[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flMfG1h5Q-3bOUuVLEQ0TmG6NJF_NkyrBjfev8oLL2IY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":145,"fingerprints":231},"hetjens-registered-only","Hetjens Registered Only","0.4","S Hetjens","https:\u002F\u002Fprofiles.wordpress.org\u002Fhetjens\u002F","\u003Cp>This plug-in restricts access to blog and feed. All anonymous visitors will be forwarded to the login page of WordPress\u003Cbr \u002F>\nbefore accessing the blog content. If access is restricted, rss and atom feeds will be disabled, too.\u003C\u002Fp>\n\u003Cp>The feed can be activated as a private feed for each user. Every user will have a unique feed url to access it. That\u003Cbr \u002F>\nurl is based on the username and an md5 hash of the hashed password stored in database. This plug-in will modify all\u003Cbr \u002F>\nby wordpress inserted feed urls to the user specific ones. But be carefull. If you content is confidential you should\u003Cbr \u002F>\nnot activate the feed. There is no way to check which services are reading (and maybe publishing) the feed’s content.\u003C\u002Fp>\n","This plug-in restricts the access to blog and feed. Visitors need to login before accessing the blog. It offers a private feed for every user.",10,2951,0,"2016-02-25T19:45:00.000Z","2.9.2","2.8.0","",[19,20,21,22,23],"access","login","restrict","security","user","http:\u002F\u002Fhetjens.com\u002Fwordpress\u002Fhetjens_registered_only\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhetjens-registered-only.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"hetjens",4,40,30,84,"2026-04-04T14:59:02.741Z",[38,62,85,100,122],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":35,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":17,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":28},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,420,"2026-03-08T15:53:00.000Z","6.9.4","5.8.0","5.6.0",[54,55,56,22,57],"access-governance","api-security","restricted-content","user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":83,"download_link":84,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"private-website","Private Website – Login Required","0.2.9","roehler","https:\u002F\u002Fprofiles.wordpress.org\u002Froehler\u002F","\u003Cp>\u003Cstrong>Private Website – Login Required\u003C\u002Fstrong> is a simple and straightforward WordPress plugin designed to restrict access to your website. By activating this plugin, users must be logged in to view any content on your site. This is ideal for websites that host sensitive or exclusive content and want to ensure that only authenticated users can access it.\u003C\u002Fp>\n\u003Cp>There are no complicated settings to configure. Simply activate the plugin to enforce the login requirement and deactivate it to remove the restriction.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Froehler.nrw\" rel=\"nofollow ugc\">Robin Oehler\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Private Website – Login Required uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK does not gather any data by default. The SDK only starts gathering basic telemetry data when a user allows it via the admin notice. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK DOES NOT IMMEDIATELY start gathering data, without confirmation from users in any case.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Bugs & Feedback\u003C\u002Fh3>\n\u003Cp>Your feedback is important to me. If you find mistakes, have wishes, ideas, or suggestions, please send an email to \u003Ca href=\"mailto:mail@roehler.nrw\" rel=\"nofollow ugc\">mail@roehler.nrw\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Legal notice (German): \u003Ca href=\"https:\u002F\u002Froehler.nrw\u002Fimpressum\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Froehler.nrw\u002Fimpressum\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are free to use it on any website across countries to protect the privacy of your users.\u003C\u002Fp>\n\u003Cp>Note: Activating this plugin cannot guarantee that your website is completely compliant with GDPR. When using Google Analytics, Facebook pixels, or other similar tools, additional measures may need to be taken.\u003C\u002Fp>\n","This plugin requires users to be logged in to view the website. Activate the plugin to enforce login, and deactivate it to remove the restriction.",200,2528,100,1,"2025-09-08T20:58:00.000Z","6.8.5","5.0","7.0",[20,79,80,81,82],"members","private","restrict-access","user-authentication","https:\u002F\u002Fwww.roehler.nrw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprivate-website.0.2.9.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":13,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":94,"tested_up_to":50,"requires_at_least":76,"requires_php":77,"tags":95,"homepage":98,"download_link":99,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"absoluto-access-gate","Absoluto Access Gate","1.0.0","Absoluto Designs","https:\u002F\u002Fprofiles.wordpress.org\u002Fabsolutodesigns\u002F","\u003Cp>Absoluto Access Gate is a flexible WordPress access-control plugin that allows you to require user login across your site while offering precise control over who can access what. It is designed for site owners who need reliable login enforcement without sacrificing usability or performance.\u003C\u002Fp>\n\u003Cp>Many sites require authentication for content access but still need exceptions for specific pages, users, or integrations. Absoluto Access Gate provides a structured and predictable way to enforce login rules while supporting common real-world scenarios such as public landing pages, APIs, feeds, and temporary access needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> Absoluto Designs\u003Cbr \u002F>\n\u003Cstrong>Author URI:\u003C\u002Fstrong> http:\u002F\u002Fabsolutodesigns.com\u003Cbr \u002F>\n\u003Cstrong>Plugin URI:\u003C\u002Fstrong> https:\u002F\u002Fabsolutodesigns.com\u002Fplugins\u002Fabsoluto-access-gate\u002F\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Force login requirement for all pages\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable toggle without deactivating plugin\u003C\u002Fli>\n\u003Cli>Exclude specific pages from login requirement\u003C\u002Fli>\n\u003Cli>Exclude page templates from login requirement\u003C\u002Fli>\n\u003Cli>Exclude post types, categories, and tags\u003C\u002Fli>\n\u003Cli>Allow specific user roles to bypass login requirement\u003C\u002Fli>\n\u003Cli>Allow specific users to bypass login requirement\u003C\u002Fli>\n\u003Cli>IP whitelist with CIDR notation support\u003C\u002Fli>\n\u003Cli>Bypass key\u002Ftoken for temporary access\u003C\u002Fli>\n\u003Cli>Custom login page URL\u003C\u002Fli>\n\u003Cli>Custom redirect after login\u003C\u002Fli>\n\u003Cli>Maintenance mode with custom messages\u003C\u002Fli>\n\u003Cli>RSS feed and REST API exclusion options\u003C\u002Fli>\n\u003Cli>AJAX request exclusion\u003C\u002Fli>\n\u003Cli>Archive and search page exclusion\u003C\u002Fli>\n\u003Cli>Easy-to-use admin settings page with 2-column layout\u003C\u002Fli>\n\u003Cli>Clean and modern UI with enhanced multi-select dropdowns (uses native HTML5 selects, WordPress.org compliant)\u003C\u002Fli>\n\u003Cli>Quick add current IP to whitelist button\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>After activating the plugin, navigate to \u003Cstrong>Settings > Absoluto Access Gate\u003C\u002Fstrong> to configure:\u003C\u002Fp>\n\u003Ch3>Excluded Pages\u003C\u002Fh3>\n\u003Cp>Select pages that should be accessible without login. These pages will be publicly accessible even when the plugin is active.\u003C\u002Fp>\n\u003Ch3>Excluded Page Templates\u003C\u002Fh3>\n\u003Cp>Select page templates that should be accessible without login. All pages using these templates will be publicly accessible.\u003C\u002Fp>\n\u003Ch3>Bypass Roles\u003C\u002Fh3>\n\u003Cp>Select user roles that can bypass the login requirement. Users with these roles can view all pages without being redirected to login.\u003C\u002Fp>\n\u003Ch3>Bypass Users\u003C\u002Fh3>\n\u003Cp>Select specific users that can bypass the login requirement. These users can view all pages without being redirected to login.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>When a user visits any page on your site, the plugin checks:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If the user is logged in and has bypass permission (role or user)\u003C\u002Fli>\n\u003Cli>If the current page is excluded\u003C\u002Fli>\n\u003Cli>If the current page uses an excluded template\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If none of the above conditions are met and the user is not logged in, they are redirected to the WordPress login page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After logging in, users are redirected back to the page they were trying to access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress:\u003C\u002Fstrong> 5.0 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP:\u003C\u002Fstrong> 7.0 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tested up to:\u003C\u002Fstrong> WordPress 6.4\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network:\u003C\u002Fstrong> Not compatible with WordPress Multisite network activation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For issues, questions, or contributions, please visit the \u003Ca href=\"https:\u002F\u002Fabsolutodesigns.com\u002Fplugins\u002Fabsoluto-access-gate\u002F\" rel=\"nofollow ugc\">plugin page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>GPL v2 or later\u003C\u002Fp>\n","Force users to login before viewing pages. Exclude specific pages and allow certain user roles\u002Fusers to bypass the requirement.",123,"2026-01-27T10:51:00.000Z",[96,97,20,81,22],"access-control","force-login","https:\u002F\u002Fabsolutodesigns.com\u002Fplugins\u002Fabsoluto-access-gate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabsoluto-access-gate.1.0.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":50,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":117,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":13,"last_vuln_date":121,"fetched_at":28},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","3.0","5.5",[19,116,20,101,22],"admin","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":50,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":140,"download_link":141,"security_score":142,"vuln_count":143,"unpatched_count":13,"last_vuln_date":144,"fetched_at":28},"user-role-editor","User Role Editor","4.64.6","Vladimir Garagulya","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinephp\u002F","\u003Cp>User Role Editor WordPress plugin allows you to change user roles and capabilities easy.\u003Cbr \u002F>\nJust turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done.\u003Cbr \u002F>\nAdd new roles and customize its capabilities according to your needs, from scratch of as a copy of other existing role.\u003Cbr \u002F>\nUnnecessary self-made role can be deleted if there are no users whom such role is assigned.\u003Cbr \u002F>\nRole assigned every new created user by default may be changed too.\u003Cbr \u002F>\nCapabilities could be assigned on per user basis. Multiple roles could be assigned to user simultaneously.\u003Cbr \u002F>\nYou can add new capabilities and remove unnecessary capabilities which could be left from uninstalled plugins.\u003Cbr \u002F>\nMulti-site support is provided.\u003C\u002Fp>\n\u003Cp>Try it out on your free TasteWP \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fuser-role-editor\" rel=\"nofollow ugc\">test site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To read more about ‘User Role Editor’ visit \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> at \u003Ca href=\"http:\u002F\u002Fshinephp.com\" rel=\"nofollow ugc\">shinephp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you need more functionality with quality support in a real time? Do you wish to remove advertisements from User Role Editor pages?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">Buy Pro version\u003C\u002Fa>.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.role-editor.com\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa> includes extra modules:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block selected admin menu items for role.\u003C\u002Fli>\n\u003Cli>Hide selected front-end menu items for no logged-in visitors, logged-in users, roles.\u003C\u002Fli>\n\u003Cli>Block selected widgets under “Appearance” menu for role.\u003C\u002Fli>\n\u003Cli>Show widgets at front-end for selected roles.\u003C\u002Fli>\n\u003Cli>Block selected meta boxes (dashboard, posts, pages, custom post types) for role.\u003C\u002Fli>\n\u003Cli>“Export\u002FImport” module. You can export user role to the local file and import it to any WordPress site or other sites of the multi-site WordPress network.\u003C\u002Fli>\n\u003Cli>Roles and Users permissions management via Network Admin  for multisite configuration. One click Synchronization to the whole network.\u003C\u002Fli>\n\u003Cli>“Other roles access” module allows to define which other roles user with current role may see at WordPress: dropdown menus, e.g assign role to user editing user profile, etc.\u003C\u002Fli>\n\u003Cli>Manage user access to editing posts\u002Fpages\u002Fcustom post type using posts\u002Fpages, authors, taxonomies ID list.\u003C\u002Fli>\n\u003Cli>Per plugin users access management for plugins activate\u002Fdeactivate operations.\u003C\u002Fli>\n\u003Cli>Per form users access management for Gravity Forms plugin.\u003C\u002Fli>\n\u003Cli>Shortcode to show enclosed content to the users with selected roles only.\u003C\u002Fli>\n\u003Cli>Posts and pages view restrictions for selected roles.\u003C\u002Fli>\n\u003Cli>Admin back-end pages permissions viewer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pro version is advertisement free. Premium support is included.\u003C\u002Fp>\n\u003Ch3>Additional Documentation\u003C\u002Fh3>\n\u003Cp>You can find more information about “User Role Editor” plugin at \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>I am ready to answer on your questions about plugin usage. Use \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fuser-role-editor-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugin page comments\u003C\u002Fa> for that.\u003C\u002Fp>\n","User Role Editor WordPress plugin makes user roles and capabilities changing easy. Edit\u002Fadd\u002Fdelete WordPress user roles and capabilities.",700000,21349734,90,287,"2025-12-02T03:45:00.000Z","4.4","7.3",[19,138,139,22,23],"editor","role","https:\u002F\u002Fwww.role-editor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-editor.4.64.6.zip",97,2,"2024-12-16 19:51:53",{"attackSurface":146,"codeSignals":169,"taintFlows":188,"riskAssessment":214,"analyzedAt":230},{"hooks":147,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":13,"unprotectedCount":13},[148,153,157,161],{"type":149,"name":150,"callback":150,"file":151,"line":152},"action","wp","Hetjens_Registered_Only.php",32,{"type":154,"name":155,"callback":155,"file":151,"line":156},"filter","feed_link",33,{"type":149,"name":158,"callback":159,"file":151,"line":160},"admin_init","register_admin",34,{"type":149,"name":162,"callback":163,"file":151,"line":164},"plugins_loaded","anonymous",104,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":174,"outputEscaping":176,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":187},[171],{"fn":172,"file":151,"line":164,"context":173},"create_function","add_action('plugins_loaded', create_function('','$Hetjens_Registered_Only = new Hetjens_Registered_O",{"prepared":143,"raw":13,"locations":175},[],{"escaped":13,"rawEcho":32,"locations":177},[178,181,183,185],{"file":151,"line":179,"context":180},54,"raw output",{"file":151,"line":182,"context":180},55,{"file":151,"line":184,"context":180},56,{"file":151,"line":186,"context":180},61,[],[189,206],{"entryPoint":190,"graph":191,"unsanitizedCount":73,"severity":205},"wp (Hetjens_Registered_Only.php:79)",{"nodes":192,"edges":202},[193,197],{"id":194,"type":195,"label":196,"file":151,"line":132},"n0","source","$_REQUEST['user']",{"id":198,"type":199,"label":200,"file":151,"line":132,"wp_function":201},"n1","sink","get_row() [SQLi]","get_row",[203],{"from":194,"to":198,"sanitized":204},false,"high",{"entryPoint":207,"graph":208,"unsanitizedCount":73,"severity":205},"\u003CHetjens_Registered_Only> (Hetjens_Registered_Only.php:0)",{"nodes":209,"edges":212},[210,211],{"id":194,"type":195,"label":196,"file":151,"line":132},{"id":198,"type":199,"label":200,"file":151,"line":132,"wp_function":201},[213],{"from":194,"to":198,"sanitized":204},{"summary":215,"deductions":216},"The hetjens-registered-only plugin v0.4 exhibits a mixed security posture.  On the positive side, it has a minimal attack surface with no detected AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, all SQL queries utilize prepared statements, and there are no external HTTP requests or file operations, which are good security practices. The absence of any recorded vulnerabilities in its history is also a strong indicator of its current stability. \n\nHowever, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a notable risk, as it can be exploited for code injection. More critically, the taint analysis reveals two flows with unsanitized paths, flagged as high severity. This indicates that data entering the plugin might not be properly validated or escaped before being used in a sensitive context, potentially leading to cross-site scripting (XSS) or other injection vulnerabilities. The fact that 100% of output is not properly escaped is also a major red flag, directly contributing to XSS risks. The lack of nonce and capability checks on any potential entry points, though currently not exploitable due to zero entry points, suggests a lack of robust authorization and integrity controls that could become a problem if the attack surface expands in future versions.",[217,220,223,226,228],{"reason":218,"points":219},"High severity taint flows with unsanitized paths",14,{"reason":221,"points":222},"All output is unescaped",7,{"reason":224,"points":225},"Use of dangerous function create_function",5,{"reason":227,"points":225},"No nonce checks implemented",{"reason":229,"points":225},"No capability checks implemented","2026-03-17T00:35:15.889Z",{"wat":232,"direct":237},{"assetPaths":233,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[],[],[],[],{"cssClasses":238,"htmlComments":241,"htmlAttributes":242,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":245},[239,240],"hetjens_registered_only_disabled","hetjens_registered_only_active",[],[240],[],[],[]]