[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpJTGsCCuuUeqdyN-xkrU8apwMsDyydHcGTX6Idpoiyg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":34,"analysis":139,"fingerprints":264},"goauth","GOAuth","2.20","igroykt","https:\u002F\u002Fprofiles.wordpress.org\u002Figroykt\u002F","\u003Cp>This plugin allow users authenticate with OAuth Providers. If you have Two-Factor verification enabled in account, then it will work or you can use the Google Authenticator App.\u003Cbr \u002F>\nDependencies: curl, bcmath, intl, openssl.\u003Cbr \u002F>\nSupported OAuth Providers: Google\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FqJuByi5KwfA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Force Login\u003C\u002Fli>\n\u003Cli>Google Authenticator\u003C\u002Fli>\n\u003Cli>Unlimited Users\u003C\u002Fli>\n\u003Cli>Wildcard Domain Support\u003C\u002Fli>\n\u003Cli>Single Domain Restriction\u003C\u002Fli>\n\u003Cli>Hide Login Form\u003C\u002Fli>\n\u003Cli>Hide Navigation Buttons\u003C\u002Fli>\n\u003Cli>Disable XMLRPC\u003C\u002Fli>\n\u003Cli>Disable Rest API\u003C\u002Fli>\n\u003Cli>Login Button Styles\u003C\u002Fli>\n\u003Cli>Save Data on Uninstall\u003C\u002Fli>\n\u003Cli>Persistent sessions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multiple Domain Restriction\u003C\u002Fli>\n\u003Cli>Custom Logo\u003C\u002Fli>\n\u003Cli>Auto Register\u003C\u002Fli>\n\u003Cli>Browser Language Detection\u003C\u002Fli>\n\u003Cli>Hide Name Fields\u003C\u002Fli>\n\u003Cli>Hide E-Mail Field\u003C\u002Fli>\n\u003Cli>Hide Password Field\u003C\u002Fli>\n\u003Cli>Auto Fix User Data\u003C\u002Fli>\n\u003C\u002Ful>\n","Go and OAuthenticate plugin for WordPress.",0,3720,100,1,"2022-03-21T16:35:00.000Z","5.9.13","4.7","",[20,21,22,23,24],"2fa","authentication","google-login","oauth","rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoauth.2.20.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},30,84,"2026-04-03T19:57:29.806Z",[35,57,77,98,120],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[52,53,23,24,54],"json-web-authentication","jwt","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":18,"download_link":76,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,117533,90,15,"2026-02-20T14:59:00.000Z","6.7.5","5.5","7.4",[21,22,23,74,75],"sign-in","sso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":48,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"two-factor","Two Factor","0.15.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.  There are no site-wide settings for this plugin.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FIDO U2F Security Keys\u003C\u002Fstrong> – Use physical security keys (requires HTTPS)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No global settings\u003C\u002Fstrong>: This plugin operates on a per-user basis only. For more, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Ftwo-factor\u002Fissues\u002F249\" rel=\"nofollow ugc\">GH#249\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Hardware-based authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Register physical security keys (USB, NFC, or Bluetooth)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Requirements\u003C\u002Fstrong>: HTTPS connection required, compatible browser needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Support\u003C\u002Fstrong>: Chrome, Firefox, Edge (varies by key type)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users with security keys who want maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F Security Keys require an HTTPS connection to function\u003C\u002Fli>\n\u003Cli>Other methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F requires a compatible browser and may not work on all devices\u003C\u002Fli>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode>action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.",100000,1526344,96,199,"2026-02-17T13:21:00.000Z","6.8","7.2",[20,21,93,94,95],"mfa","security","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.15.0.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":85,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":48,"requires_at_least":71,"requires_php":72,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":11,"last_vuln_date":119,"fetched_at":28},"wp-2fa","WP 2FA – Two-factor authentication for WordPress","3.1.1.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>A free and easy-to-use two-factor authentication plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.\u003C\u002Fp>\n\u003Cp>Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvRlX_NNGeFo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-2fa-plugin-getting-started\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🔒 WP 2FA key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkeys support\u003C\u002Fstrong> for passwordless logins   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free two-factor authentication (2FA)\u003C\u002Fstrong> for all users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple 2FA methods\u003C\u002Fstrong> supported, including authenticator app (TOTP) and code over email  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer API\u003C\u002Fstrong> to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal 2FA app support\u003C\u002Fstrong> – works with Google Authenticator, Authy, and any TOTP-compatible app  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup codes\u003C\u002Fstrong> (16 digits) for recovery access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wizard-driven setup\u003C\u002Fstrong> – no technical knowledge required  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA policies\u003C\u002Fstrong> to enforce setup with grace periods or instant activation  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> for custom integrations and headless WordPress setups  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard-free setup\u003C\u002Fstrong> – users can configure 2FA without WP admin access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editable email templates\u003C\u002Fstrong> for full customization  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WP 2FA Premium and get even more benefits\u003C\u002Fh3>\n\u003Cp>The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.\u003C\u002Fp>\n\u003Cp>With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Check out WP 2FA Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything in the free version\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full white labeling capabilities\u003C\u002Fstrong> to change all text and visuals in the wizards, emails, SMS, and 2FA pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for multiple passkeys per user\u003C\u002Fstrong> for flexible passwordless logins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-setup email 2FA\u003C\u002Fstrong> that automatically enrolls users without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey hardware key support\u003C\u002Fstrong> for enterprise-grade security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional 2FA methods\u003C\u002Fstrong> such as SMS, email link, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted devices\u003C\u002Fstrong> so users can log in without 2FA for a configured period\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require 2FA on password reset\u003C\u002Fstrong> to strengthen account protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow next user login without 2FA\u003C\u002Fstrong> to help recover accounts locked out of authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click WooCommerce integration\u003C\u002Fstrong> to enable 2FA for customers and store admins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WP 2FA plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP 2FA Premium.\u003C\u002Fp>\n\u003Ch3>🛠️ Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of WP 2FA is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-2fa\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from email support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP 2FA\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins’ > ‘Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP 2FA’\u003C\u002Fli>\n\u003Cli>Install & activate WP 2FA from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the ‘\u002Fwp-content\u002Fplugins\u002F directory’\u003C\u002Fli>\n\u003Cli>Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-two-factor-authentication-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-security-authentication-plugins\u002F\" rel=\"nofollow ugc\">IsitWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftwo-factor-authentication-wordpress\u002F\" rel=\"nofollow ugc\">WP Astra\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmainwp.com\u002Fhow-to-use-the-wp-2fa-plugin-on-your-child-sites\u002F\" rel=\"nofollow ugc\">MainWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.fixrunner.com\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">FixRunner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.inmotionhosting.com\u002Fsupport\u002Fedu\u002Fwordpress\u002Fplugins\u002Fwp-2fa\u002F\" rel=\"nofollow ugc\">Inmotion Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmarmite.com\u002Fen\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">WP Marmite\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.",1555592,94,162,"2026-02-25T13:18:00.000Z",[111,20,112,113,114],"2-factor-authentication","google-authenticator","two-factor-authentication","wordpress-authentication","https:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-2fa.3.1.1.2.zip",95,9,"2025-11-03 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":70,"requires_at_least":17,"requires_php":133,"tags":134,"homepage":18,"download_link":137,"security_score":138,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","7.0",[20,135,136,94,113],"captcha","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"attackSurface":140,"codeSignals":215,"taintFlows":247,"riskAssessment":248,"analyzedAt":263},{"hooks":141,"ajaxHandlers":211,"restRoutes":212,"shortcodes":213,"cronEvents":214,"entryPointCount":11,"unprotectedCount":11},[142,148,152,155,158,162,167,170,175,178,180,182,186,189,191,194,197,200,203,207],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_init","register_goauth_settings","goauth-admin.php",31,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_enqueue_scripts","load_text_security",32,{"type":143,"name":149,"callback":153,"file":146,"line":154},"load_materialize",33,{"type":143,"name":149,"callback":156,"file":146,"line":157},"load_page_style",34,{"type":143,"name":159,"callback":160,"file":146,"line":161},"admin_menu","menu",228,{"type":143,"name":163,"callback":164,"priority":14,"file":165,"line":166},"plugins_loaded","closure","goauth.php",110,{"type":143,"name":168,"callback":164,"file":165,"line":169},"wp",117,{"type":171,"name":172,"callback":164,"priority":173,"file":165,"line":174},"filter","redirect_canonical",10,134,{"type":143,"name":176,"callback":164,"file":165,"line":177},"admin_notices",161,{"type":143,"name":176,"callback":164,"file":165,"line":179},200,{"type":143,"name":176,"callback":164,"file":165,"line":181},217,{"type":171,"name":183,"callback":184,"file":165,"line":185},"allow_password_reset","__return_false",234,{"type":143,"name":187,"callback":164,"file":165,"line":188},"login_head",235,{"type":143,"name":187,"callback":164,"file":165,"line":190},245,{"type":171,"name":192,"callback":164,"file":165,"line":193},"wp_headers",257,{"type":171,"name":195,"callback":164,"file":165,"line":196},"xmlrpc_methods",261,{"type":171,"name":198,"callback":184,"file":165,"line":199},"xmlrpc_enabled",265,{"type":171,"name":201,"callback":164,"file":165,"line":202},"rest_authentication_errors",270,{"type":143,"name":204,"callback":205,"file":165,"line":206},"after_uninstall","ga_fs_uninstall_cleanup",349,{"type":171,"name":208,"callback":209,"file":165,"line":210},"plugin_icon","ga_fs_custom_icon",355,[],[],[],[],{"dangerousFunctions":216,"sqlUsage":217,"outputEscaping":226,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":239},[],{"prepared":11,"raw":218,"locations":219},2,[220,223],{"file":165,"line":221,"context":222},288,"$wpdb->get_var() with variable interpolation",{"file":165,"line":224,"context":225},344,"$wpdb->query() with variable interpolation",{"escaped":227,"rawEcho":228,"locations":229},21,4,[230,233,236,237],{"file":146,"line":231,"context":232},146,"raw output",{"file":234,"line":235,"context":232},"help.php",74,{"file":234,"line":13,"context":232},{"file":234,"line":238,"context":232},101,[240,244],{"name":241,"version":242,"knownCves":243},"Freemius","1.0",[],{"name":245,"version":27,"knownCves":246},"Guzzle",[],[],{"summary":249,"deductions":250},"Based on the provided static analysis, the 'goauth' plugin v2.20 appears to have a strong security posture regarding its direct attack surface. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events is a significant positive.  The code also shows good practices in output escaping, with a high percentage of outputs being properly escaped.\n\nHowever, there are critical areas of concern. The plugin's reliance on raw SQL queries without prepared statements presents a significant risk of SQL injection vulnerabilities. Furthermore, the complete lack of nonce checks and capability checks across all identified entry points (even though the static analysis found zero entry points, this is a general statement for the plugin's typical operation) is a major security flaw. This means any functionality exposed, however limited, is likely vulnerable to unauthorized access and manipulation. The presence of bundled libraries like Freemius v1.0 and Guzzle, without information on their specific versions or update status, also introduces potential risks if these libraries contain known vulnerabilities.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. While this is positive, it does not negate the risks identified in the static analysis. The lack of historical vulnerabilities could be due to the plugin's limited adoption, lack of rigorous security auditing in the past, or simply good luck. The observed strengths in attack surface management and output escaping are commendable, but they are overshadowed by the critical weaknesses in SQL handling and authorization checks. A balanced conclusion is that while the plugin has some good security practices, the identified SQL injection risks and complete absence of authorization checks make it a potentially high-risk plugin requiring immediate attention.",[251,253,256,258,261],{"reason":252,"points":173},"Raw SQL queries without prepared statements",{"reason":254,"points":255},"No nonce checks",5,{"reason":257,"points":255},"No capability checks",{"reason":259,"points":260},"Bundled library (Freemius v1.0)",3,{"reason":262,"points":260},"Bundled library (Guzzle)","2026-03-17T06:18:33.686Z",{"wat":265,"direct":288},{"assetPaths":266,"generatorPatterns":277,"scriptPaths":278,"versionParams":279},[267,268,269,270,271,272,273,274,275,276],"\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fcss\u002Ffreemius.css","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Ffreemius.js","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Flogin.js","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fgoauth\u002Fassets\u002Fjs\u002Fmaterialize.min.js",[],[276,275,272,274,271,273],[280,281,282,283,284,285,286,287],"goauth\u002Fassets\u002Fcss\u002Fmain.css?ver=","goauth\u002Fassets\u002Fcss\u002Flogin.css?ver=","goauth\u002Fassets\u002Fjs\u002Fmaterialize.min.js?ver=","goauth\u002Fassets\u002Fjs\u002Fmain.js?ver=","goauth\u002Fassets\u002Fjs\u002Fcustom.js?ver=","goauth\u002Fassets\u002Fjs\u002Flogin.js?ver=","goauth\u002Fassets\u002Fjs\u002Fadmin.js?ver=","goauth\u002Fassets\u002Fjs\u002Ffreemius.js?ver=",{"cssClasses":289,"htmlComments":307,"htmlAttributes":318,"restEndpoints":327,"jsGlobals":332,"shortcodeOutput":335},[290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306],"goauth-admin-wrap","goauth-login-wrap","goauth_login","goauth_register","goauth_social_login","goauth-logo","goauth-title","goauth-button","goauth-input","goauth-checkbox","goauth-error","goauth-success","goauth-notice","goauth-form-field","goauth-icon","goauth-social-icon","goauth-social-button",[308,309,310,311,312,313,314,315,316,317],"\u003C!-- GOAuth Admin Panel -->","\u003C!-- GOAuth Login Form -->","\u003C!-- GOAuth Social Login Buttons -->","\u003C!-- GOAuth Error Message -->","\u003C!-- GOAuth Success Message -->","\u003C!-- GOAuth Notice -->","\u003C!-- GOAuth Form Field -->","\u003C!-- GOAuth Icon -->","\u003C!-- GOAuth Social Icon -->","\u003C!-- GOAuth Social Button -->",[319,320,321,322,323,324,325,326],"data-goauth-provider","data-goauth-client-id","data-goauth-redirect-uri","data-goauth-scope","data-goauth-response-type","data-goauth-button-text","data-goauth-button-class","data-goauth-button-id",[328,329,330,331],"\u002Fwp-json\u002Fgoauth\u002Fv1\u002Fcallback","\u002Fwp-json\u002Fgoauth\u002Fv1\u002Flogin","\u002Fwp-json\u002Fgoauth\u002Fv1\u002Fregister","\u002Fwp-json\u002Fgoauth\u002Fv1\u002Fprofile",[333,334],"goauth_params","goauth_vars",[336,337,338,339,340,341],"[goauth_login]","[goauth_register]","[goauth_social_login]","[goauth_button provider='google']","[goauth_button provider='facebook']","[goauth_button provider='twitter']"]