up with the latest updates to this plugin, please visit \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Flab-notes\u002F\" rel=\"nofollow ugc\">David’s Lab Notes\u003C\u002Fa> and add yourself to the mailing list.\u003C\u002Fp>\n","Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.",20000,568968,80,"2026-01-28T21:00:00.000Z","4.4","5.4",[20,21,80,81,24],"private-site","registration","http:\u002F\u002Fzatzlabs.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjonradio-private-site.4.1.0.zip",99,2,"2024-02-16 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":102,"download_link":108,"security_score":13,"vuln_count":14,"unpatched_count":28,"last_vuln_date":109,"fetched_at":30},"cartpauj-register-captcha","Cartpauj Register Captcha","2.0.1","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress’s default registration form. There are no settings to configure. Just activate and watch those SPAM sign-ups fade away! Requires openssl PHP library.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds CAPTCHA to the WordPress register sign-up form.\u003C\u002Fli>\n\u003Cli>NO settings or configurations to deal with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>Built with a modified version of Phoca Captcha PHP library\u003Cbr \u002F>\nIcon by \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\u002Fauthors\u002Ffreepik\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa>\u003C\u002Fp>\n","Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.",1000,38872,84,24,"2025-05-20T23:09:00.000Z","6.8.5","6.0","",[104,105,23,106,107],"captcha","login-security","recaptcha","turnstile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcartpauj-register-captcha.2.0.1.zip","2023-08-21 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":14,"last_updated":120,"tested_up_to":52,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":102,"download_link":125,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,"2025-12-03T10:41:00.000Z","4.6.0","5.3",[57,104,20,105,124],"spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":127,"name":128,"version":53,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":118,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":100,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":102,"download_link":142,"security_score":143,"vuln_count":144,"unpatched_count":28,"last_vuln_date":145,"fetched_at":30},"wp-limit-failed-login-attempts","Limit Login Attempts (Spam Protection)","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>Limit the number of login attempts possible both through normal login as well as using auth cookies.\u003C\u002Fp>\n\u003Cp>By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.\u003C\u002Fp>\n\u003Cp>Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of retry attempts when logging in.\u003C\u002Fli>\n\u003Cli>Configurable lockout timings.\u003C\u002Fli>\n\u003Cli>Email notification of blocked attempts (Detailed email containing all necessary information).\u003C\u002Fli>\n\u003Cli>Notify the user of remaining attempts.\u003C\u002Fli>\n\u003Cli>Report containing all blocked attempts.\u003C\u002Fli>\n\u003Cli>Whitelist\u002FBlocklist of IPs (Support IP ranges).\u003C\u002Fli>\n\u003Cli>Allow\u002FBlock Countries.\u003C\u002Fli>\n\u003Cli>Automatically block IP addresses that exceed limit login attempts\u003C\u002Fli>\n\u003Cli>Automatically add IP addresses that exceed blocks limit to the deny list\u003C\u002Fli>\n\u003Cli>Send notifications about blocked retry (Email sent to admins)\u003C\u002Fli>\n\u003Cli>Inform the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>Unlock The Locked users – Easily unlock the locked admin through the email or dashboard.\u003C\u002Fli>\n\u003Cli>Limit the number of retry attempts when logging in per IP.\u003C\u002Fli>\n\u003Cli>Limit the number of attempts to log in using cookies.\u003C\u002Fli>\n\u003Cli>Optional logging and optional email notification.\u003C\u002Fli>\n\u003Cli>Compatible with Google captcha, Captcha Plus & reCaptcha.\u003C\u002Fli>\n\u003Cli>Dashboard gives you an overview of your site’s security.\u003C\u002Fli>\n\u003Cli>Enable or disable the plugin functionality\u003C\u002Fli>\n\u003Cli>Enable to disable email notifications\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Woocommerce login page protection.\u003C\u002Fli>\n\u003Cli>Wordfence & Sucuri compatibility.\u003C\u002Fli>\n\u003Cli>GDPR compliant.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Features (PRO)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All Basic features included.\u003C\u002Fli>\n\u003Cli>Save the password that was used by the hacker (Save part of the password and hide the last three digits).\u003C\u002Fli>\n\u003Cli>Advanced dashboard gives you an overview of your site’s security (Charts for the most important reports).\u003C\u002Fli>\n\u003Cli>Block attackers by IP, Country, IP range.\u003C\u002Fli>\n\u003Cli>Mobile Application for the admins to follow up the site security (\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fwp-content\u002Fuploads\u002Fapps\u002Flogin-attempts-app.apk\" rel=\"nofollow ugc\">Download APK\u003C\u002Fa>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video Description\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585819426\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Plugin Settings and Reports\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F585820422\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.",13895,78,7,"2025-06-15T19:08:00.000Z","4.6","7.2",[41,140,141,23,24],"firewall","login-attempts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-limit-failed-login-attempts.5.6.zip",92,5,"2024-12-05 00:00:00",{"attackSurface":147,"codeSignals":162,"taintFlows":169,"riskAssessment":170,"analyzedAt":175},{"hooks":148,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":28,"unprotectedCount":28},[149,154],{"type":150,"name":151,"callback":152,"file":153,"line":36},"action","template_redirect","force_login","force-login-pro.php",{"type":150,"name":155,"callback":156,"file":153,"line":157},"plugins_loaded","force_login_load_textdomain",110,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":168},[],{"prepared":28,"raw":28,"locations":165},[],{"escaped":63,"rawEcho":28,"locations":167},[],[],[],{"summary":171,"deductions":172},"The \"force-login-pro\" plugin v0.0.4 demonstrates a strong security posture based on the static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface.  Furthermore, the code signals indicate a healthy approach to development, with no dangerous functions, all SQL queries using prepared statements, and all output being properly escaped. The plugin also avoids file operations and external HTTP requests, further reducing potential exposure.\n\nThe vulnerability history is entirely clean, with no known CVEs of any severity. This, combined with the clean taint analysis results, suggests a lack of common vulnerabilities such as unsanitized paths.  The presence of a capability check, while only one, is a positive indicator of authorization controls being considered.  However, the complete absence of nonce checks is a notable omission, especially if any future entry points are introduced.\n\nIn conclusion, the plugin appears to be developed with security in mind, exhibiting many good practices. The main area of concern is the lack of nonce checks, which could become a vulnerability if the attack surface expands.  The current version is assessed as low risk due to the minimal attack surface and the absence of known vulnerabilities or critical code flaws.",[173],{"reason":174,"points":144},"No nonce checks found","2026-03-17T00:16:25.105Z",{"wat":177,"direct":183},{"assetPaths":178,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[179],"\u002Fwp-content\u002Fplugins\u002Fforce-login-pro\u002Fforce-login-pro.php",[],[],[],{"cssClasses":184,"htmlComments":185,"htmlAttributes":186,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[],[],[],[],[],[]]