[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBvvivRuvcOQWNcdp88tV1Ai80-HJ49H_ceZoNSd7_QI":3,"$fZfFABZ9VMoE18_we0Bh_bM-3UIMRpmIm6aoXc_-c6e0":238,"$foTAHMZ8caeh_e_6VYZJfkHuUxNxsuhaZr44i-1pLWio":243},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":37,"analysis":131,"fingerprints":211},"jwt-ssolo","JWT SSOLO plugin","1.5.2","Marco Fiorletta","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcofrl1\u002F","\u003Cp>JWTlogin allows WordPress to use a remote user authentication system based on JWT (Json Web Token) and one time cryptographic key.\u003Cbr \u002F>\nThrough this plugin it will be possible to connect our WordPress installation to a GDPR (General Data Protection Regulation) compliant authentication system and with a security level at the bank level, in the basic and military version in the advanced version.\u003Cbr \u002F>\nThe system is compatible with any other access customization plugin and also allows for authentication of user documents (ID and proof of residence), required by current international legislation.\u003Cbr \u002F>\nUser data is fully encrypted and inaccessible except to the owner or manager of data management.\u003Cbr \u002F>\nThe plugin is completed by the possibility of creating a personalized frontend, through development kits or templates, of the pages received from the site https:\u002F\u002Fauth.ssolo.co.uk.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Plugin to authenticate users through the AUTH service of SSOLO ltd",0,1166,100,1,"2020-05-14T15:29:00.000Z","5.4.19","4.6","5.2.4",[20,21,22,23,24],"authentication","dgpr","jwt","login","secure-login","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-ssolo.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"marcofrl1",30,84,"2026-05-20T09:01:39.387Z",[38,60,77,96,112],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":59},"firebase-authentication","Firebase Authentication","1.6.8","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Cstrong>WordPress Firebase Authentication Plugin\u003C\u002Fstrong> allows you to login to WordPress sites using your Firebase user login credentials or via Social Login.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa> works using the default WordPress login page. We support \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-woocommerce-integration\u002F\" rel=\"nofollow ugc\">Firebase WooCommerce Integration\u003C\u002Fa> and other third-party login pages along with custom login forms.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-into-wordpress-using-firebase-authentication\u002F\" rel=\"nofollow ugc\">WordPress Firebase Authentication\u003C\u002Fa>\u003C\u002Fstrong> : WordPress login using Firebase authentication user login credentials\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Create Users\u003C\u002Fstrong> : After login using Firebase login credentials, new user automatically gets created in WordPress\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-premium-and-enterprise-plugin-features\u002F\" rel=\"nofollow ugc\">Configurable login options\u003C\u002Fa>\u003C\u002Fstrong> :\u003Cbr \u002F>\nProvide option to login with,\u003Cbr \u002F>\na) Only Firebase credentials\u003Cbr \u002F>\nb) Only WordPress credentials\u003Cbr \u002F>\nc) Both Firebase and WordPress credentials\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Register WooCommerce Users to Firebase\u003C\u002Fstrong> : Provide an option to sync a WordPress user to Firebase whenever an end-user registers into the WordPress site via the WooCommerce registration form. User is created in Firebase with only an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Phone Authentication method\u003C\u002Fstrong> : Users will be asked to enter OTP provided via Firebase to login into WordPress (Passwordless login). This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Ffirebase-social-login-integration-for-wordpress\" rel=\"nofollow ugc\">Support for Firebase Social Login\u003C\u002Fa>\u003C\u002Fstrong> : With Firebase authentication, users will be provided an option to login in to WordPress using selected social login providers\u003Cbr \u002F>\nProviders supported are:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-google-using-firebase-authentication\" rel=\"nofollow ugc\">Google\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-facebook-using-firebase-authentication\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-apple-using-firebase-authentication\" rel=\"nofollow ugc\">Apple\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Github\u003C\u002Fli>\n\u003Cli>Yahoo\u003C\u002Fli>\n\u003Cli>Microsoft\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Firebase WooCommerce Integration\u003C\u002Fstrong> : Integrate WooCommerce with the WordPress Firebase Authentication plugin and allow users to log in to your WooCommerce site using firebase login credentials on WooCommerce Checkout and My account page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwoocommerce-cloud-firestore-integration\" rel=\"nofollow ugc\">WordPress Firestore Integration\u003C\u002Fa>\u003C\u002Fstrong>: Sync WordPress User Meta to Cloud Firestore Collections, WooCommerce products, orders, subscription sync to Firebase database.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Social Login buttons Shortcode\u003C\u002Fstrong> : Use a shortcode to place Firebase social login buttons anywhere in your Theme or Plugin\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Sync Firebase UID to WordPress\u003C\u002Fstrong> : Users can map email, Firebase user-id to their WordPress user profile using this WordPress Firebase Authentication feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Redirect Login and Logout URL\u003C\u002Fstrong> : Automatically Redirect users after successful login\u002Flogout. This works for WooCommerce as well.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support for Firebase Login and Registration form Shortcode\u003C\u002Fstrong> : Using login form shortcode, users can enter their Firebase credentials to login into the WP site, and using the registration form shortcode, users can register into the WordPress site, and that user is also auto created in Firebase with an email address and password.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WP Hooks for Different Events\u003C\u002Fstrong> : WordPress Firebase authentication provides support for different hooks for user defined functions.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>  \u003Cstrong>WordPress login with Firebase JWT\u003C\u002Fstrong>: WordPress login with Firebase JWT allows you to create a user login session on a WordPress site using their Firebase JWT token, eliminating the need to enter their login credentials again. This is highly recommended when there are multiple websites\u002Fapplications and the user is already logged in to any of them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows login into WordPress using Firebase user credentials and maps Firebase user data to WordPress user profile.",500,26362,80,20,"2025-05-20T17:48:00.000Z","6.8.5","3.0.1","7.0",[20,55,22,23,56],"firebase","woocommerce-integration","http:\u002F\u002Ffirebase-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirebase-authentication.1.6.8.zip","2026-04-16T10:56:18.058Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":34,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":69,"tested_up_to":51,"requires_at_least":70,"requires_php":25,"tags":71,"homepage":75,"download_link":76,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":59},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1287,"2025-11-24T22:55:00.000Z","3.9",[72,20,73,24,74],"2fa","passwordless","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":11,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":53,"tags":90,"homepage":25,"download_link":93,"security_score":94,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":95},"ah-jwt-auth","AH JWT Auth","1.5.4","andrewheberle","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewheberle\u002F","\u003Cp>This plugin allows sign in to WordPress using a JSON Web Token (JWT) contained in a HTTP Header that is added by a reverse proxy\u003Cbr \u002F>\nthat sits in front of your WordPress deployment.\u003C\u002Fp>\n\u003Cp>Authentication and optionally role assignment is handled by claims contained in the JWT.\u003C\u002Fp>\n\u003Cp>Verification of the JWT is handled by either:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a shared secret key\u003C\u002Fli>\n\u003Cli>retrieving a JSON Web Key Set (JWKS) from a configured URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>During the login process if the user does not exist an account will be created with a matching role from the JWT.\u003C\u002Fp>\n\u003Cp>If the JWT did not contain a role claim then user is created with the role set in the plugin settings (by default this is the subscriber role).\u003C\u002Fp>\n","This plugin allows sign in to WordPress using a JSON Web Token (JWT) contained in a HTTP Header.",10,2435,"2025-03-05T04:43:00.000Z","6.7.5","4.7",[91,20,22,23,92],"auth","sso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fah-jwt-auth.1.5.4.zip",92,"2026-03-15T15:16:48.613Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":85,"downloaded":104,"rating":11,"num_ratings":11,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":25,"tags":108,"homepage":110,"download_link":111,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":59},"jwt-authenticator","JWT Authenticator","1.1","Shawn","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawnxlw\u002F","\u003Cp>This plugin integrates JWT authentication and automates user creation. The plugin is written for AAF Rapid Connect, but can be used for other providers too.\u003C\u002Fp>\n\u003Cp>Here is how this plugin works:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Generate a secrete key with command: tr -dc ‘[[:alnum:][:punct:]]’ \u003C \u002Fdev\u002Furandom | head -c32 ;echo\u003C\u002Fli>\n\u003Cli>Register the key and call back URL http:\u002F\u002Fyoursite.com\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Fcallback with your authentication provider.\u003C\u002Fli>\n\u003Cli>Specify authentication and user creation parameters. Those marked with * are required.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin integrates JWT authentication and automates user creation.",1727,"2016-12-01T17:58:00.000Z","4.6.30","3.2",[20,22,23,92,109],"token","https:\u002F\u002Fshawnwang.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authenticator.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":13,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":129,"download_link":130,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":59},"av-2fa","AV 2FA","1.2.0","Avrasys","https:\u002F\u002Fprofiles.wordpress.org\u002Favrasys\u002F","\u003Cp>AV 2FA adds a crucial layer of security to your WordPress login process. After a user successfully enters their password, this plugin sends a unique, time-sensitive verification code to their registered email address. The user must then enter this code to complete the login, effectively protecting their account even if their password is compromised.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be lightweight, easy to use, and seamlessly integrated into the WordPress experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email-Based 2FA:\u003C\u002Fstrong> Sends a 6-digit verification code to the user’s email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide your login page by setting a custom login slug. The default wp-login.php becomes inaccessible, protecting against brute force attacks and bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting & Account Lockout:\u003C\u002Fstrong> Protects against brute force attacks on 2FA codes with configurable thresholds and temporary lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive Lockout:\u003C\u002Fstrong> Automatically increases lockout duration for repeat offenders (2x, 4x, 8x multiplier).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-Based Protection:\u003C\u002Fstrong> Tracks failed attempts by IP address to prevent distributed attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications:\u003C\u002Fstrong> Alerts users when their account is locked due to suspicious activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Controls:\u003C\u002Fstrong> View and manually unlock locked accounts from the settings page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Code Validity:\u003C\u002Fstrong> Admin can set how long the code is valid for (default is 60 seconds).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Exclusion List:\u003C\u002Fstrong> Easily bypass 2FA for specific users (e.g., admin or integration accounts) by adding their User ID to an exclusion list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Countdown Timer:\u003C\u002Fstrong> The verification screen displays a countdown timer to show the user how much time is left.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure & Reliable:\u003C\u002Fstrong> Uses WordPress’s built-in mailer and secure practices for code generation and verification.\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and secure Two-Factor Authentication plugin that sends a verification code to your email.",334,2,"2026-01-10T19:54:00.000Z","6.9.4","5.2","7.4",[72,24,127,128],"security","two-factor-authentication","https:\u002F\u002Favrasys.hu\u002Fletoltes\u002Fav-2fa-wordpress-ketfaktoros-hitelesites-bovitmeny","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fav-2fa.1.2.0.zip",{"attackSurface":132,"codeSignals":178,"taintFlows":195,"riskAssessment":196,"analyzedAt":210},{"hooks":133,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":11,"unprotectedCount":11},[134,140,144,147,152,156,159,163,167,171],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","wp_authenticate","jwtl_checkTheUserAuthentication","jwtlogin.php",18,{"type":135,"name":141,"callback":142,"file":138,"line":143},"tml_registered_action","jwtl_disable_tml_registration",99,{"type":135,"name":141,"callback":145,"file":138,"line":146},"jwtl_disable_tml_password_recovery",107,{"type":148,"name":149,"callback":150,"priority":85,"file":138,"line":151},"filter","lostpassword_url","jwtl_passurl_wpse_208054",113,{"type":135,"name":153,"callback":154,"file":138,"line":155},"show_user_profile","jwtl_extra_user_profile_fields",115,{"type":135,"name":157,"callback":154,"file":138,"line":158},"edit_user_profile",116,{"type":135,"name":160,"callback":161,"file":138,"line":162},"admin_menu","getconfig_add_plugin_page",146,{"type":135,"name":164,"callback":165,"file":138,"line":166},"admin_init","getconfig_page_init",147,{"type":135,"name":160,"callback":168,"file":169,"line":170},"add_plugin_page","options.php",15,{"type":135,"name":164,"callback":172,"file":169,"line":173},"page_init",16,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":192,"externalRequests":193,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":194},[],{"prepared":11,"raw":11,"locations":181},[],{"escaped":85,"rawEcho":183,"locations":184},3,[185,188,190],{"file":138,"line":186,"context":187},127,"raw output",{"file":138,"line":189,"context":187},133,{"file":138,"line":191,"context":187},177,6,14,[],[],{"summary":197,"deductions":198},"The 'jwt-ssolo' v1.5.2 plugin exhibits a generally positive security posture based on the provided static analysis.  The absence of any recorded vulnerabilities, including critical or high severity ones, and the consistent use of prepared statements for SQL queries are strong indicators of good development practices.  Furthermore, the plugin shows a responsible approach to output escaping, with a high percentage of outputs being properly handled.  The limited attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed, significantly reduces the potential for external manipulation. The plugin also does not appear to bundle any external libraries, which can be a source of vulnerabilities if not kept up-to-date.\n\nHowever, there are areas that warrant attention. The lack of any identified nonce checks or capability checks on any potential entry points is a significant concern. While the static analysis reports zero AJAX handlers and REST API routes, which limits the immediate impact, the absence of these fundamental WordPress security mechanisms suggests a potential oversight. If any functionalities were to be added or exposed in the future without these checks, it could lead to exploitable vulnerabilities.  The plugin also performs a considerable number of file operations and external HTTP requests, which, while not inherently insecure, represent areas where vulnerabilities could arise if not implemented with extreme care and robust validation.  The fact that no taint flows were analyzed is unusual and might indicate limitations in the analysis tool or the complexity of the plugin's code, preventing a deeper dive into potential data manipulation risks.",[199,201,203,206,208],{"reason":200,"points":85},"Missing nonce checks",{"reason":202,"points":85},"Missing capability checks",{"reason":204,"points":205},"Potential for unescaped output",4,{"reason":207,"points":121},"File operations present",{"reason":209,"points":121},"External HTTP requests present","2026-03-17T07:22:43.022Z",{"wat":212,"direct":221},{"assetPaths":213,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[214,215],"\u002Fwp-content\u002Fplugins\u002Fjwt-ssolo\u002Fcss\u002Fjwtl-styles.css","\u002Fwp-content\u002Fplugins\u002Fjwt-ssolo\u002Fjs\u002Fjwtl-script.js",[],[215],[219,220],"jwt-ssolo\u002Fcss\u002Fjwtl-styles.css?ver=","jwt-ssolo\u002Fjs\u002Fjwtl-script.js?ver=",{"cssClasses":222,"htmlComments":225,"htmlAttributes":228,"restEndpoints":232,"jsGlobals":233,"shortcodeOutput":236},[223,224],"jwtl-admin-page","jwtl-login-form-wrapper",[226,227],"\u003C!-- JWT SSOLO plugin -->","\u003C!-- Missing configuration -->",[229,230,231],"data-jwtl-login-url","data-jwtl-register-url","data-jwtl-recovery-url",[],[234,235],"jwtl_login_nonce","jwtl_ajax_url",[237],"\u003Cdiv class=\"jwtl-login-form-wrapper\">",{"error":239,"url":240,"statusCode":241,"statusMessage":242,"message":242},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fjwt-ssolo\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":121,"versions":244},[245,253],{"version":246,"download_url":247,"svn_tag_url":248,"released_at":28,"has_diff":249,"diff_files_changed":250,"diff_lines":28,"trac_diff_url":251,"vulnerabilities":252,"is_current":249},"1.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-ssolo.1.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fjwt-ssolo\u002Ftags\u002F1.5.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fjwt-ssolo%2Ftags%2F1.5&new_path=%2Fjwt-ssolo%2Ftags%2F1.5.1",[],{"version":254,"download_url":255,"svn_tag_url":256,"released_at":28,"has_diff":249,"diff_files_changed":257,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":258,"is_current":249},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-ssolo.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fjwt-ssolo\u002Ftags\u002F1.5\u002F",[],[]]