[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flC9ZwnK9jW7AL0G7oqQHo0pWJ9J3wiZEdZqy-gZIfQs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":127,"fingerprints":193},"greyfu-login-captcha","Greyfu Login Captcha","1.0.0","greyfu","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreyfu\u002F","\u003Cp>Greyfu Login Captcha adds a secure verification step to your WordPress login form, helping block automated login attempts and brute-force attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lite Version (Free):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Simple math-based captcha\u003Cbr \u002F>\n* Multisite compatible\u003Cbr \u002F>\n* Lightweight and fast\u003Cbr \u002F>\n* No personal data stored or transmitted\u003Cbr \u002F>\n* Works without any external service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro-Ready Features (Optional Upgrade):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Infrastructure prepared for reCAPTCHA v2 integration\u003Cbr \u002F>\n* Infrastructure prepared for hCaptcha integration\u003Cbr \u002F>\n* API key fields included\u003C\u002Fp>\n\u003Cp>The free version is fully functional on its own and does not require any external captcha service.\u003C\u002Fp>\n\u003Ch3>Third Party Services\u003C\u002Fh3>\n\u003Cp>This plugin optionally connects to external captcha services when the Pro features are enabled:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google reCAPTCHA (Optional)\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen reCAPTCHA is enabled in Pro settings, the plugin sends verification requests to Google’s reCAPTCHA service.\u003Cbr \u002F>\n– Service: https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\n– Data sent: User’s IP address and reCAPTCHA response token\u003Cbr \u002F>\n– When: Only during login form submission when reCAPTCHA is enabled\u003C\u002Fp>\n\u003Cp>\u003Cstrong>hCaptcha (Optional)\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen hCaptcha is enabled in Pro settings, the plugin sends verification requests to hCaptcha service.\u003Cbr \u002F>\n– Service: https:\u002F\u002Fwww.hcaptcha.com\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fwww.hcaptcha.com\u002Fprivacy\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fwww.hcaptcha.com\u002Fterms\u003Cbr \u002F>\n– Data sent: User’s IP address and hCaptcha response token\u003Cbr \u002F>\n– When: Only during login form submission when hCaptcha is enabled\u003C\u002Fp>\n\u003Cp>The free\u002Flite version uses a built-in math captcha that does not connect to any external service.\u003C\u002Fp>\n\u003Ch3>Support \u002F Contact\u003C\u002Fh3>\n\u003Cp>For issues or questions, please contact us:\u003Cbr \u002F>\n\u003Cstrong>Email:\u003C\u002Fstrong> hello@greyfu.com\u003Cbr \u002F>\n\u003Cstrong>Website:\u003C\u002Fstrong> https:\u002F\u002Fgreyfu.com\u003C\u002Fp>\n","A lightweight captcha that protects your WordPress login page from automated bot attacks using a simple math challenge.",0,112,"2025-12-03T15:52:00.000Z","6.9.4","5.5","7.4",[18,19,20,21,22],"authentication","brute-force-protection","captcha","login","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgreyfu-login-captcha.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T18:14:09.314Z",[35,57,79,95,111],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":23,"download_link":55,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[52,20,53,22,54],"2fa","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":27},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","5.6",[72,19,73,22,54],"antispam","limit-login-attempts","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip",98,3,"2024-07-11 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":25,"num_ratings":30,"last_updated":89,"tested_up_to":14,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":23,"download_link":94,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,"2025-12-03T10:41:00.000Z","4.6.0","5.3",[19,20,21,53,93],"spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":25,"num_ratings":30,"last_updated":105,"tested_up_to":14,"requires_at_least":106,"requires_php":16,"tags":107,"homepage":109,"download_link":110,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"admintosh","Admintosh – WordPress admin customization and security tools","1.1.6","wpmobo","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmobo\u002F","\u003Ch4>Get many solutions for preventing security threats under one roof.\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Admintosh – WordPress admin customization and security tools\u003C\u002Fstrong> plugin is designed for empowering WordPress administrative operations with different experiences. You will get many essential features under one roof using this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize WP Login Page\u003C\u002Fstrong>: Customize default login page with the Admintosh Login Page Customize options. The plugin offers lots of customization possibilities like background color, background image, text color, link color, logo upload, form style etc. With no coding skill, you can create an outstanding login page in no time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize Dashboard\u003C\u002Fstrong>: Customize the Dashboard and make it like your own brand all customization possibilities are here like background color, menu color, text color, link color, logo upload, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Captcha\u003C\u002Fstrong>: Add captch into login, registration, lost password, comments Form etc. It also supported \u003Cstrong>WooCommerce\u003C\u002Fstrong> & \u003Cstrong>EDD\u003C\u002Fstrong>. The plugin offer 3 types of Captcha Google reCaptcha ( Version 2 ), Random number Captcha and Math Captcha so you could use any one of them’s to protection from remote digital entry by making sure only a human being with the right password can access the account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: After a preset number of attempts has been exceeded, this feature automatically stops any more attempts from a specific Internet Protocol (IP) address and\u002For username. This considerably reduces the potency of brute force attacks on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login\u003C\u002Fstrong>: To change your login URL to whatever you want. This feature allows you to easily and securely change the URL of the login form page to anything you desire. It does not actually rename or change core files, nor does it add rewrite rules. Instead, it intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible so your website becomes more secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Login History\u003C\u002Fstrong>: Monitor your website’s users with detailed login information, including Last login date and time, Environment\u002Fserver IP address Country, city, continent, timezone Latitude and longitude Browser details And much more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Activity Logs\u003C\u002Fstrong>: The Activity Log functions like an airplane’s black box, recording every action in the WordPress admin. It provides a detailed history of user activities, allowing you to monitor exactly what’s happening on your website with full transparency. Track changes, user actions, and plugin\u002Ftheme modifications.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Restriction\u003C\u002Fstrong>: This feature allows you to easily set up rules to block one or more countries from accessing Entire Site, only login page or only front-end. It allows users to block unwanted traffic from accessing the frontend or backend based on country or proxy server detection. It helps reduce spam, unwanted sign-ups, and enhances overall security. This plugin uses the free IP Geolocation API which offers more than 1 billion requests per day absolutely free.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>More coming soon…\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fadmintosh-wordpress-admin-customization-and-security-plugin\u002F\" rel=\"nofollow ugc\">👁️ \u003Cstrong>Visit\u003C\u002Fstrong>\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fdocumentation\u002Fdocs\u002Fadmintosh\u002F\" rel=\"nofollow ugc\">\u003Cstrong>🔗 Documentation\u003C\u002Fstrong>\u003C\u002Fa> \u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmkDHvADBuSY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress Authentication Plugin\u003C\u002Fh3>\n\u003Cp>Secure and customize your WordPress site with Admintosh. This all-in-one plugin enhances authentication by adding login customizations, CAPTCHA options, and limiting login attempts. Features like country restrictions, hidden login URLs, and detailed login history provide advanced security tools to protect your WordPress admin and prevent unauthorized access.\u003C\u002Fp>\n\u003Ch3>Brute Force Protection Plugin\u003C\u002Fh3>\n\u003Cp>Protect your WordPress site from brute force attacks with Admintosh. This powerful plugin limits login attempts, blocks suspicious IPs, and adds CAPTCHA options for enhanced security. Features like hidden login URLs and login monitoring ensure robust protection, safeguarding your site from unauthorized access and keeping it secure against threats.\u003C\u002Fp>\n\u003Ch3>WordPress Security Plugin\u003C\u002Fh3>\n\u003Cp>Fortify your WordPress site with Admintosh, the ultimate security plugin. It offers advanced features like CAPTCHA protection, login attempt limits, hidden login URLs, and country-based access restrictions. With login history monitoring and dashboard customization, Admintosh ensures robust security and empowers you to safeguard your site from threats effectively.\u003C\u002Fp>\n\u003Ch3>Activity Log\u003C\u002Fh3>\n\u003Cp>Track all activity on your WordPress site with detailed user and event logs, giving you clear insights into every action happening in real time.\u003C\u002Fp>\n\u003Cp>✅ Unauthorized Access Attempts – Detect potential hacking attempts.\u003C\u002Fp>\n\u003Cp>✅ Content Changes – Track when a post is published and by whom.\u003C\u002Fp>\n\u003Cp>✅ Plugin & Theme Modifications – See when a plugin\u002Ftheme is activated or deactivated.\u003C\u002Fp>\n\u003Cp>✅ Suspicious Admin Activity – Identify unusual actions for enhanced security.\u003C\u002Fp>\n\u003Cp>Stay informed and keep your website secure! 🚀\u003C\u002Fp>\n\u003Ch4>Free Version Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli> Modular Based (Everything Available On Demand)\u003C\u002Fli>\n\u003Cli> Customize login page style\u003C\u002Fli>\n\u003Cli> Customize admin panel style\u003C\u002Fli>\n\u003Cli> Customize admin menu style\u003C\u002Fli>\n\u003Cli> Customize admin bar style\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## 3 types of Captcha ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Google reCaptcha ( Version 2 )\u003C\u002Fli>\n\u003Cli> Math Captcha\u003C\u002Fli>\n\u003Cli> Random number Captcha\u003C\u002Fli>\n\u003Cli> Login form reCaptcha\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Limit Login Attempts ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Configurable Lockout Timings\u003C\u002Fli>\n\u003Cli> Remaining Tries\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Hide Login ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Block default wp-login.php\u003C\u002Fli>\n\u003Cli> Block default wp-admin\u003C\u002Fli>\n\u003Cli> Use custom login slug instead of wp-admin\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Login History ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Login Date-Time\u003C\u002Fli>\n\u003Cli> Username\u003C\u002Fli>\n\u003Cli> User Role\u003C\u002Fli>\n\u003Cli> IP Address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>## Admin Activity Logs ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Username\u003C\u002Fli>\n\u003Cli>Action\u003C\u002Fli>\n\u003Cli>Object\u002FID\u003C\u002Fli>\n\u003Cli>Message\u003C\u002Fli>\n\u003Cli>Time\u003C\u002Fli>\n\u003Cli>IP Address\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Country Restriction ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Entire Site Country Restriction\u003C\u002Fli>\n\u003Cli> Front-End Country Restriction\u003C\u002Fli>\n\u003Cli> wp-login page Country Restriction\u003C\u002Fli>\n\u003Cli> Block Template Content Edit Option\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## General Options ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Hide WordPress Version\u003C\u002Fli>\n\u003Cli> Disable File Editing\u003C\u002Fli>\n\u003Cli> Disable XML-RPC\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Right Click\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Content Copy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Disable Login Hints Error Messages\u003C\u002Fli>\n\u003Cli> Easy settings options\u003C\u002Fli>\n\u003Cli> Translation ready\u003C\u002Fli>\n\u003Cli> Easy to use it in both Free and Premium WordPress Themes\u003C\u002Fli>\n\u003Cli> Unlimited update\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Compatibility With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to use:-\u003Cbr \u002F>\nvery easy to use,after active plugin  just go to Dashboard -> Admintosh Settings . You will find all settings to use.\u003C\u002Fp>\n\u003Ch3>WHAT’S NEXT\u003C\u002Fh3>\n\u003Cp>Have a look at the other awesome plugins for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fpopx-pupup-builder\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>PopX – Popup Builder\u003C\u002Fstrong>\u003C\u002Fa> – WordPress Gutenberg Popup Builder Plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fstorenotifier-notifications-plugin-for-woocommerce\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>Store Notifier\u003C\u002Fstrong>\u003C\u002Fa> – WhatsApp & On-Site Notifications plugin for WooCommerce\u003C\u002Fp>\n\u003Cp>Unlock new possibilities with WPMOBO plugins—push your limits and achieve more today!\u003C\u002Fp>\n\u003Ch3>3rd Party Service Used\u003C\u002Fh3>\n\u003Cp>We used google reCAPTCHA v2 API service from google. All relevant link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fabout\u002F\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Admintosh uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","login attempts, Firewall, reCAPTCHA, country restriction, Login History, change wp-login.php to anything make sure your site security.",50,2416,"2026-02-10T22:15:00.000Z","6.5",[18,108,20,21,22],"brute-force","http:\u002F\u002Fwpmobo.com\u002Fadmintosh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmintosh.1.1.6.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":11,"num_ratings":11,"last_updated":120,"tested_up_to":14,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":125,"download_link":126,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"adaptive-login-action","Adaptive Login Action","3.11","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>Adaptive Login Form: Adjusting compromise between Comfort and Paranoia.\u003C\u002Fp>\n\u003Cp>Conception:\u003Cbr \u002F>\n1. “Zero Trust Mode”\u003Cbr \u002F>\nRecommended for small groups of regular Users with a Static IP Address.\u003Cbr \u002F>\nNot recommended for Dynamic IP Addresses or Mobile Users.\u003C\u002Fp>\n\u003Cp>If my current IP address is not marked as Dangerous since my last successful login, then there is no need to distrust me and force me to go through Quests to solve different types of Captchas.\u003Cbr \u002F>\nIn this case, the standard “Password” field is sufficient for one attempt.\u003C\u002Fp>\n\u003Cp>But if the Attempt is unsuccessful, then we mark the IP address as Dangerous, and then it is possible and necessary to trick me (or the one who is trying to be me) with a more thorough login procedure.\u003C\u002Fp>\n\u003Cp>There may be multilevel options. It doesn’t matter (this will be gradually added to the functionality). We are now talking about the General Principle.\u003C\u002Fp>\n\u003Cp>Separate statistics are generated for each IP address and the ratio “Successful number of entries” \u002F “Total number of entries” is determined. Depending on how close this parameter is to 100%, we can talk about the need for the Toughness of the Mistrust process.\u003C\u002Fp>\n\u003Cp>This mechanism starts before the User enters his Login.\u003C\u002Fp>\n\u003Cp>The more Unsuccessful Login attempts occur from a given IP Address, the more thoroughly it is checked.\u003Cbr \u002F>\nConversely, the Login procedure can be simplified as much as possible if there is no obvious reason.\u003C\u002Fp>\n\u003Col>\n\u003Cli>“Dynamics IP Mode”\u003Cbr \u002F>\nRecommended for mobile Users with a Dynamic IP Address.\u003Cbr \u002F>\nNot recommended for Static IP Addresses.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If the User’s previous login was successful, their next authentication is performed using a simplified method.\u003Cbr \u002F>\nSimply enter the correct password. However, only one attempt is allowed.\u003Cbr \u002F>\nIf the password was entered incorrectly, an additional security element is added to the login form: the “Secret Key” field.\u003C\u002Fp>\n\u003Ch4>Futured\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Regardless of what kind of Authentication Error occurred, be it:\u003C\u002Fli>\n\u003Cli>Invalid Username;\u003C\u002Fli>\n\u003Cli>Invalid User Password;\u003C\u002Fli>\n\u003Cli>Incorrectly specified additional security elements: “Secret Key” \u002F Captcha \u002F etc.\u003Cbr \u002F>\nThis will not be indicated in the error message. There will always be only one message: “Authentication Failed”.\u003Cbr \u002F>\nThus, we do not explicitly indicate to the potential Villain \u002F Bot the reason for the denial of access. And the more such Reasons there are, the more complicated the Entry procedure becomes.\u003C\u002Fli>\n\u003Cli>If multiple consecutive unsuccessful login attempts occur, a Restrictive Timeout may be activated for the given User.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnew-users-monitor\u002F\" rel=\"ugc\">Integration with “New Users Monitor”\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adaptive Login Form: Adjusting compromise between Comfort and Paranoia.",1463,"2026-03-03T12:40:00.000Z","4.1","5.4",[18,20,21,22,124],"user","https:\u002F\u002Fwpgear.xyz\u002Fadaptive-login-action","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadaptive-login-action.zip",{"attackSurface":128,"codeSignals":161,"taintFlows":183,"riskAssessment":184,"analyzedAt":192},{"hooks":129,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":11,"unprotectedCount":11},[130,136,140,144,148,153],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","gflc_add_settings_page","admin\\settings.php",15,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_init","gflc_register_settings",72,{"type":131,"name":141,"callback":142,"file":134,"line":143},"admin_enqueue_scripts","gflc_admin_enqueue",217,{"type":131,"name":145,"callback":146,"file":147,"line":103},"login_form","gflc_login_form_fields","public\\login-captcha.php",{"type":149,"name":150,"callback":151,"priority":31,"file":147,"line":152},"filter","authenticate","gflc_authenticate",148,{"type":131,"name":154,"callback":155,"file":147,"line":156},"login_enqueue_scripts","gflc_login_enqueue_assets",183,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":11,"externalRequests":181,"nonceChecks":11,"capabilityChecks":30,"bundledLibraries":182},[],{"prepared":11,"raw":11,"locations":164},[],{"escaped":166,"rawEcho":167,"locations":168},42,6,[169,172,174,176,178,179],{"file":134,"line":170,"context":171},76,"raw output",{"file":134,"line":173,"context":171},82,{"file":134,"line":175,"context":171},83,{"file":134,"line":177,"context":171},84,{"file":134,"line":56,"context":171},{"file":134,"line":180,"context":171},93,2,[],[],{"summary":185,"deductions":186},"The \"greyfu-login-captcha\" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis.  The complete absence of direct attack surface entry points like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength, indicating a design that avoids common plugin vulnerabilities. Furthermore, the use of prepared statements for all SQL queries and a high percentage of properly escaped output are commendable security practices.\n\nHowever, there are some areas of concern. The plugin makes external HTTP requests, and without knowing the destinations and the handling of the responses, this presents a potential risk if those external services are compromised or if the data is not handled securely. Additionally, the fact that only one capability check is present, coupled with zero nonce checks and zero authorization checks on AJAX handlers (though there are none), suggests that the plugin might be missing robust authorization mechanisms in any potential future code additions or if the current structure were to change. The lack of any recorded vulnerabilities in its history is a positive sign, suggesting developers have a good track record or the plugin is not widely targeted, but this should not be seen as a guarantee of future safety.\n\nIn conclusion, the plugin's current design minimizes immediate attack vectors. The primary risks lie in the external HTTP requests and the limited demonstrated authorization checks. While the absence of historical vulnerabilities is encouraging, the potential for future issues due to unaddressed authorization or insecure handling of external requests should be considered.",[187,190],{"reason":188,"points":189},"External HTTP requests without clear context",5,{"reason":191,"points":77},"Limited capability checks found","2026-03-17T06:47:58.502Z",{"wat":194,"direct":203},{"assetPaths":195,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[196,197],"\u002Fwp-content\u002Fplugins\u002Fgreyfu-login-captcha\u002Fpublic\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fgreyfu-login-captcha\u002Fpublic\u002Fjs\u002Flogin-captcha.js",[],[],[201,202],"greyfu-login-captcha\u002Fpublic\u002Fcss\u002Fstyle.css?ver=","greyfu-login-captcha\u002Fpublic\u002Fjs\u002Flogin-captcha.js?ver=",{"cssClasses":204,"htmlComments":209,"htmlAttributes":213,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":219},[205,206,207,208],"gflc-captcha-wrap","gflc-math-captcha-frontend","gflc-recaptcha-frontend","gflc-hcaptcha-frontend",[210,211,212],"\u003C!-- Greyfu Login Captcha settings -->","\u003C!-- Greyfu Login Captcha Lite settings -->","\u003C!-- Greyfu Login Captcha Pro settings -->",[214,215],"data-gflc-site-key","data-gflc-provider",[],[218],"gflcMathCaptcha",[]]