[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBrRG03J6ohKhsCwDbj5VdSjte70WIpAmj0B6oF1WY24":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":125,"fingerprints":260},"limit-login-attempts-security","Limit Login Attempts Security","1.0.2","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>A lightweight version that support GeoLocation for login security. Use GeoLocation (Country\u002FCity setting).\u003C\u002Fp>\n\u003Cp>For more features, please try this free plugin: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdologin\u002F\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Support GeoLocation IP limit\u003C\u002Fli>\n\u003Cli>Support IP whitelist\u002Fblacklist\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight version of DoLogin with GeoLocation for login security only. For the full features, please use this free plugin: https:\u002F\u002Fwordpress.",10,1154,0,"2019-09-30T14:14:00.000Z","5.2.24","4.0","",[19,20,21],"login-attempts","login-lock","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-security.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"wpdo5ea",6,7810,91,146,73,"2026-04-05T02:49:04.109Z",[36,61,78,92,105],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":31,"vuln_count":59,"unpatched_count":13,"last_vuln_date":60,"fetched_at":25},"melapress-login-security","Melapress Login Security","2.3.0","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Cp>\u003Cstrong> COMPREHENSIVE WORDPRESS LOGIN SECURITY PLUGIN \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa> enables you to effortlessly set login security policies that put you firmly in the driver’s seat of your WordPress sites. Policies are highly customizable and granular and can be implemented by user role or site-wide for complete control over the security of your WordPress login processes.\u003C\u002Fp>\n\u003Cp>Use the free edition of Melapress Login Security to implement WordPress password requirements such as minimum length and complexity rules. The plugin also allows you to set password expiration policies, prevent password reuse, limit failed login attempts, and automatically disable inactive user accounts, among other things. This helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevent unauthorized login attempts\u003C\u002Fli>\n\u003Cli>Protect against brute force attacks\u003C\u002Fli>\n\u003Cli>Comply with GDPR with a login consent notice\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔐 Features list\u003C\u002Fh3>\n\u003Cp>A secure WordPress login starts right here. Explore all of the features included with the free edition of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>:\u003C\u002Fp>\n\u003Ch3>Set password policies\u003C\u002Fh3>\n\u003Cp>Strong passwords are your first line of defense against bad actors looking to gain access to your site. Set password requirement policies to make sure users set strong passwords. Set policies by user role or site-wide and define policy priority for users with multiple roles.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set minimum password length\u003C\u002Fli>\n\u003Cli>Require uppercase and lowercase characters, numbers, and special characters\u003C\u002Fli>\n\u003Cli>Set an automatic password expiration policy and advise users when their password is about to expire\u003C\u002Fli>\n\u003Cli>Disallow users from reusing passwords\u003C\u002Fli>\n\u003Cli>Provide users with helpful instructions during the password configuration stage\u003C\u002Fli>\n\u003Cli>Disable password reset links\u003C\u002Fli>\n\u003Cli>Mandate WordPress password reset on the first login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limit login attempts\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fmelapress-login-security-failed-logins-policy-wordpress\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Limit failed login attempts\u003C\u002Fa> and put an end to brute force attacks. Protect your login form by automatically disabling user accounts after a number of failed login attempts. Choose between manual unlocking by an admin or automatic unlocking after a cooldown period.\u003C\u002Fp>\n\u003Ch3>Temporary login without password\u003C\u002Fh3>\n\u003Cp>Provide temporary and secure login access to third parties, like developers, editors, employees or others, without a password. It works by providing the user with a temporary login link that expires after a certain amount of time, or after a number of uses. This prevents you from having to create new user accounts manually, while simultaneously reducing the security risks associated with old, unused user accounts.\u003C\u002Fp>\n\u003Ch3>Change WordPress login URL\u003C\u002Fh3>\n\u003Cp>Easily deploy security-by-obscurity tactics and change your WordPress login page URL using a plugin! Hiding the default login page from hackers makes it more difficult to find, potentially reducing brute force attacks and other unauthorized access attempts. After you change the default wp-admin URL, you can set a 404 for the old login page or redirect it to any page of your choosing.\u003C\u002Fp>\n\u003Ch3>Limit login page access by IP address(es)\u003C\u002Fh3>\n\u003Cp>Limit access to the WordPress login page by IP address(es) for additional security.\u003C\u002Fp>\n\u003Ch3>GDPR login page consent notice\u003C\u002Fh3>\n\u003Cp>Easily meet GDPR requirements by adding a GDPR consent notice to the login page. This is required for GDPR and PCI DSS compliance, thus ensuring your WordPress site login page is in compliance.\u003C\u002Fp>\n\u003Ch3>Emergency password reset\u003C\u002Fh3>\n\u003Cp>Discovered suspicious behavior? Reset all users’ passwords with just one click and regain instant control.\u003C\u002Fp>\n\u003Ch3>Upgrade to Melapress Login Security Premium and get even more benefits.\u003C\u002Fh3>\n\u003Cp>The premium edition of Melapress Login Security comes bundled with even more features, which enable you to take your WordPress website login security to the next level. Disable inactive WordPress user accounts and force passwords to be reset once accounts have been unlocked. Inactive accounts can be managed within a single dashboard for increased efficiency and faster response times. Moreover, you can set accounts to be locked out after a number of failed login attempts and customize the duration and method of unlocking them.\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything included in the free edition\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manually lock user accounts\u003C\u002Fstrong> to immediately prevent login access for rarely used accounts or users on extended leave\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add an extra security layer with security questions\u003C\u002Fstrong> users must answer when performing sensitive actions such as password resets and account unlocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive email alerts for unrecognized device logins\u003C\u002Fstrong>, with the option to remotely terminate the session\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Control user session duration\u003C\u002Fstrong> by extending or shortening session timeouts to balance security and convenience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click integration with third-party plugins\u003C\u002Fstrong> such as WooCommerce, LearnDash, MemberPress, and many others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatically \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Finactive-users-wordpress\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">disable inactive WordPress users\u003C\u002Fa>\u003C\u002Fstrong> after a configurable period of inactivity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Apply Geo-blocking rules\u003C\u002Fstrong> to allow or block login access based on specific countries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fmelapress-login-security-limit-login-ips\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Restrict users’ login to specific IP addresses\u003C\u002Fa>\u003C\u002Fstrong>, including support for multiple allowed IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Frestrict-users-log-in-time-wordpress-website\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Restrict WordPress user login times\u003C\u002Fa>\u003C\u002Fstrong> by day and\u002For hours\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit login credentials\u003C\u002Fstrong> to email address, username, or both\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add a GDPR consent notice\u003C\u002Fstrong> to the WordPress login page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View detailed user security reports\u003C\u002Fstrong>, including last activity, password age, and expired passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Receive weekly email summary reports\u003C\u002Fstrong> covering password resets, password changes, user account lockouts, and more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>|💎 \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">UPGRADE TO PREMIUM\u003C\u002Fa> |\u003C\u002Fp>\n\u003Ch3>Why you should use Melapress Login Security\u003C\u002Fh3>\n\u003Cp>Melapress Login Security is a WordPress plugin built from the ground up to help you improve the security of your user accounts and secure your WordPress login. Supercharge login credentials for maximum effectiveness and put a stop to unlimited login attempts, weak passwords, and inactive users. Set up policies to reduce your attack surface area such as login times restrictions, change the WordPress login URL, and much more.\u003C\u002Fp>\n\u003Ch3>Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of Melapress Login Security is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmelapress-login-security\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from priority support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress builds high-quality WordPress security & admin plugins such as \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">WP 2FA\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-user-roles-editor\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Melapress Role Editor\u003C\u002Fa>,and \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-activity-log\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">WP Activity Log\u003C\u002Fa>, the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mls\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Install the plugin from within WordPress\u003C\u002Fh3>\n\u003Cp>Keeping a secure WordPress login page is easy with \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>. Simply:\u003C\u002Fp>\n\u003Col>\n\u003Cli>From your WordPress dashboard, navigate to Plugins > Add New\u003C\u002Fli>\n\u003Cli>Search for “\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa>”\u003C\u002Fli>\n\u003Cli>Install & activate \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\" rel=\"nofollow ugc\">Melapress Login Security\u003C\u002Fa> from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the plugin manually (via file upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Melapress Login Security plugin through the Plugins page in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Enforce WordPress login and password security policies to protect user accounts and prevent unauthorized logins.",2000,24596,100,17,"2026-02-09T18:02:00.000Z","6.9.4","5.5","7.3",[53,54,55,56,21],"brute-force","limit-login-attempts","limit-logins","login","https:\u002F\u002Fmelapress.com\u002Fwordpress-login-security\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmelapress-login-security.2.3.0.zip",4,"2025-07-25 16:23:06",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":46,"downloaded":69,"rating":70,"num_ratings":29,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":76,"download_link":77,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"jeba-limit-login-attempts","Jeba Limit Login Attempts","1.0","Md Jahed","https:\u002F\u002Fprofiles.wordpress.org\u002Fjahed\u002F","\u003Cp>This is Jeba Limit Login Attempts wordpress plugin. WordPress Login security and problems when a hacker use a script to guess the username \u002F password. So I did this following class which lock the system for 30 minutes if a he attempts to login and fails after 3 tries.\u003C\u002Fp>\n\u003Cp>Jeba more plugin:\u003Cbr \u002F>\nJeba cute portfolio plugin: http:\u002F\u002Fprowpexpert.com\u002Fjeba\u003C\u002Fp>\n","This is Jeba Limit Login Attempts wordpress plugin. Automatically lock the system for 30 minutes if a user attempts to login and fails after 3 tries.",4893,76,"2015-03-31T04:52:00.000Z","4.0.38","3.0.1",[54,19,21,75],"wp-login-security","http:\u002F\u002Fprowpexpert.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjeba-limit-login-attempts.zip",{"slug":79,"name":80,"version":64,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":17,"download_link":90,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":91},"secure-admin-access","Secure Admin Access","maheshkathiriya","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshkathiriya\u002F","\u003Cp>If you run a WordPress website, you should absolutely use “Secure-Admin-Access” to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Secure Admin Access fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Secure Admin Access helps solve this problem by allowing webmasters to customize their admin panel URL and blocking the default links.\u003C\u002Fp>\n\u003Cp>After you setup Secure Admin Access, webmasters will be able to change the “yourwebsitename.com\u002Fwp-admin” link into something like “yourwebsitename.com\u002Fyour-custom-string”.\u003Cbr \u002F>\nAll queries for the classic “\u002Fwp-admin\u002F” and “wp-login.php” files will be redirected to the homepage, while access to the WP backend will be allowed only for the custom URL.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE :Back up your database before beginning the activate plugin.\u003C\u002Fstrong>\u003Cbr \u002F>\nIt is extremely important to back up your database before beginning the activate plugin. If, for some reason, you find it necessary to restore your database from these backups. Plugin will not work for IIS.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Limit Dashboard access to admins only, admins + editors, admins + editors + authors, or limit by specific capability.\u003C\u002Fli>\n\u003Cli>Create your own redirect URL\u003C\u002Fli>\n\u003Cli>Optionally allow user profile access\u003C\u002Fli>\n\u003Cli>Define custom wp-admin url(Like http:\u002F\u002Fyourdomain.com\u002Fmypanel)\u003C\u002Fli>\n\u003Cli>Define custom Logo OR change default logo on login page\u003C\u002Fli>\n\u003Cli>Define body background color on login page \u003C\u002Fli>\n\u003Cli>SEO friendly URL for “Register” page (Like http:\u002F\u002Fyourdomain.com\u002Fmypanel\u002Fregister)\u003C\u002Fli>\n\u003Cli>SEO friendly URL for “Lost Password” page (Like http:\u002F\u002Fyourdomain.com\u002Fmypanel\u002Flostpassword)\u003C\u002Fli>\n\u003Cli>Restrict guest users for access to wp-admin\u003C\u002Fli>\n\u003Cli>Restrict registered non-admin users from wp-admin\u003C\u002Fli>\n\u003Cli>Allow admin access to non-admin users by define comma seprate multiple ids users \u003C\u002Fli>\n\u003Cli>Login Security \u003C\u002Fli>\n\u003Cli>Limit Login Attempts and track user login attempts\u003C\u002Fli>\n\u003Cli>Login attempts and block IP temporarily\u003C\u002Fli>\n\u003Cli>Much more!\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure Your Website Admin And Dashboard Access & Modify Login Page Design & Login Attempts for login protection",1188,"4.7.32","3.3",[54,89,19,21,79],"login-attempt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-admin-access.zip","2026-03-15T10:48:56.248Z",{"slug":93,"name":94,"version":6,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":13,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":49,"requires_at_least":50,"requires_php":100,"tags":101,"homepage":17,"download_link":104,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":91},"simple-login-guard","Simple Login Guard – Monitor & Block Attempts","Aman Brar","https:\u002F\u002Fprofiles.wordpress.org\u002Famandeepwebspero\u002F","\u003Cp>\u003Cstrong>Simple Login Guard\u003C\u002Fstrong> is a lightweight login security plugin designed to protect your WordPress website from brute-force attacks.\u003Cbr \u002F>\nIt monitors every login attempt, logs failed and successful logins, tracks suspicious behavior, and automatically blocks IP addresses that exceed your configured threshold — keeping your site safe without slowing it down.\u003C\u002Fp>\n\u003Cp>No confusing settings. No bulky security suite.\u003Cbr \u002F>\nJust \u003Cstrong>simple, effective login protection\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Monitor Failed & Successful Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Logs every attempt with username, IP, timestamp, and status.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic IP Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Block IPs that exceed a defined number of failed attempts within a time window.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customizable Security Rules\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Failed attempts threshold\u003Cbr \u002F>\n  – Lockout duration\u003Cbr \u002F>\n  – Time window for counting attempts\u003Cbr \u002F>\n  – Retention period for logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Block \u002F Unblock IPs\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Block or unblock IP addresses from the admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Uses optimized database queries and caching to avoid performance issues.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Safe Logging Table\u003C\u002Fstrong>\u003Cbr \u002F>\n  – Creates a separate database table for login attempts, leaving core tables untouched.\u003C\u002Fp>\n\u003Ch3>📊 Admin Dashboard\u003C\u002Fh3>\n\u003Cp>The plugin includes an easy-to-use interface under:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Simple Login Guard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sections include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Settings\u003C\u002Fli>\n\u003Cli>Blocked IPs List\u003C\u002Fli>\n\u003C\u002Ful>\n","Monitor failed login attempts and automatically block IPs after multiple failures. Lightweight and easy to use.",159,"7.4",[102,103,54,19,21],"block-ip","brute-force-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-login-guard.1.0.2.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":49,"requires_at_least":118,"requires_php":17,"tags":119,"homepage":17,"download_link":123,"security_score":115,"vuln_count":59,"unpatched_count":13,"last_vuln_date":124,"fetched_at":25},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","3.0",[120,53,121,21,122],"2fa","firewall","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip","2023-12-20 00:00:00",{"attackSurface":126,"codeSignals":157,"taintFlows":198,"riskAssessment":248,"analyzedAt":259},{"hooks":127,"ajaxHandlers":145,"restRoutes":146,"shortcodes":154,"cronEvents":155,"entryPointCount":156,"unprotectedCount":156},[128,133,136,141],{"type":129,"name":130,"callback":130,"file":131,"line":132},"action","admin_menu","src\\core.cls.php",37,{"type":129,"name":134,"callback":134,"file":131,"line":135},"login_head",38,{"type":137,"name":138,"callback":138,"priority":139,"file":131,"line":140},"filter","authenticate",2,40,{"type":129,"name":142,"callback":142,"file":143,"line":144},"rest_api_init","src\\rest.cls.php",23,[],[147],{"namespace":148,"route":149,"methods":150,"callback":152,"permissionCallback":24,"file":143,"line":153},"llas\u002Fv1","\u002Fmyip",[151],"GET","myip",34,[],[],1,{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":13,"externalRequests":156,"nonceChecks":156,"capabilityChecks":13,"bundledLibraries":197},[],{"prepared":13,"raw":13,"locations":160},[],{"escaped":59,"rawEcho":162,"locations":163},18,[164,168,170,171,173,175,176,177,178,180,182,184,185,187,189,191,193,195],{"file":165,"line":166,"context":167},"tpl\\settings.tpl.php",20,"raw output",{"file":165,"line":169,"context":167},27,{"file":165,"line":153,"context":167},{"file":165,"line":172,"context":167},35,{"file":165,"line":174,"context":167},36,{"file":165,"line":132,"context":167},{"file":165,"line":140,"context":167},{"file":165,"line":140,"context":167},{"file":165,"line":179,"context":167},42,{"file":165,"line":181,"context":167},43,{"file":165,"line":183,"context":167},44,{"file":165,"line":183,"context":167},{"file":165,"line":186,"context":167},45,{"file":165,"line":188,"context":167},46,{"file":165,"line":190,"context":167},48,{"file":165,"line":192,"context":167},56,{"file":165,"line":194,"context":167},63,{"file":165,"line":196,"context":167},80,[],[199,233],{"entryPoint":200,"graph":201,"unsanitizedCount":139,"severity":232},"setting_page (src\\core.cls.php:266)",{"nodes":202,"edges":226},[203,208,212,218,222,224],{"id":204,"type":205,"label":206,"file":131,"line":207},"n0","source","$_POST['whitelist']",271,{"id":209,"type":210,"label":211,"file":131,"line":207},"n1","transform","→ conf_update()",{"id":213,"type":214,"label":215,"file":131,"line":216,"wp_function":217},"n2","sink","update_option() [Settings Manipulation]",354,"update_option",{"id":219,"type":205,"label":220,"file":131,"line":221},"n3","$_POST['blacklist']",272,{"id":223,"type":210,"label":211,"file":131,"line":221},"n4",{"id":225,"type":214,"label":215,"file":131,"line":216,"wp_function":217},"n5",[227,229,230,231],{"from":204,"to":209,"sanitized":228},false,{"from":209,"to":213,"sanitized":228},{"from":219,"to":223,"sanitized":228},{"from":223,"to":225,"sanitized":228},"low",{"entryPoint":234,"graph":235,"unsanitizedCount":139,"severity":232},"\u003Ccore.cls> (src\\core.cls.php:0)",{"nodes":236,"edges":243},[237,238,239,240,241,242],{"id":204,"type":205,"label":206,"file":131,"line":207},{"id":209,"type":210,"label":211,"file":131,"line":207},{"id":213,"type":214,"label":215,"file":131,"line":216,"wp_function":217},{"id":219,"type":205,"label":220,"file":131,"line":221},{"id":223,"type":210,"label":211,"file":131,"line":221},{"id":225,"type":214,"label":215,"file":131,"line":216,"wp_function":217},[244,245,246,247],{"from":204,"to":209,"sanitized":228},{"from":209,"to":213,"sanitized":228},{"from":219,"to":223,"sanitized":228},{"from":223,"to":225,"sanitized":228},{"summary":249,"deductions":250},"The 'limit-login-attempts-security' plugin version 1.0.2 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries exclusively with prepared statements, incorporates nonce checks, and has no recorded vulnerability history, suggesting a generally stable and well-maintained codebase. However, significant concerns arise from the static analysis. The presence of one unprotected REST API route represents a direct attack vector. Furthermore, the taint analysis indicates two flows with unsanitized paths, which, despite not being classified as critical or high severity, can still lead to vulnerabilities if input is not properly validated or escaped. The low percentage of properly escaped output (18%) is another substantial weakness, increasing the risk of cross-site scripting (XSS) attacks. While the plugin lacks a history of public vulnerabilities, the current code analysis reveals critical areas for improvement. The unprotected REST API route and the high rate of unescaped output are the most pressing issues that need immediate attention to mitigate potential security risks.",[251,253,256],{"reason":252,"points":11},"Unprotected REST API route",{"reason":254,"points":255},"Unsanitized paths in taint flows",8,{"reason":257,"points":258},"Low percentage of properly escaped output",7,"2026-03-17T01:04:47.070Z",{"wat":261,"direct":266},{"assetPaths":262,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[],[],[],[],{"cssClasses":267,"htmlComments":268,"htmlAttributes":269,"restEndpoints":270,"jsGlobals":272,"shortcodeOutput":273},[],[],[],[271],"llas\u002Fv1\u002Fmyip",[],[]]