[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiuvmQkOck51U2k0IRH0mf16BSU1un5kT_wWR0E7uO0E":3,"$fvCBHABC4DSi7Kq7DAibG_JBT0uH08BSKgD7QhbiPF_A":189,"$fbNFu_gHAnkp3o8mP0fiI5ftB6MMVRweQJPgV3NFppqc":194},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"discovery_status":25,"vulnerabilities":26,"developer":27,"crawl_stats":23,"alternatives":32,"analysis":123,"fingerprints":172},"hide-login-shield","Hide Login Shield","1.0","oliverdoo","https:\u002F\u002Fprofiles.wordpress.org\u002Foliverdoo\u002F","\u003Cp>Hide Login Shield allows you to change the default login URL from \u003Ccode>wp-login.php\u003C\u002Fcode> to a custom path. This increases security by obscuring the standard login route that attackers typically target.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Easily set a custom login URL (e.g., \u003Ccode>yoursite.com\u002Fmylogin\u003C\u002Fcode>).\u003Cbr \u002F>\n* Redirects attempts to access the default login page to your homepage.\u003Cbr \u002F>\n* If you forget the custom login URL, you can restore access by disabling or removing the plugin via FTP or your hosting file manager.\u003C\u002Fp>\n\u003Cp>This plugin enhances security by making it harder for unauthorized users to guess your login URL. It uses WordPress hooks and rewrite rules without modifying core files.\u003C\u002Fp>\n","Enhance your site's security by customizing the default login URL and hiding the standard login page.",0,507,"2025-02-03T20:17:00.000Z","6.7.5","",[17,18,19,20],"custom-login-url","hide-login","login-url","wp-login-php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-login-shield.1.0.zip",92,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,88,"2026-05-19T21:16:52.646Z",[33,54,76,96,109],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":43,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.4","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,473,100,3,"2026-03-23T12:29:00.000Z","6.9.4","5.0","7.2",[17,18,50,51,20],"security","wp-admin","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.4.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":46,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":15,"download_link":73,"security_score":74,"vuln_count":41,"unpatched_count":11,"last_vuln_date":75,"fetched_at":24},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30698944,96,2103,"2026-01-12T08:47:00.000Z","4.1","7.0",[17,70,71,72,20],"login","rename","wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":43,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":15,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"rename-wp-loginphp-to-anything-you-want","Rename wp-login.php to anything you want","2.0.1","travispluse","https:\u002F\u002Fprofiles.wordpress.org\u002Ftravispluse\u002F","\u003Cp>This plugin changes the way you login into your website.\u003C\u002Fp>\n\u003Cp>–loginsecurity includes–\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blocks IP after maximum retries allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Extended Lockout after maximum lockouts allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Email notification to admin after max lockouts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blacklist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Whitelist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Check logs of failed attempts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Create IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Delete IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Licensed under GNU GPL version 3\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Safe & Secure\u003Cbr \u002F>\u003C\u002Fp>\n","This plugin changes the way you login into your website.",500,8939,5,"2016-08-13T06:36:00.000Z","4.5.33","3.0",[91,17,70,92,20],"custom","login-custom","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-loginphp-to-anything-you-want\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-loginphp-to-anything-you-want.2.0.1.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":41,"downloaded":104,"rating":43,"num_ratings":28,"last_updated":105,"tested_up_to":106,"requires_at_least":67,"requires_php":68,"tags":107,"homepage":15,"download_link":108,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"hide-wp-admin-wp-login-php","Hide wp-admin \u002F wp-login.php","1.0.0","sharmakks","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharmakks\u002F","\u003Cp>\u003Cem>Custom wp-admin \u002F wp-login.php\u003C\u002Fem> is avery user friendly plugin that lets users safely modify the link of the Dashboard Login Page. It will not change any file name or even didn’t modify any core file or even it will not rewrite any rule in your .htaccess and wp-config file. It only checks the URL and redirect the user to specific admin url. You can secure your admin dashboard area by using this plugin.\u003C\u002Fp>\n\u003Cp>If you have any problem then you can let us know or you can drop us a mail on sharmakrishankant9@gmail.com\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher.\u003C\u002Fp>\n\u003Cp>It might not work with another plugin or hardcoded \u003Cem>wp-admnin\u002Fwp-login.php\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>It might not Works with multisite. It might not work with Network Site\u003C\u002Fp>\n","Change wp-login.php,wp-admin URL to anything that you want.",1117,"2022-02-21T15:29:00.000Z","5.9.13",[17,70,71,72,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-wp-admin-wp-login-php.zip",{"slug":110,"name":111,"version":6,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":41,"downloaded":116,"rating":11,"num_ratings":11,"last_updated":117,"tested_up_to":118,"requires_at_least":47,"requires_php":15,"tags":119,"homepage":121,"download_link":122,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"swift-wp-login","Swift WP-Login.php","beginnerwebtips","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeginnerwebtips\u002F","\u003Cp>\u003Cstrong>I Provide offer support through the support forum. Use \u003Ca href=\"\u002F\u002Fwww.beginnerwebtips.com\u002Fiseulde\u002Fswift-wp-login\u002F\" rel=\"nofollow ugc\">Website\u003C\u002Fa> instead.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>swift wp-login.php\u003C\u002Fem> is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally swift or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Woocommerce,\u003C\u002Fli>\n\u003Cli>TML,\u003C\u002Fli>\n\u003Cli>UserPro,\u003C\u002Fli>\n\u003Cli>Limit Login Attempts,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, but not tested with subdomains. Activating it for a network allows you to set a networkwide default. Individual sites can still swift their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> you should add the slug of the new login url to the list of pages not to cache.\u003C\u002Fp>\n\u003Cp>If you wish, you can block wp-login.php with \u003Ccode>.htaccess\u003C\u002Fcode> from now on.\u003C\u002Fp>\n","Change Your wp-login.php to anything you want.",1307,"2019-01-03T22:24:00.000Z","4.4.34",[17,70,120,72,20],"swift","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswift-wp-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswift-wp-login.zip",{"attackSurface":124,"codeSignals":156,"taintFlows":163,"riskAssessment":164,"analyzedAt":171},{"hooks":125,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":11,"unprotectedCount":11},[126,132,136,140,143,148],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_menu","hlsw_add_admin_menu","hide-login-shield.php",20,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_init","hlsw_settings_init",21,{"type":127,"name":137,"callback":138,"file":130,"line":139},"init","hlsw_handle_login",22,{"type":127,"name":137,"callback":141,"file":130,"line":142},"hlsw_redirect_old_login",23,{"type":144,"name":145,"callback":146,"priority":41,"file":130,"line":147},"filter","login_url","hlsw_custom_login_url",24,{"type":144,"name":149,"callback":150,"priority":41,"file":130,"line":151},"site_url","hlsw_site_url",25,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":162},[],{"prepared":11,"raw":11,"locations":159},[],{"escaped":41,"rawEcho":11,"locations":161},[],[],[],{"summary":165,"deductions":166},"The 'hide-login-shield' v1.0 plugin exhibits a strong security posture based on the provided static analysis.  There are no identified dangerous functions, SQL injection vulnerabilities, or file operations. All SQL queries utilize prepared statements, and all output is properly escaped, indicating good defensive coding practices. The absence of external HTTP requests and bundled libraries further minimizes potential attack vectors.\n\nHowever, the plugin has zero nonce checks and zero capability checks. While the static analysis reports no AJAX handlers or REST API routes (which would typically require these checks), this absence of checks presents a concern if future development introduces such entry points without proper authentication and authorization mechanisms. The vulnerability history is clean, which is a positive sign, but the lack of any recorded vulnerabilities doesn't inherently mean the plugin is immune to new ones, especially given the missing security checks.\n\nIn conclusion, 'hide-login-shield' v1.0 appears to be securely coded in its current form, with no exploitable vulnerabilities detected. The main weakness lies in the complete absence of nonce and capability checks, which could become a critical oversight if the plugin's functionality expands to include user-interactive endpoints. The lack of historical vulnerabilities is reassuring, but the missing checks warrant a cautious approach to future updates.",[167,169],{"reason":168,"points":41},"Missing nonce checks",{"reason":170,"points":41},"Missing capability checks","2026-04-16T14:50:12.647Z",{"wat":173,"direct":178},{"assetPaths":174,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[],[],[],[],{"cssClasses":179,"htmlComments":181,"htmlAttributes":182,"restEndpoints":185,"jsGlobals":186,"shortcodeOutput":187},[180],"description",[],[183,184],"name=\"hlsw_login_slug\"","name=\"hide-login-shield\"",[],[],[188],"\u003Cp>\u003Cstrong>New Login URL:\u003C\u002Fstrong>",{"error":190,"url":191,"statusCode":192,"statusMessage":193,"message":193},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhide-login-shield\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":195},[196],{"version":6,"download_url":21,"svn_tag_url":197,"released_at":23,"has_diff":198,"diff_files_changed":199,"diff_lines":23,"trac_diff_url":23,"vulnerabilities":200,"is_current":190},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhide-login-shield\u002Ftags\u002F1.0\u002F",false,[],[]]