[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flwx48sJIpWHhsJWI1cqoWCyL6HCf6wCfzj-h5DuCdz4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":121,"fingerprints":534},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",10,612,0,"2025-05-09T10:19:00.000Z","6.8.5","5.0","7.2",[19,20,21,22,23],"brute-force-protection","custom-login-url","login-security","security","wp-admin","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"hamdisaidani",2,110,96,30,91,"2026-04-04T05:58:47.572Z",[39,59,75,88,106],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":26,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":24,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,1,"2025-12-03T10:41:00.000Z","6.9.4","4.6.0","5.3",[19,55,56,21,57],"captcha","login","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":26,"num_ratings":68,"last_updated":69,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",347,3,"2025-07-01T05:30:00.000Z",[20,71,22,23,72],"hide-login","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":13,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":51,"requires_at_least":16,"requires_php":17,"tags":85,"homepage":24,"download_link":87,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",179,"2025-12-10T04:07:00.000Z",[20,56,22,86,23],"wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":13,"downloaded":96,"rating":13,"num_ratings":13,"last_updated":97,"tested_up_to":51,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"esherpa-login-guard","eSherpa Login Guard","3.0.0","Ralf Naumann","https:\u002F\u002Fprofiles.wordpress.org\u002Fr2d3\u002F","\u003Cp>\u003Cstrong>eSherpa Login Guard\u003C\u002Fstrong> effectively and intelligently protects your WordPress site from brute-force attacks – Swiss precision, completely without external dependencies.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Honeypot-first bot defense\u003C\u002Fstrong>: JavaScript Honeypot detects non-browser bots and triggers immediate lockout logic.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected username trap\u003C\u002Fstrong>: Immediate lockout for defined usernames (e.g., “admin”, “test”), independent of the regular counter.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Proactive User-Agent blocking\u003C\u002Fstrong>: Block known bot signatures before login processing (exact match or substring mode).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocked User-Agent attempt log\u003C\u002Fstrong>: Separate log table for blocked User-Agent requests including matching pattern.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress hardening options\u003C\u002Fstrong>: Disable XML-RPC (with fake-user honeypot response), hide REST user endpoint, and block author archive enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional bot password capture\u003C\u002Fstrong>: Store attempted passwords from detected JS-honeypot bots for incident analysis.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Neutral login error option\u003C\u002Fstrong>: Hide username enumeration by using neutral WordPress login error responses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live security visibility\u003C\u002Fstrong>: Live alarm in admin, lockout badge in menu, and detailed failed-attempt logs with IP\u002FUser-Agent filters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive lockout durations\u003C\u002Fstrong>: Lockout time increases on repeat offenses (e.g., 15 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 30 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 60 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 120 minutes).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login page guidance\u003C\u002Fstrong>: Clear countdown and “X attempts remaining” notice for transparent lock state.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-compliant\u003C\u002Fstrong>: IPs stored only as anonymized hashes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic cleanup\u003C\u002Fstrong> of old failed attempts (configurable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile-friendly admin tables\u003C\u002Fstrong>: Horizontal scrolling for wide security tables on small screens, including swipe hint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notification\u003C\u002Fstrong> to admin on attacks against existing users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed in Switzerland – fast, clean, performant, and multilingual ready.\u003C\u002Fp>\n\u003Cp>Compatible with WordPress 6.9 and tested up to PHP 8.5.3.\u003C\u002Fp>\n","Intelligent login protection with honeypot detection, WordPress hardening, and a clear security admin overview.",172,"2026-03-03T08:32:00.000Z","5.6","7.4",[101,19,102,21,103],"bot-protection","honeypot","wordpress-hardening","https:\u002F\u002Fesherpa.ch\u002Flogin-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fesherpa-login-guard.3.0.0.zip",{"slug":107,"name":108,"version":42,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":13,"downloaded":113,"rating":13,"num_ratings":13,"last_updated":24,"tested_up_to":51,"requires_at_least":114,"requires_php":99,"tags":115,"homepage":24,"download_link":119,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":120},"simple-login-guard","Simple Login Guard – Monitor & Block Attempts","Aman Brar","https:\u002F\u002Fprofiles.wordpress.org\u002Famandeepwebspero\u002F","\u003Cp>\u003Cstrong>Simple Login Guard\u003C\u002Fstrong> is a lightweight login security plugin designed to protect your WordPress website from brute-force attacks.\u003Cbr \u002F>\nIt monitors every login attempt, logs failed and successful logins, tracks suspicious behavior, and automatically blocks IP addresses that exceed your configured threshold — keeping your site safe without slowing it down.\u003C\u002Fp>\n\u003Cp>No confusing settings. No bulky security suite.\u003Cbr \u002F>\nJust \u003Cstrong>simple, effective login protection\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Monitor Failed & Successful Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Logs every attempt with username, IP, timestamp, and status.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic IP Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Block IPs that exceed a defined number of failed attempts within a time window.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizable Security Rules\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Failed attempts threshold\u003Cbr \u002F>\n  – Lockout duration\u003Cbr \u002F>\n  – Time window for counting attempts\u003Cbr \u002F>\n  – Retention period for logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Block \u002F Unblock IPs\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Block or unblock IP addresses from the admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Uses optimized database queries and caching to avoid performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Safe Logging Table\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Creates a separate database table for login attempts, leaving core tables untouched.\u003C\u002Fp>\n\u003Ch3>📊 Admin Dashboard\u003C\u002Fh3>\n\u003Cp>The plugin includes an easy-to-use interface under:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Simple Login Guard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sections include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Settings\u003C\u002Fli>\n\u003Cli>Blocked IPs List\u003C\u002Fli>\n\u003C\u002Ful>\n","Monitor failed login attempts and automatically block IPs after multiple failures. Lightweight and easy to use.",159,"5.5",[116,19,117,118,21],"block-ip","limit-login-attempts","login-attempts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-guard.1.0.2.zip","2026-03-15T10:48:56.248Z",{"attackSurface":122,"codeSignals":435,"taintFlows":466,"riskAssessment":525,"analyzedAt":533},{"hooks":123,"ajaxHandlers":365,"restRoutes":419,"shortcodes":420,"cronEvents":421,"entryPointCount":142,"unprotectedCount":434},[124,130,133,138,143,147,151,155,157,159,163,166,170,175,179,183,189,194,199,204,206,209,213,216,219,222,225,228,231,234,237,239,242,245,248,252,256,260,263,267,272,276,280,284,287,291,295,298,302,305,308,312,315,320,323,326,330,334,338,342,344,348,351,353,355,359,362],{"type":125,"name":126,"callback":127,"file":128,"line":129},"action","phpmailer_init","fortlopr_configure_phpmailer","core\\ajax\\email-me-slug.php",57,{"type":125,"name":126,"callback":127,"file":131,"line":132},"core\\ajax\\send-verification-email.php",50,{"type":125,"name":134,"callback":135,"file":136,"line":137},"init","fortlopr_ajax_handlers_init","core\\ajax-handler.php",54,{"type":125,"name":139,"callback":140,"file":141,"line":142},"fortress_daily_rotation_check","fortlopr_handle_auto_rotation_step1","core\\rotation-engine.php",14,{"type":125,"name":144,"callback":145,"file":141,"line":146},"fortress_check_pending_slug","fortlopr_check_pending_slug_expiry",19,{"type":125,"name":148,"callback":149,"file":141,"line":150},"fortress_plugin_activated","fortlopr_schedule_pending_slug_check",29,{"type":125,"name":152,"callback":153,"file":141,"line":154},"fortress_plugin_deactivated","fortlopr_clear_pending_slug_check",37,{"type":125,"name":126,"callback":127,"file":141,"line":156},186,{"type":125,"name":126,"callback":127,"file":141,"line":158},304,{"type":125,"name":160,"callback":161,"file":141,"line":162},"fortress_delayed_flush_rules","fortlopr_delayed_flush_rules",378,{"type":125,"name":126,"callback":127,"file":164,"line":165},"core\\smtp-handler.php",90,{"type":125,"name":167,"callback":168,"file":164,"line":169},"wp_mail_failed","fortlopr_capture_mail_error",135,{"type":125,"name":171,"callback":172,"file":173,"line":174},"admin_menu","fortlopr_login_pro_admin_menu","fortress-login-pro.php",32,{"type":125,"name":176,"callback":177,"file":173,"line":178},"admin_enqueue_scripts","fortlopr_enqueue_assets",145,{"type":125,"name":180,"callback":181,"file":173,"line":182},"login_enqueue_scripts","fortlopr_login_enqueue_scripts",148,{"type":184,"name":185,"callback":186,"file":187,"line":188},"filter","admin_footer_text","fortlopr_admin_footer_text","includes\\admin-footer.php",28,{"type":184,"name":190,"callback":191,"priority":192,"file":187,"line":193},"update_footer","fortlopr_update_footer",11,46,{"type":184,"name":195,"callback":196,"file":197,"line":198},"wp_mail_content_type","fortlopr_set_html_mail_content_type","includes\\email-utils.php",22,{"type":125,"name":200,"callback":201,"file":202,"line":203},"admin_init","fortlopr_early_admin_system_file_block","includes\\filters-hooks.php",88,{"type":125,"name":134,"callback":201,"priority":49,"file":202,"line":205},89,{"type":125,"name":200,"callback":207,"file":202,"line":208},"fortlopr_register_smtp_settings",266,{"type":184,"name":210,"callback":211,"priority":11,"file":202,"line":212},"pre_update_option_fortress_smtp_host","fortlopr_unverify_smtp_on_change",269,{"type":184,"name":214,"callback":211,"priority":11,"file":202,"line":215},"pre_update_option_fortress_smtp_port",270,{"type":184,"name":217,"callback":211,"priority":11,"file":202,"line":218},"pre_update_option_fortress_smtp_encryption",271,{"type":184,"name":220,"callback":211,"priority":11,"file":202,"line":221},"pre_update_option_fortress_smtp_username",272,{"type":184,"name":223,"callback":211,"priority":11,"file":202,"line":224},"pre_update_option_fortress_smtp_password",273,{"type":184,"name":226,"callback":211,"priority":11,"file":202,"line":227},"pre_update_option_fortress_smtp_from_email",274,{"type":184,"name":229,"callback":211,"priority":11,"file":202,"line":230},"pre_update_option_fortress_smtp_from_name",275,{"type":184,"name":232,"callback":211,"priority":11,"file":202,"line":233},"pre_update_option_fortress_smtp_recipient_email",276,{"type":184,"name":226,"callback":235,"priority":11,"file":202,"line":236},"fortlopr_validate_email_field",279,{"type":184,"name":232,"callback":235,"priority":11,"file":202,"line":238},280,{"type":125,"name":200,"callback":240,"file":202,"line":241},"fortlopr_register_auto_rotation_settings",357,{"type":125,"name":148,"callback":243,"file":202,"line":244},"fortlopr_schedule_cron",454,{"type":125,"name":152,"callback":246,"file":202,"line":247},"fortlopr_clear_cron",463,{"type":125,"name":249,"callback":250,"priority":11,"file":202,"line":251},"update_option_fortress_auto_rotation_enabled","fortlopr_check_immediate_rotation",472,{"type":125,"name":253,"callback":254,"file":202,"line":255},"admin_notices","fortlopr_display_rotation_notice",517,{"type":184,"name":257,"callback":258,"file":202,"line":259},"query_vars","fortlopr_register_login_query_var",528,{"type":125,"name":134,"callback":261,"file":202,"line":262},"fortlopr_login_pro_init",534,{"type":125,"name":134,"callback":264,"priority":265,"file":202,"line":266},"fortlopr_maybe_flush_rewrite_rules",20,546,{"type":125,"name":268,"callback":269,"priority":270,"file":202,"line":271},"template_redirect","fortlopr_handle_login_template",5,557,{"type":125,"name":268,"callback":273,"priority":274,"file":202,"line":275},"fortlopr_block_login_like_paths",4,560,{"type":125,"name":277,"callback":278,"file":202,"line":279},"wp","fortlopr_init_login_handlers",563,{"type":125,"name":281,"callback":282,"priority":270,"file":202,"line":283},"login_init","fortlopr_redirect_wp_login",574,{"type":125,"name":134,"callback":285,"priority":270,"file":202,"line":286},"fortlopr_setup_login_redirect",577,{"type":125,"name":134,"callback":288,"priority":289,"file":202,"line":290},"fortlopr_force_check_rewrite_rules",99,682,{"type":184,"name":292,"callback":293,"file":202,"line":294},"login_form_action","closure",821,{"type":125,"name":296,"callback":293,"file":202,"line":297},"login_form",832,{"type":125,"name":299,"callback":300,"priority":11,"file":202,"line":301},"wp_login","fortlopr_track_login_success",949,{"type":125,"name":148,"callback":303,"file":202,"line":304},"fortlopr_flush_rewrite_rules",1255,{"type":125,"name":306,"callback":303,"file":202,"line":307},"update_option_fortress_active_slug",1258,{"type":184,"name":309,"callback":310,"priority":11,"file":202,"line":311},"site_url","fortlopr_filter_site_url",1263,{"type":125,"name":134,"callback":313,"file":202,"line":314},"fortlopr_handle_admin_email_verification",1314,{"type":184,"name":316,"callback":317,"priority":318,"file":202,"line":319},"login_redirect","fortlopr_override_verification_redirect",999,1322,{"type":184,"name":316,"callback":321,"priority":26,"file":202,"line":322},"fortlopr_fix_login_redirect",1345,{"type":125,"name":277,"callback":324,"priority":13,"file":202,"line":325},"fortlopr_override_wp_admin_redirect_early",1378,{"type":125,"name":327,"callback":328,"priority":318,"file":202,"line":329},"wp_loaded","fortlopr_block_wp_admin_redirect",1422,{"type":184,"name":331,"callback":332,"priority":11,"file":202,"line":333},"logout_url","fortlopr_custom_logout_url",1498,{"type":125,"name":335,"callback":336,"file":202,"line":337},"fortress_pending_slug_set","fortlopr_handle_pending_slug_set",1521,{"type":125,"name":339,"callback":340,"file":202,"line":341},"fortress_active_slug_changed","fortlopr_handle_active_slug_changed",1543,{"type":125,"name":160,"callback":161,"file":202,"line":343},1565,{"type":125,"name":345,"callback":346,"priority":11,"file":202,"line":347},"fortress_pending_slug_promoted","fortlopr_after_pending_slug_promotion",1568,{"type":125,"name":253,"callback":349,"file":202,"line":350},"fortlopr_display_slug_promotion_notice",1619,{"type":125,"name":253,"callback":293,"file":202,"line":352},1638,{"type":125,"name":253,"callback":293,"file":202,"line":354},1654,{"type":125,"name":356,"callback":357,"priority":11,"file":202,"line":358},"update_option_fortress_block_install_files","fortlopr_handle_htaccess_option_change",1664,{"type":125,"name":200,"callback":360,"file":202,"line":361},"fortlopr_register_system_settings",1677,{"type":125,"name":253,"callback":363,"file":202,"line":364},"fortlopr_display_htaccess_activation_error",1697,[366,372,376,380,381,384,388,392,396,400,404,408,412,415],{"action":367,"nopriv":368,"callback":369,"hasNonce":370,"hasCapCheck":370,"file":131,"line":371},"fortress_send_test_email",false,"fortlopr_ajax_send_test_email",true,87,{"action":373,"nopriv":368,"callback":374,"hasNonce":368,"hasCapCheck":368,"file":136,"line":375},"fortress_generate_slug","fortlopr_ajax_generate_slug",23,{"action":377,"nopriv":368,"callback":378,"hasNonce":368,"hasCapCheck":368,"file":136,"line":379},"fortress_save_slug","fortlopr_ajax_save_slug",26,{"action":367,"nopriv":368,"callback":369,"hasNonce":368,"hasCapCheck":368,"file":136,"line":150},{"action":382,"nopriv":368,"callback":383,"hasNonce":368,"hasCapCheck":368,"file":136,"line":174},"fortress_export_logs","fortlopr_ajax_export_logs",{"action":385,"nopriv":368,"callback":386,"hasNonce":368,"hasCapCheck":368,"file":136,"line":387},"fortress_clear_logs","fortlopr_ajax_clear_logs",35,{"action":389,"nopriv":368,"callback":390,"hasNonce":368,"hasCapCheck":368,"file":136,"line":391},"fortress_get_slug_history","fortlopr_ajax_get_slug_history",38,{"action":393,"nopriv":368,"callback":394,"hasNonce":368,"hasCapCheck":368,"file":136,"line":395},"fortress_restore_slug","fortlopr_ajax_restore_slug",39,{"action":397,"nopriv":368,"callback":398,"hasNonce":368,"hasCapCheck":368,"file":136,"line":399},"fortress_delete_slug","fortlopr_ajax_delete_slug",40,{"action":401,"nopriv":368,"callback":402,"hasNonce":368,"hasCapCheck":368,"file":136,"line":403},"fortress_clear_slug_history","fortlopr_ajax_clear_slug_history",41,{"action":405,"nopriv":368,"callback":406,"hasNonce":368,"hasCapCheck":368,"file":136,"line":407},"fortress_export_slug_history","fortlopr_ajax_export_slug_history",42,{"action":409,"nopriv":368,"callback":410,"hasNonce":368,"hasCapCheck":368,"file":136,"line":411},"fortress_email_me_slug","fortlopr_ajax_email_me_slug",43,{"action":413,"nopriv":368,"callback":414,"hasNonce":368,"hasCapCheck":368,"file":136,"line":193},"fortress_promote_pending_slug","fortlopr_ajax_promote_pending_slug",{"action":416,"nopriv":368,"callback":417,"hasNonce":368,"hasCapCheck":368,"file":136,"line":418},"fortress_debug_rotation","fortlopr_ajax_debug_rotation",49,[],[],[422,423,424,426,428,430,432],{"hook":144,"callback":144,"file":141,"line":379},{"hook":160,"callback":160,"file":141,"line":169},{"hook":160,"callback":160,"file":141,"line":425},339,{"hook":139,"callback":139,"file":202,"line":427},450,{"hook":160,"callback":160,"file":202,"line":429},1538,{"hook":160,"callback":160,"file":202,"line":431},1560,{"hook":160,"callback":160,"file":202,"line":433},1584,13,{"dangerousFunctions":436,"sqlUsage":437,"outputEscaping":439,"fileOperations":32,"externalRequests":13,"nonceChecks":463,"capabilityChecks":464,"bundledLibraries":465},[],{"prepared":13,"raw":13,"locations":438},[],{"escaped":440,"rawEcho":441,"locations":442},190,9,[443,446,448,450,453,455,457,459,461],{"file":444,"line":407,"context":445},"core\\ajax\\export-logs.php","raw output",{"file":447,"line":34,"context":445},"core\\ajax\\export-slug-history.php",{"file":202,"line":449,"context":445},1689,{"file":451,"line":452,"context":445},"templates\\access-denied-page.php",34,{"file":451,"line":454,"context":445},53,{"file":451,"line":456,"context":445},56,{"file":451,"line":458,"context":445},60,{"file":451,"line":460,"context":445},68,{"file":451,"line":462,"context":445},70,24,16,[],[467,492,502,515],{"entryPoint":468,"graph":469,"unsanitizedCount":49,"severity":491},"fortlopr_ajax_save_slug (core\\ajax\\save-slug.php:16)",{"nodes":470,"edges":488},[471,477,481],{"id":472,"type":473,"label":474,"file":475,"line":476},"n0","source","$_POST","core\\ajax\\save-slug.php",65,{"id":478,"type":479,"label":480,"file":475,"line":476},"n1","transform","→ fortlopr_set_active_slug()",{"id":482,"type":483,"label":484,"file":485,"line":486,"wp_function":487},"n2","sink","update_option() [Settings Manipulation]","core\\slug-manager.php",202,"update_option",[489,490],{"from":472,"to":478,"sanitized":368},{"from":478,"to":482,"sanitized":368},"low",{"entryPoint":493,"graph":494,"unsanitizedCount":49,"severity":491},"\u003Csave-slug> (core\\ajax\\save-slug.php:0)",{"nodes":495,"edges":499},[496,497,498],{"id":472,"type":473,"label":474,"file":475,"line":476},{"id":478,"type":479,"label":480,"file":475,"line":476},{"id":482,"type":483,"label":484,"file":485,"line":486,"wp_function":487},[500,501],{"from":472,"to":478,"sanitized":368},{"from":478,"to":482,"sanitized":368},{"entryPoint":503,"graph":504,"unsanitizedCount":49,"severity":491},"fortlopr_ajax_restore_slug (core\\ajax\\slug-history-actions.php:36)",{"nodes":505,"edges":512},[506,508,510],{"id":472,"type":473,"label":474,"file":507,"line":129},"core\\ajax\\slug-history-actions.php",{"id":478,"type":479,"label":509,"file":507,"line":129},"→ fortlopr_restore_slug()",{"id":482,"type":483,"label":484,"file":485,"line":511,"wp_function":487},485,[513,514],{"from":472,"to":478,"sanitized":368},{"from":478,"to":482,"sanitized":368},{"entryPoint":516,"graph":517,"unsanitizedCount":49,"severity":491},"\u003Cslug-history-actions> (core\\ajax\\slug-history-actions.php:0)",{"nodes":518,"edges":522},[519,520,521],{"id":472,"type":473,"label":474,"file":507,"line":129},{"id":478,"type":479,"label":509,"file":507,"line":129},{"id":482,"type":483,"label":484,"file":485,"line":511,"wp_function":487},[523,524],{"from":472,"to":478,"sanitized":368},{"from":478,"to":482,"sanitized":368},{"summary":526,"deductions":527},"The \"fortress-login-pro\" v1.1.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The absence of known CVEs and dangerous functions is also a strong indicator of a well-maintained and secure codebase. However, a significant concern arises from the attack surface.  With 14 AJAX handlers, 13 of which lack authentication checks, this presents a substantial risk. The taint analysis also shows 4 flows with unsanitized paths, although none were flagged as critical or high severity, this still warrants attention as it indicates potential for unintended data handling.\n\nThe lack of vulnerability history suggests the plugin has been stable, but this does not negate the risks identified in the static analysis. The 13 unprotected AJAX handlers are the most critical finding, as they can be exploited by unauthenticated users to perform actions within the plugin that might have unintended consequences, ranging from information disclosure to privilege escalation depending on the specific handler's functionality.  While the plugin has strengths in its handling of database queries and output, the unprotected entry points are a clear weakness that needs to be addressed to improve its overall security.",[528,530],{"reason":529,"points":11},"Unprotected AJAX handlers",{"reason":531,"points":532},"Flows with unsanitized paths",8,"2026-03-17T05:40:46.844Z",{"wat":535,"direct":558},{"assetPaths":536,"generatorPatterns":546,"scriptPaths":547,"versionParams":548},[537,538,539,540,541,542,543,544,545],"\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fcss\u002Fbase.css","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Fvendor\u002Fchart.min.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Flogs.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Fhistory.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Fslug-manager.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Frotation-timer.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Ffortress-login-pro\u002Fassets\u002Fcss\u002Ftemplate-access.css",[],[538,539,540,541,542,543,544],[549,550,551,552,553,554,555,556,557],"fortress-login-pro\u002Fassets\u002Fcss\u002Fbase.css?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Fvendor\u002Fchart.min.js?ver=4.4.0","fortress-login-pro\u002Fassets\u002Fjs\u002Flogs.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Fhistory.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Fslug-manager.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Fsettings.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Frotation-timer.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fjs\u002Fadmin.js?ver=1.1.3","fortress-login-pro\u002Fassets\u002Fcss\u002Ftemplate-access.css?ver=1.1.3",{"cssClasses":559,"htmlComments":563,"htmlAttributes":570,"restEndpoints":574,"jsGlobals":575,"shortcodeOutput":579},[560,561,562],"fortress-login-pro-wrap","fortress-login-pro-heading","fortlopr-login-form-wrapper",[564,565,566,567,568,569],"\u003C!-- Fortress Login Pro: Admin Footer -->","\u003C!-- Fortress Login Pro: Logs Section Start -->","\u003C!-- Fortress Login Pro: History Section Start -->","\u003C!-- Fortress Login Pro: Slug Manager Section Start -->","\u003C!-- Fortress Login Pro: Settings Section Start -->","\u003C!-- Fortress Login Pro: Rotation Timer Section Start -->",[571,572,573],"data-fortress-ajax-url","data-fortress-nonce","data-fortress-login-url",[],[576,577,578],"fortressLogsData","fortressRotationData","fortressData",[]]