[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3wDn68-b2k2zJeiwhdaBW6hevUqyhee-D7ZwZas504w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":276},"members-blog","MembersBlog","1.4.48f","DCoda","https:\u002F\u002Fprofiles.wordpress.org\u002Fdcoda\u002F","\u003Cp>This plugin is only supported on PHP 5.2 or greater.\u003C\u002Fp>\n\u003Cp>\u003C!--description-->\u003Cbr \u002F>\nMembersBlog easily allows you to lock down your blog to members only.\u003Cbr \u002F>\nUnauthenticated visitors who try to view the blog content will be forced to the login page , or presented with an browser login prompt if they try to view the feed.\u003C\u002Fp>\n\u003Cp>When the blog and feed are locked down to subscribe to a feed using a feed reader a username and password must be supplied in the url:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002F{username}:{password}@{feed url}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003C!--description-->\u003C\u002Fp>\n\u003Cp>If you are having trouble and cannot find the answers in the \u003Ca href=\"http:\u002F\u002Fmembersblog.dcoda.co.uk\u002Fhelp\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa> you can post your support questions to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Fmembers-blog\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you find MembersBlog useful please rate it at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmembers-blog\u002F\" rel=\"ugc\">wordpress.org\u003C\u002Fa> and please consider making a \u003Ca href=\"http:\u002F\u002Fmembersblog.dcoda.co.uk\u002Fdonate\u002F\" rel=\"nofollow ugc\">donation\u003C\u002Fa> to help us set aside more hours to maintain MembersBlog\u003C\u002Fp>\n\u003Cp>MembersBlog is written by \u003Ca href='http:\u002F\u002Fdcoda.co.uk' rel=\"nofollow ugc\">dcoda\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can check out our other plugins \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Fdcoda\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you require a custom plugin you can contact us \u003Ca href=\"http:\u002F\u002Fdcoda.co.uk\u002Fcontact\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa> and maybe we could write it for you.\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>(c) Copyright DCoda Limited, 2007 -, All Rights Reserved.\u003C\u002Fp>\n\u003Cp>This code is released under the GPL license version 2, available here:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.txt\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.txt\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>There are so many possibly configurations of installation the plugin can be installed on we limit testing to a PHP 5.2+ Linux platform running the latest version of WordPress at the time of release but it is released WITHOUT ANY WARRANTY;\u003Cbr \u002F>\n without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Lock down all your posts and pages so only members can access them",10,5749,0,"2012-06-04T14:25:00.000Z","3.3.2","3.0.0","",[19,20,21,22],"blog","members","private","security","http:\u002F\u002Fmembersblog.dcoda.co.uk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembers-blog.1.4.48f.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"dcoda",4,40,30,84,"2026-04-04T16:15:57.069Z",[37,56,74,98,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":17,"download_link":55,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"buddyfence","Buddyfence","1.2.2","JC","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcrr\u002F","\u003Cp>Buddypress pages are public by default. This plugin allows you to restrict not logged-in users from accessing these pages.\u003C\u002Fp>\n\u003Cp>If an anonymous user tries to access these pages, they will be redirected either to the login page, or to the homepage, or even to a custom page.\u003C\u002Fp>\n\u003Cp>The plugin also allows to display on these pages a template with a message to log in instead of directly redirecting them elsewhere.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Very easy to use, you only have to choose which pages want to retrict to anonymous users (not logged-in users).\u003C\u002Fli>\n\u003Cli>Small and lightweight plugin (around 10-15kb).\u003C\u002Fli>\n\u003Cli>No CSS, no scripts. No requests to static files.\u003C\u002Fli>\n\u003Cli>Fully translated into Spanish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Any bugs to report? Any suggestions? Please contact me.\u003C\u002Fp>\n\u003Cp>You can help me too either by rating this plugin or by making a donation.\u003C\u002Fp>\n","This plugin allows you to restrict not logged-in users from accessing BuddyPress pages",50,3732,100,2,"2022-05-23T15:33:00.000Z","6.0.11","4.0",[53,20,21,54,22],"buddypress","redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddyfence.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":13,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"cfb-must-login","CFB Must Login","1.0.0","Code For Broke","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodeforbroke\u002F","\u003Cp>Must Login is a lightweight, user-friendly plugin that allows you to require login for your entire site with just one click. Perfect for membership sites, private blogs, intranets, or any site that needs to restrict access to registered users only.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Toggle\u003C\u002Fstrong> – Enable or disable login requirement instantly from the admin bar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Protection\u003C\u002Fstrong> – Configurable authentication requirement for REST API endpoints\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cache Clearing\u003C\u002Fstrong> – Automatically clears popular caching plugins when toggling protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bar Status Indicator\u003C\u002Fstrong> – Always see at a glance whether login is required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Settings Page\u003C\u002Fstrong> – Easy-to-use settings interface\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Override\u003C\u002Fstrong> – Administrators always have access, even when login is required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Redirects\u003C\u002Fstrong> – Users are redirected to login and then back to their intended page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Endpoint Access\u003C\u002Fstrong> – Allow specific REST API endpoints for forms and authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Compatibility\u003C\u002Fstrong> – Works with WP Super Cache, W3 Total Cache, WP Rocket, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Configuration Needed\u003C\u002Fstrong> – Works perfectly out of the box\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong> – Fully internationalized and ready for translation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Click the lock icon in the admin bar to toggle login requirement\u003C\u002Fli>\n\u003Cli>That’s it! Your site is now protected\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>When enabled, all visitors must log in to view any page on your site. Administrators can quickly toggle this on or off from anywhere on the site using the admin bar.\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>cfb_must_login_redirect_url\u003C\u002Fstrong> – Customize the login redirect URL\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('cfb_must_login_redirect_url', function($redirect_url, $redirect_to) {\n    return 'https:\u002F\u002Fexample.com\u002Fcustom-login';\n}, 10, 2);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>cfb_must_login_allowed_rest_routes\u003C\u002Fstrong> – Allow additional REST API endpoints\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('cfb_must_login_allowed_rest_routes', function($routes) {\n    $routes[] = '\u002Fmy-plugin\u002Fv1\u002Fpublic';\n    return $routes;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Actions\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>cfb_must_login_clear_cache\u003C\u002Fstrong> – Triggered when cache is cleared\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action('cfb_must_login_clear_cache', function() {\n    \u002F\u002F Custom cache clearing logic\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Capabilities\u003C\u002Fh4>\n\u003Cp>The plugin uses the \u003Ccode>cfb_must_login_manage\u003C\u002Fcode> capability, which is mapped to \u003Ccode>manage_options\u003C\u002Fcode> by default. You can customize this using the \u003Ccode>map_meta_cap\u003C\u002Fcode> filter.\u003C\u002Fp>\n","Require users to log in before viewing your site with easy admin toggle controls. Includes REST API protection and automatic cache clearing.",112,"2025-12-31T18:50:00.000Z","6.9.4","5.0","7.4",[70,20,21,71,22],"login","rest-api","https:\u002F\u002Fgithub.com\u002Fcodeforbroke\u002Fmust-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcfb-must-login.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":93,"download_link":94,"security_score":95,"vuln_count":96,"unpatched_count":13,"last_vuln_date":97,"fetched_at":27},"underconstruction","underConstruction","1.22","Garrett Grimm","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrimmdude\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fappsumo.com\u002Fsearch?tags=wordpress&utm_source=sumo&utm_medium=wp-widget&utm_campaign=social-media-widget\" rel=\"nofollow ugc\">Check out the latest WordPress deals for your site.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Creates a ‘Coming Soon’ page that will show for all users who are not logged in. Useful for developing a site on a live server, without the world being able to see it\u003C\u002Fp>\n","Creates a 'Coming Soon' page that will show for all users who are not logged in",40000,1745115,90,111,"2024-03-08T05:10:00.000Z","6.4.8","2.7",[90,91,21,22,92],"construction","preview","under-construction","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Funderconstruction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funderconstruction.1.22.zip",82,5,"2024-03-29 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":84,"num_ratings":108,"last_updated":109,"tested_up_to":66,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":116,"download_link":117,"security_score":118,"vuln_count":48,"unpatched_count":13,"last_vuln_date":119,"fetched_at":27},"jonradio-private-site","My Private Site","4.1.0","David Gewirtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgewirtz\u002F","\u003Cp>\u003Cstrong>My Private Site\u003C\u002Fstrong> makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust.\u003C\u002Fp>\n\u003Cp>Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles.\u003C\u002Fp>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Family sites and school projects\u003C\u002Fstrong>: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development and staging sites\u003C\u002Fstrong>: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clubs, groups, and internal blogs\u003C\u002Fstrong>: Create a private online space for members or staff without the overhead of a complex membership system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Digital Fortress protection\u003C\u002Fh3>\n\u003Cp>My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make your entire WordPress site private with a single setting  \u003C\u002Fli>\n\u003Cli>Redirect logged-out visitors automatically to the login page  \u003C\u002Fli>\n\u003Cli>Choose where users land after login (requested page, home, dashboard, or custom URL)  \u003C\u002Fli>\n\u003Cli>Support user self-registration on private sites when enabled  \u003C\u002Fli>\n\u003Cli>Protect registration with built-in spam controls and optional reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Optionally block unauthenticated access to the WordPress REST API  \u003C\u002Fli>\n\u003Cli>Simple, no-code setup using standard WordPress settings \u003C\u002Fli>\n\u003Cli>Privacy shortcode lets you selectively show or hide content within a page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in AI Crawler Defense\u003C\u002Fh3>\n\u003Cp>The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated \u003Cstrong>AI Crawler Defense\u003C\u002Fstrong> features:\u003Cbr \u002F>\n* \u003Cstrong>NoAI and NoImageAI tags\u003C\u002Fstrong>: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training.\u003Cbr \u002F>\n* \u003Cstrong>Block GPTBot\u003C\u002Fstrong>: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site.\u003Cbr \u002F>\n* \u003Cstrong>Really Simple Licensing (RSL)\u003C\u002Fstrong>: Publish a machine-readable license that explicitly prohibits AI training on your content.\u003C\u002Fp>\n\u003Cp>These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you’re not using any other site privacy features.\u003C\u002Fp>\n\u003Ch3>Watch the Video Overview and Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fjry3DHD-OB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium Add-ons\u003C\u002Fh3>\n\u003Cp>Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost.\u003C\u002Fp>\n\u003Cp>Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you’re using any site privacy features.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB6s8O9VZLc0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-public-pages\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Public Pages 2.0\u003C\u002Fstrong>\u003C\u002Fa>: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fu7BuYtzS_pI\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-advanced-ai-defense\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced AI Crawler Defense\u003C\u002Fstrong>\u003C\u002Fa>: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FEb4qQDafaRk\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-visitor-intelligence\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visitor Intelligence\u003C\u002Fstrong>\u003C\u002Fa>: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FTTK8bGVD8pM\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-guest-access\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Guest Access\u003C\u002Fstrong>\u003C\u002Fa>: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fj1vYV8lhqcc\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-block-ip\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Block IP\u003C\u002Fstrong>\u003C\u002Fa>: Block unwanted visitors by IP address or range with full IPv4\u002FIPv6 support, configurable scope, and fast enforcement to secure your WordPress site. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FvsxLqYXWITs\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-tags-and-categories\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Tags & Categories\u003C\u002Fstrong>\u003C\u002Fa>: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FdEv7lXxU5lo\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-selective-content\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Selective Content\u003C\u002Fstrong>\u003C\u002Fa>: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FexgJrJJSCNY\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-pricing\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Digital Fortress Bundle\u003C\u002Fstrong>\u003C\u002Fa>: All add-ons are available in bundle form.  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FB6s8O9VZLc0\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limits\u003C\u002Fh3>\n\u003Cp>This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing.\u003C\u002Fp>\n\u003Ch3>Support Note\u003C\u002Fh3>\n\u003Cp>Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">open a ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Mailing List\u003C\u002Fh3>\n\u003Cp>If you’d like to keep up with the latest updates to this plugin, please visit \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Flab-notes\u002F\" rel=\"nofollow ugc\">David’s Lab Notes\u003C\u002Fa> and add yourself to the mailing list.\u003C\u002Fp>\n","Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.",20000,568968,80,"2026-01-28T21:00:00.000Z","4.4","5.4",[70,113,114,115,22],"privacy","private-site","registration","http:\u002F\u002Fzatzlabs.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjonradio-private-site.4.1.0.zip",99,"2024-02-16 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":34,"num_ratings":96,"last_updated":130,"tested_up_to":66,"requires_at_least":51,"requires_php":131,"tags":132,"homepage":17,"download_link":136,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,"2026-02-17T09:27:00.000Z","8.1",[70,133,134,22,135],"membership","passwords","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"attackSurface":138,"codeSignals":153,"taintFlows":196,"riskAssessment":260,"analyzedAt":275},{"hooks":139,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":13,"unprotectedCount":13},[140,145],{"type":141,"name":142,"callback":142,"file":143,"line":144},"action","init","library\\wordpress\\application.php",54,{"type":141,"name":142,"callback":146,"file":147,"line":148},"initWPaction","library\\wordpress\\data\\meta.php",21,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":167,"outputEscaping":170,"fileOperations":191,"externalRequests":168,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":192},[155,160,164],{"fn":156,"file":157,"line":158,"context":159},"unserialize","library\\base\\data\\xml.php",165,"$new_key = unserialize ( $key );",{"fn":156,"file":161,"line":162,"context":163},"library\\wordpress\\data\\legacy.php",122,"$data [$new_key] = unserialize ( $data [$new_key] );",{"fn":156,"file":147,"line":165,"context":166},133,"$data = unserialize($value[0]);",{"prepared":168,"raw":13,"locations":169},1,[],{"escaped":13,"rawEcho":171,"locations":172},7,[173,177,180,182,184,186,189],{"file":174,"line":175,"context":176},"library\\base\\http.php",79,"raw output",{"file":178,"line":179,"context":176},"library\\base\\view.php",28,{"file":178,"line":181,"context":176},107,{"file":178,"line":183,"context":176},113,{"file":178,"line":185,"context":176},147,{"file":187,"line":188,"context":176},"library\\wordpress\\action.php",603,{"file":187,"line":190,"context":176},770,6,[193],{"name":194,"version":26,"knownCves":195},"TinyMCE",[],[197,217,225,235,247],{"entryPoint":198,"graph":199,"unsanitizedCount":168,"severity":216},"template_redirectWPaction (application\\controllers\\actions.php:4)",{"nodes":200,"edges":213},[201,207],{"id":202,"type":203,"label":204,"file":205,"line":206},"n0","source","$_SERVER","application\\controllers\\actions.php",23,{"id":208,"type":209,"label":210,"file":205,"line":211,"wp_function":212},"n1","sink","header() [Header Injection]",31,"header",[214],{"from":202,"to":208,"sanitized":215},false,"medium",{"entryPoint":218,"graph":219,"unsanitizedCount":168,"severity":216},"\u003Cactions> (application\\controllers\\actions.php:0)",{"nodes":220,"edges":223},[221,222],{"id":202,"type":203,"label":204,"file":205,"line":206},{"id":208,"type":209,"label":210,"file":205,"line":211,"wp_function":212},[224],{"from":202,"to":208,"sanitized":215},{"entryPoint":226,"graph":227,"unsanitizedCount":168,"severity":216},"basic_auth (library\\wordpress\\action.php:306)",{"nodes":228,"edges":233},[229,232],{"id":202,"type":203,"label":230,"file":187,"line":231},"$_SERVER['SERVER_NAME']",314,{"id":208,"type":209,"label":210,"file":187,"line":231,"wp_function":212},[234],{"from":202,"to":208,"sanitized":215},{"entryPoint":236,"graph":237,"unsanitizedCount":168,"severity":216},"callback (library\\wordpress\\action.php:733)",{"nodes":238,"edges":245},[239,242],{"id":202,"type":203,"label":240,"file":187,"line":241},"$_GET",734,{"id":208,"type":209,"label":243,"file":187,"line":190,"wp_function":244},"echo() [XSS]","echo",[246],{"from":202,"to":208,"sanitized":215},{"entryPoint":248,"graph":249,"unsanitizedCount":48,"severity":216},"\u003Caction> (library\\wordpress\\action.php:0)",{"nodes":250,"edges":257},[251,252,253,255],{"id":202,"type":203,"label":230,"file":187,"line":231},{"id":208,"type":209,"label":210,"file":187,"line":231,"wp_function":212},{"id":254,"type":203,"label":240,"file":187,"line":241},"n2",{"id":256,"type":209,"label":243,"file":187,"line":190,"wp_function":244},"n3",[258,259],{"from":202,"to":208,"sanitized":215},{"from":254,"to":256,"sanitized":215},{"summary":261,"deductions":262},"The \"members-blog\" plugin v1.4.48f presents a mixed security posture. On the positive side, the plugin exhibits strong practices regarding database interactions, utilizing prepared statements for all SQL queries and lacking any recorded historical vulnerabilities. This suggests a development team that is either security-conscious or has benefited from past lessons learned. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points indicates a very limited attack surface from an external interaction perspective.  However, significant concerns arise from the static analysis of the code. The presence of the `unserialize` function without any apparent input validation or sanitization is a critical risk, as it can lead to Remote Code Execution vulnerabilities if untrusted data is passed to it. Furthermore, the fact that 0% of output is properly escaped is highly alarming, opening the door to Cross-Site Scripting (XSS) vulnerabilities across the plugin's output. The lack of any nonce checks or capability checks on any of the identified (albeit limited) entry points is also a notable weakness, failing to implement basic WordPress security mechanisms. The taint analysis also flags an issue with unsanitized paths, indicating potential for path traversal vulnerabilities.",[263,266,269,271,273],{"reason":264,"points":265},"Dangerous function 'unserialize' used without apparent checks",15,{"reason":267,"points":268},"0% of output properly escaped (XSS risk)",8,{"reason":270,"points":171},"No nonce checks implemented",{"reason":272,"points":171},"No capability checks implemented",{"reason":274,"points":96},"Taint analysis shows unsanitized paths","2026-03-17T00:17:05.961Z",{"wat":277,"direct":292},{"assetPaths":278,"generatorPatterns":284,"scriptPaths":285,"versionParams":286},[279,280,281,282,283],"\u002Fwp-content\u002Fplugins\u002Fmembers-blog\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fimages.css","\u002Fwp-content\u002Fplugins\u002Fmembers-blog\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fmembers-blog\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Ffront.css","\u002Fwp-content\u002Fplugins\u002Fmembers-blog\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fcommon.css","\u002Fwp-content\u002Fplugins\u002Fmembers-blog\u002Flibrary\u002Fbase\u002Fpublic\u002Fjs\u002Fscript.js",[],[283],[287,288,289,290,291],"v48fv_images?ver=","v48fv_admin?ver=","v48fv_front?ver=","v48fv_common?ver=","v48fv_script_js?ver=",{"cssClasses":293,"htmlComments":295,"htmlAttributes":300,"restEndpoints":302,"jsGlobals":303,"shortcodeOutput":305},[294],"v48fv_16x16_info",[296,297,298,299],"??document??","Default actions of all types","Routines used by the default actions","default sub menu items",[301],"data-plugin-name",[],[304],"v48fv_data",[]]