[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGZShSF9pNdQ4uBn_y6NmdsswMB396SElngzaqEUXQUY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":118,"fingerprints":241},"last-login-info-display","Last Login Info Display","1.1.1","Ahmod Musa","https:\u002F\u002Fprofiles.wordpress.org\u002Fmusabin\u002F","\u003Cp>Last Login Info Display is a lightweight WordPress plugin that helps administrators track user activity by displaying the last login time and total login count for each user in the WordPress admin users list.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Last Login Tracking\u003C\u002Fstrong>: Adds a sortable “Last Login” column showing when each user last logged in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Count\u003C\u002Fstrong>: Tracks and displays the total number of logins for each user\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sortable Columns\u003C\u002Fstrong>: Sort users by last login time or login count\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Compatible\u003C\u002Fstrong>: Works perfectly with WordPress Multisite installations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Includes .pot file for translations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong>: Optimized for performance with minimal database overhead\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Configuration Needed\u003C\u002Fstrong>: Works out of the box after activation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all plugin data when uninstalled\u003C\u002Fli>\n\u003C\u002Ful>\n","Track user activity with a detailed \"Last Login\" and \"Login Count\" column in the WordPress Users dashboard.",0,334,"2026-01-02T13:44:00.000Z","6.9.4","4.9","7.0",[18,19,20,21,22],"admin","login","security","user-management","users","https:\u002F\u002Fahmodmusa.com\u002Flast-login-info-display\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-login-info-display.1.1.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"musabin",1,30,94,"2026-04-04T11:12:23.272Z",[36,54,67,81,97],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":51,"download_link":52,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"codecave-admin-security-auditor","CodeCave Admin Security Auditor","1.2.4","CodeCave","https:\u002F\u002Fprofiles.wordpress.org\u002Fidmistir\u002F","\u003Cp>CodeCave Admin Security Auditor is a lightweight plugin that helps you monitor user activity by tracking and displaying the last login time for each user in your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically tracks the last login time for all users\u003C\u002Fli>\n\u003Cli>Displays last login information in the WordPress admin users table\u003C\u002Fli>\n\u003Cli>Sortable last login column for easy user management\u003C\u002Fli>\n\u003Cli>Shows “Never” for users who haven’t logged in since plugin installation\u003C\u002Fli>\n\u003Cli>Timezone-aware display (uses your WordPress timezone settings)\u003C\u002Fli>\n\u003Cli>Clean uninstall – removes all data when plugin is deleted\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003Cli>No configuration needed – works out of the box\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Use Cases:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monitor user engagement and activity\u003C\u002Fli>\n\u003Cli>Identify inactive user accounts\u003C\u002Fli>\n\u003Cli>Security auditing and compliance\u003C\u002Fli>\n\u003Cli>User account cleanup and maintenance\u003C\u002Fli>\n\u003Cli>Track user adoption of your WordPress site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy and Data:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin stores the last login timestamp as user metadata in your WordPress database. No data is sent to external servers. When you uninstall the plugin, all stored data is automatically removed.\u003C\u002Fp>\n\u003Ch3>Developer Notes\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Accessing Last Login Data Programmatically:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can retrieve the last login timestamp for a user:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$auditor = CodeCave_Admin_Security_Auditor::get_instance();\n$last_login = $auditor->get_last_login( $user_id );\n\nif ( $last_login ) {\n    echo 'Last login: ' . date( 'Y-m-d H:i:s', $last_login );\n} else {\n    echo 'Never logged in';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Hooks and Filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin uses standard WordPress hooks and does not currently provide custom hooks. This may be added in future versions based on user feedback.\u003C\u002Fp>\n","Track and display the last login time for each user in the WordPress admin users table.",199,"","6.8.5","5.8","7.4",[18,50,19,20,22],"last-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcodecave-admin-security-auditor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodecave-admin-security-auditor.1.2.4.zip","2026-03-15T10:48:56.248Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":25,"num_ratings":31,"last_updated":45,"tested_up_to":46,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":45,"download_link":66,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"last-login-info","Last Login Info","2.0.0","Hardik Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhardikhuptechdev\u002F","\u003Cp>\u003Cstrong>Last Login Info\u003C\u002Fstrong> is a lightweight plugin that helps administrators see when users last logged into the site.\u003C\u002Fp>\n\u003Cp>This plugin adds a “Last Login” column to the Users table in the WordPress admin. It tracks and displays each user’s last login time, with either human-readable formatting (e.g., “2 days ago”) or full date\u002Ftimestamp. The column is sortable, making it easier to find inactive users.\u003C\u002Fp>\n\u003Cp>The settings page under \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Last Login Info\u003C\u002Fstrong> allows you to customize the date format, exclude roles, export data to CSV, or reset all login records.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds a new “Last Login” column to the Users admin screen.\u003C\u002Fli>\n\u003Cli>Tracks login time on successful user login.\u003C\u002Fli>\n\u003Cli>Choose between human-readable or full timestamp display.\u003C\u002Fli>\n\u003Cli>Exclude specific roles from being tracked (e.g., Administrator).\u003C\u002Fli>\n\u003Cli>Export all user logins to CSV.\u003C\u002Fli>\n\u003Cli>Reset all login tracking data.\u003C\u002Fli>\n\u003Cli>Sortable column by last login time.\u003C\u002Fli>\n\u003Cli>Lightweight, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays the last login timestamp of each user in the WordPress admin Users table, with tools to export and manage login data.",536,"5.5","7.2",[18,50,19,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-login-info.2.0.0.zip",{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":11,"downloaded":75,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":76,"requires_php":48,"tags":77,"homepage":79,"download_link":80,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":53},"login-defender","Login Defender","1.0.1","Amzil Ayoub","https:\u002F\u002Fprofiles.wordpress.org\u002Famzil000ayoub\u002F","\u003Cp>Login Defender enhances your WordPress site’s security by allowing you to change the default login URL and block direct access to wp-login.php. It also logs unauthorized login attempts with IP address, browser, and timestamp for tracking purposes. Includes stats and the ability to reset logs from the admin dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change default login URL to a custom slug\u003C\u002Fli>\n\u003Cli>Block access to wp-login.php and wp-admin (if not logged in)\u003C\u002Fli>\n\u003Cli>Track failed login access attempts (IP, time, browser)\u003C\u002Fli>\n\u003Cli>View login attempt statistics: last 24h, 7d, 1m, 3m, 6m, 1y\u003C\u002Fli>\n\u003Cli>Clear\u002Freset login attempt logs with one click\u003C\u002Fli>\n\u003Cli>Improved security against brute-force login attacks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to use ?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Configure Settings\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Settings > Login Defender\u003Cbr \u002F>\n2. Enable the switch: “Enable Custom Login URL”\u003Cbr \u002F>\n3. Enter a slug like my-login (allowed: letters, numbers, _, -)\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Access Your New Login Page\u003C\u002Fstrong>\u003Cbr \u002F>\n– Example: \u003Ccode>https:\u002F\u002Fyourdomain.com\u002Fmylogin\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\n– See login attempt stats at the top of the settings page\u003Cbr \u002F>\n– Click “Clear Logs” to reset tracking data\u003C\u002Fp>\n","Login Defender enhances your WordPress site's security by allowing you to change the default login URL.",1037,"6.0",[78,18,19,20,22],"activity","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-defender","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-defender.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":11,"num_ratings":11,"last_updated":90,"tested_up_to":46,"requires_at_least":91,"requires_php":48,"tags":92,"homepage":45,"download_link":96,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"storm-clean-admin","Storm Clean Admin","1.0.0","Wpstorm Genius","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpstormdev\u002F","\u003Cp>\u003Cstrong>Storm Clean Admin\u003C\u002Fstrong> is a lightweight and performance-focused WordPress plugin that helps site administrators manage inactive users, track activity, and maintain a clean, secure dashboard.\u003C\u002Fp>\n\u003Cp>Built with a modern React-powered interface and adhering to WordPress coding standards, it provides a seamless experience for both administrators and site managers.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Cstrong>Fast & Lightweight\u003C\u002Fstrong> – Uses native WordPress APIs for optimal performance.\u003C\u002Fli>\n\u003Cli>🧍‍♂️ \u003Cstrong>Smart User Management\u003C\u002Fstrong> – Detect, deactivate, or delete inactive users automatically.\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – Monitor user login activity, registrations, and engagement.\u003C\u002Fli>\n\u003Cli>⚙️ \u003Cstrong>Custom Automation\u003C\u002Fstrong> – Schedule cleanups and inactivity checks.\u003C\u002Fli>\n\u003Cli>🔒 \u003Cstrong>Security Focused\u003C\u002Fstrong> – Protects admin and critical roles from accidental removal.\u003C\u002Fli>\n\u003Cli>🎨 \u003Cstrong>Modern UI\u003C\u002Fstrong> – Clean, responsive React interface integrated with WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Use Storm Clean Admin?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Keep your user database clean and efficient\u003C\u002Fli>\n\u003Cli>Identify dormant or risky accounts\u003C\u002Fli>\n\u003Cli>Automate routine maintenance tasks\u003C\u002Fli>\n\u003Cli>Improve visibility on user activity\u003C\u002Fli>\n\u003Cli>Maintain GDPR compliance by removing unused accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built For Admins and Developers\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully compatible with WordPress coding and security standards\u003C\u002Fli>\n\u003Cli>Translation-ready and fully localizable\u003C\u002Fli>\n\u003Cli>Uses WordPress REST API for scalability and speed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works with WordPress 5.0+\u003C\u002Fli>\n\u003Cli>Tested up to 6.8.3\u003C\u002Fli>\n\u003Cli>Supports classic and block themes\u003C\u002Fli>\n\u003Cli>Translation-ready with included \u003Ccode>.pot\u003C\u002Fcode> file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Inactive Users Management\u003C\u002Fstrong> – Automatically detect and manage inactive accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Activity Tracking\u003C\u002Fstrong> – Track login times and last activity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automated Cleanup\u003C\u002Fstrong> – Schedule automatic cleanup of inactive users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – View site and user activity trends\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Exclusions\u003C\u002Fstrong> – Exclude specific user roles from inactivity checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Actions\u003C\u002Fstrong> – Deactivate or delete inactive users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Charts\u003C\u002Fstrong> – Visualize login and registration patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Actions\u003C\u002Fstrong> – Apply actions to multiple users simultaneously\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security-Focused\u003C\u002Fstrong> – Built with WordPress best practices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern UI\u003C\u002Fstrong> – Responsive React dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cstrong>Storm Clean Admin\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Configure inactivity thresholds and exclusion rules.\u003C\u002Fli>\n\u003Cli>Enable automatic cleanup or manage users manually.\u003C\u002Fli>\n\u003Cli>Monitor user activity and manage accounts from the dashboard.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>All user login times are tracked locally in your database. No external data transmission occurs. Data remains on your WordPress installation.\u003C\u002Fp>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Multisite compatibility\u003C\u002Fli>\n\u003Cli>Email notifications for inactive users\u003C\u002Fli>\n\u003Cli>Export\u002Fimport cleanup logs\u003C\u002Fli>\n\u003Cli>WooCommerce integration for user activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Documentation, FAQs, and support: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\u002Fclean-admin\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u002Fclean-admin\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Feedback & Contribution\u003C\u002Fh3>\n\u003Cp>Report issues or share ideas: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\u002Fsupport\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u002Fsupport\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Cstrong>Wpstorm Team\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite: \u003Ca href=\"https:\u002F\u002Fwpstorm.ir\" rel=\"nofollow ugc\">https:\u002F\u002Fwpstorm.ir\u003C\u002Fa>\u003C\u002Fp>\n","A modern WordPress plugin to manage inactive users, monitor site activity, and keep your site optimized and secure.",125,"2025-11-29T20:28:00.000Z","5.0",[93,94,95,20,21],"admin-tools","inactive-users","optimization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstorm-clean-admin.1.0.0.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":14,"requires_at_least":110,"requires_php":63,"tags":111,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":11,"last_vuln_date":117,"fetched_at":27},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","3.0",[112,18,19,98,20],"access","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"attackSurface":119,"codeSignals":217,"taintFlows":233,"riskAssessment":234,"analyzedAt":240},{"hooks":120,"ajaxHandlers":200,"restRoutes":213,"shortcodes":214,"cronEvents":215,"entryPointCount":216,"unprotectedCount":31},[121,127,132,137,141,145,148,151,154,157,161,165,169,174,176,178,180,182,184,186,188,190,192,194,196],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","admin_enqueue_scripts","enqueue_scripts","admin\\class-llid-admin.php",69,{"type":128,"name":129,"callback":130,"file":125,"line":131},"filter","manage_users_columns","add_last_login_column",72,{"type":128,"name":133,"callback":134,"priority":135,"file":125,"line":136},"manage_users_custom_column","show_last_login_column",10,73,{"type":128,"name":138,"callback":139,"file":125,"line":140},"manage_users_sortable_columns","make_last_login_sortable",74,{"type":122,"name":142,"callback":143,"file":125,"line":144},"pre_get_users","sort_by_last_login",75,{"type":128,"name":129,"callback":146,"file":125,"line":147},"add_login_count_column",77,{"type":128,"name":133,"callback":149,"priority":135,"file":125,"line":150},"show_login_count_column",78,{"type":128,"name":138,"callback":152,"file":125,"line":153},"make_login_count_sortable",79,{"type":122,"name":142,"callback":155,"file":125,"line":156},"sort_by_login_count",80,{"type":122,"name":158,"callback":159,"file":125,"line":160},"admin_menu","add_settings_page",83,{"type":122,"name":162,"callback":163,"file":125,"line":164},"admin_init","register_settings",84,{"type":122,"name":166,"callback":167,"file":125,"line":168},"admin_notices","maybe_show_rating_notice",90,{"type":122,"name":170,"callback":171,"file":172,"line":173},"wp_login","anonymous","includes\\class-llid-last-login.php",156,{"type":128,"name":129,"callback":171,"file":172,"line":175},159,{"type":128,"name":133,"callback":171,"file":172,"line":177},160,{"type":128,"name":138,"callback":171,"file":172,"line":179},161,{"type":122,"name":142,"callback":171,"file":172,"line":181},162,{"type":128,"name":129,"callback":171,"file":172,"line":183},165,{"type":128,"name":133,"callback":171,"file":172,"line":185},166,{"type":128,"name":138,"callback":171,"file":172,"line":187},167,{"type":122,"name":142,"callback":171,"file":172,"line":189},168,{"type":122,"name":158,"callback":171,"file":172,"line":191},171,{"type":122,"name":162,"callback":171,"file":172,"line":193},172,{"type":122,"name":166,"callback":171,"file":172,"line":195},193,{"type":122,"name":197,"callback":198,"file":199,"line":168},"plugins_loaded","llid_run_last_login_info_display","last-login-info-display.php",[201,207,210],{"action":202,"nopriv":203,"callback":204,"hasNonce":205,"hasCapCheck":205,"file":125,"line":206},"llid_dismiss_notice",false,"handle_rating_notice_action",true,91,{"action":208,"nopriv":203,"callback":204,"hasNonce":205,"hasCapCheck":205,"file":125,"line":209},"llid_remind_later",92,{"action":211,"nopriv":203,"callback":171,"hasNonce":203,"hasCapCheck":203,"file":172,"line":212},"llid_dismiss_rating_notice",194,[],[],[],3,{"dangerousFunctions":218,"sqlUsage":219,"outputEscaping":221,"fileOperations":11,"externalRequests":11,"nonceChecks":31,"capabilityChecks":231,"bundledLibraries":232},[],{"prepared":11,"raw":11,"locations":220},[],{"escaped":222,"rawEcho":216,"locations":223},13,[224,227,229],{"file":125,"line":225,"context":226},603,"raw output",{"file":125,"line":228,"context":226},786,{"file":125,"line":230,"context":226},791,5,[],[],{"summary":235,"deductions":236},"The plugin \"last-login-info-display\" v1.1.1 exhibits a generally good security posture with several strengths. Notably, it avoids dangerous functions, performs all SQL queries using prepared statements, and has a good rate of output escaping (81%). The absence of file operations and external HTTP requests further reduces potential attack vectors. Its vulnerability history is clean, with no recorded CVEs, indicating a potentially well-maintained and secure codebase.\n\nHowever, a significant concern arises from the static analysis, which identified one AJAX handler that lacks authentication checks. This unprotected entry point represents a direct risk, as it could be exploited by unauthenticated users to trigger potentially unintended actions or reveal sensitive information. While taint analysis shows no critical or high-severity issues, and only a limited attack surface, this single unprotected AJAX handler is a clear vulnerability that needs immediate attention. The presence of a nonce check is positive, but its absence on this specific handler negates its protective effect for that entry point.\n\nIn conclusion, the plugin demonstrates solid coding practices in many areas, particularly regarding data handling and output sanitation. The clean vulnerability history is a strong positive signal. Nevertheless, the unprotected AJAX handler is a critical weakness that significantly lowers its overall security score and requires remediation.",[237],{"reason":238,"points":239},"Unprotected AJAX handler without auth checks",7,"2026-03-17T07:22:03.350Z",{"wat":242,"direct":251},{"assetPaths":243,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[244,245],"\u002Fwp-content\u002Fplugins\u002Flast-login-info-display\u002Fadmin\u002Fcss\u002Fllid-admin.css","\u002Fwp-content\u002Fplugins\u002Flast-login-info-display\u002Fadmin\u002Fjs\u002Fllid-admin.js",[],[245],[249,250],"last-login-info-display\u002Fadmin\u002Fcss\u002Fllid-admin.css?ver=","last-login-info-display\u002Fadmin\u002Fjs\u002Fllid-admin.js?ver=",{"cssClasses":252,"htmlComments":255,"htmlAttributes":261,"restEndpoints":263,"jsGlobals":264,"shortcodeOutput":265},[253,254],"column-last-login","column-login-count",[256,257,258,259,260],"\u003C!-- BEGIN: last-login-info-display -->","\u003C!-- END: last-login-info-display -->","\u003C!-- BEGIN: LLID Settings -->","\u003C!-- END: LLID Settings -->","\u003C!-- Last Login Info Display Settings Page -->",[262],"data-llid-user-id",[],[],[]]