[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgEefTiNQ65CxeRFUNWnrLlu42zMkc9J9RpVRaCZjnDk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":130,"fingerprints":715},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",30,1177,0,"2025-11-24T22:55:00.000Z","6.8.5","3.9","",[19,20,21,22,23],"2fa","authentication","passwordless","secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"chrmrtns",3,50,94,"2026-04-04T06:59:44.297Z",[37,56,72,91,109],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":26,"num_ratings":46,"last_updated":17,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":55},"av-2fa","AV 2FA","1.2.0","Avrasys","https:\u002F\u002Fprofiles.wordpress.org\u002Favrasys\u002F","\u003Cp>AV 2FA adds a crucial layer of security to your WordPress login process. After a user successfully enters their password, this plugin sends a unique, time-sensitive verification code to their registered email address. The user must then enter this code to complete the login, effectively protecting their account even if their password is compromised.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be lightweight, easy to use, and seamlessly integrated into the WordPress experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email-Based 2FA:\u003C\u002Fstrong> Sends a 6-digit verification code to the user’s email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide your login page by setting a custom login slug. The default wp-login.php becomes inaccessible, protecting against brute force attacks and bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting & Account Lockout:\u003C\u002Fstrong> Protects against brute force attacks on 2FA codes with configurable thresholds and temporary lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive Lockout:\u003C\u002Fstrong> Automatically increases lockout duration for repeat offenders (2x, 4x, 8x multiplier).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-Based Protection:\u003C\u002Fstrong> Tracks failed attempts by IP address to prevent distributed attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications:\u003C\u002Fstrong> Alerts users when their account is locked due to suspicious activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Controls:\u003C\u002Fstrong> View and manually unlock locked accounts from the settings page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Code Validity:\u003C\u002Fstrong> Admin can set how long the code is valid for (default is 60 seconds).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Exclusion List:\u003C\u002Fstrong> Easily bypass 2FA for specific users (e.g., admin or integration accounts) by adding their User ID to an exclusion list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Countdown Timer:\u003C\u002Fstrong> The verification screen displays a countdown timer to show the user how much time is left.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure & Reliable:\u003C\u002Fstrong> Uses WordPress’s built-in mailer and secure practices for code generation and verification.\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and secure Two-Factor Authentication plugin that sends a verification code to your email.",290,1,"6.9.4","5.2","7.4",[19,22,51,52],"security","two-factor-authentication","https:\u002F\u002Favrasys.hu\u002Fletoltes\u002Fav-2fa-wordpress-ketfaktoros-hitelesites-bovitmeny","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fav-2fa.1.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":13,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":15,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":70,"download_link":71,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"dolutech-passwordless-login","Dolutech Passwordless Login","1.1.0","Lucas Catão Moraes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdolutech\u002F","\u003Cp>Este plugin substitui o formulário de login padrão do WordPress por um sistema de autenticação sem senha mais seguro.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Recursos principais:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Login sem senha via link seguro enviado por e-mail\u003Cbr \u002F>\n* Autenticação de dois fatores (2FA) via TOTP (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Códigos de backup para recuperação de acesso\u003Cbr \u002F>\n* Verificação de IP para segurança adicional\u003Cbr \u002F>\n* Rate limiting para prevenir ataques de força bruta\u003Cbr \u002F>\n* Painel de configurações completo no wp-admin\u003Cbr \u002F>\n* Opção de tornar 2FA obrigatório para perfis específicos\u003C\u002Fp>\n\u003Cp>O link de login expira imediatamente após o primeiro uso ou após o tempo configurado (padrão 15 minutos). A autenticação só é permitida pelo mesmo IP que solicitou o login.\u003C\u002Fp>\n","Permite login seguro sem senha com tecnologia passwordless e autenticação de dois fatores (2FA) via TOTP.",390,"2025-09-02T19:34:00.000Z","6.5","8.2",[19,20,69,21,51],"login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdolutech-passwordless-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolutech-passwordless-login.1.1.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":13,"downloaded":80,"rating":13,"num_ratings":13,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":88,"download_link":89,"security_score":90,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"eliot-pro","ElIoT Pro Passwordless Login","1.0","piotrwolski1","https:\u002F\u002Fprofiles.wordpress.org\u002Fpiotrwolski1\u002F","\u003Cp>OVERVIEW\u003C\u002Fp>\n\u003Cp>\u003Cem>ElIoT Pro\u003C\u002Fem> solves one of the biggest problems of any online-based human activity responsible for 80% of data breaches – \u003Cem>the risk of stolen credentials\u003C\u002Fem>.\u003Cbr \u002F>\nWe offer a one-touch, 2-factor authentication system for user identification and transaction confirmation. ElIoT Pro’s multi-layer, smartphone-based authentication platform offers password-free login that enables businesses and online users to conduct streamlined yet highly secure web-based transactions.\u003C\u002Fp>\n\u003Cp>ElIoT Pro’s unique approach results in a frictionless user experience, streamlined customer acquisition, higher levels of security, the end of passwords.\u003C\u002Fp>\n\u003Cp>HOW DOES IT WORK?\u003C\u002Fp>\n\u003Ch3>User perspective\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download our \u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.cyberuslabs.eliotpro\" rel=\"nofollow ugc\">Android\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fapps.apple.com\u002Fpl\u002Fapp\u002Feliot-pro\u002Fid1458095747\" rel=\"nofollow ugc\">iOS\u003C\u002Fa> application and register.\u003C\u002Fli>\n\u003Cli>Remember to use the same email address as you do on your wordpress website.\u003C\u002Fli>\n\u003Cli>On your wordpress site login page (\u002Fwp-login.php), instead of the traditional login\u002Fpassword, click the “Login with ElIoT Pro” widget.\u003C\u002Fli>\n\u003Cli>The One-Time token is transmitted to mobile app via sound, no need to type anything!\u003C\u002Fli>\n\u003Cli>You are authenticated on the website and logged in.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>SYSTEM OWNER PERSPECTIVE – INTEGRATION STEPS\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download our \u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.cyberuslabs.eliotpro\" rel=\"nofollow ugc\">Android\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fapps.apple.com\u002Fpl\u002Fapp\u002Feliot-pro\u002Fid1458095747\" rel=\"nofollow ugc\">iOS\u003C\u002Fa> mobile application and register.\u003C\u002Fli>\n\u003Cli>Follow steps presented on our integration form [here][https:\u002F\u002Floginwithoutpasswords.com\u002Fintegration\u002F]\u003C\u002Fli>\n\u003Cli>On the Integration tab on our website create a redirection: YOUR_SITE_URL +’\u002Fwp-json\u002Fapi\u002Flogin’ e.g. https:\u002F\u002Fexample.com\u002Fwp-json\u002Fapi\u002Flogin\u003C\u002Fli>\n\u003Cli>Copy Client Id and Client Secret for later usage\u003C\u002Fli>\n\u003Cli>Once you download and activate this plugin, go to settings and paste Client Id and Secret into appropriate fields. \u003C\u002Fli>\n\u003Cli>Done. You can change to Users perspective to see how it works. \u003C\u002Fli>\n\u003Cli>For additional information about the logins performed on your website visit cyberuskey.com\u003C\u002Fli>\n\u003C\u002Fol>\n","ElIoT Pro eliminates passwords using one-time tokens delivered via ultrasounds.",2151,"2023-03-30T17:40:00.000Z","6.1.10","5.4.1","7.0",[19,20,86,21,87],"cybersecurity","sonic-authentication","https:\u002F\u002Floginwithoutpasswords.com\u002Fcyberus\u002F2-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feliot-pro.1.0.zip",85,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":13,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":100,"tested_up_to":15,"requires_at_least":101,"requires_php":49,"tags":102,"homepage":107,"download_link":108,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"password-less-login","Password Less Login","1.0.0.1","Sadekur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadekur\u002F","\u003Cp>\u003Cstrong>Password Less Login\u003C\u002Fstrong> is a passwordless and OTP-based login system for WordPress.\u003Cbr \u002F>\nEvery user — both existing and new — must verify their identity using a \u003Cstrong>One-Time Password (OTP)\u003C\u002Fstrong> sent to their email before being logged in.\u003C\u002Fp>\n\u003Cp>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user enters their email address.\u003C\u002Fli>\n\u003Cli>The plugin sends a \u003Cstrong>6-digit OTP\u003C\u002Fstrong> to that email.\u003C\u002Fli>\n\u003Cli>The user enters the OTP:\n\u003Cul>\n\u003Cli>If the email exists \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user is securely logged in.\u003C\u002Fli>\n\u003Cli>If the email is new \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user provides a username, verifies the OTP, and a new account is created automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The OTP is valid for \u003Cstrong>10 minutes\u003C\u002Fstrong> and expires after use.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin never logs in users without OTP verification.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication for All Users\u003C\u002Fstrong> – Both existing and new users must verify the OTP before login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Securely log in using only your email and OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto User Registration\u003C\u002Fstrong> – New users can register instantly after OTP verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary OTP (10 Minutes)\u003C\u002Fstrong> – Each OTP expires after 10 minutes and can only be used once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Protects REST API endpoints from unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Email Handling\u003C\u002Fstrong> – Emails are hashed when stored in transients to protect user data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience\u003C\u002Fstrong> – Clean, minimal login flow with conditional fields for existing vs. new users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Password Less Login?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No passwords to remember or reset.\u003C\u002Fli>\n\u003Cli>OTP verification ensures true ownership of email.\u003C\u002Fli>\n\u003Cli>Protects against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Simple setup – works with the native WordPress login page.\u003C\u002Fli>\n\u003Cli>Modern and user-friendly design.\u003C\u002Fli>\n\u003Cli>Reduces “Forgot Password” support requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to your WordPress login page.\u003C\u002Fli>\n\u003Cli>Enter your email address and click “Send OTP”.\u003C\u002Fli>\n\u003Cli>Check your email for the OTP.\u003C\u002Fli>\n\u003Cli>Enter the OTP in the login form:\n\u003Cul>\n\u003Cli>If your account exists, you’ll be logged in.\u003C\u002Fli>\n\u003Cli>If not, you’ll be prompted to provide a username before registration and login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>You’ll be redirected to your dashboard after successful verification.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL license. You are free to use and modify it.\u003C\u002Fp>\n\u003Cp>For support, contact: \u003Ca href=\"mailto:sadekur0rahman@gmail.com\" rel=\"nofollow ugc\">sadekur0rahman@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n","A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.",229,"2026-01-07T16:26:00.000Z","5.9",[103,104,105,106,22],"easy-login","email-authentication","otp-login","passwordless-login","https:\u002F\u002Fgithub.com\u002Fsadekur\u002Fpassword-less-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-less-login.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":26,"num_ratings":119,"last_updated":120,"tested_up_to":15,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":26,"vuln_count":46,"unpatched_count":13,"last_vuln_date":129,"fetched_at":28},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1865629,1499,"2025-12-22T11:48:00.000Z","3.0.1","5.3",[124,125,106,22,126],"developer-access","magic-pin","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip","2021-11-15 00:00:00",{"attackSurface":131,"codeSignals":371,"taintFlows":457,"riskAssessment":706,"analyzedAt":714},{"hooks":132,"ajaxHandlers":324,"restRoutes":353,"shortcodes":354,"cronEvents":368,"entryPointCount":370,"unprotectedCount":13},[133,139,143,148,152,155,158,163,167,171,175,179,182,187,192,195,198,202,206,210,214,218,222,225,228,231,235,238,243,247,251,254,256,259,263,265,267,272,276,279,283,286,290,294,298,301,305,308,312,316,320],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_init","handle_notification_dismiss","includes\\Admin\\Admin.php",57,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_notices","display_admin_notice",58,{"type":134,"name":144,"callback":145,"file":146,"line":147},"admin_enqueue_scripts","enqueue_assets","includes\\Admin\\Assets\\AssetLoader.php",22,{"type":134,"name":149,"callback":150,"file":151,"line":33},"admin_menu","register_menus","includes\\Admin\\MenuManager.php",{"type":134,"name":144,"callback":153,"file":154,"line":147},"enqueue_help_page_styles","includes\\Admin\\Pages\\HelpPage.php",{"type":134,"name":135,"callback":156,"file":157,"line":147},"register_settings","includes\\Admin\\Settings\\SettingsManager.php",{"type":134,"name":159,"callback":160,"priority":46,"file":161,"line":162},"wp_loaded","handle_login_link","includes\\Core\\Core.php",31,{"type":134,"name":164,"callback":165,"file":161,"line":166},"init","handle_form_submission",32,{"type":134,"name":168,"callback":169,"file":161,"line":170},"login_footer","chrmrtns_kla_add_wp_login_field",43,{"type":134,"name":172,"callback":173,"file":161,"line":174},"login_init","chrmrtns_kla_handle_wp_login_submission",44,{"type":134,"name":176,"callback":177,"file":161,"line":178},"login_enqueue_scripts","enqueue_frontend_scripts",45,{"type":134,"name":164,"callback":180,"priority":46,"file":161,"line":181},"chrmrtns_kla_maybe_redirect_wp_login",49,{"type":134,"name":183,"callback":184,"priority":185,"file":161,"line":186},"wp_login_failed","handle_failed_login",10,52,{"type":188,"name":189,"callback":190,"file":161,"line":191},"filter","xmlrpc_enabled","__return_false",56,{"type":188,"name":193,"callback":190,"file":161,"line":194},"wp_is_application_passwords_available",61,{"type":134,"name":164,"callback":196,"file":161,"line":197},"prevent_user_enumeration",66,{"type":188,"name":199,"callback":200,"file":161,"line":201},"rest_endpoints","block_rest_user_endpoints",960,{"type":134,"name":203,"callback":204,"file":161,"line":205},"parse_request","block_author_query_early",963,{"type":134,"name":207,"callback":208,"file":161,"line":209},"template_redirect","block_author_archives",966,{"type":188,"name":211,"callback":212,"file":161,"line":213},"login_errors","remove_login_errors",969,{"type":188,"name":215,"callback":216,"file":161,"line":217},"comment_class","remove_comment_author_class",972,{"type":188,"name":219,"callback":220,"priority":185,"file":161,"line":221},"oembed_response_data","remove_oembed_author_data",975,{"type":134,"name":164,"callback":223,"file":224,"line":166},"check_database_version","includes\\Core\\Database.php",{"type":134,"name":226,"callback":164,"file":227,"line":178},"plugins_loaded","includes\\Core\\Main.php",{"type":134,"name":226,"callback":229,"file":227,"line":230},"load_textdomain",46,{"type":134,"name":140,"callback":232,"file":233,"line":234},"add_admin_notice","includes\\Core\\Notices.php",34,{"type":134,"name":135,"callback":236,"file":233,"line":237},"dismiss_notification",35,{"type":134,"name":239,"callback":240,"priority":241,"file":242,"line":11},"woocommerce_login_form","add_magic_link_field",20,"includes\\Core\\WooCommerce.php",{"type":134,"name":244,"callback":245,"file":242,"line":246},"woocommerce_login_form_start","show_success_message",33,{"type":134,"name":248,"callback":249,"file":242,"line":250},"wp_enqueue_scripts","enqueue_scripts",36,{"type":134,"name":164,"callback":252,"priority":46,"file":253,"line":11},"register_mail_logs_post_type","includes\\Email\\MailLogger.php",{"type":134,"name":135,"callback":255,"file":253,"line":246},"handle_mail_logs_actions",{"type":134,"name":257,"callback":258,"priority":185,"file":253,"line":250},"phpmailer_init","log_email_on_phpmailer_init",{"type":134,"name":260,"callback":261,"priority":185,"file":253,"line":262},"wp_mail_failed","update_log_on_failure",39,{"type":134,"name":257,"callback":258,"priority":185,"file":253,"line":264},272,{"type":134,"name":260,"callback":261,"priority":185,"file":253,"line":266},273,{"type":134,"name":268,"callback":269,"priority":270,"file":253,"line":271},"shutdown","check_phpmailer_results",999,847,{"type":134,"name":135,"callback":273,"file":274,"line":275},"init_smtp_settings","includes\\Email\\SMTP.php",24,{"type":134,"name":257,"callback":277,"file":274,"line":278},"configure_phpmailer",25,{"type":134,"name":207,"callback":280,"file":281,"line":282},"handle_2fa_verification","includes\\Security\\TwoFA\\Core.php",103,{"type":134,"name":140,"callback":284,"file":281,"line":285},"show_grace_period_notices",106,{"type":188,"name":287,"callback":288,"priority":11,"file":281,"line":289},"authenticate","intercept_login",109,{"type":134,"name":291,"callback":292,"priority":185,"file":281,"line":293},"wp_login","process_2fa_after_login",110,{"type":134,"name":291,"callback":295,"priority":296,"file":281,"line":297},"check_role_enforcement",15,111,{"type":134,"name":135,"callback":299,"file":281,"line":300},"enforce_2fa_setup",112,{"type":134,"name":302,"callback":303,"file":281,"line":304},"login_form","maybe_show_2fa_form",113,{"type":134,"name":164,"callback":306,"file":281,"line":307},"schedule_2fa_reminders",116,{"type":134,"name":309,"callback":310,"file":281,"line":311},"chrmrtns_kla_2fa_reminder_emails","send_2fa_reminder_emails",117,{"type":134,"name":313,"callback":314,"priority":185,"file":281,"line":315},"update_option_chrmrtns_kla_2fa_enabled","on_2fa_system_enabled",120,{"type":134,"name":317,"callback":318,"priority":185,"file":281,"line":319},"update_option_chrmrtns_kla_2fa_required_roles","on_2fa_roles_changed",121,{"type":134,"name":321,"callback":322,"priority":185,"file":281,"line":323},"set_user_role","on_user_role_changed",122,[325,331,335,336,339,341,345,349],{"action":326,"nopriv":327,"callback":328,"hasNonce":329,"hasCapCheck":329,"file":330,"line":147},"chrmrtns_kla_admin_disable_2fa",false,"disable_2fa",true,"includes\\Admin\\Ajax\\TwoFAAjaxHandler.php",{"action":332,"nopriv":329,"callback":333,"hasNonce":329,"hasCapCheck":327,"file":161,"line":334},"chrmrtns_kla_request_login_code","handle_login_request",29,{"action":332,"nopriv":327,"callback":333,"hasNonce":329,"hasCapCheck":327,"file":161,"line":11},{"action":337,"nopriv":329,"callback":338,"hasNonce":329,"hasCapCheck":327,"file":242,"line":262},"chrmrtns_kla_wc_request_magic_link","handle_ajax_request",{"action":337,"nopriv":327,"callback":338,"hasNonce":329,"hasCapCheck":327,"file":242,"line":340},40,{"action":342,"nopriv":327,"callback":343,"hasNonce":329,"hasCapCheck":327,"file":344,"line":186},"chrmrtns_2fa_setup","handle_ajax_setup","includes\\Security\\TwoFA\\Frontend.php",{"action":346,"nopriv":327,"callback":347,"hasNonce":329,"hasCapCheck":327,"file":344,"line":348},"chrmrtns_2fa_disable","handle_ajax_disable",53,{"action":350,"nopriv":327,"callback":351,"hasNonce":329,"hasCapCheck":327,"file":344,"line":352},"chrmrtns_2fa_generate_backup_codes","handle_ajax_generate_backup_codes",54,[],[355,357,360,364],{"tag":4,"callback":356,"file":161,"line":246},"render_login_form",{"tag":358,"callback":359,"file":161,"line":234},"keyless-auth-full","render_full_login_form",{"tag":361,"callback":362,"file":363,"line":162},"keyless-auth-password-reset","render_shortcode","includes\\Core\\PasswordReset.php",{"tag":365,"callback":366,"file":344,"line":367},"keyless-auth-2fa","render_2fa_shortcode",51,[369],{"hook":309,"callback":309,"file":281,"line":271},12,{"dangerousFunctions":372,"sqlUsage":373,"outputEscaping":413,"fileOperations":13,"externalRequests":13,"nonceChecks":455,"capabilityChecks":296,"bundledLibraries":456},[],{"prepared":166,"raw":374,"locations":375},18,[376,378,380,382,384,386,388,390,393,395,397,399,401,403,405,407,409,411],{"file":224,"line":90,"context":377},"$wpdb->query() with variable interpolation",{"file":224,"line":379,"context":377},89,{"file":224,"line":381,"context":377},91,{"file":224,"line":383,"context":377},245,{"file":224,"line":385,"context":377},247,{"file":224,"line":387,"context":377},249,{"file":224,"line":389,"context":377},251,{"file":224,"line":391,"context":392},478,"$wpdb->get_var() with variable interpolation",{"file":224,"line":394,"context":392},482,{"file":224,"line":396,"context":392},490,{"file":224,"line":398,"context":392},494,{"file":224,"line":400,"context":392},498,{"file":224,"line":402,"context":377},808,{"file":253,"line":404,"context":377},115,{"file":253,"line":406,"context":392},662,{"file":253,"line":408,"context":392},667,{"file":253,"line":410,"context":392},668,{"file":253,"line":412,"context":392},669,{"escaped":414,"rawEcho":374,"locations":415},463,[416,420,422,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453],{"file":417,"line":418,"context":419},"includes\\Admin\\Pages\\OptionsPage.php",95,"raw output",{"file":417,"line":421,"context":419},97,{"file":423,"line":424,"context":419},"includes\\Admin\\Pages\\TwoFAUsersPage.php",129,{"file":423,"line":426,"context":419},165,{"file":161,"line":428,"context":419},266,{"file":161,"line":430,"context":419},271,{"file":161,"line":432,"context":419},277,{"file":161,"line":434,"context":419},279,{"file":274,"line":436,"context":419},77,{"file":281,"line":438,"context":419},253,{"file":281,"line":440,"context":419},254,{"file":281,"line":442,"context":419},255,{"file":281,"line":444,"context":419},263,{"file":281,"line":446,"context":419},264,{"file":281,"line":448,"context":419},265,{"file":281,"line":450,"context":419},267,{"file":281,"line":452,"context":419},309,{"file":281,"line":454,"context":419},312,21,[],[458,476,486,511,537,555,566,584,597,610,623,648,667,684],{"entryPoint":459,"graph":460,"unsanitizedCount":46,"severity":475},"render_login_form (includes\\Core\\Core.php:92)",{"nodes":461,"edges":473},[462,467],{"id":463,"type":464,"label":465,"file":161,"line":466},"n0","source","$_GET",137,{"id":468,"type":469,"label":470,"file":161,"line":471,"wp_function":472},"n1","sink","echo() [XSS]",144,"echo",[474],{"from":463,"to":468,"sanitized":327},"medium",{"entryPoint":477,"graph":478,"unsanitizedCount":46,"severity":475},"render_full_login_form (includes\\Core\\Core.php:205)",{"nodes":479,"edges":484},[480,482],{"id":463,"type":464,"label":465,"file":161,"line":481},252,{"id":468,"type":469,"label":470,"file":161,"line":483,"wp_function":472},259,[485],{"from":463,"to":468,"sanitized":327},{"entryPoint":487,"graph":488,"unsanitizedCount":510,"severity":475},"render_reset_password_page (includes\\Core\\PasswordReset.php:118)",{"nodes":489,"edges":505},[490,492,495,498,500,502],{"id":463,"type":464,"label":491,"file":363,"line":483},"$_POST",{"id":468,"type":493,"label":494,"file":363,"line":483},"transform","→ render_html_template()",{"id":496,"type":469,"label":470,"file":363,"line":497,"wp_function":472},"n2",466,{"id":499,"type":464,"label":465,"file":363,"line":483},"n3",{"id":501,"type":493,"label":494,"file":363,"line":483},"n4",{"id":503,"type":469,"label":470,"file":363,"line":504,"wp_function":472},"n5",467,[506,507,508,509],{"from":463,"to":468,"sanitized":327},{"from":468,"to":496,"sanitized":327},{"from":499,"to":501,"sanitized":327},{"from":501,"to":503,"sanitized":327},2,{"entryPoint":512,"graph":513,"unsanitizedCount":510,"severity":475},"\u003CPasswordReset> (includes\\Core\\PasswordReset.php:0)",{"nodes":514,"edges":530},[515,516,517,519,520,521,522,524,526,528],{"id":463,"type":464,"label":491,"file":363,"line":466},{"id":468,"type":469,"label":470,"file":363,"line":497,"wp_function":472},{"id":496,"type":464,"label":465,"file":363,"line":518},124,{"id":499,"type":469,"label":470,"file":363,"line":504,"wp_function":472},{"id":501,"type":464,"label":491,"file":363,"line":483},{"id":503,"type":493,"label":494,"file":363,"line":483},{"id":523,"type":469,"label":470,"file":363,"line":497,"wp_function":472},"n6",{"id":525,"type":464,"label":465,"file":363,"line":483},"n7",{"id":527,"type":493,"label":494,"file":363,"line":483},"n8",{"id":529,"type":469,"label":470,"file":363,"line":504,"wp_function":472},"n9",[531,532,533,534,535,536],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":329},{"from":501,"to":503,"sanitized":327},{"from":503,"to":523,"sanitized":327},{"from":525,"to":527,"sanitized":327},{"from":527,"to":529,"sanitized":327},{"entryPoint":538,"graph":539,"unsanitizedCount":13,"severity":554},"render (includes\\Admin\\Pages\\OptionsPage.php:21)",{"nodes":540,"edges":551},[541,544,547,549],{"id":463,"type":464,"label":542,"file":417,"line":543},"$_POST (x20)",28,{"id":468,"type":469,"label":545,"file":417,"line":334,"wp_function":546},"update_option() [Settings Manipulation]","update_option",{"id":496,"type":464,"label":548,"file":417,"line":234},"$_POST (x6)",{"id":499,"type":469,"label":470,"file":417,"line":550,"wp_function":472},177,[552,553],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":329},"low",{"entryPoint":556,"graph":557,"unsanitizedCount":13,"severity":554},"\u003COptionsPage> (includes\\Admin\\Pages\\OptionsPage.php:0)",{"nodes":558,"edges":563},[559,560,561,562],{"id":463,"type":464,"label":542,"file":417,"line":543},{"id":468,"type":469,"label":545,"file":417,"line":334,"wp_function":546},{"id":496,"type":464,"label":548,"file":417,"line":234},{"id":499,"type":469,"label":470,"file":417,"line":550,"wp_function":472},[564,565],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":329},{"entryPoint":567,"graph":568,"unsanitizedCount":13,"severity":554},"render (includes\\Admin\\Pages\\TwoFAUsersPage.php:23)",{"nodes":569,"edges":580},[570,571,572,574,576],{"id":463,"type":464,"label":465,"file":423,"line":250},{"id":468,"type":469,"label":470,"file":423,"line":352,"wp_function":472},{"id":496,"type":464,"label":465,"file":423,"line":573},37,{"id":499,"type":493,"label":575,"file":423,"line":573},"→ get_2fa_users()",{"id":501,"type":469,"label":577,"file":224,"line":578,"wp_function":579},"get_results() [SQLi]",781,"get_results",[581,582,583],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":327},{"from":499,"to":501,"sanitized":329},{"entryPoint":585,"graph":586,"unsanitizedCount":13,"severity":554},"\u003CTwoFAUsersPage> (includes\\Admin\\Pages\\TwoFAUsersPage.php:0)",{"nodes":587,"edges":593},[588,589,590,591,592],{"id":463,"type":464,"label":465,"file":423,"line":250},{"id":468,"type":469,"label":470,"file":423,"line":352,"wp_function":472},{"id":496,"type":464,"label":465,"file":423,"line":573},{"id":499,"type":493,"label":575,"file":423,"line":573},{"id":501,"type":469,"label":577,"file":224,"line":578,"wp_function":579},[594,595,596],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":327},{"from":499,"to":501,"sanitized":329},{"entryPoint":598,"graph":599,"unsanitizedCount":609,"severity":554},"save_template_settings (includes\\Email\\Templates.php:32)",{"nodes":600,"edges":607},[601,605],{"id":463,"type":464,"label":602,"file":603,"line":604},"$_POST (x4)","includes\\Email\\Templates.php",47,{"id":468,"type":469,"label":545,"file":603,"line":606,"wp_function":546},48,[608],{"from":463,"to":468,"sanitized":327},4,{"entryPoint":611,"graph":612,"unsanitizedCount":13,"severity":554},"\u003CTemplates> (includes\\Email\\Templates.php:0)",{"nodes":613,"edges":620},[614,615,616,618],{"id":463,"type":464,"label":602,"file":603,"line":604},{"id":468,"type":469,"label":545,"file":603,"line":606,"wp_function":546},{"id":496,"type":464,"label":491,"file":603,"line":617},74,{"id":499,"type":469,"label":470,"file":603,"line":619,"wp_function":472},696,[621,622],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":329},{"entryPoint":624,"graph":625,"unsanitizedCount":510,"severity":647},"handle_login_link (includes\\Core\\Core.php:765)",{"nodes":626,"edges":642},[627,629,631,635,637,639],{"id":463,"type":464,"label":465,"file":161,"line":628},777,{"id":468,"type":493,"label":630,"file":161,"line":628},"→ validate_login_token()",{"id":496,"type":469,"label":632,"file":224,"line":633,"wp_function":634},"query() [SQLi]",432,"query",{"id":499,"type":464,"label":465,"file":161,"line":636},790,{"id":501,"type":493,"label":638,"file":161,"line":636},"→ get_user_2fa_settings()",{"id":503,"type":469,"label":640,"file":224,"line":408,"wp_function":641},"get_row() [SQLi]","get_row",[643,644,645,646],{"from":463,"to":468,"sanitized":327},{"from":468,"to":496,"sanitized":327},{"from":499,"to":501,"sanitized":327},{"from":501,"to":503,"sanitized":327},"high",{"entryPoint":649,"graph":650,"unsanitizedCount":32,"severity":647},"\u003CCore> (includes\\Core\\Core.php:0)",{"nodes":651,"edges":661},[652,654,655,656,657,658,659,660],{"id":463,"type":464,"label":653,"file":161,"line":466},"$_GET (x2)",{"id":468,"type":469,"label":470,"file":161,"line":471,"wp_function":472},{"id":496,"type":464,"label":653,"file":161,"line":628},{"id":499,"type":493,"label":630,"file":161,"line":628},{"id":501,"type":469,"label":632,"file":224,"line":633,"wp_function":634},{"id":503,"type":464,"label":465,"file":161,"line":636},{"id":523,"type":493,"label":638,"file":161,"line":636},{"id":525,"type":469,"label":640,"file":224,"line":408,"wp_function":641},[662,663,664,665,666],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":327},{"from":499,"to":501,"sanitized":327},{"from":503,"to":523,"sanitized":327},{"from":523,"to":525,"sanitized":327},{"entryPoint":668,"graph":669,"unsanitizedCount":46,"severity":647},"handle_mail_logs_actions (includes\\Email\\MailLogger.php:56)",{"nodes":670,"edges":680},[671,673,674,676,678],{"id":463,"type":464,"label":491,"file":253,"line":672},90,{"id":468,"type":469,"label":545,"file":253,"line":34,"wp_function":546},{"id":496,"type":464,"label":491,"file":253,"line":675},256,{"id":499,"type":493,"label":677,"file":253,"line":675},"→ get_mail_log_by_id()",{"id":501,"type":469,"label":640,"file":253,"line":679,"wp_function":641},536,[681,682,683],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":327},{"from":499,"to":501,"sanitized":327},{"entryPoint":685,"graph":686,"unsanitizedCount":46,"severity":647},"\u003CMailLogger> (includes\\Email\\MailLogger.php:0)",{"nodes":687,"edges":700},[688,689,690,691,692,693,697,698,699],{"id":463,"type":464,"label":491,"file":253,"line":672},{"id":468,"type":469,"label":545,"file":253,"line":34,"wp_function":546},{"id":496,"type":464,"label":491,"file":253,"line":440},{"id":499,"type":469,"label":640,"file":253,"line":679,"wp_function":641},{"id":501,"type":464,"label":491,"file":253,"line":440},{"id":503,"type":469,"label":694,"file":253,"line":695,"wp_function":696},"get_var() [SQLi]",870,"get_var",{"id":523,"type":464,"label":491,"file":253,"line":675},{"id":525,"type":493,"label":677,"file":253,"line":675},{"id":527,"type":469,"label":640,"file":253,"line":679,"wp_function":641},[701,702,703,704,705],{"from":463,"to":468,"sanitized":329},{"from":496,"to":499,"sanitized":329},{"from":501,"to":503,"sanitized":329},{"from":523,"to":525,"sanitized":327},{"from":525,"to":527,"sanitized":327},{"summary":707,"deductions":708},"The \"keyless-auth\" plugin version 3.2.4 demonstrates a strong security posture with several good practices.  All identified entry points, including AJAX handlers, REST API routes, shortcodes, and cron events, appear to have authentication checks in place, which is a significant strength.  Furthermore, the plugin exhibits excellent output escaping practices and avoids dangerous functions, file operations, and external HTTP requests.  The use of prepared statements for SQL queries is also a positive indicator, although room for improvement exists given the percentage.  The vulnerability history is clean, with no known CVEs, which suggests a history of secure development or prompt patching.\n\nHowever, the taint analysis reveals some concerns.  The presence of 9 flows with unsanitized paths, even if not classified as critical, warrants attention.  These flows represent potential injection vulnerabilities where untrusted data could be manipulated.  While the plugin has a substantial number of nonce checks and capability checks, the taint analysis suggests that some of these might not be effectively preventing the identified unsanitized paths.  The relatively high percentage of SQL queries not using prepared statements also presents a moderate risk of SQL injection, especially if those queries handle user-supplied data.\n\nIn conclusion, \"keyless-auth\" v3.2.4 is a generally well-secured plugin with robust authentication and output sanitization. The lack of historical vulnerabilities is encouraging.  The primary areas for improvement lie in addressing the identified unsanitized paths from the taint analysis and increasing the utilization of prepared statements for all SQL queries to further harden the plugin against potential injection attacks.",[709,711],{"reason":710,"points":370},"Unsanitized paths in taint analysis (High severity)",{"reason":712,"points":713},"SQL queries not using prepared statements (64% prepared)",6,"2026-03-16T22:38:22.174Z",{"wat":716,"direct":725},{"assetPaths":717,"generatorPatterns":720,"scriptPaths":721,"versionParams":722},[718,719],"\u002Fwp-content\u002Fplugins\u002Fkeyless-auth\u002Fassets\u002Fcss\u002Fstyle-back-end.css","\u002Fwp-content\u002Fplugins\u002Fkeyless-auth\u002Fassets\u002Fcss\u002Fadmin-style.css",[],[],[723,724],"keyless-auth\u002Fassets\u002Fcss\u002Fstyle-back-end.css?ver=","keyless-auth\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=",{"cssClasses":726,"htmlComments":728,"htmlAttributes":729,"restEndpoints":731,"jsGlobals":732,"shortcodeOutput":734},[727],"chrmrtns-kla-settings-section",[],[730],"data-plugin-name=\"keyless-auth\"",[],[733],"window.ChrmrtnsKeylessAuthAdmin",[]]