[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7nReMk98Z3KCEQbLuJxBb49XN-BrIKKUQZXY-5XBg78":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":16,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":142,"fingerprints":246},"login-security-recaptcha","Login Security Captcha","1.8.4","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,286646,98,20,"2026-03-11T00:40:00.000Z","7.0","5.0",[19,20,21,22,23],"captcha","cloudflare","login","recaptcha","security","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.4.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"scriptstown",20200,30,94,"2026-04-03T23:07:42.797Z",[38,63,81,103,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":53,"download_link":60,"security_score":13,"vuln_count":61,"unpatched_count":27,"last_vuln_date":62,"fetched_at":29},"dologin","DoLogin Security","4.3","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.\u003C\u002Fp>\n\u003Cp>Limit the number of login attempts through both the login and the auth cookies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Two-factor Authentication login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Text SMS message passcode for 2nd step verification support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cloudflare Turnstile (better than Google reCAPTCHA).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GeoLocation (Continent\u002FCountry\u002FCity) or IP range to limit login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Passwordless login link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Whitelist and Blacklist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Login supported.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>XMLRPC gateway protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : '';\u003C\u002Fcode> to generate one passwordless login link for the current user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note\u002Ftip for this generation', $user_id ) : '';\u003C\u002Fcode> to generate a passwordless login link for the user which ID is \u003Ccode>$user_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The generated one-time used link will be expired after 7 days.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define const \u003Ccode>SILENCE_INSTALL\u003C\u002Fcode> to avoid redirecting to setting page after installtion.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CLI\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>List all passwordless links: \u003Ccode>wp dologin list\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate a passwordless link for one username (for the login name \u003Ccode>root\u003C\u002Fcode>): \u003Ccode>wp dologin gen root\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete a passwordless link w\u002F the ID in list (for the record w\u002F ID 5): \u003Ccode>wp dologin del 5\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How GeoLocation works\u003C\u002Fh4>\n\u003Cp>When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist\u002Fblacklist to decide if allow login attempts.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The online IP lookup service is provided by https:\u002F\u002Fwww.doapi.us. The provider’s privacy policy is https:\u002F\u002Fwww.doapi.us\u002Fprivacy.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.\u003C\u002Fp>\n","Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent\u002FCountry\u002FCity)\u002FIP range to limit login attempts.",7000,162727,90,13,"2025-06-11T14:21:00.000Z","6.8.5","4.0","",[55,56,57,58,59],"2fa-login","cloudflare-turnstile-recaptcha","easy-login","geolocation-login-limit","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdologin.4.3.zip",4,"2023-10-24 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":27,"downloaded":71,"rating":27,"num_ratings":27,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":53,"tags":75,"homepage":53,"download_link":80,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cubemage-login-guard","CubeMage Login Guard","1.0.0","CubeMage","https:\u002F\u002Fprofiles.wordpress.org\u002Fcubemage\u002F","\u003Cp>\u003Cstrong>Login Guard by CubeMage\u003C\u002Fstrong> provides a security solution to protect your WordPress login, registration, and comment forms against spam and brute-force attacks.\u003C\u002Fp>\n\u003Cp>Instead of relying solely on password verification, this plugin integrates Cloudflare Turnstile to validate visitors before WordPress processes the authentication request. This approach helps reduce server load caused by automated bot attempts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cloudflare Turnstile Integration:\u003C\u002Fstrong> Uses a privacy-focused, GDPR-compliant alternative to CAPTCHA for bot verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-Authentication Check:\u003C\u002Fstrong> Validates the Turnstile token before the database query occurs, saving server resources.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts:\u003C\u002Fstrong> Automatically blocks IP addresses after 5 consecutive failed login attempts within 15 minutes to prevent brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Protection:\u003C\u002Fstrong> Disables XML-RPC functionality to close a common attack vector often used for DDoS attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form Support:\u003C\u002Fstrong> Adds protection to the Login form, Registration form, Lost Password form, and Comment section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance:\u003C\u002Fstrong> Uses native WordPress Transients for tracking failed attempts, avoiding the creation of heavy custom database tables.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Configuration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin includes a setup interface to easily input your Cloudflare Site Key and Secret Key.\u003C\u002Fp>\n","Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.",123,"2025-12-13T14:03:00.000Z","6.9.4","5.8",[76,77,78,79,23],"anti-spam","cloudflare-turnstile","limit-login-attempts","recaptcha-alternative","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcubemage-login-guard.1.0.0.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":48,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":53,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":27,"last_vuln_date":102,"fetched_at":29},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1369961,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[96,21,97,22,23],"google","nocaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",85,1,"2022-08-16 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":112,"num_ratings":35,"last_updated":113,"tested_up_to":51,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":27,"last_vuln_date":122,"fetched_at":29},"wp-recaptcha-integration","ReCaptcha Integration for WordPress","1.2.8","weDevs","https:\u002F\u002Fprofiles.wordpress.org\u002Fwedevs\u002F","\u003Cp>Integrate reCaptcha in your blog. Supports no Captcha as well as old style recaptcha.\u003Cbr \u002F>\nProvides of the box integration for signup, login, comment formsand Ninja Forms as well\u003Cbr \u002F>\nas a plugin API for your own integrations.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secures login, signup und comments with a recaptcha.\u003C\u002Fli>\n\u003Cli>Supports old as well as new reCaptcha.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works together with\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Multisite\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>AwesomeSupport (thanks to \u003Ca href=\"http:\u002F\u002Fjulienliabeuf.com\u002F\" rel=\"nofollow ugc\">Julien Liabeuf\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>WooCommerce (Only checkout, registration and login form. Not password reset)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fninjaforms.com\u002F\" rel=\"nofollow ugc\">Ninja Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>cformsII\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For integration in your self-coded forms see this \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u002Fwiki\u002FCustom-Themes-and-Forms\" rel=\"nofollow ugc\">wiki article\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Localizations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Brazilian Portuguese (thanks to \u003Ca href=\"http:\u002F\u002Fwww.viniciusferraz.com\" rel=\"nofollow ugc\">Vinícius Ferraz\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Spanish (thanks to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyivi\" rel=\"nofollow ugc\">Ivan Yivoff\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Italian (thanks to \u003Ca href=\"http:\u002F\u002Fblog.salaros.com\u002F\" rel=\"nofollow ugc\">Salaros\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest Files on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>On a \u003Cstrong>WP Multisite\u003C\u002Fstrong> you can either activate the plugin network wide or on a single site.\u003C\u002Fp>\n\u003Cp>Activated on a single site everything works as usual.\u003C\u002Fp>\n\u003Cp>With network activation entering the API key and setting up where a captcha is required\u003Cbr \u002F>\nis up to the network admin. A blog admin can override the API key e.g. when his blog is\u003Cbr \u002F>\nrunning under his\u002Fher own domain name.\u003C\u002Fp>\n\u003Ch4>Known Limitations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>You can’t have more than one old style reCaptcha on a page. This is a limitiation of\u003Cbr \u002F>\nreCaptcha itself. If that’s an issue for you, you should use the no Captcha Form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A No Captcha definitely requires client side JavaScript enabled. That’s how it does its\u003Cbr \u002F>\nsophisticated bot detection magic. There is no fallback. If your visitor does not have\u003Cbr \u002F>\nJS enabled the captcha test will not let him through.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On a \u003Cstrong>Contact Form 7\u003C\u002Fstrong> when the reCaptcha is disabled (e.g. for logged in users) the field\u003Cbr \u002F>\nlabel will be still visible. This is due to CF7 Shortcode architecture, and can’t be fixed.\u003C\u002Fp>\n\u003Cp>To handle this there is a filter \u003Ccode>recaptcha_disabled_html\u003C\u002Fcode>. You can return a message for your logged-in\u003Cbr \u002F>\nusers here. Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>As of version 4.3 CF7 comes with its own recaptcha. Both are supposed to work together.\u003Cbr \u002F>\nI you want to keep the WP ReCaptcha functionality, e.g. if you want to hide the captcha\u003Cbr \u002F>\nfrom known users, leave the integration in the CF7 settings unconfigured.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Old style reCaptcha does not work together with \u003Cstrong>WooCommerce\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In \u003Cstrong>WooCommerce\u003C\u002Fstrong> the reset password form can not be protected by a captcha. Woocommerce does\u003Cbr \u002F>\nnot fire any action in the lost password form, so there is no way for the plugin to hook in.\u003Cbr \u002F>\nTake a look at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fcaptcha-not-showing-on-lost-password-page?replies=7\" rel=\"ugc\">this thread\u003C\u002Fa> for a workaround.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Due to a lack of filters there is no (and as far as one can see, there will never be)\u003Cbr \u002F>\nsupport for the \u003Cstrong>MailPoet\u003C\u002Fstrong> subscription form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin API\u003C\u002Fh3>\n\u003Cp>The plugin offers some filters to allow themes and other plugins to hook in.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub-Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n","reCaptcha for login, signup, comment forms, Ninja Forms and woocommerce.",294613,88,"2025-10-29T05:41:00.000Z","3.8","5.4",[19,21,117,22,23],"no-captcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-recaptcha-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-recaptcha-integration.1.2.8.zip",99,2,"2024-11-01 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":52,"requires_php":115,"tags":137,"homepage":140,"download_link":141,"security_score":100,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"no-captcha-recaptcha","No CAPTCHA reCAPTCHA","1.3.4","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>A simple plugin for adding the new No CAPTCHA reCAPTCHA by Google to WordPress login, registration and comment system as well as BuddyPress registration form to protect against spam.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to activate CAPTCHA in login, registration, comment and BuddyPress registration forms.\u003C\u002Fli>\n\u003Cli>Choose a theme for the CAPTCHA.\u003C\u002Fli>\n\u003Cli>Auto-detects the user’s language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugins you will like\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-captcha-recaptcha-for-woocommerce\u002F\" rel=\"ugc\">No CAPTCHA reCAPTCHA for WooCommerce\u003C\u002Fa>\u003C\u002Fstrong>: Protect WooCommerce login, registration and password reset form against spam using Google’s No CAPTCHA reCAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fppress\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A shortcode based WordPress form builder that makes building custom login, registration and password reset forms stupidly simple. \u003Ca href=\"http:\u002F\u002Fprofilepress.net\" rel=\"nofollow ugc\">More info here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailoptin\u002F\" rel=\"ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.",5000,151171,86,69,"2020-04-15T16:05:00.000Z","5.4.19",[138,21,22,139,23],"comment-form","registration-form","http:\u002F\u002Fw3guy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-captcha-recaptcha.1.3.4.zip",{"attackSurface":143,"codeSignals":228,"taintFlows":237,"riskAssessment":238,"analyzedAt":245},{"hooks":144,"ajaxHandlers":202,"restRoutes":224,"shortcodes":225,"cronEvents":226,"entryPointCount":227,"unprotectedCount":227},[145,151,155,158,165,168,173,177,180,184,188,192,196,198],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_notices","redirect","admin\\admin.php",9,{"type":146,"name":152,"callback":153,"file":149,"line":154},"init","register_assets",11,{"type":146,"name":156,"callback":157,"file":149,"line":49},"admin_menu","create_menu",{"type":159,"name":160,"callback":161,"priority":162,"file":163,"line":164},"filter","script_loader_tag","async_grecaptcha_v2",10,"includes\\class-stlsr-helper.php",105,{"type":159,"name":160,"callback":166,"priority":162,"file":163,"line":167},"async_cf_turnstile",295,{"type":146,"name":169,"callback":170,"file":171,"line":172},"login_form","login_form_captcha","public\\public.php",6,{"type":159,"name":174,"callback":175,"priority":162,"file":171,"line":176},"wp_authenticate_user","login_verify_captcha",8,{"type":146,"name":178,"callback":179,"file":171,"line":162},"lostpassword_form","lostpassword_form_captcha",{"type":146,"name":181,"callback":182,"file":171,"line":183},"lostpassword_post","lostpassword_verify_captcha",12,{"type":146,"name":185,"callback":186,"file":171,"line":187},"register_form","register_form_captcha",14,{"type":159,"name":189,"callback":190,"priority":162,"file":171,"line":191},"registration_errors","register_verify_captcha",16,{"type":146,"name":193,"callback":194,"file":171,"line":195},"comment_form_after_fields","comment_form_captcha",18,{"type":146,"name":197,"callback":194,"file":171,"line":14},"comment_form_logged_in_after",{"type":159,"name":199,"callback":200,"file":171,"line":201},"preprocess_comment","comment_verify_captcha",22,[203,208,212,216,220],{"action":204,"nopriv":205,"callback":206,"hasNonce":205,"hasCapCheck":205,"file":149,"line":207},"stlsr-save-captcha",false,"save_captcha",15,{"action":209,"nopriv":205,"callback":210,"hasNonce":205,"hasCapCheck":205,"file":149,"line":211},"stlsr-clear-error-logs","clear_error_logs",17,{"action":213,"nopriv":205,"callback":214,"hasNonce":205,"hasCapCheck":205,"file":149,"line":215},"stlsr-reset-plugin","reset_plugin",19,{"action":217,"nopriv":205,"callback":218,"hasNonce":205,"hasCapCheck":205,"file":149,"line":219},"stlsr-save-options","save_options",21,{"action":221,"nopriv":205,"callback":222,"hasNonce":205,"hasCapCheck":205,"file":149,"line":223},"stlsr-refresh-ip","refresh_ip",23,[],[],[],5,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":232,"fileOperations":27,"externalRequests":235,"nonceChecks":227,"capabilityChecks":227,"bundledLibraries":236},[],{"prepared":27,"raw":27,"locations":231},[],{"escaped":233,"rawEcho":27,"locations":234},217,[],3,[],[],{"summary":239,"deductions":240},"The 'login-security-recaptcha' plugin v1.8.4 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, which represent a substantial attack surface. While the plugin demonstrates strong practices in other areas, such as 100% use of prepared statements for SQL queries and proper output escaping, the lack of authentication checks on its five AJAX entry points is a critical weakness.  The absence of any recorded vulnerabilities in its history is a positive sign, suggesting potential for well-developed code in some aspects, but it doesn't mitigate the immediate risks identified in the static analysis. The presence of nonce checks and capability checks on these handlers is noted, but the primary concern remains the lack of explicit authorization before execution.",[241,243],{"reason":242,"points":162},"Unprotected AJAX handlers",{"reason":244,"points":227},"Large attack surface without auth","2026-03-16T17:51:23.193Z",{"wat":247,"direct":259},{"assetPaths":248,"generatorPatterns":252,"scriptPaths":253,"versionParams":255},[249,250,251],"\u002Fwp-content\u002Fplugins\u002Flogin-security-recaptcha\u002Fassets\u002Fcss\u002Fstlsr-admin.css","\u002Fwp-content\u002Fplugins\u002Flogin-security-recaptcha\u002Fassets\u002Fjs\u002Fstlsr-admin.js","\u002Fwp-content\u002Fplugins\u002Flogin-security-recaptcha\u002Fassets\u002Fcss\u002Fstlsr.css",[],[254],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js?onload=lsrecaptcha2",[256,257,258],"login-security-recaptcha\u002Fassets\u002Fcss\u002Fstlsr-admin.css?ver=","login-security-recaptcha\u002Fassets\u002Fjs\u002Fstlsr-admin.js?ver=","login-security-recaptcha\u002Fassets\u002Fcss\u002Fstlsr.css?ver=",{"cssClasses":260,"htmlComments":262,"htmlAttributes":263,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":269},[261],"stls-grecaptcha2",[],[264],"data-action",[],[267,268],"stlsradminurl","stgrecaptcha2",[]]