[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgReurjZj7q3IjZk-rinl_ZswN8Wxwwfw61t0EbaEhkA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":136,"fingerprints":211},"force-user-login-multisite","Force User Login Multisite","1.2.1","jamesdlow","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamesdlow\u002F","\u003Cp>Makes your wordpress blog private unless the user is logged in, optionally setting a minium user level. Modified from https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fforce-user-login\u002F\u003C\u002Fp>\n","Makes your wordpress blog private unless the user is logged in, optionally setting a minium user level. Modified from http:\u002F\u002Fwordpress.",20,5906,100,1,"2023-10-24T09:26:00.000Z","3.2.1","3.0.0","",[20,21,22,23,24],"force-user-login","login","password","privacy","private","http:\u002F\u002Fjameslow.com\u002F2011\u002F10\u002F11\u002Fforce-user-login-multisite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-user-login-multisite.1.2.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},11,390,90,9,87,"2026-04-04T07:03:51.764Z",[40,64,84,102,120],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":35,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":28,"last_vuln_date":63,"fetched_at":30},"jonradio-private-site","My Private Site","4.1.0","David Gewirtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgewirtz\u002F","\u003Cp>\u003Cstrong>My Private Site\u003C\u002Fstrong> makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust.\u003C\u002Fp>\n\u003Cp>Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles.\u003C\u002Fp>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Family sites and school projects\u003C\u002Fstrong>: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development and staging sites\u003C\u002Fstrong>: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clubs, groups, and internal blogs\u003C\u002Fstrong>: Create a private online space for members or staff without the overhead of a complex membership system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Digital Fortress protection\u003C\u002Fh3>\n\u003Cp>My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make your entire WordPress site private with a single setting  \u003C\u002Fli>\n\u003Cli>Redirect logged-out visitors automatically to the login page  \u003C\u002Fli>\n\u003Cli>Choose where users land after login (requested page, home, dashboard, or custom URL)  \u003C\u002Fli>\n\u003Cli>Support user self-registration on private sites when enabled  \u003C\u002Fli>\n\u003Cli>Protect registration with built-in spam controls and optional reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Optionally block unauthenticated access to the WordPress REST API  \u003C\u002Fli>\n\u003Cli>Simple, no-code setup using standard WordPress settings \u003C\u002Fli>\n\u003Cli>Privacy shortcode lets you selectively show or hide content within a page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in AI Crawler Defense\u003C\u002Fh3>\n\u003Cp>The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated \u003Cstrong>AI Crawler Defense\u003C\u002Fstrong> features:\u003Cbr \u002F>\n* \u003Cstrong>NoAI and NoImageAI tags\u003C\u002Fstrong>: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training.\u003Cbr \u002F>\n* \u003Cstrong>Block GPTBot\u003C\u002Fstrong>: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site.\u003Cbr \u002F>\n* \u003Cstrong>Really Simple Licensing (RSL)\u003C\u002Fstrong>: Publish a machine-readable license that explicitly prohibits AI training on your content.\u003C\u002Fp>\n\u003Cp>These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you’re not using any other site privacy features.\u003C\u002Fp>\n\u003Ch3>Watch the Video Overview and Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fjry3DHD-OB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium Add-ons\u003C\u002Fh3>\n\u003Cp>Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost.\u003C\u002Fp>\n\u003Cp>Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you’re using any site privacy features.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB6s8O9VZLc0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-public-pages\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Public Pages 2.0\u003C\u002Fstrong>\u003C\u002Fa>: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fu7BuYtzS_pI\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-advanced-ai-defense\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced AI Crawler Defense\u003C\u002Fstrong>\u003C\u002Fa>: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FEb4qQDafaRk\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-visitor-intelligence\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visitor Intelligence\u003C\u002Fstrong>\u003C\u002Fa>: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FTTK8bGVD8pM\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-guest-access\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Guest Access\u003C\u002Fstrong>\u003C\u002Fa>: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fj1vYV8lhqcc\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-block-ip\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Block IP\u003C\u002Fstrong>\u003C\u002Fa>: Block unwanted visitors by IP address or range with full IPv4\u002FIPv6 support, configurable scope, and fast enforcement to secure your WordPress site. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FvsxLqYXWITs\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-tags-and-categories\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Tags & Categories\u003C\u002Fstrong>\u003C\u002Fa>: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FdEv7lXxU5lo\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-selective-content\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Selective Content\u003C\u002Fstrong>\u003C\u002Fa>: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FexgJrJJSCNY\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-pricing\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Digital Fortress Bundle\u003C\u002Fstrong>\u003C\u002Fa>: All add-ons are available in bundle form.  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FB6s8O9VZLc0\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limits\u003C\u002Fh3>\n\u003Cp>This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing.\u003C\u002Fp>\n\u003Ch3>Support Note\u003C\u002Fh3>\n\u003Cp>Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">open a ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Mailing List\u003C\u002Fh3>\n\u003Cp>If you’d like to keep up with the latest updates to this plugin, please visit \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Flab-notes\u002F\" rel=\"nofollow ugc\">David’s Lab Notes\u003C\u002Fa> and add yourself to the mailing list.\u003C\u002Fp>\n","Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.",20000,568968,80,"2026-01-28T21:00:00.000Z","6.9.4","4.4","5.4",[21,23,56,57,58],"private-site","registration","security","http:\u002F\u002Fzatzlabs.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjonradio-private-site.4.1.0.zip",99,2,"2024-02-16 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":18,"tags":79,"homepage":82,"download_link":83,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"chap-secure-login","Chap Secure Password Login","1.6.6","Enrico Rossomando","https:\u002F\u002Fprofiles.wordpress.org\u002Fredsend\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.\u003Cbr \u002F>\nIn the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.\u003Cbr \u002F>\nIf you want more details about this algorithm, check \u003Ca href=\"http:\u002F\u002Fwww.devarticles.com\u002Fc\u002Fa\u002FJavaScript\u002FBuilding-a-CHAP-Login-System-An-ObjectOriented-Approach\u002F\" rel=\"nofollow ugc\">“Building a CHAP Login System”\u003C\u002Fa>.\u003Cbr \u002F>\nThis is a zero-configuration plugin.\u003C\u002Fp>\n\u003Cp>Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > \u003Ca href=\"https:\u002F\u002Fwww.mrred.it\u002F\" title=\"Blog about programming, gaming and startup\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mrred.it\u003C\u002Fa>\u003C\u002Fp>\n","Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.",700,58331,62,8,"2020-06-07T08:21:00.000Z","5.4.19","2.5",[80,21,22,23,81],"admin","username","https:\u002F\u002Fwww.mrred.it\u002Fchap-secure-login-a-wordpress-plugin-for-secure-password-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchap-secure-login.1.6.6.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":13,"num_ratings":14,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":100,"download_link":101,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"private-suite","Private Suite","2.1","Stephanie Leary","https:\u002F\u002Fprofiles.wordpress.org\u002Fsillybean\u002F","\u003Cul>\n\u003Cli>Optionally adds private pages to \u003Ccode>wp_list_pages()\u003C\u002Fcode>, \u003Ccode>wp_page_menu()\u003C\u002Fcode>, and the Pages widget\u003C\u002Fli>\n\u003Cli>Provides a separate \u003Ccode>wp_list_private_pages()\u003C\u002Fcode> tag (a clone of \u003Ccode>wp_list_pages()\u003C\u002Fcode> that accepts all the same arguments)\u003C\u002Fli>\n\u003Cli>Specifies private categories, in which all posts will automatically be set to private\u003C\u002Fli>\n\u003Cli>Lets you change the “Private:” prefix on private post\u002Fpage titles\u003C\u002Fli>\n\u003Cli>Lets you change the “Protected:” prefix on password-protected post\u002Fpage titles\u003C\u002Fli>\n\u003Cli>Lets you choose which user roles can read private pages and posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsillybean\u002Fprivate-suite\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>French (fr_FR) by Regis Lemaire\u003C\u002Fli>\n\u003Cli>Bulgarian (bg_BG) by \u003Ca href=\"http:\u002F\u002Fwww.siteground.com\u002F\" rel=\"nofollow ugc\">SiteGround\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) by \u003Ca href=\"http:\u002F\u002Fbijoubijouterie.com\" rel=\"nofollow ugc\">Ömer Faruk Karabulut\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Ch3>Reading Settings\u003C\u002Fh3>\n\u003Cp>You must have at least one public page. Otherwise, as of 3.1, the front page settings (where you can choose a static page as your home page) will not appear on the settings page at all. As long as you have one public page, all the private pages will appear as options in the dropdown menu.\u003C\u002Fp>\n\u003Ch3>Page Lists and Widgets\u003C\u002Fh3>\n\u003Cp>Adding private pages to \u003Ccode>wp_list_pages()\u003C\u002Fcode>, \u003Ccode>wp_page_menu()\u003C\u002Fcode>, and the Pages widget does not always work as it should. The private pages will be out of order, and they might appear as children of the wrong parent page. If this occurs, try using the \u003Ccode>wp_list_private_pages()\u003C\u002Fcode> template tag instead. It’s a clone of \u003Ccode>wp_list_pages()\u003C\u002Fcode> and should accept all the same arguments. This plugin includes an extra Pages widget that includes private pages.\u003C\u002Fp>\n\u003Ch3>Private Categories\u003C\u002Fh3>\n\u003Cp>When you mark a category as private, all the posts in that category will have their visibility set to private when they are published, even if you don’t change the visibility setting on the edit screen. Only published posts are affected; your draft, pending, and scheduled posts will work as usual, except that scheduled posts will be set to private when they become active.\u003C\u002Fp>\n\u003Ch3>Acknowledgments\u003C\u002Fh3>\n\u003Cp>Huge thanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmtekk\" rel=\"nofollow ugc\">mtekk\u003C\u002Fa> for providing the \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F8592\" rel=\"nofollow ugc\">patch\u003C\u002Fa> that makes the page list features possible. The alternative method of listing pages was adapted from \u003Ca href=\"http:\u002F\u002Factivecodeline.com\u002Fcreate-a-menu-for-private-pages-and-posts-in-wordpress\" rel=\"nofollow ugc\">Branko Ajzele\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>If you would like to send me a translation, please write to me through \u003Ca href=\"http:\u002F\u002Fsillybean.net\u002Fabout\u002Fcontact\u002F\" rel=\"nofollow ugc\">my contact page\u003C\u002Fa>. Let me know which plugin you’ve translated and how you would like to be credited. I will write you back so you can attach the files in your reply.\u003C\u002Fp>\n","Allows you to choose who can read private content and offers better control of privacy features.",60,12851,"2016-04-22T21:29:00.000Z","4.5.33","3.3",[98,22,23,24,99],"categories","users","http:\u002F\u002Fsillybean.net\u002Fcode\u002Fwordpress\u002Fprivate-suite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivate-suite.2.1.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":28,"num_ratings":28,"last_updated":112,"tested_up_to":52,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":118,"download_link":119,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gozer","Force login to make the site private – Gozer","1.0.2","Fernando Tellado","https:\u002F\u002Fprofiles.wordpress.org\u002Ffernandot\u002F","\u003Cp>Gozer makes your entire WordPress site private by requiring visitors to log in before they can see any content. Perfect for intranets, membership sites, development environments, or any site that needs restricted access.\u003C\u002Fp>\n\u003Cp>Unlike other force login plugins, Gozer gives you complete control over exceptions. Configure exactly what should remain publicly accessible through an intuitive settings page.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-click activation\u003C\u002Fstrong> – Enable force login with a single checkbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bar toggle\u003C\u002Fstrong> – Quick on\u002Foff switch directly from the toolbar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>System exceptions\u003C\u002Fstrong> – Keep REST API, WP-Cron, WP-CLI, and AJAX working\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO-friendly\u003C\u002Fstrong> – Allow search engine bots, sitemaps, and robots.txt\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom paths\u003C\u002Fstrong> – Define specific pages that should remain public\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced IP whitelist\u003C\u002Fstrong> – Supports individual IPs, CIDR notation, and wildcards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary bypass tokens\u003C\u002Fstrong> – Generate shareable links for temporary access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User agent rules\u003C\u002Fstrong> – Grant access to monitoring services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible redirects\u003C\u002Fstrong> – Choose login page, 403 error, or custom URL\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – No bloat, just the features you need\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>IP Whitelist Formats\u003C\u002Fh4>\n\u003Cp>The plugin supports multiple IP formats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Individual IPs: \u003Ccode>192.168.1.1\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>CIDR notation: \u003Ccode>192.168.1.0\u002F24\u003C\u002Fcode> or \u003Ccode>10.0.0.0\u002F8\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Wildcards: \u003Ccode>192.168.*\u003C\u002Fcode> or \u003Ccode>10.*.*.*\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Temporary Bypass Tokens\u003C\u002Fh4>\n\u003Cp>Generate secure, time-limited access links perfect for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Client reviews of staging sites\u003C\u002Fli>\n\u003Cli>Sharing with contractors or agencies\u003C\u002Fli>\n\u003Cli>Temporary access for support teams\u003C\u002Fli>\n\u003Cli>Preview links for stakeholders\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Private company intranets\u003C\u002Fli>\n\u003Cli>Client staging sites\u003C\u002Fli>\n\u003Cli>Membership communities\u003C\u002Fli>\n\u003Cli>Development and testing environments\u003C\u002Fli>\n\u003Cli>Employee portals\u003C\u002Fli>\n\u003Cli>Educational platforms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help or have suggestions?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservicios.ayudawp.com\" rel=\"nofollow ugc\">Official website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fgozer\u002F\" rel=\"ugc\">WordPress support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002FAyudaWordPressES\" rel=\"nofollow ugc\">YouTube channel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fayudawp.com\" rel=\"nofollow ugc\">Documentation and tutorials\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Love the plugin? Please leave us a 5-star review and help spread the word!\u003C\u002Fp>\n\u003Ch3>About AyudaWP\u003C\u002Fh3>\n\u003Cp>We are specialists in WordPress security, SEO, and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.\u003C\u002Fp>\n","Force visitors to log in before accessing your site with extensive exception controls.",10,269,"2026-03-05T19:15:00.000Z","5.0","7.4",[116,21,23,24,117],"access","restricted","https:\u002F\u002Fservicios.ayudawp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgozer.1.0.2.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":28,"downloaded":128,"rating":28,"num_ratings":28,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":18,"download_link":135,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"encrypt-my-login-password","Encrypt My Login Password","1.0.0","himansu1","https:\u002F\u002Fprofiles.wordpress.org\u002Fhimansu1\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to encrypt your password.\u003C\u002Fp>\n","Do not show password on login page.",915,"2021-10-23T03:27:00.000Z","5.8.13","4.9","5.6",[80,21,134,23,81],"password-encryption","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fencrypt-my-login-password.zip",{"attackSurface":137,"codeSignals":152,"taintFlows":162,"riskAssessment":202,"analyzedAt":210},{"hooks":138,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":28,"unprotectedCount":28},[139,144],{"type":140,"name":141,"callback":142,"file":143,"line":33},"action","admin_menu","force_login_multisite_menu","force-login-multisite.php",{"type":140,"name":145,"callback":146,"file":143,"line":147},"template_redirect","force_login",89,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":161},[],{"prepared":28,"raw":28,"locations":155},[],{"escaped":28,"rawEcho":14,"locations":157},[158],{"file":143,"line":159,"context":160},49,"raw output",[],[163,189],{"entryPoint":164,"graph":165,"unsanitizedCount":62,"severity":188},"force_login (force-login-multisite.php:90)",{"nodes":166,"edges":184},[167,172,177,181],{"id":168,"type":169,"label":170,"file":143,"line":171},"n0","source","$_SERVER['SERVER_NAME']",101,{"id":173,"type":174,"label":175,"file":143,"line":171,"wp_function":176},"n1","sink","header() [Header Injection]","header",{"id":178,"type":169,"label":179,"file":143,"line":180},"n2","$_SERVER",94,{"id":182,"type":174,"label":175,"file":143,"line":183,"wp_function":176},"n3",106,[185,187],{"from":168,"to":173,"sanitized":186},false,{"from":178,"to":182,"sanitized":186},"medium",{"entryPoint":190,"graph":191,"unsanitizedCount":28,"severity":201},"\u003Cforce-login-multisite> (force-login-multisite.php:0)",{"nodes":192,"edges":197},[193,194,195,196],{"id":168,"type":169,"label":170,"file":143,"line":171},{"id":173,"type":174,"label":175,"file":143,"line":171,"wp_function":176},{"id":178,"type":169,"label":179,"file":143,"line":180},{"id":182,"type":174,"label":175,"file":143,"line":183,"wp_function":176},[198,200],{"from":168,"to":173,"sanitized":199},true,{"from":178,"to":182,"sanitized":199},"low",{"summary":203,"deductions":204},"The 'force-user-login-multisite' plugin v1.2.1 exhibits a mixed security posture. On the positive side, there are no reported CVEs, no dangerous functions, no raw SQL queries, no file operations, and no external HTTP requests, indicating a generally clean codebase in these areas. The complete absence of an attack surface (AJAX, REST API, shortcodes, cron events) is also a significant strength, as it limits potential entry points for attackers. Furthermore, the presence of capability checks suggests some level of access control is being implemented.\n\nHowever, there are notable concerns. The static analysis reveals that 100% of the identified outputs are not properly escaped. This is a significant risk, as it can lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output. Additionally, the taint analysis identified one flow with unsanitized paths, which, while not classified as critical or high severity in this analysis, still represents a potential security weakness that warrants investigation. The absence of nonce checks on entry points (though the attack surface is zero) would normally be a concern, but in this specific case, with no entry points, it's a non-issue. The plugin's vulnerability history being completely clean is a good sign, but the lack of proper output escaping and the identified unsanitized path in the taint analysis suggest that the plugin may not have undergone extensive security scrutiny or that its current security practices are not entirely robust. Overall, while the plugin has strengths in limiting its attack surface and avoiding certain common vulnerabilities, the unescaped output and unsanitized path are significant weaknesses that reduce its security score.",[205,207],{"reason":206,"points":75},"Output not properly escaped",{"reason":208,"points":209},"Flow with unsanitized paths",5,"2026-03-16T22:58:05.297Z",{"wat":212,"direct":217},{"assetPaths":213,"generatorPatterns":214,"scriptPaths":215,"versionParams":216},[],[],[],[],{"cssClasses":218,"htmlComments":221,"htmlAttributes":222,"restEndpoints":225,"jsGlobals":226,"shortcodeOutput":227},[219,220],"wrap","form-table",[],[223,224],"name=\"force_login_multisite_minlevel\"","id=\"force_login_multisite_minlevel\"",[],[],[]]