[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0T2IZXLl0OATEq-diGT7_u1MPU5VgPeS-pttpwC-GNs":3,"$fqVk4Y6j_14GCnfVWlsUXPiGsDO9LYHgq1AiPzx4XsH0":481,"$f_v-UbRuXr2Z9x7gb-jYFpcSFrUEarDYPS995c8ccvVQ":485},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":145,"fingerprints":448},"happyaccess","HappyAccess","1.0.6","Shameem - a11n","https:\u002F\u002Fprofiles.wordpress.org\u002Fshameemreza\u002F","\u003Cp>HappyAccess simplifies the process of granting \u003Cstrong>temporary admin access\u003C\u002Fstrong> to support engineers, developers, and agencies – securely, transparently, and GDPR-compliantly.\u003C\u002Fp>\n\u003Cp>It removes the need for merchants to manually create\u002Fdelete admin users or share passwords, while maintaining full control and audit visibility.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Access & Authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication:\u003C\u002Fstrong> Generate secure 6-digit codes instead of sharing passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Magic Link Authentication:\u003C\u002Fstrong> One-click login links with short expiration (1-10 minutes), single-use.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OTP Share Links:\u003C\u002Fstrong> Generate secure single-view links to share OTP codes safely with auto-expiry.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reusable Access Codes:\u003C\u002Fstrong> Support engineers can log in multiple times with the same code until it expires.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Time Use Option:\u003C\u002Fstrong> Generate codes that automatically revoke after first use for maximum security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Selection:\u003C\u002Fstrong> Assign any WordPress role (Administrator, Editor, Shop Manager, or custom roles).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time-Limited Access:\u003C\u002Fstrong> Automatically expires after the set duration (1 hour to 30 days).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Access Restrictions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Admin Menu & Submenu Restrictions:\u003C\u002Fstrong> Block temp users from specific admin pages with a visual picker. Supports top-level menus and individual sub-pages (WooCommerce tabs, EDD sections, BuddyPress, or any plugin).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Direct URL Blocking:\u003C\u002Fstrong> Restricted pages are inaccessible even when accessed by typing the URL directly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Admin Bar:\u003C\u002Fstrong> Option to hide the WordPress admin bar for temporary users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Main Admin Protection:\u003C\u002Fstrong> Temp users cannot see, edit, or delete the site owner. Dangerous bulk actions are blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Self-Protection:\u003C\u002Fstrong> HappyAccess is hidden from the plugins list for temp users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activate\u002FDeactivate Toggle:\u003C\u002Fstrong> Suspend a temp user’s access without deleting them, and reactivate later with one click.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>reCAPTCHA v3 Protection:\u003C\u002Fstrong> Optional invisible bot protection for OTP login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Allowlist:\u003C\u002Fstrong> Optionally restrict access codes to specific IP addresses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Failed attempt lockouts and IP tracking prevent brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emergency Lock:\u003C\u002Fstrong> One-click admin bar button to instantly revoke all active tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Management:\u003C\u002Fstrong> Logout all temp sessions without revoking tokens.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Monitoring & Compliance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full Audit Log:\u003C\u002Fstrong> Track all access, logins, restrictions, and actions with filterable event log and CSV export.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Countdown Timer:\u003C\u002Fstrong> Real-time expiry countdown in the admin bar with auto-logout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Count Tracking:\u003C\u002Fstrong> See first login vs re-logins in the audit log.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active Token Management:\u003C\u002Fstrong> View all active codes, see usage status, generate magic links, and revoke anytime.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications:\u003C\u002Fstrong> Send access codes and magic links to admin or support email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cleanup:\u003C\u002Fstrong> Temporary users and old logs are deleted automatically when access expires.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliant:\u003C\u002Fstrong> Built-in consent workflow, privacy policy integration, and data export\u002Ferasure support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress UI:\u003C\u002Fstrong> Clean interface matching WordPress and WooCommerce admin styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Users \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> HappyAccess\u003C\u002Fstrong> in your WordPress admin.\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Generate Access\u003C\u002Fstrong> tab.\u003C\u002Fli>\n\u003Cli>Choose duration (1 hour to 30 days) and role.\u003C\u002Fli>\n\u003Cli>Optionally enable email notification.\u003C\u002Fli>\n\u003Cli>Accept GDPR terms and click \u003Cstrong>Generate Access Code\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Share the 6-digit code with your support engineer.\u003C\u002Fli>\n\u003Cli>They enter the code at your login page – no username\u002Fpassword needed.\u003C\u002Fli>\n\u003Cli>Access automatically expires and user is deleted.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Support Engineers\u003C\u002Fstrong> – Quick access without password hassles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies\u003C\u002Fstrong> – Manage client access professionally.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Store Owners\u003C\u002Fstrong> – Maintain security while getting help.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developers\u003C\u002Fstrong> – Troubleshoot without credential sharing.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>GDPR & Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All access must be disclosed in your Terms & Conditions.\u003C\u002Fli>\n\u003Cli>Complete audit trail of all actions.\u003C\u002Fli>\n\u003Cli>Data stored locally on your WordPress site.\u003C\u002Fli>\n\u003Cli>Automatic data cleanup after 30 days.\u003C\u002Fli>\n\u003Cli>Rate limiting prevents brute force attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Third-Party Services\u003C\u002Fh4>\n\u003Cp>This plugin optionally connects to the following third-party service:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> (optional)\u003C\u002Fp>\n\u003Cp>When enabled in Settings, HappyAccess loads Google reCAPTCHA v3 on the WordPress login page to protect the OTP field from automated attacks. This sends the user’s IP address, browser information, and interaction data to Google for bot detection.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service URL: \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Terms of Service: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Privacy Policy: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>reCAPTCHA is \u003Cstrong>disabled by default\u003C\u002Fstrong> and must be explicitly enabled by an administrator. When disabled, no data is sent to Google.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>HappyAccess stores access logs locally on your WordPress site. No data is sent to external services unless you enable optional integrations (see Third-Party Services above).\u003C\u002Fp>\n\u003Cp>The plugin collects:\u003Cbr \u002F>\n* IP addresses of users accessing with temporary codes.\u003Cbr \u002F>\n* Browser information (user agent).\u003Cbr \u002F>\n* Access times and durations.\u003Cbr \u002F>\n* Actions performed (audit log).\u003C\u002Fp>\n\u003Cp>This data is automatically deleted after 30 days unless configured otherwise.\u003C\u002Fp>\n\u003Cp>When Google reCAPTCHA v3 is enabled, the user’s IP address, browser fingerprint, and interaction data are sent to Google for bot detection. See Google’s \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cp>You must disclose in your Terms & Conditions that you may grant admin access to third parties for support purposes.\u003C\u002Fp>\n","Secure temporary admin access for WordPress support engineers. Generate OTP-based access without sharing passwords.",0,110,"2026-04-05T04:21:00.000Z","6.9.4","6.0","7.4",[18,19,20,21,22],"admin","otp","security","support","temporary-access","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhappyaccess","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhappyaccess.1.0.6.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":25,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"shameemreza",3,30,94,"2026-05-20T13:51:38.442Z",[37,55,78,99,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":14,"requires_at_least":47,"requires_php":16,"tags":48,"homepage":53,"download_link":54,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"no-need-for-password","NNFP – Passwordless Email OTP Login","1.0.2","Ramesh Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperramesh\u002F","\u003Cp>\u003Cstrong>No Need For Password – WordPress OTP Login Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-need-for-password\u002F\" rel=\"ugc\"> No Need For Password \u003C\u002Fa> is a WordPress authentication plugin that enables users to log in and register using a one-time password (OTP) sent to their email address. Traditional passwords are not required.\u003C\u002Fp>\n\u003Cp>The plugin is developed by \u003Ca href=\"https:\u002F\u002Fin.linkedin.com\u002Fin\u002Fdeveloper-ramesh\" rel=\"nofollow ugc\"> Ramesh Kumar \u003C\u002Fa>, a web developer and technical lead with over a decade of experience building WordPress plugins, custom systems, and scalable web solutions. His background includes hands-on development and leading engineering teams on complex projects.\u003C\u002Fp>\n\u003Cp>This plugin is designed for WordPress websites that prioritize usability, simplified authentication flows, and reduced dependency on password-based systems—often required in modern \u003Ca href=\"https:\u002F\u002Fcapsquery.com\u002F\" rel=\"nofollow ugc\"> custom website development \u003C\u002Fa> projects.\u003C\u002Fp>\n\u003Cp>Perfect for:\u003Cbr \u002F>\n– Blogs\u003Cbr \u002F>\n– Membership sites\u003Cbr \u002F>\n– WooCommerce stores\u003Cbr \u002F>\n– SaaS-style WordPress websites\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No external services. No third-party APIs. Everything runs inside WordPress.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cp>Here are list of features that you enjoy by getting hands on password-free authentication plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwordless login via email OTP\u003C\u002Fli>\n\u003Cli>Automatic user registration for new emails\u003C\u002Fli>\n\u003Cli>Secure OTP with expiry time\u003C\u002Fli>\n\u003Cli>Login popup with clean UI\u003C\u002Fli>\n\u003Cli>Logout link for logged-in users\u003C\u002Fli>\n\u003Cli>Gutenberg & Full Site Editing (FSE) compatible\u003C\u002Fli>\n\u003Cli>Works with block themes like Twenty Twenty-Three\u003C\u002Fli>\n\u003Cli>ACF support for user registration fields\u003C\u002Fli>\n\u003Cli>AJAX-based (no page reloads)\u003C\u002Fli>\n\u003Cli>Lightweight & fast\u003C\u002Fli>\n\u003Cli>Developer-friendly and extensible\u003C\u002Fli>\n\u003Cli>Compatible with modern block themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These OTP-based WordPress login plugin features are great choice for modern websites.\u003C\u002Fp>\n\u003Ch3>🚀 How It Works\u003C\u002Fh3>\n\u003Cp>Below are 5 easy step to working process of secure email OTP login for WordPress plugin\u003C\u002Fp>\n\u003Col>\n\u003Cli>User clicks \u003Cstrong>Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enters email address\u003C\u002Fli>\n\u003Cli>Receives a 6-digit OTP by email\u003C\u002Fli>\n\u003Cli>Enters OTP\u003C\u002Fli>\n\u003Cli>Logged in instantly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No passwords. No reset links. No friction.\u003C\u002Fp>\n\u003Ch3>👨‍💻 Who Is It For?\u003C\u002Fh3>\n\u003Cp>Here are top cases where this No Need For Password by Ramesh is ideal choice:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Membership websites\u003C\u002Fli>\n\u003Cli>WooCommerce stores\u003C\u002Fli>\n\u003Cli>Blogs and communities\u003C\u002Fli>\n\u003Cli>SaaS-style WordPress apps\u003C\u002Fli>\n\u003Cli>Anyone who wants password-free authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧱 Shortcodes\u003C\u002Fh3>\n\u003Cp>Use these shortcodes anywhere on your site:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login button\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_login_button]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login page container\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_login_form]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Registration popup button\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_register_popup_button]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Registration form\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_registration_form]\u003C\u002Fp>\n\u003Ch3>🎨 Theme Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin works with:\u003Cbr \u002F>\n– Classic themes\u003Cbr \u002F>\n– Block themes (Full Site Editing)\u003Cbr \u002F>\n– Twenty Twenty-Three\u003Cbr \u002F>\n– Twenty Twenty-Four\u003Cbr \u002F>\n– Most modern WordPress themes\u003C\u002Fp>\n\u003Cp>No theme files need to be edited.\u003C\u002Fp>\n\u003Ch3>🔌 ACF Integration (Optional)\u003C\u002Fh3>\n\u003Cp>If \u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> is installed:\u003Cbr \u002F>\n– User registration fields are automatically detected\u003Cbr \u002F>\n– ACF values are saved to the user profile after OTP verification\u003C\u002Fp>\n\u003Cp>ACF is optional — the plugin works perfectly without it.\u003C\u002Fp>\n\u003Ch3>🔒 Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>OTP is time-limited\u003C\u002Fli>\n\u003Cli>Nonce protection on all AJAX requests\u003C\u002Fli>\n\u003Cli>Sanitized and validated user input\u003C\u002Fli>\n\u003Cli>Uses WordPress authentication APIs\u003C\u002Fli>\n\u003Cli>No passwords stored or transmitted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>👨‍💻 Developer Friendly\u003C\u002Fh3>\n\u003Cp>Hooks and filters can be added easily.\u003Cbr \u002F>\nClean class-based architecture.\u003Cbr \u002F>\nNo hard dependencies.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fdeveloper-ramesh\u003C\u002Fp>\n","Short Description: Enable secure passwordless login and registration using secure email-based one-time passwords (OTP).",331,"2026-02-10T11:11:00.000Z","5.8",[49,50,51,20,52],"acf-supported","otp-base-login","passwordless-login","user-login-and-registration","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnnfp-passwordless-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-need-for-password.1.0.2.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":14,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":11,"last_vuln_date":77,"fetched_at":27},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29928058,96,1024,"2026-03-02T12:38:00.000Z","3.0","5.5",[71,18,72,56,20],"access","login","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":14,"requires_at_least":91,"requires_php":16,"tags":92,"homepage":96,"download_link":97,"security_score":65,"vuln_count":32,"unpatched_count":11,"last_vuln_date":98,"fetched_at":27},"admin-menu-editor","Admin Menu Editor","1.15","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>Admin Menu Editor lets you manually edit the Dashboard menu. You can reorder the menus, show\u002Fhide specific items, change permissions, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change menu titles, URLs, icons, CSS classes and so on.\u003C\u002Fli>\n\u003Cli>Organize menu items via drag & drop.\u003C\u002Fli>\n\u003Cli>Change menu permissions by setting the required capability or role.\u003C\u002Fli>\n\u003Cli>Move a menu item to a different submenu. \u003C\u002Fli>\n\u003Cli>Create custom menus that point to any part of the Dashboard or an external URL.\u003C\u002Fli>\n\u003Cli>Hide\u002Fshow any menu or menu item. A hidden menu is invisible to all users, including administrators.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fw-shadow.com\u002FAdminMenuEditor\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> lets you set per-role menu permissions, hide a menu from everyone except a specific user, export your admin menu, drag items between menu levels, make menus open in a new window and more. \u003Ca href=\"http:\u002F\u002Famedemo.com\u002Fwpdemo\u002Fdemo.php\" rel=\"nofollow ugc\">Try online demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Despite the name, this plugin is not limited to just editing the admin menu. You can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create login redirects and logout redirects.\u003C\u002Fli>\n\u003Cli>Allow\u002Fdeny access to specific posts based on user roles.\u003C\u002Fli>\n\u003Cli>Hide plugins on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page from other users.\u003C\u002Fli>\n\u003Cli>Edit the display name, description, and other plugin details shown on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page (e.g. for white-labelling).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin provides a few utility shortcodes. These are mainly intended to help with creating login\u002Flogout redirects, but you can also use them in posts and pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ame-wp-admin]\u003C\u002Fcode> – URL of the WordPress dashboard (with a trailing slash).\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-home-url]\u003C\u002Fcode> – Site URL. Usually, this is the same as the URL in the “Site Address” field in \u003Cem>Settings -> General\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-user-info field=\"...\"]\u003C\u002Fcode> – Information about the logged-in user. Parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>field\u003C\u002Fcode> – The part of user profile to display. Supported fields include: \u003Ccode>ID\u003C\u002Fcode>, \u003Ccode>user_login\u003C\u002Fcode>, \u003Ccode>display_name\u003C\u002Fcode>, \u003Ccode>locale\u003C\u002Fcode>, \u003Ccode>user_nicename\u003C\u002Fcode>, \u003Ccode>user_url\u003C\u002Fcode>, and so on.\u003C\u002Fli>\n\u003Cli>\u003Ccode>placeholder\u003C\u002Fcode> – Optional. Text that will be shown if the visitor is not logged in.\u003C\u002Fli>\n\u003Cli>\u003Ccode>encoding\u003C\u002Fcode> – Optional. How to encode or escape the output. This is useful if you want to use the shortcode in your own HTML or JS code. Supported values: \u003Ccode>auto\u003C\u002Fcode> (default), \u003Ccode>html\u003C\u002Fcode>, \u003Ccode>attr\u003C\u002Fcode>, \u003Ccode>js\u003C\u002Fcode>, \u003Ccode>none\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you delete any of the default menus they will reappear after saving. This is by design. To get rid of a menu for good, either hide it or change it’s access permissions.\u003C\u002Fli>\n\u003Cli>In the free version, it’s not possible to give a role access to a menu item that it couldn’t see before. You can only restrict menu access further.\u003C\u002Fli>\n\u003Cli>In case of emergency, you can reset the menu configuration back to the default by going to http:\u002F\u002Fexample.com\u002Fwp-admin\u002F?reset_admin_menu=1 (replace example.com with your site URL). You must be logged in as an Administrator to do this.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.",400000,7832166,92,311,"2026-02-20T11:36:00.000Z","5.9",[18,93,94,20,95],"dashboard","menu","wpmu","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2008\u002F12\u002F20\u002Fadmin-menu-editor-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-menu-editor.1.15.zip","2026-03-10 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":14,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":11,"last_vuln_date":123,"fetched_at":27},"iwp-client","InfiniteWP Client","1.13.5","revmakx","https:\u002F\u002Fprofiles.wordpress.org\u002Frevmakx\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Finfinitewp.com\u002F\" title=\"Manage Multiple WordPress\" rel=\"nofollow ugc\">InfiniteWP\u003C\u002Fa> allows users to manage unlimited number of WordPress sites from their own server.\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Self-hosted system: Resides on your own server and totally under your control\u003C\u002Fli>\n\u003Cli>One-click updates for WordPress, plugins and themes across all your sites\u003C\u002Fli>\n\u003Cli>Instant backup and restore your entire site or just the database\u003C\u002Fli>\n\u003Cli>One-click access to all WP admin panels\u003C\u002Fli>\n\u003Cli>Bulk Manage plugins & themes: Activate & Deactive multiple plugins & themes on multiple sites simultaneously\u003C\u002Fli>\n\u003Cli>Bulk Install plugins & themes in multiple sites at once\u003C\u002Fli>\n\u003Cli>and more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit us at \u003Ca href=\"https:\u002F\u002Finfinitewp.com\u002F\" title=\"Manage Multiple WordPress\" rel=\"nofollow ugc\">InfiniteWP.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=s35ZoW95cnU\" rel=\"nofollow ugc\">InfiniteWP Overview Video\u003C\u002Fa> below.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fs35ZoW95cnU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Credits: \u003Ca href=\"http:\u002F\u002Fprelovac.com\u002Fvladimir\" rel=\"nofollow ugc\">Vladimir Prelovac\u003C\u002Fa> for his worker plugin on which the client plugin is being developed.\u003C\u002Fp>\n","Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.",200000,8254353,88,177,"2026-02-26T10:35:00.000Z","3.1","",[115,116,117,20,118],"backup","multi-site","multiple-admin","updates","http:\u002F\u002Finfinitewp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiwp-client.1.13.5.zip",90,7,"2025-01-07 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":65,"num_ratings":134,"last_updated":135,"tested_up_to":14,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":143,"download_link":144,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"two-factor","Two Factor","0.16.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Plugin settings\u003C\u002Fstrong>: The plugin provides a settings page under “Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Two-Factor” to configure which providers should be disabled site-wide.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Deprecated and removed due to loss of browser support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode> action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_login_backup_links\u003C\u002Fcode> filters the backup links displayed on the two-factor login form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Redirect After the Two-Factor Challenge\u003C\u002Fh3>\n\u003Cp>To redirect users to a specific URL after completing the two-factor challenge, use WordPress Core built-in login_redirect filter. The filter works the same way as in a standard WordPress login flow:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'login_redirect', function( $redirect_to, $requested_redirect_to, $user ) {\n    return home_url( '\u002Fdashboard\u002F' );\n}, 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), email, and backup verification codes.",100000,1606507,202,"2026-03-27T17:24:00.000Z","6.8","7.2",[139,140,141,20,142],"2fa","authentication","mfa","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.16.0.zip",{"attackSurface":146,"codeSignals":336,"taintFlows":347,"riskAssessment":439,"analyzedAt":447},{"hooks":147,"ajaxHandlers":285,"restRoutes":324,"shortcodes":325,"cronEvents":326,"entryPointCount":191,"unprotectedCount":275},[148,154,158,161,165,170,173,175,179,183,187,193,197,199,202,204,206,211,215,220,224,228,232,236,240,243,247,250,254,257,261,264,267,269,273,277,280],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_menu","add_menu_page","admin\u002Fclass-happyaccess-admin.php",27,{"type":149,"name":155,"callback":156,"file":152,"line":157},"admin_enqueue_scripts","enqueue_scripts",28,{"type":149,"name":159,"callback":159,"file":152,"line":160},"admin_notices",38,{"type":149,"name":162,"callback":163,"file":152,"line":164},"admin_init","handle_settings",39,{"type":149,"name":166,"callback":167,"file":168,"line":169},"before_woocommerce_init","closure","happyaccess.php",31,{"type":149,"name":171,"callback":171,"file":168,"line":172},"init",131,{"type":149,"name":162,"callback":162,"file":168,"line":174},132,{"type":149,"name":176,"callback":177,"file":168,"line":178},"happyaccess_cleanup_expired","cleanup_expired_tokens",135,{"type":149,"name":180,"callback":181,"file":168,"line":182},"happyaccess_cleanup_attempts","cleanup_old_attempts",136,{"type":149,"name":184,"callback":185,"file":168,"line":186},"login_form","add_otp_field",139,{"type":188,"name":189,"callback":190,"priority":191,"file":168,"line":192},"filter","authenticate","authenticate_otp",10,140,{"type":149,"name":194,"callback":195,"file":168,"line":196},"login_enqueue_scripts","enqueue_login_scripts",141,{"type":149,"name":194,"callback":156,"file":168,"line":198},144,{"type":149,"name":176,"callback":200,"file":168,"line":201},"cleanup_expired",147,{"type":149,"name":176,"callback":200,"file":168,"line":203},148,{"type":149,"name":162,"callback":171,"file":168,"line":205},151,{"type":149,"name":207,"callback":208,"priority":209,"file":168,"line":210},"admin_bar_menu","add_emergency_lock_button",999,155,{"type":188,"name":212,"callback":213,"priority":191,"file":168,"line":214},"plugin_row_meta","add_plugin_row_meta",163,{"type":149,"name":150,"callback":216,"priority":217,"file":218,"line":219},"filter_admin_menu",9999,"includes\u002Fclass-happyaccess-access-guard.php",43,{"type":149,"name":221,"callback":222,"file":218,"line":223},"current_screen","block_restricted_screens",44,{"type":188,"name":225,"callback":226,"file":218,"line":227},"show_admin_bar","__return_false",48,{"type":188,"name":229,"callback":230,"priority":191,"file":218,"line":231},"user_row_actions","filter_user_row_actions",52,{"type":188,"name":233,"callback":234,"file":218,"line":235},"users_list_table_query_args","hide_creator_from_user_list",53,{"type":188,"name":237,"callback":238,"file":218,"line":239},"all_plugins","hide_happyaccess_from_plugins_list",54,{"type":149,"name":221,"callback":241,"file":218,"line":242},"block_editing_creator",55,{"type":188,"name":244,"callback":245,"file":218,"line":246},"bulk_actions-users","filter_user_bulk_actions",58,{"type":149,"name":162,"callback":248,"file":249,"line":157},"add_privacy_policy_content","includes\u002Fclass-happyaccess-gdpr.php",{"type":188,"name":251,"callback":252,"file":249,"line":253},"wp_privacy_personal_data_exporters","register_data_exporter",29,{"type":188,"name":255,"callback":256,"file":249,"line":33},"wp_privacy_personal_data_erasers","register_data_eraser",{"type":149,"name":258,"callback":167,"file":259,"line":260},"shutdown","includes\u002Fclass-happyaccess-login-handler.php",369,{"type":188,"name":262,"callback":262,"file":259,"line":263},"login_message",431,{"type":188,"name":265,"callback":265,"priority":191,"file":259,"line":266},"login_redirect",432,{"type":149,"name":207,"callback":207,"priority":25,"file":259,"line":268},433,{"type":149,"name":270,"callback":271,"file":259,"line":272},"wp_logout","handle_logout",434,{"type":149,"name":171,"callback":274,"priority":275,"file":276,"line":227},"handle_magic_link",1,"includes\u002Fclass-happyaccess-magic-link.php",{"type":188,"name":262,"callback":278,"file":276,"line":279},"display_login_error",550,{"type":149,"name":281,"callback":282,"priority":275,"file":283,"line":284},"template_redirect","handle_share_link","includes\u002Fclass-happyaccess-otp-share.php",36,[286,291,294,297,301,305,309,313,316,320],{"action":287,"nopriv":288,"callback":289,"hasNonce":290,"hasCapCheck":290,"file":152,"line":253},"happyaccess_generate_token",false,"ajax_generate_token",true,{"action":292,"nopriv":288,"callback":293,"hasNonce":290,"hasCapCheck":290,"file":152,"line":33},"happyaccess_revoke_token","ajax_revoke_token",{"action":295,"nopriv":288,"callback":296,"hasNonce":290,"hasCapCheck":290,"file":152,"line":169},"happyaccess_logout_sessions","ajax_logout_sessions",{"action":298,"nopriv":288,"callback":299,"hasNonce":290,"hasCapCheck":290,"file":152,"line":300},"happyaccess_clear_logs","ajax_clear_logs",32,{"action":302,"nopriv":288,"callback":303,"hasNonce":290,"hasCapCheck":290,"file":152,"line":304},"happyaccess_generate_magic_link","ajax_generate_magic_link",33,{"action":306,"nopriv":288,"callback":307,"hasNonce":290,"hasCapCheck":290,"file":152,"line":308},"happyaccess_generate_share_link","ajax_generate_share_link",34,{"action":310,"nopriv":288,"callback":311,"hasNonce":290,"hasCapCheck":290,"file":152,"line":312},"happyaccess_email_magic_link","ajax_email_magic_link",35,{"action":314,"nopriv":288,"callback":315,"hasNonce":290,"hasCapCheck":290,"file":152,"line":284},"happyaccess_deactivate_user","ajax_deactivate_user",{"action":317,"nopriv":288,"callback":318,"hasNonce":290,"hasCapCheck":290,"file":152,"line":319},"happyaccess_reactivate_user","ajax_reactivate_user",37,{"action":321,"nopriv":288,"callback":322,"hasNonce":288,"hasCapCheck":288,"file":168,"line":323},"happyaccess_emergency_lock","ajax_emergency_lock",156,[],[],[327,329,331,334],{"hook":176,"callback":176,"file":168,"line":328},230,{"hook":180,"callback":180,"file":168,"line":330},233,{"hook":176,"callback":176,"file":332,"line":333},"includes\u002Fclass-happyaccess-activator.php",217,{"hook":180,"callback":180,"file":332,"line":335},221,{"dangerousFunctions":337,"sqlUsage":338,"outputEscaping":341,"fileOperations":275,"externalRequests":275,"nonceChecks":344,"capabilityChecks":345,"bundledLibraries":346},[],{"prepared":339,"raw":11,"locations":340},79,[],{"escaped":342,"rawEcho":11,"locations":343},480,[],11,12,[],[348,366,374,395,411,422],{"entryPoint":349,"graph":350,"unsanitizedCount":11,"severity":365},"render_audit_logs (admin\u002Fclass-happyaccess-admin.php:588)",{"nodes":351,"edges":363},[352,357],{"id":353,"type":354,"label":355,"file":152,"line":356},"n0","source","$_GET (x4)",602,{"id":358,"type":359,"label":360,"file":152,"line":361,"wp_function":362},"n1","sink","echo() [XSS]",667,"echo",[364],{"from":353,"to":358,"sanitized":290},"low",{"entryPoint":367,"graph":368,"unsanitizedCount":11,"severity":365},"\u003Cclass-happyaccess-admin> (admin\u002Fclass-happyaccess-admin.php:0)",{"nodes":369,"edges":372},[370,371],{"id":353,"type":354,"label":355,"file":152,"line":356},{"id":358,"type":359,"label":360,"file":152,"line":361,"wp_function":362},[373],{"from":353,"to":358,"sanitized":290},{"entryPoint":375,"graph":376,"unsanitizedCount":11,"severity":365},"\u003Cclass-happyaccess-otp-share> (includes\u002Fclass-happyaccess-otp-share.php:0)",{"nodes":377,"edges":392},[378,381,385,387],{"id":353,"type":354,"label":379,"file":283,"line":380},"$_GET",142,{"id":358,"type":359,"label":382,"file":283,"line":383,"wp_function":384},"get_row() [SQLi]",213,"get_row",{"id":386,"type":354,"label":379,"file":283,"line":380},"n2",{"id":388,"type":359,"label":389,"file":283,"line":390,"wp_function":391},"n3","query() [SQLi]",248,"query",[393,394],{"from":353,"to":358,"sanitized":290},{"from":386,"to":388,"sanitized":290},{"entryPoint":396,"graph":397,"unsanitizedCount":275,"severity":410},"\u003Cclass-happyaccess-login-handler> (includes\u002Fclass-happyaccess-login-handler.php:0)",{"nodes":398,"edges":407},[399,402,405],{"id":353,"type":354,"label":400,"file":259,"line":401},"$_POST",153,{"id":358,"type":403,"label":404,"file":259,"line":401},"transform","→ create_or_get()",{"id":386,"type":359,"label":382,"file":406,"line":312,"wp_function":384},"includes\u002Fclass-happyaccess-temp-user.php",[408,409],{"from":353,"to":358,"sanitized":288},{"from":358,"to":386,"sanitized":288},"high",{"entryPoint":412,"graph":413,"unsanitizedCount":275,"severity":410},"handle_magic_link (includes\u002Fclass-happyaccess-magic-link.php:157)",{"nodes":414,"edges":419},[415,417,418],{"id":353,"type":354,"label":379,"file":276,"line":416},201,{"id":358,"type":403,"label":404,"file":276,"line":416},{"id":386,"type":359,"label":382,"file":406,"line":312,"wp_function":384},[420,421],{"from":353,"to":358,"sanitized":288},{"from":358,"to":386,"sanitized":288},{"entryPoint":423,"graph":424,"unsanitizedCount":275,"severity":410},"\u003Cclass-happyaccess-magic-link> (includes\u002Fclass-happyaccess-magic-link.php:0)",{"nodes":425,"edges":435},[426,429,431,432,433],{"id":353,"type":354,"label":427,"file":276,"line":428},"$_GET (x2)",164,{"id":358,"type":359,"label":382,"file":276,"line":430,"wp_function":384},284,{"id":386,"type":354,"label":379,"file":276,"line":416},{"id":388,"type":403,"label":404,"file":276,"line":416},{"id":434,"type":359,"label":382,"file":406,"line":312,"wp_function":384},"n4",[436,437,438],{"from":353,"to":358,"sanitized":290},{"from":386,"to":388,"sanitized":288},{"from":388,"to":434,"sanitized":288},{"summary":440,"deductions":441},"The 'happyaccess' v1.0.6 plugin exhibits a generally strong security posture with several positive indicators. The complete absence of raw SQL queries, 100% proper output escaping, and a substantial number of nonce and capability checks suggest diligent development practices regarding core security principles.  Furthermore, the plugin has no recorded vulnerability history, which is a very positive sign of its stability and security over time. However, there are some significant concerns. The static analysis reveals one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated users. Additionally, the taint analysis indicates three flows with unsanitized paths, all classified as high severity. These flows, combined with the unprotected AJAX handler, represent the most critical security risks associated with this plugin, potentially allowing for unintended actions or data manipulation.",[442,444],{"reason":443,"points":191},"Unprotected AJAX handler",{"reason":445,"points":446},"High severity unsanitized taint flows (3)",15,"2026-04-16T14:19:39.652Z",{"wat":449,"direct":464},{"assetPaths":450,"generatorPatterns":456,"scriptPaths":457,"versionParams":458},[451,452,453,454,455],"\u002Fwp-content\u002Fplugins\u002Fhappyaccess\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fhappyaccess\u002Fassets\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fhappyaccess\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fhappyaccess\u002Fassets\u002Fjs\u002Flogin.js","\u002Fwp-content\u002Fplugins\u002Fhappyaccess\u002Fassets\u002Fjs\u002Fotp-share.js",[],[453,454,455],[459,460,461,462,463],"happyaccess\u002Fassets\u002Fcss\u002Fadmin.css?ver=","happyaccess\u002Fassets\u002Fcss\u002Flogin.css?ver=","happyaccess\u002Fassets\u002Fjs\u002Fadmin.js?ver=","happyaccess\u002Fassets\u002Fjs\u002Flogin.js?ver=","happyaccess\u002Fassets\u002Fjs\u002Fotp-share.js?ver=",{"cssClasses":465,"htmlComments":469,"htmlAttributes":473,"restEndpoints":475,"jsGlobals":476,"shortcodeOutput":480},[466,467,468],"happyaccess-otp-field","happyaccess-otp-share-button","happyaccess-emergency-lock-button",[470,471,472],"\u003C!-- HappyAccess OTP Login Form Field -->","\u003C!-- HappyAccess OTP Share Form -->","\u003C!-- HappyAccess Emergency Lock Button -->",[474],"data-happyaccess-settings",[],[477,478,479],"happyaccess_login_params","happyaccess_otp_share_params","happyaccess_admin_params",[],{"error":290,"url":482,"statusCode":483,"statusMessage":484,"message":484},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhappyaccess\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":486,"versions":487},2,[488,493],{"version":6,"download_url":24,"svn_tag_url":489,"released_at":26,"has_diff":288,"diff_files_changed":490,"diff_lines":26,"trac_diff_url":491,"vulnerabilities":492,"is_current":290},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhappyaccess\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhappyaccess%2Ftags%2F1.0.5&new_path=%2Fhappyaccess%2Ftags%2F1.0.6",[],{"version":494,"download_url":495,"svn_tag_url":496,"released_at":26,"has_diff":288,"diff_files_changed":497,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":498,"is_current":288},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhappyaccess.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhappyaccess\u002Ftags\u002F1.0.5\u002F",[],[]]