[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flypCgKrH8YH7Q-4EJ3ddclSbdV-3B6wo8TZbSM5r3O4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":147,"fingerprints":305},"inspect-http-requests","Inspect HTTP Requests","1.0.10","expresstechsoftware","https:\u002F\u002Fprofiles.wordpress.org\u002Fexpresstechsoftware\u002F","\u003Cp>** This plugin is inpired from the work of log-http-requests plugin **\u003C\u002Fp>\n\u003Cp>Monitor all the HTTP Request being made via WP HTTP Methods i.e. wp_remote_get, wp_remote_post Block any request by just a click of button.\u003Cbr \u002F>\nTrack how much time a request like updating core\u002Fplugin\u002Ftheme taking (may be useful for bandwidth consumption analysis),\u003C\u002Fp>\n\u003Cp>This plugin logs all WP_HTTP requests and displays them in a table listing for easy viewing. It also stores the runtime of each HTTP request.\u003C\u002Fp>\n\u003Cp>If you add a base-url manually, e.g. https:\u002F\u002Fapi.woocommerce.com, there will be no more entries stored for that host.\u003C\u002Fp>\n\u003Ch4>Available Hooks\u003C\u002Fh4>\n\u003Cp>Add the following to wp-config.php for default blocking:\u003C\u002Fp>\n\u003Cpre>\ndefine( 'inspect_http_requests_default_block', true );\n\u003C\u002Fpre>\n\u003Cp>To prevent database littering and performance drain due to sql lookups you can ignore (parts of) hostnames:\u003Cbr \u002F>\n(without this, your own site and wordpress.org are ignored)\u003C\u002Fp>\n\u003Cpre>\ndefine( 'inspect_http_requests_ignored_urls', [\n 'your own site',\n 'wordpress.org',\n 'api.woocommerce.com',\n 'wp-rocket.me',\n 'ip-api.com',\n 'ipinfo.io',\n 'api',\n]);\n\u003C\u002Fpre>\n\u003Ch4>Important Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fexpresstechsoftware\u002Finspect-http-requests\" rel=\"nofollow ugc\">Github \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFacetWP\u002Flog-http-requests\" rel=\"nofollow ugc\">Github \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Checkout Our Other Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpresstechsoftwares-memberpress-discord-add-on\u002F\" rel=\"ugc\">Connect MemberPress and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpmpro-discord-add-on\u002F\" rel=\"ugc\">Connect PaidmembershipPro and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-learnpress-discord-add-on\u002F\" rel=\"ugc\">Connect LearnPress and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-gamipress-and-discord\u002F\" rel=\"ugc\">Connect GamiPress and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-lifterlms-to-discord\u002F\" rel=\"ugc\">Connect LifterLMS and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebhook-for-wcfm-vendors\u002F\" rel=\"ugc\">Webhook For WCFM Vendors\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-learndash-and-discord\u002F\" rel=\"ugc\">Connect LearnDash and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-questions-answers-for-woocommerce\u002F\" rel=\"ugc\">Product Questions & Answers for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member-discord-add-on\u002F\" rel=\"ugc\">Connect Ultimate Member and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-badgeos-to-discord\u002F\" rel=\"ugc\">Connect BadgeOS and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnect-eduma-theme-to-discord\u002F\" rel=\"ugc\">connect Eduma Theme and Discord\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Log, view, and Block WP HTTP requests",100,4738,2,"2025-05-14T23:00:00.000Z","6.8.5","3.0.1","",[19,20,21,22,23],"api","log","requests","update-checks","wp_http","https:\u002F\u002Fwww.expresstechsoftwares.com\u002Finspect-http-requests","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finspect-http-requests.1.0.10.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},14,1700,97,8,92,"2026-04-04T11:04:49.639Z",[38,55,82,106,129],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":11,"num_ratings":48,"last_updated":49,"tested_up_to":15,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":17,"download_link":52,"security_score":11,"vuln_count":53,"unpatched_count":26,"last_vuln_date":54,"fetched_at":28},"log-http-requests","Log HTTP Requests","1.5.0","Matt Gibbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgibbs189\u002F","\u003Ch4>Log and view all WP HTTP requests\u003C\u002Fh4>\n\u003Cp>How long do [core \u002F plugin \u002F theme] update checks take to run? What data about my site is being sent out? What about all those ajax requests? The answers to these questions are just a few clicks away.\u003C\u002Fp>\n\u003Cp>This plugin logs all WP_HTTP requests and displays them in a table listing for easy viewing. It also stores the runtime of each HTTP request.\u003C\u002Fp>\n\u003Ch4>Available Hooks\u003C\u002Fh4>\n\u003Cp>Customize the length (in days) before older log items are removed:\u003C\u002Fp>\n\u003Cpre>\nadd_filter( 'lhr_expiration_days', function( $days ) {\n return 7; \u002F\u002F default = 1\n});\n\u003C\u002Fpre>\n\u003Cp>Don’t log items from a specific hostname:\u003C\u002Fp>\n\u003Cpre>\nadd_filter( 'lhr_log_data', function( $data ) {\n if ( false !== strpos( $data['url'], 'wordpress.org' ) ) {\n return false;\n }\n return $data;\n});\n\u003C\u002Fpre>\n\u003Cp>In the above example, the \u003Ccode>$data\u003C\u002Fcode> array keys correspond to columns within the \u003Ccode>lhr_log\u003C\u002Fcode> database table.\u003C\u002Fp>\n\u003Ch4>Important Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFacetWP\u002Flog-http-requests\" rel=\"nofollow ugc\">Github \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Log and view all WP HTTP requests",2000,70179,15,"2025-11-11T13:14:00.000Z","5.0",[19,20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flog-http-requests.zip",1,"2022-10-05 00:00:00",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":26,"last_vuln_date":81,"fetched_at":28},"facebook-for-woocommerce","Meta for WooCommerce","3.6.0","Facebook","https:\u002F\u002Fprofiles.wordpress.org\u002Ffacebook\u002F","\u003Cp>This is the official Meta for WooCommerce plugin that connects your WooCommerce website to Facebook, Instagram and WhatsApp. With this plugin, you can install the Facebook pixel, upload your online store catalog, enabling you to easily run dynamic ads and connect your WhatsApp Business account to automatically update customers about their orders.\u003C\u002Fp>\n\u003Cp>Marketing on Meta platforms helps your business build lasting relationships with people, find new customers, and increase sales for your online store. With this Facebook ad extension, reaching the people who matter most to your business is simple. This extension will track the results of your advertising across devices. It will also help you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maximize your campaign performance. By setting up the Facebook pixel and building your audience, you will optimize your ads for people likely to buy your products, and reach people with relevant ads on Facebook after they’ve visited your website.\u003C\u002Fli>\n\u003Cli>Find more customers. Connecting your product catalog automatically creates carousel ads that showcase the products you sell and attract more shoppers to your website.\u003C\u002Fli>\n\u003Cli>Generate sales among your website visitors. When you set up the Facebook pixel and connect your product catalog, you can use dynamic ads to reach shoppers when they’re on Facebook with ads for the products they viewed on your website. This will be included in a future release of Meta for WooCommerce.\u003C\u002Fli>\n\u003Cli>Engage with customers on WhatsApp by updating your customers about their orders at every step, freeing up more time for you to focus on your business.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Before raising a question with Meta Support, please first take a look at the Meta \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fbusiness\u002Fhelp\" rel=\"nofollow ugc\">helpcenter docs\u003C\u002Fa>, by searching for keywords like ‘WooCommerce’ here. If you didn’t find what you were looking for, you can go to \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fbusiness-support-home\" rel=\"nofollow ugc\">Meta Direct Support\u003C\u002Fa> and ask your question.\u003C\u002Fp>\n\u003Cp>When reporting an issue on Meta Direct Support, please give us as many details as possible.\u003Cbr \u002F>\n* Symptoms of your problem\u003Cbr \u002F>\n* Screenshot, if possible\u003Cbr \u002F>\n* Your Facebook page URL\u003Cbr \u002F>\n* Your website URL\u003Cbr \u002F>\n* Current version of Facebook-for-WooCommerce, WooCommerce, WordPress, PHP\u003C\u002Fp>\n\u003Cp>To suggest technical improvements, you can raise an issue on our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffacebook\u002Ffacebook-for-woocommerce\u002Fissues\" rel=\"nofollow ugc\">Github repository\u003C\u002Fa>.\u003C\u002Fp>\n","Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.",500000,48379215,44,474,"2026-03-12T09:56:00.000Z","6.9.4","5.6","7.4",[72,73,74,75,76],"catalog-sync","conversions-api","facebook","meta","whatsapp","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Ffacebook-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-for-woocommerce.3.6.0.zip",93,3,"2025-10-29 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":68,"requires_at_least":95,"requires_php":70,"tags":96,"homepage":102,"download_link":103,"security_score":104,"vuln_count":53,"unpatched_count":26,"last_vuln_date":105,"fetched_at":28},"site-mailer","Site Mailer – SMTP Replacement, Email API Deliverability & Email Log","1.4.3","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1hOxkEO-22I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Has your WordPress site stopped sending emails? Are emails from your WordPress site landing in spam or not getting delivered? Are customers complaining about missing messages?\u003C\u002Fp>\n\u003Cp>With \u003Cstrong>Site Mailer\u003C\u002Fstrong>, you can say goodbye to email issues. Our easy-to-use tool ensures all emails reach their destination while providing you with a detailed email log to track and resend messages if needed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance your email management effortlessly\u003C\u002Fstrong>. Site Mailer eliminates the need for complex SMTP plugins, providing a streamlined solution for reliable email deliverability. Troubleshoot and monitor with ease using our intuitive interface, so you never miss another email.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>High Deliverability\u003C\u002Fh4>\n\u003Cp>Ensure your emails consistently reach your audience’s inbox with optimized sending methods designed to maximize deliverability and minimize spam risk.\u003C\u002Fp>\n\u003Ch4>Use Your Custom Domain\u003C\u002Fh4>\n\u003Cp>Send emails with your custom domain — or get started quickly with our default email so no email will be lost once you start working with Site Mailer.\u003C\u002Fp>\n\u003Ch4>No Integration or SMTP Plugin Needed\u003C\u002Fh4>\n\u003Cp>Site Mailer works seamlessly without the need for additional API integration or SMTP plugins. This means less hassle and more efficient email management.\u003C\u002Fp>\n\u003Ch4>Easy Setup\u003C\u002Fh4>\n\u003Cp>Get started with Site Mailer in no time. Our intuitive setup process ensures you can configure and start using the plugin quickly and effortlessly.\u003C\u002Fp>\n\u003Ch4>30-Day Log Retention\u003C\u002Fh4>\n\u003Cp>The plugin includes 30 days of email log retention, allowing you to easily track and review your email activity.\u003C\u002Fp>\n\u003Ch4>Compatibility with Popular Plugins\u003C\u002Fh4>\n\u003Cp>Site Mailer has been tested to be fully compatible with most popular WordPress plugins, including Elementor Pro, WooCommerce, Contact Form 7, WPForms and more.\u003C\u002Fp>\n\u003Ch4>Reputation Management\u003C\u002Fh4>\n\u003Cp>Safeguard your email sending reputation with intelligent features that enhance your sender score, ensuring consistent inbox placement and reducing the risk of emails being marked as spam.\u003C\u002Fp>\n\u003Ch4>Email Testing\u003C\u002Fh4>\n\u003Cp>Send a test email to confirm your site is properly configured for seamless transactional email delivery.\u003C\u002Fp>\n\u003Ch4>Resend Failed Emails\u003C\u002Fh4>\n\u003Cp>Did an email fail to deliver? Easily resend it with a single click to ensure your message reaches its intended recipient.\u003C\u002Fp>\n\u003Ch4>Suppression List\u003C\u002Fh4>\n\u003Cp>Enable easy unsubscribe options for your emails. Track and manage all unsubscribed recipients directly in the Suppressions tab.\u003C\u002Fp>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No Integration Needed\u003C\u002Fstrong>: Use Site Mailer without the need for additional plugins or integrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>: Efficiently troubleshoot and resend emails when necessary.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Reduction\u003C\u002Fstrong>: Our plugin will keep your emails out of the spam folder, ensuring that your important messages reach their intended recipients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built by the Elementor team\u003C\u002Fstrong>: Leverage the trust and reliability of a solution developed by Elementor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Get Started Today\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Transform your website’s email management with Site Mailer!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For more information about Site Mailer, visit our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-product-page\u002F\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003Cbr \u002F>\nIf you have any questions or need support, feel free to \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-contact-us\u002F\" rel=\"nofollow ugc\">contact us\u003C\u002Fa> or visit our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-help-center\u002F\" rel=\"nofollow ugc\">help center\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin requires a connection to an active Elementor account in order to identify the user and provide the user with the purchased service. This connection is triggered manually by the user via the plugin’s settings panel. Learn more our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-term-and-conditions\u002F\" rel=\"nofollow ugc\">terms and conditions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin uses a 3rd party service operated by Elementor, which accepts Email information including but not limited to (from, to, cc,bcc addresses, email body, subject line and attachments). This flow is triggered automatically on every email sending process utilizing the native WordPress \u003Ccode>wp_mail\u003C\u002Fcode> function.\u003C\u002Fp>\n\u003Ch3>Related Plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-optimization\u002F\" rel=\"ugc\">Image Optimizer\u003C\u002Fa>: Superior image compression for faster, high-quality website performance.\u003C\u002Fp>\n","Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.",200000,1804250,40,13,"2026-02-17T13:35:00.000Z","6.6",[97,98,99,100,101],"email","email-api","email-log","sender","smtp","https:\u002F\u002Felementor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-mailer.1.4.3.zip",98,"2025-02-27 23:34:36",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":11,"num_ratings":116,"last_updated":117,"tested_up_to":68,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":127,"vuln_count":80,"unpatched_count":26,"last_vuln_date":128,"fetched_at":28},"simple-jwt-login","Simple JWT Login – Allows you to use JWT on REST endpoints.","3.6.5","Nicu Micle","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicu_m\u002F","\u003Cp>Simple JWT Login is a \u003Cstrong>FREE\u003C\u002Fstrong> WordPress plugin that enables secure authentication for your WordPress REST API using \u003Cstrong>JSON Web Tokens\u003C\u002Fstrong> (JWT).\u003C\u002Fp>\n\u003Cp>With this powerful plugin, you can:\u003Cbr \u002F>\n– Log in, register, and authenticate users effortlessly\u003Cbr \u002F>\n– Connect mobile apps, external websites, or third-party services to WordPress with ease\u003Cbr \u002F>\n– Change or delete user passwords securely\u003C\u002Fp>\n\u003Cp>Whether you’re building a headless WordPress setup or integrating with external platforms, Simple JWT Login provides a fast, secure, and reliable authentication solution.\u003C\u002Fp>\n\u003Cp>You can read more on our plugin documentation website \u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\" rel=\"nofollow ugc\">https:\u002F\u002Fsimplejwtlogin.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Some awesome features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Auto-login using JWT and AUTH_KEY\u003C\u002Fli>\n\u003Cli>Register new users via API\u003C\u002Fli>\n\u003Cli>Delete WordPress users based on a JWT\u003C\u002Fli>\n\u003Cli>Reset user password\u003C\u002Fli>\n\u003Cli>Allow auto-login \u002F register \u002F delete users only from specific IP addresses\u003C\u002Fli>\n\u003Cli>Allow register users only from a specific domain name\u003C\u002Fli>\n\u003Cli>API Route for generating new JWT\u003C\u002Fli>\n\u003Cli>Get JWT from URL, SESSION, COOKIE or HEADER\u003C\u002Fli>\n\u003Cli>Pass request parameters to login URL\u003C\u002Fli>\n\u003Cli>CORS settings for plugin Routes\u003C\u002Fli>\n\u003Cli>Hooks\u003C\u002Fli>\n\u003Cli>JWT Authentication\u003C\u002Fli>\n\u003Cli>Allow access private endpoints with JWT\u003C\u002Fli>\n\u003Cli>Protect endpoints with JWT\u003C\u002Fli>\n\u003Cli>\u003Cstrong>beta\u003C\u002Fstrong> Google OAuth Integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>beta\u003C\u002Fstrong> Google JWT on all endpoints\u003C\u002Fli>\n\u003Cli>\u003Cstrong>beta\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-graphql\u002F\" rel=\"ugc\">WPGraphQL\u003C\u002Fa> integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the plugin \u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\" rel=\"nofollow ugc\">website\u003C\u002Fa> for more features.\u003C\u002Fp>\n\u003Ch3>Login User\u003C\u002Fh3>\n\u003Cp>This plugin is customizable and offers you multiple methods to log in to you website, based on multiple scenarios.\u003C\u002Fp>\n\u003Cp>In order to login, users have to send JWT. The plugin, validates the JWT, and if everything is OK, it can extract the WordPress email address or user ID.\u003Cbr \u002F>\nUsers can specify the exact key of the JWT payload where this information can be found.\u003C\u002Fp>\n\u003Cp>Here are the methods how you can send the JWT in order to auto-login:\u003C\u002Fp>\n\u003Col>\n\u003Cli>URL\u003C\u002Fli>\n\u003Cli>Header\u003C\u002Fli>\n\u003Cli>Cookie\u003C\u002Fli>\n\u003Cli>Session\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If the JWT is present in multiple places ( like URL and Header), the JWT will be overwritten.\u003C\u002Fp>\n\u003Cp>This plugin supports multiple JWT Decryption algorithms, like: HS256, HS512, HS384, RS256,RS384 and RS512.\u003C\u002Fp>\n\u003Cp>After the user is logged in you can automatically redirect the user to a page like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dashboard\u003C\u002Fli>\n\u003Cli>Homepage\u003C\u002Fli>\n\u003Cli>or any other custom Page ( this is mainly used for redirecting users to a landing page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can attach to your redirect a URL parameter \u003Ccode>redirectUrl\u003C\u002Fcode> that will be used for redirect instead of the defined ones.\u003Cbr \u002F>\nIn order to use this, you have to enable it by checking the option \u003Ccode>Allow redirect to a specific URL\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Also, redirect after login offers some variables that you can use in the customURL and redirectUrl.\u003Cbr \u002F>\nHere are the variables which you can use in your URL:\u003Cbr \u002F>\n– \u003Ccode>{{site_url}}\u003C\u002Fcode> : Site URL\u003Cbr \u002F>\n– \u003Ccode>{{user_id}}\u003C\u002Fcode> : Logged in user ID\u003Cbr \u002F>\n– \u003Ccode>{{user_email}}\u003C\u002Fcode> : Logged in user email\u003Cbr \u002F>\n– \u003Ccode>{{user_login}}\u003C\u002Fcode> : Logged in username\u003Cbr \u002F>\n– \u003Ccode>{{user_first_name}}\u003C\u002Fcode> : User first name\u003Cbr \u002F>\n– \u003Ccode>{{user_last_name}}\u003C\u002Fcode> : User last name\u003Cbr \u002F>\n– \u003Ccode>{{user_nicename}}\u003C\u002Fcode> : User nice name\u003C\u002Fp>\n\u003Cp>You can generate dynamic URLs with these variables, and, before the redirect, the specific value will be replaced.\u003C\u002Fp>\n\u003Cp>Here is an example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fyourdomain.com?param1={{user_id}}¶m2={{user_login}}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, this plugin allows you to limit the auto-login based on the client IP address.\u003Cbr \u002F>\nIf you are concerned about security, you can limit the auto-login only from some IP addresses.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fautologin\u002F\" rel=\"nofollow ugc\">Read more\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Register Users\u003C\u002Fh3>\n\u003Cp>This plugin also allows you to create WordPress users.\u003C\u002Fp>\n\u003Cp>This option is disabled by default, but you can enable it at any time.\u003C\u002Fp>\n\u003Cp>In order to create users, you just have to make a POST request to the route URL, and send an \u003Cem>email\u003C\u002Fem> and a \u003Cem>password\u003C\u002Fem> as parameter and the new user will be created.\u003C\u002Fp>\n\u003Cp>You can select the type for the new users: editor, author, contributor, subscriber, etc.\u003C\u002Fp>\n\u003Cp>Also, you can limit the user creating only for specific IP addresses, or specific email domains.\u003C\u002Fp>\n\u003Cp>Another cool option is “Generate a random password when a new user is created”.\u003Cbr \u002F>\nIf this option is selected, the password is no more required when a new user is created a random password will be generated.\u003C\u002Fp>\n\u003Cp>Another option that you have for register user is “Initialize force login after register”.\u003Cbr \u002F>\nWhen the user registration is completed, the user will continue on the flow configured on login config.\u003C\u002Fp>\n\u003Cp>If auto-login is disabled, this feature will not work and the register user will go on a normal flow and return a json response.\u003C\u002Fp>\n\u003Cp>If you want to add custom user_meta on user creation, just add the parameter \u003Ccode>user_meta\u003C\u002Fcode> with a json. This will create user_meta for the new user.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n \"meta_key\":\"meta_value\",\n \"meta_key2\":\"meta_value\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>These properties can be passed in the request when the new user is created.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>email\u003C\u002Fstrong> : (required) (string) The user email address.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>password\u003C\u002Fstrong> : (required) (string) The plain-text user password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user_login\u003C\u002Fstrong> : (string) The user’s login username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user_nicename\u003C\u002Fstrong> : (string) The URL-friendly username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user_url\u003C\u002Fstrong> : (string) The user URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>display_name\u003C\u002Fstrong> : (string) The user’s display name. Default is the user’s username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>nickname\u003C\u002Fstrong> : (string) The user’s nickname. Default is the user’s username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>first_name\u003C\u002Fstrong> : (string) The user’s first name. For new users, will be used to build the first part of the user’s display name if $display_name is not specified.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>last_name\u003C\u002Fstrong> : (string) The user’s last name. For new users, will be used to build the second part of the user’s display name if $display_name is not specified.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>description\u003C\u002Fstrong> : (string) The user’s biographical description.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>rich_editing\u003C\u002Fstrong> : (string) Whether to enable the rich-editor for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>syntax_highlighting\u003C\u002Fstrong> : (string) Whether to enable the rich code editor for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>comment_shortcuts\u003C\u002Fstrong> : (string) Whether to enable comment moderation keyboard shortcuts for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘false’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>admin_color\u003C\u002Fstrong> : (string) Admin color scheme for the user. Default ‘fresh’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>use_ssl\u003C\u002Fstrong> : (bool) Whether the user should always access the admin over https. Default false.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user_registered\u003C\u002Fstrong> : (string) Date the user registered. Format is \u003Ccode>Y-m-d H:m:s\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>user_activation_key\u003C\u002Fstrong> : (string) Password reset key. Default empty.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>spam\u003C\u002Fstrong> : (bool) Multisite only. Whether the user is marked as spam. Default false.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>show_admin_bar_front\u003C\u002Fstrong> : (string) Whether to display the Admin Bar for the user on the site’s front end. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>locale\u003C\u002Fstrong> : (string) User’s locale. Default empty.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fregister-user\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Delete User\u003C\u002Fh3>\n\u003Cp>Delete user it is disabled by default.\u003C\u002Fp>\n\u003Cp>In order to delete a user, you have to configure where to search the details in the JWT.\u003Cbr \u002F>\nYou can delete users by WordPress User ID or by Email address.\u003C\u002Fp>\n\u003Cp>Also, you have to choose the JWT parameter key where email or user ID it is stored in the JWT.\u003C\u002Fp>\n\u003Cp>Also, you can limit the deletion of users to specific IP addresses for security reasons.\u003C\u002Fp>\n\u003Ch3>Reset Password\u003C\u002Fh3>\n\u003Cp>Reset password and change password endpoints are disabled by default.\u003C\u002Fp>\n\u003Cp>This plugin allows you to send the reset password endpoint, just by calling an endpoint. An email with the code will be sent to a specific email address.\u003C\u002Fp>\n\u003Cp>Also, you are able to customize this email, or even not send at email at all.\u003C\u002Fp>\n\u003Cp>The change password endpoint, changes the user password, based on the reset password code.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fdelete-user\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Authentication\u003C\u002Fh3>\n\u003Cp>This plugin allows users to generate JWT tokens based from WordPress user email and password.\u003C\u002Fp>\n\u003Cp>In order to Get a new JWT, just make a POST request to \u003Cem>\u002Fauth\u003C\u002Fem> route with your WordPress email(or username) and password ( or password_hash) and the response will look something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode> {\n \"success\": true,\n \"data\": {\n \"jwt\": \"NEW_GENERATED_JWT_HERE\"\n }\n }\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to add extra parameters in the JWT payload, just send the parameter \u003Ccode>payload\u003C\u002Fcode> on \u003Ccode>\u002Fauth\u003C\u002Fcode> endpoint, and add a json with the values you want to be added in the payload.\u003C\u002Fp>\n\u003Cp>At some point, the JWT will expire.\u003Cbr \u002F>\nSo, if you want to renew it without having to ask again for user and password, you will have to make a POST request to the \u003Cem>auth\u002Frefresh\u003C\u002Fem> route.\u003C\u002Fp>\n\u003Cp>This will generate a response with a new JWT, similar to the one that \u003Ccode>\u002Fauth\u003C\u002Fcode> generates.\u003C\u002Fp>\n\u003Cp>If you want to get some details about a JWT, and validate that JWT, you can call \u003Ccode>\u002Fauth\u002Fvalidate\u003C\u002Fcode>. If you have a valid JWT, details about the available WordPress user will be returned, and some JWT details.\u003C\u002Fp>\n\u003Cp>If you want to revoke a JWT, access \u003Ccode>\u002Fauth\u002Frevoke\u003C\u002Fcode> and send the \u003Ccode>jwt\u003C\u002Fcode> as a parameter.\u003C\u002Fp>\n\u003Cp>The plugin auto-generates the example URL you might need to test these scenarios.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fauthentication\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Auth codes\u003C\u002Fh3>\n\u003Cp>Auth codes are optional, but you can enable them for Auto-login, Register User and Delete user.\u003C\u002Fp>\n\u003Cp>This feature allows you to add a layer of protection to your API routes.\u003C\u002Fp>\n\u003Cp>The Auth codes contains 3 parts:\u003Cbr \u002F>\n1. Authentication Key: This is the actual code that you have to add in the request.\u003Cbr \u002F>\n2. WordPress new User Role: can be used when you want to create multiple user types with the create user endpoint. If you leave it blank, the value configured in the ‘Register Settings’ will be used.\u003Cbr \u002F>\n3. Expiration Date: This allows you to set an expiration date for you auth codes. The format is `Y-M-D H:m:s’. Example : 2020-12-24 23:00:00. If you leave it blank, it will never expire.\u003C\u002Fp>\n\u003Cp>Expiration date format: year-month-day hours:minutes:seconds\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fauth-codes\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>This plugin allows advanced users to link some hooks with the plugin and perform some custom scripts.\u003Cbr \u002F>\nSome available hooks:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_login_hook\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: action\u003C\u002Fli>\n\u003Cli>parameters: Wp_User $user\u003C\u002Fli>\n\u003Cli>description: This hook it is called after the user has been logged in. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_redirect_hook\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: action\u003C\u002Fli>\n\u003Cli>parameters: string $url, array $request\u003C\u002Fli>\n\u003Cli>description: This hook it is called before the user it will be redirected to the page he specified in the login section. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_register_hook\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: action\u003C\u002Fli>\n\u003Cli>parameters: Wp_User $user, string $plain_text_password\u003C\u002Fli>\n\u003Cli>description: This hook it is called after a new user has been created. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_delete_user_hook\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: action\u003C\u002Fli>\n\u003Cli>parameters: Wp_User $user\u003C\u002Fli>\n\u003Cli>description: This hook it is called right after the user has been deleted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_jwt_payload_auth\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: filter\u003C\u002Fli>\n\u003Cli>parameters: array $payload, array $request\u003C\u002Fli>\n\u003Cli>return: array $payload\u003C\u002Fli>\n\u003Cli>description: This hook is called on \u002Fauth endpoint. Here you can modify payload parameters. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_no_redirect_message\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: filter\u003C\u002Fli>\n\u003Cli>parameters: array $payload, array $request\u003C\u002Fli>\n\u003Cli>return: array $payload\u003C\u002Fli>\n\u003Cli>description: This hook is called on \u002Fautologin endpoint when the option \u003Ccode>No Redirect\u003C\u002Fcode> is selected. You can customize the message and add parameters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>simple_jwt_login_reset_password_custom_email_template\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: filter\u003C\u002Fli>\n\u003Cli>parameters: string $template, array $request\u003C\u002Fli>\n\u003Cli>return: string $template\u003C\u002Fli>\n\u003Cli>description: This is executed when POST \u002Fuser\u002Freset_password is called. It will replace the email template that has been added in Reset Password settings \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>View full list of hooks on \u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fhooks\" rel=\"nofollow ugc\">https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fhooks\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>CORS\u003C\u002Fh3>\n\u003Cp>The CORS standard it is needed because it allows servers to specify who can access its assets and how the assets can be accessed.\u003Cbr \u002F>\nCross-origin requests are made using the standard HTTP request methods like GET, POST, PUT, DELETE, etc.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fcors\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Protect endpoints\u003C\u002Fh3>\n\u003Cp>This option is disabled by default. In order to enable it, you need to set “Protect endpoints enabled” to true.\u003C\u002Fp>\n\u003Cp>This feature comes with 2 actions:\u003Cbr \u002F>\n– Apply on All REST Endpoints\u003Cbr \u002F>\n– Apply only on specific REST endpoints\u003C\u002Fp>\n\u003Cp>When you choose \u003Ccode>Apply on All REST Endpoints\u003C\u002Fcode>, you will be able to whitelist some endpoints from your WordPress REST by adding them to the whitelist section.\u003Cbr \u002F>\nFor example, If you only want to allow users to access the \u003Ccode>wp\u002Fv2\u002Fposts\u003C\u002Fcode> endpoint without having to provide the JWT, you save in the whitelist section \u003Ccode>wp\u002Fv2\u002Fposts\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>When you choose \u003Ccode>Apply only on specific endpoints\u003C\u002Fcode>, you will have to add all the endpoints you want to be protected by JWT.\u003C\u002Fp>\n\u003Cp>When an endpoint is protected, and you don’t provide a JWT, you will get the following response:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n \"success\":false,\n \"data\":{\n \"message\":\"Your are not authorized to access this endpoint.\",\n \"errorCode\":403,\n \"type\":\"simple-jwt-login-route-protect\"\n }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimplejwtlogin.com\u002Fdocs\u002Fprotect-endpoints\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa> on our website.\u003C\u002Fp>\n\u003Ch3>Integration\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>PHP\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In order to easily integrate your app\u002Fsite with simple-jwt-login, we have developed a composer package.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>composer require nicumicle\u002Fsimple-jwt-login-client-php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can check the \u003Ca href=\"https:\u002F\u002Fpackagist.org\u002Fpackages\u002Fnicumicle\u002Fsimple-jwt-login-client-php\" rel=\"nofollow ugc\">package page\u003C\u002Fa> for more details and code examples.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Javascript\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Also, there is a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsimple-jwt-login\u002Fjs-sdk\" rel=\"nofollow ugc\">Javascript SDK\u003C\u002Fa> that you can install with \u003Ccode>npm\u003C\u002Fcode> or \u003Ccode>yarn\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>npm install \"simple-jwt-login\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>or\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yarn add \"simple-jwt-login\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enhance the WordPress REST API with JWT authentication for secure access by mobile apps, external sites, and third-party services.",5000,80865,46,"2026-03-14T06:23:00.000Z","4.4.0","5.5",[19,121,122,123,124],"auto-login","jwt","register","tokens","https:\u002F\u002Fsimplejwtlogin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-jwt-login.3.6.5.zip",94,"2025-09-22 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":11,"num_ratings":34,"last_updated":139,"tested_up_to":68,"requires_at_least":140,"requires_php":17,"tags":141,"homepage":145,"download_link":146,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"http-requests-manager","HTTP Requests Manager","1.3.10","veppa","https:\u002F\u002Fprofiles.wordpress.org\u002Fveppa\u002F","\u003Ch4>Prevent WP HTTP requests from slowing down your WordPress website and admin interface\u003C\u002Fh4>\n\u003Cp>Do you have a slow WordPress admin that takes longer than usual to load? Sometime longer than 5 seconds to load admin or login pages. In rare occasions WordPress may even timeout and show 504 page.\u003C\u002Fp>\n\u003Cp>Reason may be slow external WP_HTTP requests. \u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fhttp-requests-manager\u002F\" rel=\"nofollow ugc\">HTTP Requests Manager plugin\u003C\u002Fa> will log all WP HTTP requests with time taken to complete for each request. If there are multiple requests per page they will be color grouped.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fl_fvAnKPJkM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fl_fvAnKPJkM\" rel=\"nofollow ugc\">Check plugin overview on YouTube\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fyoutube.com\u002Fplaylist?list=PLvn-qBzU0II7b5D4OYDnKpNpuvxiM0f4b\" rel=\"nofollow ugc\">Watch plugin tutorials\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin tested with PHP version 5.6, 7.x and up to 8.4.\u003C\u002Fp>\n\u003Ch4>Do not confuse WP_HTTP request with HTML requests that loads page assets like js, css, image, font\u003C\u002Fh4>\n\u003Cp>Plugin only detects and manages requests made using WP_Http class. Which is default method used and advised by WordPress for getting remote data and updates.\u003C\u002Fp>\n\u003Cp>Plugin will not detect any requests made by other WordPress classes like WP_Http_Curl or PHP functions like curl_exec, fsockopen, file_get_contents etc.\u003C\u002Fp>\n\u003Cp>Do not confuse it with HTML requests (loading assets like css, js, image) done by HTML page. WP_Http requests are performed only inside PHP files and not visible in web browser.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fhttp-requests-manager\u002F#what_is_detected_with_http_requests_manager\" rel=\"nofollow ugc\">Learn more about difference between WP_HTTP requests and HTML requests\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>How plugin prevents slow pages containing WP_HTTP requests?\u003C\u002Fh4>\n\u003Cp>Plugin helps to prevent website slowdown by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sets request timeout period to 2 second. Where default is 5. \u003C\u002Fli>\n\u003Cli>Limit number of request per page by 3. Default is unlimited.\u003C\u002Fli>\n\u003Cli>Limit WP HTTP request if page load time is longer than 3 seconds. Default is unlimited.\u003C\u002Fli>\n\u003Cli>Option to block all external requests or allow only requests to wordpress.org for plugin, theme and core updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Operation mode\u003C\u002Fh4>\n\u003Cp>Plugin has following operation modes in setting to manage WP HTTP requests. Here is what each mode does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Only log HTTP requests\u003C\u002Fstrong> — logs all non cron requests. No blocking done.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Only log HTTP requests (+ cron requests)\u003C\u002Fstrong> — logs all requests including cron. No blocking done.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart block\u003C\u002Fstrong> — logs non cron HTTP requests and blocks request using following rules.\n\u003Col>\n\u003Cli>Page processing time exceeded 3 seconds.\u003C\u002Fli>\n\u003Cli>Number of request for single page reached 3.\u003C\u002Fli>\n\u003Cli>Sets timeout for each request to 2 second.\u003C\u002Fli>\n\u003Cli>Sets number of redirects for request to 1.\u003C\u002Fli>\n\u003Cli>Apply custom rules for “Smart block” defined in settings. \u003C\u002Fli>\n\u003Cli>Prevent some built in requests: happy browser, maybe update, self pings, do_enclose.\u003C\u002Fli>\n\u003Cli>Skip some limitations listed above for: file downloads (plugin, theme, other), requests inside cron jobs.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block external requests\u003C\u002Fstrong> — all requests not matching your current domain will be blocked. No updates for WordPress core, plugins and themes. (+ Smart block features.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block external requests (allow WordPress.org only)\u003C\u002Fstrong> — all requests not matching your current domain and wordpress.org will be blocked. Allows updates for WordPress core, plugins and themes coming from wordpress.org website. (+ Smart block features.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom rules\u003C\u002Fstrong> only work in “Smart block” mode. It will not work in “Block external requests” or “Block external requests (allow WordPress.org only)” mode.\u003C\u002Fp>\n\u003Ch4>Disable logging\u003C\u002Fh4>\n\u003Cp>After using plugin for some time and knowing which requests are performed you can disable logging. Operation mode will remain unchanged. Request blocking will remain in tact. No new logs will be recorded. You can analyze old logs, they will not be deleted.\u003C\u002Fp>\n\u003Ch4>Load before other plugins\u003C\u002Fh4>\n\u003Cp>In order to catch more requests you can enable “Load before other plugins” option. It uses Must-Use plugin feature and load before other regular plugins. This way you will make sure to detect all WP_HTTP requests by other plugins.\u003C\u002Fp>\n\u003Ch4>Custom rules for “Smart Block” mode\u003C\u002Fh4>\n\u003Cp>Allow or block some requests based on domain, plugin or all. Choose on which page type rule will be applied. For example you can block requests in frontend while allowing in other pages.\u003C\u002Fp>\n\u003Cp>Finally you can define action as block or allow for custom rule. For example you can make sure that some plugin will always be allowed to send WP_HTTP request. This can be SEO or mail plugin that uses remote API for functioning.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>View performance improvement of your WordPress website due to blocking some remote HTTP requests.\u003C\u002Fli>\n\u003Cli>View blocked requests by this plugin. Show reason why it was blocked.\u003C\u002Fli>\n\u003Cli>View failed requests with error message.\u003C\u002Fli>\n\u003Cli>View what initiated HTTP request: WordPress core, plugin or theme.\u003C\u002Fli>\n\u003Cli>View on which page request was made. Also view page type is frontend, admin, login, cron, ajax, xmlrpc or rest_api. \u003C\u002Fli>\n\u003Cli>View list of other requests made on same page view. \u003C\u002Fli>\n\u003Cli>View sent and received data.\u003C\u002Fli>\n\u003Cli>How long it took to get response in seconds. \u003C\u002Fli>\n\u003Cli>Check Point with page time and memory usage for most common hooks like plugins_loaded, init, wp_loaded, setup_theme, after_setup_theme, shutdown. This will give some idea about cause of slow pages.\u003C\u002Fli>\n\u003Cli>Only last 1000 records will be stored. \u003C\u002Fli>\n\u003Cli>Group requests by URL, domain, initiator, plugin, page, response status etc. \u003C\u002Fli>\n\u003Cli>Add custom rules (conditional logic) to block or allow certain requests. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Log summary populated for visible logs in selected page. Summary has following information cards:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Performance gain quantifier (2x) as a result of optimization. \u003C\u002Fli>\n\u003Cli>Blocked requests percentage. When hovered it will show request breakdown by core, plugins or theme.\u003C\u002Fli>\n\u003Cli>Number of requests per page. When hovered shows breakdown by page type: Frontend, admin, login, cron, ajax, xmlrpc, rest_api.\u003C\u002Fli>\n\u003Cli>Request time \u002F Page time percentage.\u003C\u002Fli>\n\u003Cli>Average page time.\u003C\u002Fli>\n\u003Cli>Average request time.\u003C\u002Fli>\n\u003Cli>Number of domains. On hover shows breakdown of domains. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check if WordPress communication to remote APIs works without any problem. — \u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fdebug-wp_http\u002F\" rel=\"nofollow ugc\">Check how easy it is to debug WP_HTTP requests \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Identify if your website slow because of WP_HTTP requests. Average page load time, average request time and average number of requests per page shown as summary at the top of reports. \u003C\u002Fli>\n\u003Cli>Block all external request on development or localhost website. All updates will be blocked. You switch off blocking when you want to perform Core, Plugin, Theme updates. No need to use \u003Cstrong>define(‘WP_HTTP_BLOCK_EXTERNAL’, true);\u003C\u002Fstrong> in your wp-config.php. Plugin will prevent requests automatically when you choose “Block external requests” or “Block external requests (allow WordPress.org only)” operation mode. \u003C\u002Fli>\n\u003Cli>Block non WordPress request. No data will be sent to third parties. They are usually loading other website news, plugin\u002Ftheme promotions, advertisements, sending usage statistics etc. \u003C\u002Fli>\n\u003Cli>Prevent your website from timeout. By blocking all requests if page generation time exceeds 3 seconds. Kill slow HTTP request with small timeout of 2 second. Slow request can be because of temporary network problem or remote website can be too busy to respond on time. Slow request is not your fault so your website should not suffer from it. — \u003Ca href=\"https:\u002F\u002Fveppa.com\u002Foptimize-wp-http-requests\u002F\" rel=\"nofollow ugc\">Learn how WP_HTTP Optimization works \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fhttp-requests-manager\u002F\" rel=\"nofollow ugc\">More info about “HTTP Requests Manager” plugin on official home page \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial logging functionality was taken from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFacetWP\u002Flog-http-requests\" rel=\"nofollow ugc\">Log HTTP Requests (version 1.4, year 2023) Github \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Blocking, grouping and additional features added by \u003Ca href=\"https:\u002F\u002Fveppa.com\u002F\" rel=\"nofollow ugc\">veppa \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s next\u003C\u002Fh4>\n\u003Cp>If you find this plugin useful to view WP_HTTP requests and speeding up your admin pages by blocking some requests then give good rating. Also check my other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fimprove-pagespeed\u002F\" rel=\"nofollow ugc\">Tutorial to get high PageSpeed Score\u003C\u002Fa> — video showing how I get PageSpeed Score 100 for my own website powered by WordPress CMS.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fwordpress-cloudflare-optimization\u002F\" rel=\"nofollow ugc\">Cloudflare Custom Rules\u003C\u002Fa> — pluginsless solutions for Page Cache, Antibot (prevents automated spam comments and brute-force login attacks) etc.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fshare-button\u002F\" rel=\"nofollow ugc\">Share button without plugin\u003C\u002Fa> — add super fast native sharing button to your website. Tiny inline code, ad blocker safe, no external dependencies.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fbbpress-wp-tweaks\u002F\" rel=\"nofollow ugc\">bbPress WP Tweaks\u003C\u002Fa> — add custom sidebar, additional widgets and forum columns for sites powered with bbPress forum plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit veppa.com to learn from my \u003Ca href=\"https:\u002F\u002Fveppa.com\u002Fcategory\u002Flearn-wordpress\u002F\" rel=\"nofollow ugc\">WordPress tutorials\u003C\u002Fa>.\u003C\u002Fp>\n","Limit, Debug, Optimize WP_HTTP requests. Limit by request count, page load time, reduce timeout for each request. Speed up login and admin pages.",1000,13185,"2026-03-06T07:21:00.000Z","4.7",[142,143,20,144,23],"debug","limit","optimization","https:\u002F\u002Fveppa.com\u002Fhttp-requests-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-requests-manager.1.3.10.zip",{"attackSurface":148,"codeSignals":195,"taintFlows":217,"riskAssessment":294,"analyzedAt":304},{"hooks":149,"ajaxHandlers":177,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":194,"unprotectedCount":194},[150,156,159,161,164,167,171,174],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","plugins_loaded","anonymous","includes\\class-inspect-http-requests.php",133,{"type":151,"name":157,"callback":153,"file":154,"line":158},"admin_enqueue_scripts",148,{"type":151,"name":157,"callback":153,"file":154,"line":160},149,{"type":151,"name":162,"callback":153,"file":154,"line":163},"admin_menu",150,{"type":151,"name":165,"callback":153,"file":154,"line":166},"http_api_debug",151,{"type":168,"name":169,"callback":153,"file":154,"line":170},"filter","pre_http_request",153,{"type":168,"name":172,"callback":153,"file":154,"line":173},"ets_inspect_http_requests_ignore_hostname",154,{"type":168,"name":175,"callback":153,"file":154,"line":176},"http_request_args",155,[178,182,185,188],{"action":179,"nopriv":180,"callback":153,"hasNonce":180,"hasCapCheck":180,"file":154,"line":181},"ets_inspect_http_requests_update_status_url",false,152,{"action":183,"nopriv":180,"callback":153,"hasNonce":180,"hasCapCheck":180,"file":154,"line":184},"ets_inspect_http_requests_search",156,{"action":186,"nopriv":180,"callback":153,"hasNonce":180,"hasCapCheck":180,"file":154,"line":187},"ets_inspect_http_requests_add_valid_url",157,{"action":189,"nopriv":180,"callback":153,"hasNonce":180,"hasCapCheck":180,"file":154,"line":190},"ets_inspect_http_requests_delete_url",158,[],[],[],4,{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":200,"fileOperations":26,"externalRequests":26,"nonceChecks":201,"capabilityChecks":201,"bundledLibraries":216},[],{"prepared":198,"raw":26,"locations":199},10,[],{"escaped":13,"rawEcho":201,"locations":202},5,[203,207,209,211,213],{"file":204,"line":205,"context":206},"admin\\class-inspect-http-requests-admin.php",214,"raw output",{"file":204,"line":208,"context":206},286,{"file":204,"line":210,"context":206},337,{"file":204,"line":212,"context":206},357,{"file":214,"line":215,"context":206},"admin\\partials\\inspect-http-requests-admin-display.php",66,[],[218,235,248,275],{"entryPoint":219,"graph":220,"unsanitizedCount":26,"severity":234},"ets_inspect_http_requests_search (admin\\class-inspect-http-requests-admin.php:275)",{"nodes":221,"edges":231},[222,226],{"id":223,"type":224,"label":225,"file":204,"line":208},"n0","source","$_POST['s']",{"id":227,"type":228,"label":229,"file":204,"line":208,"wp_function":230},"n1","sink","echo() [XSS]","echo",[232],{"from":223,"to":227,"sanitized":233},true,"low",{"entryPoint":236,"graph":237,"unsanitizedCount":26,"severity":234},"ets_inspect_http_requests_delete_url (admin\\class-inspect-http-requests-admin.php:341)",{"nodes":238,"edges":246},[239,242],{"id":223,"type":224,"label":240,"file":204,"line":241},"$_POST",354,{"id":227,"type":228,"label":243,"file":204,"line":244,"wp_function":245},"query() [SQLi]",356,"query",[247],{"from":223,"to":227,"sanitized":233},{"entryPoint":249,"graph":250,"unsanitizedCount":13,"severity":274},"ets_inspect_http_requests_update_status_url (admin\\class-inspect-http-requests-admin.php:188)",{"nodes":251,"edges":270},[252,254,256,260,264],{"id":223,"type":224,"label":240,"file":204,"line":253},208,{"id":227,"type":228,"label":243,"file":204,"line":255,"wp_function":245},209,{"id":257,"type":224,"label":258,"file":204,"line":259},"n2","$_POST['ets_url_id'] (x2)",210,{"id":261,"type":262,"label":263,"file":204,"line":259},"n3","transform","→ ets_inspect_http_request_get_blocked_url()",{"id":265,"type":228,"label":266,"file":267,"line":268,"wp_function":269},"n4","get_results() [SQLi]","includes\\functions.php",74,"get_results",[271,272,273],{"from":223,"to":227,"sanitized":233},{"from":257,"to":261,"sanitized":180},{"from":261,"to":265,"sanitized":180},"high",{"entryPoint":276,"graph":277,"unsanitizedCount":13,"severity":274},"\u003Cclass-inspect-http-requests-admin> (admin\\class-inspect-http-requests-admin.php:0)",{"nodes":278,"edges":289},[279,281,282,283,284,285,287],{"id":223,"type":224,"label":280,"file":204,"line":253},"$_POST (x2)",{"id":227,"type":228,"label":243,"file":204,"line":255,"wp_function":245},{"id":257,"type":224,"label":225,"file":204,"line":208},{"id":261,"type":228,"label":229,"file":204,"line":208,"wp_function":230},{"id":265,"type":224,"label":258,"file":204,"line":259},{"id":286,"type":262,"label":263,"file":204,"line":259},"n5",{"id":288,"type":228,"label":266,"file":267,"line":268,"wp_function":269},"n6",[290,291,292,293],{"from":223,"to":227,"sanitized":233},{"from":257,"to":261,"sanitized":233},{"from":265,"to":286,"sanitized":180},{"from":286,"to":288,"sanitized":180},{"summary":295,"deductions":296},"The \"inspect-http-requests\" plugin v1.0.10 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and includes a reasonable number of nonce and capability checks relative to its entry points. The absence of any recorded vulnerabilities in its history suggests a relatively stable and well-maintained codebase.\n\nHowever, significant concerns arise from the static analysis. A substantial portion of its attack surface, specifically all four AJAX handlers, lacks authentication checks. This is further exacerbated by the taint analysis, which reveals two flows with unsanitized paths classified as high severity. The low percentage of properly escaped output (29%) also indicates a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed.\n\nIn conclusion, while the plugin has strengths in its SQL handling and historical lack of vulnerabilities, the unprotected AJAX endpoints and high-severity unsanitized paths represent critical security weaknesses that could be exploited. The poor output escaping practices also add to the potential risk landscape.",[297,300,302],{"reason":298,"points":299},"AJAX handlers without authentication",20,{"reason":301,"points":48},"High severity taint flows with unsanitized paths",{"reason":303,"points":34},"Low percentage of properly escaped output","2026-03-16T20:42:41.305Z",{"wat":306,"direct":315},{"assetPaths":307,"generatorPatterns":310,"scriptPaths":311,"versionParams":312},[308,309],"\u002Fwp-content\u002Fplugins\u002Finspect-http-requests\u002Fadmin\u002Fcss\u002Finspect-http-requests-admin.css","\u002Fwp-content\u002Fplugins\u002Finspect-http-requests\u002Fadmin\u002Fjs\u002Finspect-http-requests-admin.js",[],[309],[313,314],"inspect-http-requests\u002Fadmin\u002Fcss\u002Finspect-http-requests-admin.css?ver=","inspect-http-requests\u002Fadmin\u002Fjs\u002Finspect-http-requests-admin.js?ver=",{"cssClasses":316,"htmlComments":317,"htmlAttributes":318,"restEndpoints":319,"jsGlobals":320,"shortcodeOutput":322},[],[],[],[],[321],"etsInspectHttpRequestsParams",[]]