[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPo9W_zMe4QauX3vs39HktCOogee7EqQlJOXFWgslcW0":3,"$f2ICq891fpykpytYZ40i2ps-pZIHU4tpFT66cdrbux9c":361,"$fF62SAeOLQ9JuF4hPsTF5HxuNmRJ5uTeme3K3NMxrxOo":365},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":40,"analysis":135,"fingerprints":323},"multidots-passkey-login","Multidots Passkey Login – Passwordless Login for WordPress","1.1","MULTIDOTS Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fmultidots\u002F","\u003Cp>\u003Cstrong>Multidots Passkey Login\u003C\u002Fstrong> – Passwordless Authentication brings next-generation login security to WordPress.\u003C\u002Fp>\n\u003Cp>Give your users a \u003Cstrong>secure and modern login experience\u003C\u002Fstrong> with passkeys — the new standard for \u003Cstrong>passwordless authentication\u003C\u002Fstrong> supported by all major browsers and devices.\u003C\u002Fp>\n\u003Cp>With Multidots Passkey Login, users can log in using \u003Cstrong>biometric authentication\u003C\u002Fstrong> (Face ID, Touch ID), \u003Cstrong>Windows Hello, or a device PIN—no passwords are\u003C\u002Fstrong> required.\u003C\u002Fp>\n\u003Cp>This creates a \u003Cstrong>fast, secure, and phishing-resistant\u003C\u002Fstrong> login experience that works seamlessly across desktop and mobile.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FsnlEpo36Kug?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>Built for Flexibility:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Instantly works for existing WordPress users after registering a passkey.\u003C\u002Fli>\n\u003Cli>Simple yet powerful admin settings to manage login behavior and security.\u003C\u002Fli>\n\u003Cli>Built on the \u003Cstrong>FIDO2\u002FWebAuthn standard\u003C\u002Fstrong> trusted by \u003Cstrong>Apple, Google, and Microsoft\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for publishers, WooCommerce stores, agency clients, and high-security use cases.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🔐 Secure & Seamless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwordless login with Touch ID, Face ID, or security keys.\u003C\u002Fli>\n\u003Cli>Works instantly for existing users after passkey registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>📝 Easy User Registration\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Register a passkey for existing users without one.\u003C\u002Fli>\n\u003Cli>Create new users directly with passkey registration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚙️ Flexible Admin Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002FDisable passkey login with one click.\u003C\u002Fli>\n\u003Cli>Control session timeout for added security.\u003C\u002Fli>\n\u003Cli>Multiple authentication options: QR code scan, Chrome guest mode, iCloud Keychain, etc.\u003C\u002Fli>\n\u003Cli>Limit number of passkeys per user (e.g., max 2 credentials).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🎨 Frontend Integration\u003C\u002Fstrong>\u003Cbr \u002F>\nShortcodes included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli> [mdlogin_passkey_login] \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Displays a Login with Passkey button.\u003C\u002Fli>\n\u003Cli> [mdlogin_passkey_register]  \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>  Displays passkey registration form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🛡️ Security Requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Requires HTTPS for secure operation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose the Multidots Passkey Login Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Security\u003C\u002Fstrong>: Strong protection against phishing and stolen credentials.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong>: Log in with a single tap or scan—no passwords to remember.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise-Grade Standards\u003C\u002Fstrong>: Built on FIDO2\u002FWebAuthn protocols used by major platforms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-Device Compatibility\u003C\u002Fstrong>: Works on iOS, Android, macOS, and Windows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted Developer\u003C\u002Fstrong>: Created by Multidots, a WordPress VIP Gold Agency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Activate Plugin – Enable Passkey Login from settings.\u003C\u002Fli>\n\u003Cli>User Registers a Passkey – through profile settings \u003C\u002Fli>\n\u003Cli>Login Without Passwords – Users authenticate via Touch ID, Face ID, or a security key.\u003C\u002Fli>\n\u003Cli>Admin Controls – Adjust login methods and session policies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Our Other Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsync-product-from-amazon\u002F\" rel=\"ugc\">Sync Product From Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-post-sync\u002F\" rel=\"ugc\">Smart Post Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-by-default\u002F\" rel=\"ugc\">Better By Default\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcentralized-content-management\u002F\" rel=\"ugc\">Centralized Content Management for WordPress Multisite Networks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmd-governance\u002F\" rel=\"ugc\">MD Governance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsalsisync\u002F\" rel=\"ugc\">Salsi Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact Us\u003C\u002Fh3>\n\u003Cp>Free plugin: Need Technical Help? – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmultidots-passkey-login\u002F\" rel=\"ugc\">Click here\u003C\u002Fa>\u003Cbr \u002F>\nPro Plugin: PRE-SALE Questions – \u003Ca href=\"https:\u002F\u002Fwww.multidots.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>\u003C\u002Fp>\n","Passwordless login for WordPress with Passkeys. Enable Touch ID, Face ID, and security keys for seamless, phishing-resistant authentication.",0,437,60,2,"2025-12-03T12:09:00.000Z","6.8.5","6.0","8.1",[20,21,22,23,24],"authentication","biometric-login","login","passkey","passwordless","https:\u002F\u002Fwww.multidots.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultidots-passkey-login.1.1.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"multidots",9,220,97,30,92,"2026-05-20T02:07:30.101Z",[41,63,85,103,120],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":11,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":59,"download_link":60,"security_score":61,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":62},"beyond-identity-passwordless","Beyond Identity Passwordless","1.0.0","Anna Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Fannagarcia\u002F","\u003Cp>Are you or your customers tired of remembering passwords?\u003C\u002Fp>\n\u003Cp>This plugin provides a secure and convenient solution to log into your WordPress website. With Beyond Identity, you can say goodbye to password fatigue and improve your website’s security.\u003C\u002Fp>\n\u003Cp>Once activated, you will see:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Passwordless UI that integrates seamlessly on with the WordPress login page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity Settings page for WordPress admins to configure their Beyond Identity account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Beyond Identity filter on the WordPress Dashboard’s Users page to view which users use passkeys.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Before you begin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You will need a Beyond Identity account to configure this plugin.\u003Cbr \u002F>\nBeyond Identity currently uses “Universal Passkeys,” which are specific to Beyond Identity and have two benefits over your average FIDO2 passkeys.\u003Cbr \u002F>\n1. Universal Passkeys never leave the device on which they are created. This makes them much more secure.\u003Cbr \u002F>\n2. Universal Passkeys work everywhere. Some browsers (Firefox) do not support passkeys. Universal Passkeys work everywhere, even on Firefox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming soon:\u003C\u002Fstrong> Vanilla WebAuthn FIDO2 passkeys. These passkeys allow syncing between devices and work with passkey managers.\u003C\u002Fp>\n\u003Cp>As a Beyond Identity admin, you will have several configuration options including selecting passkey flavors and customizing the login page.\u003C\u002Fp>\n\u003Ch3>Admin Set Up\u003C\u002Fh3>\n\u003Cp>First, sign up for a free developer account by visiting: https:\u002F\u002Fwww.beyondidentity.com\u002Fdevelopers\u003C\u002Fp>\n\u003Cp>Once you have a developer account you will need to set several values for the OIDC server. Follow the steps below to configure a Beyond Identity application. Most defaults are fine. However make sure the following are set:\u003C\u002Fp>\n\u003Col>\n\u003Cli>In your Beyond Identity Console, navigate to the \u003Cstrong>Apps\u003C\u002Fstrong> tab under Authentication\u003C\u002Fli>\n\u003Cli>Tap \u003Cstrong>Add an application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Protocol\u003C\u002Fstrong> to \u003Cstrong>OIDC\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Client Type\u003C\u002Fstrong> to \u003Cstrong>Confidential\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>PKCE\u003C\u002Fstrong> to \u003Cstrong>Disabled\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Redirect URIs\u003C\u002Fstrong> to include \u003Ccode>https:\u002F\u002F${your-website-domain.com}\u002Fwp-admin\u002Fadmin-ajax.php?action=openid-connect-authorize\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Token Configuration\u003C\u002Fstrong> > \u003Cstrong>Subject\u003C\u002Fstrong> to \u003Cstrong>id\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>At the top of the page, navigate to your application’s \u003Cstrong>Authenticator Config\u003C\u002Fstrong> tab\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Configuration Type\u003C\u002Fstrong> to \u003Cstrong>Hosted Web\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The recommended defaults for \u003Cstrong>Authentication Profile\u003C\u002Fstrong> are fine but feel free to modify\u003C\u002Fli>\n\u003Cli>Tap the \u003Cstrong>Submit\u003C\u002Fstrong> button to save your changes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Finally, go to your WordPress dashboard and find the Beyond Identity Settings page. You will need three generated values from your newly created application. You can find the \u003Cstrong>Issuer URL\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong> in the Beyond Identity Console’s application that you just created.\u003C\u002Fp>\n\u003Cp>For more information on how Beyond Identity works, visit the \u003Ca href=\"http:\u002F\u002Fdeveloper.beyondidentity.com\" rel=\"nofollow ugc\">developer documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For help, reach out on \u003Ca href=\"https:\u002F\u002Fjoin.slack.com\u002Ft\u002Fbyndid\u002Fshared_invite\u002Fzt-1anns8n83-NQX4JvW7coi9dksADxgeBQ\" rel=\"nofollow ugc\">Slack\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>This plugin also provides shortcodes that can be used on any page or post. These include:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_login_button]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates a button to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[beyond_identity_auth_url]  \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Generates the authorize URL to log in with a Beyond Identity Universal Passkey.\u003C\u002Fp>\n\u003Cp>For information on shortcode customization attributes, please refer to the documentation available in the Settings > Beyond Identity dashboard page after activating the plugin.\u003C\u002Fp>\n","A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.",721,40,1,"2023-10-16T21:38:00.000Z","6.3.8","4.9","7.2",[20,22,57,24,58],"passkeys","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeyond-identity-passwordless.1.0.0.zip",85,"2026-04-16T10:56:18.058Z",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":17,"requires_php":77,"tags":78,"homepage":81,"download_link":82,"security_score":83,"vuln_count":51,"unpatched_count":11,"last_vuln_date":84,"fetched_at":62},"secure-passkeys","Secure Passkeys","1.2.4","Mohamed Endisha","https:\u002F\u002Fprofiles.wordpress.org\u002Fendisha\u002F","\u003Cp>Secure Passkeys is a powerful WordPress plugin that enables seamless passwordless authentication using WebAuthn technology. By eliminating the need for traditional passwords, it enhances security and improves the user login experience. With support for biometric authentication, security keys, and device-bound credentials, Secure Passkey provides a robust and user-friendly solution for modern authentication.\u003C\u002Fp>\n\u003Cp>Unlike traditional password-based authentication, Secure Passkey leverages cryptographic key pairs to ensure secure logins. The private key remains securely stored on the user’s device, while the public key is registered with the WordPress site. This method protects against phishing attacks and password breaches, ensuring that only authorized users can gain access.\u003C\u002Fp>\n\u003Cp>Secure Passkeys integrates effortlessly into WordPress, allowing users to register and manage their passkeys from their profile settings. Once registered, users can log in using their fingerprint, face recognition, or a hardware security key without the need to remember or enter a password.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login:\u003C\u002Fstrong> Secure authentication via WebAuthn with biometric devices, security keys, Touch ID, Face ID, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced User Experience:\u003C\u002Fstrong>  Password-free login for a smoother user journey.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integration Support:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WooCommerce login page\u003C\u002Fli>\n\u003Cli>MemberPress login form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads login form\u003C\u002Fli>\n\u003Cli>Ultimate Member login form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Management:\u003C\u002Fstrong>  Administrators can delete, activate, or deactivate users directly from plugin settings or user profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkeys Reminder Notice:\u003C\u002Fstrong>  New option to enable or disable the passkeys reminder notice in the WordPress admin area for users who have not yet enabled passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging:\u003C\u002Fstrong>  Monitor activity logs and track last login\u002Fregistration of passkeys.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys:\u003C\u002Fstrong> Supports multiple passkey registrations per user, with the option to set a registration limit or allow unlimited registrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Restrictions:\u003C\u002Fstrong> Restrict and exclude specific user roles from using passkey authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Settings:\u003C\u002Fstrong>  Adjust timeout settings for passkey registration and login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Verification:\u003C\u002Fstrong> Enforce user verification for enhanced security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend Customization:\u003C\u002Fstrong> Easily customize frontend themes or add your own with basic frontend skills.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Support:\u003C\u002Fstrong> Supports pre-built themes like YOOtheme (UIkit) for frontend shortcodes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes:\u003C\u002Fstrong> Embed passkey login and registration forms on custom frontend pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passkey Display:\u003C\u002Fstrong> Show passkey details in admin user lists and profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Supports WordPress Multisite and single-site installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Optimization:\u003C\u002Fstrong>  Option to allow or disallow automatic deletion of old challenge records and activity logs (configurable schedule).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.0 or newer.\u003C\u002Fli>\n\u003Cli>PHP version 7.4 or newer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Secure Passkeys is licensed under the GNU General Public License v2 or later.\u003C\u002Fp>\n","Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.",1000,5726,96,18,"2026-01-30T19:50:00.000Z","6.9.4","7.4",[22,57,24,79,80],"secure","webauthn","https:\u002F\u002Fendisha.ly\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-passkeys.1.2.4.zip",99,"2025-09-19 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":27,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":18,"tags":99,"homepage":101,"download_link":102,"security_score":61,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":62},"biometric-authentication","Biometric Authentication","0.3.8","Ivan Kristianto","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankristianto\u002F","\u003Cp>This innovative plugin introduces passkey login to your WordPress experience. No more struggling to remember complex passwords.\u003Cbr \u002F>\nSimply use your fingerprint, face ID, or a secure PIN to log in with ease. You can still use your username and password to login to your site as fallback.\u003C\u002Fp>\n\u003Ch3>Enhanced Security, Frictionless Access:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Effortless Login: Unlock the power of passkeys for a smooth and secure login experience.\u003C\u002Fli>\n\u003Cli>Superior Security: Passkeys offer enhanced protection against breaches compared to traditional passwords.\u003C\u002Fli>\n\u003Cli>Convenience at Your Fingertips: Enjoy the freedom of logging in with your biometrics or a secure PIN.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code of this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fivankristianto\u002Fwp-passkey\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Passkeys are a safer and easier alternative to passwords. Simply use your fingerprint or face ID to log in with ease.",2978,94,3,"2024-05-01T04:23:00.000Z","6.5.8","6.1",[20,100,23,24,58],"biometric","https:\u002F\u002Fgithub.com\u002Fivankristianto\u002Fwp-passkey\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbiometric-authentication.0.3.8.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":37,"downloaded":111,"rating":11,"num_ratings":11,"last_updated":112,"tested_up_to":16,"requires_at_least":113,"requires_php":59,"tags":114,"homepage":118,"download_link":119,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":62},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1287,"2025-11-24T22:55:00.000Z","3.9",[115,20,24,116,117],"2fa","secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":11,"num_ratings":11,"last_updated":130,"tested_up_to":76,"requires_at_least":131,"requires_php":55,"tags":132,"homepage":133,"download_link":134,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":62},"bye-bye-passwords","Bye Bye Passwords","1.2.7","Clayton LZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaytonlz\u002F","\u003Cp>\u003Cstrong>Bye Bye Passwords\u003C\u002Fstrong> brings modern passwordless authentication to WordPress using WebAuthn\u002FPasskeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Sign in using Touch ID, Face ID, Windows Hello, or security keys\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Passkeys\u003C\u002Fstrong> – Register multiple devices for convenient access anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recovery Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong> – Eliminate password-based attacks completely\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong> – Simple setup with no technical knowledge required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – Your authentication data stays on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Integration\u003C\u002Fstrong> – Seamlessly integrated into WordPress admin and login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Register a passkey from your WordPress admin profile\u003C\u002Fli>\n\u003Cli>Use your device’s built-in authentication (fingerprint, face, PIN)\u003C\u002Fli>\n\u003Cli>Sign in instantly without typing passwords\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SSL\u002FHTTPS enabled website (required for WebAuthn)\u003C\u002Fli>\n\u003Cli>Modern browser with WebAuthn support\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.\u003C\u002Fp>\n\u003Ch4>FIDO Alliance Metadata Service\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>URL:\u003C\u002Fstrong> https:\u002F\u002Fmds.fidoalliance.org\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Downloads attestation root certificates to verify the authenticity of security keys and passkey devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When:\u003C\u002Fstrong> Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> No personal or user data is transmitted – only a standard HTTP GET request\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> FIDO Alliance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fmetadata\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Ffidoalliance.org\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.\u003C\u002Fp>\n","Enable passwordless authentication for WordPress using WebAuthn\u002FPasskeys. More secure, more convenient.",20,254,"2026-02-26T18:34:00.000Z","5.0",[20,57,24,58,80],"https:\u002F\u002Fgithub.com\u002Fclayton\u002Fbyebyepw","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbye-bye-passwords.1.2.7.zip",{"attackSurface":136,"codeSignals":302,"taintFlows":316,"riskAssessment":317,"analyzedAt":322},{"hooks":137,"ajaxHandlers":214,"restRoutes":247,"shortcodes":292,"cronEvents":299,"entryPointCount":74,"unprotectedCount":51},[138,144,148,151,155,160,165,169,172,174,178,183,186,189,193,198,202,205,208,211],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","mdlogin_add_admin_menu","admin\u002Fclass-mdlogin-passkey-admin.php",54,{"type":139,"name":145,"callback":146,"file":142,"line":147},"admin_enqueue_scripts","mdlogin_enqueue_admin_scripts",57,{"type":139,"name":145,"callback":149,"file":142,"line":150},"mdlogin_enqueue_admin_styles",58,{"type":139,"name":152,"callback":153,"file":142,"line":154},"admin_init","mdlogin_register_settings",61,{"type":139,"name":156,"callback":157,"file":158,"line":159},"admin_notices","closure","admin\u002Fclass-mdlogin-passkey-users-list-table.php",158,{"type":139,"name":161,"callback":162,"file":163,"line":164},"rest_api_init","mdlogin_register_routes","includes\u002Fclass-mdlogin-passkey-api.php",305,{"type":139,"name":166,"callback":167,"file":168,"line":143},"login_enqueue_scripts","mdlogin_enqueue_scripts","includes\u002Fclass-mdlogin-passkey-loader.php",{"type":139,"name":170,"callback":171,"file":168,"line":147},"login_form","mdlogin_add_login_ui",{"type":139,"name":170,"callback":173,"file":168,"line":13},"mdlogin_add_nonce_field",{"type":139,"name":175,"callback":176,"file":168,"line":177},"mdlogin_passkey_cleanup","mdlogin_cleanup_expired_sessions",67,{"type":139,"name":179,"callback":180,"file":181,"line":182},"show_user_profile","mdlogin_add_passkey_section","includes\u002Fclass-mdlogin-passkey-profile.php",55,{"type":139,"name":184,"callback":180,"file":181,"line":185},"edit_user_profile",56,{"type":139,"name":145,"callback":187,"file":181,"line":188},"mdlogin_enqueue_profile_scripts",59,{"type":139,"name":190,"callback":191,"file":192,"line":150},"wp_enqueue_scripts","mdlogin_enqueue_shortcode_scripts","includes\u002Fclass-mdlogin-passkey-shortcodes.php",{"type":139,"name":194,"callback":195,"file":196,"line":197},"plugins_loaded","mdlogin_load_dependencies","multidots-passkey-login.php",72,{"type":139,"name":199,"callback":200,"file":196,"line":201},"init","mdlogin_init",75,{"type":139,"name":156,"callback":203,"file":196,"line":204},"mdlogin_composer_notice",90,{"type":139,"name":156,"callback":206,"file":196,"line":207},"mdlogin_php_version_notice",223,{"type":139,"name":156,"callback":209,"file":196,"line":210},"mdlogin_wp_version_notice",229,{"type":139,"name":156,"callback":212,"file":196,"line":213},"mdlogin_https_notice",235,[215,220,224,228,231,233,237,240,243],{"action":216,"nopriv":217,"callback":218,"hasNonce":217,"hasCapCheck":219,"file":142,"line":177},"mdlogin_passkey_get_user_credentials",false,"mdlogin_ajax_get_user_credentials",true,{"action":221,"nopriv":217,"callback":222,"hasNonce":219,"hasCapCheck":219,"file":142,"line":223},"mdlogin_passkey_delete_credential","mdlogin_ajax_delete_credential",68,{"action":225,"nopriv":217,"callback":226,"hasNonce":219,"hasCapCheck":219,"file":142,"line":227},"mdlogin_passkey_delete_all_credentials","mdlogin_ajax_delete_all_credentials",69,{"action":229,"nopriv":217,"callback":229,"hasNonce":219,"hasCapCheck":217,"file":168,"line":230},"mdlogin_get_nonce",63,{"action":229,"nopriv":219,"callback":229,"hasNonce":219,"hasCapCheck":217,"file":168,"line":232},64,{"action":234,"nopriv":217,"callback":235,"hasNonce":219,"hasCapCheck":217,"file":181,"line":236},"mdlogin_passkey_profile_register","mdlogin_ajax_register_passkey",62,{"action":238,"nopriv":217,"callback":239,"hasNonce":219,"hasCapCheck":217,"file":181,"line":230},"mdlogin_passkey_profile_verify","mdlogin_ajax_verify_registration",{"action":241,"nopriv":217,"callback":242,"hasNonce":219,"hasCapCheck":217,"file":181,"line":232},"mdlogin_passkey_profile_delete","mdlogin_ajax_delete_passkey",{"action":244,"nopriv":217,"callback":245,"hasNonce":219,"hasCapCheck":217,"file":181,"line":246},"mdlogin_passkey_profile_get_credentials","mdlogin_ajax_get_credentials",65,[248,256,262,268,274,281,287],{"namespace":249,"route":250,"methods":251,"callback":253,"permissionCallback":254,"file":163,"line":255},"mdlogin\u002Fv1","\u002Fstart-registration",[252],"POST","mdlogin_start_registration","mdlogin_check_registration_permissions",313,{"namespace":249,"route":257,"methods":258,"callback":259,"permissionCallback":260,"file":163,"line":261},"\u002Fverify-registration",[252],"mdlogin_verify_registration","mdlogin_check_verify_registration_permissions",330,{"namespace":249,"route":263,"methods":264,"callback":265,"permissionCallback":266,"file":163,"line":267},"\u002Fstart-login",[252],"mdlogin_start_login","__return_true",338,{"namespace":249,"route":269,"methods":270,"callback":271,"permissionCallback":272,"file":163,"line":273},"\u002Fverify-login",[252],"mdlogin_verify_login","mdlogin_check_verify_login_permissions",346,{"namespace":249,"route":275,"methods":276,"callback":278,"permissionCallback":279,"file":163,"line":280},"\u002Fuser-credentials",[277],"GET","mdlogin_get_user_credentials","mdlogin_check_admin_permissions",354,{"namespace":249,"route":282,"methods":283,"callback":284,"permissionCallback":285,"file":163,"line":286},"\u002Fcurrent-user",[277],"mdlogin_get_current_user","mdlogin_check_logged_in_permissions",368,{"namespace":249,"route":288,"methods":289,"callback":290,"permissionCallback":279,"file":163,"line":291},"\u002Fdelete-credential",[252],"mdlogin_delete_credential",376,[293,296],{"tag":294,"callback":295,"file":192,"line":143},"mdlogin_passkey_login","mdlogin_login_shortcode",{"tag":297,"callback":298,"file":192,"line":182},"mdlogin_passkey_register","mdlogin_register_shortcode",[300],{"hook":175,"callback":175,"file":168,"line":301},71,{"dangerousFunctions":303,"sqlUsage":304,"outputEscaping":307,"fileOperations":11,"externalRequests":11,"nonceChecks":313,"capabilityChecks":314,"bundledLibraries":315},[],{"prepared":305,"raw":11,"locations":306},17,[],{"escaped":308,"rawEcho":51,"locations":309},190,[310],{"file":142,"line":311,"context":312},266,"raw output",12,7,[],[],{"summary":318,"deductions":319},"The multidots-passkey-login plugin v1.1 demonstrates a generally strong security posture, with excellent adherence to secure coding practices. The complete absence of dangerous functions, all SQL queries utilizing prepared statements, and a near-perfect rate of output escaping are significant strengths. Furthermore, the plugin has no recorded vulnerability history, indicating a well-maintained and secure codebase. The presence of numerous nonce and capability checks further bolsters its defenses against common WordPress attacks.\n\nHowever, a notable concern is the presence of one REST API route without permission callbacks. While the overall attack surface is moderate, this single unprotected entry point could potentially be exploited if it handles sensitive data or allows for unauthorized actions. The static analysis did not reveal any critical or high severity taint flows, which is a positive sign, but the lack of taint analysis flows analyzed (0) means this aspect of security is not fully validated. The absence of bundled libraries is also a positive, reducing the risk of using outdated components.\n\nIn conclusion, the plugin is commendably secure with robust coding practices. The primary area for improvement and the sole deduction stems from the single unprotected REST API route. While the risk is currently low due to the absence of known vulnerabilities and taint issues, it represents a potential point of failure that should be addressed to maintain its high security standard.",[320],{"reason":321,"points":314},"REST API route without permission callbacks","2026-04-16T13:25:26.166Z",{"wat":324,"direct":337},{"assetPaths":325,"generatorPatterns":330,"scriptPaths":331,"versionParams":332},[326,327,328,329],"\u002Fwp-content\u002Fplugins\u002Fmultidots-passkey-login\u002Fassets\u002Fcss\u002Fmdlogin-passkey-frontend.css","\u002Fwp-content\u002Fplugins\u002Fmultidots-passkey-login\u002Fassets\u002Fcss\u002Fmdlogin-passkey-backend.css","\u002Fwp-content\u002Fplugins\u002Fmultidots-passkey-login\u002Fassets\u002Fjs\u002Fmdlogin-passkey-frontend.js","\u002Fwp-content\u002Fplugins\u002Fmultidots-passkey-login\u002Fassets\u002Fjs\u002Fmdlogin-passkey-backend.js",[],[],[333,334,335,336],"multidots-passkey-login\u002Fassets\u002Fcss\u002Fmdlogin-passkey-frontend.css?ver=","multidots-passkey-login\u002Fassets\u002Fcss\u002Fmdlogin-passkey-backend.css?ver=","multidots-passkey-login\u002Fassets\u002Fjs\u002Fmdlogin-passkey-frontend.js?ver=","multidots-passkey-login\u002Fassets\u002Fjs\u002Fmdlogin-passkey-backend.js?ver=",{"cssClasses":338,"htmlComments":342,"htmlAttributes":343,"restEndpoints":347,"jsGlobals":354,"shortcodeOutput":357},[339,340,341],"mdlogin-passkey-login-form","mdlogin-passkey-registration-form","mdlogin-passkey-manage-credentials-form",[],[344,345,346],"data-mdlogin-passkey-nonce","data-mdlogin-passkey-user-id","data-mdlogin-passkey-action",[348,349,350,351,352,353],"\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Fregister-challenge","\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Fregister-response","\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Flogin-challenge","\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Flogin-response","\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Fdelete-credential","\u002Fwp-json\u002Fmdlogin-passkey\u002Fv1\u002Fcreate-credential",[355,356],"mdlogin_passkey_frontend_params","mdlogin_passkey_backend_params",[358,359,360],"[mdlogin_passkey_login_form]","[mdlogin_passkey_registration_form]","[mdlogin_passkey_manage_credentials_form]",{"error":219,"url":362,"statusCode":363,"statusMessage":364,"message":364},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmultidots-passkey-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":366},[367,372],{"version":6,"download_url":26,"svn_tag_url":368,"released_at":28,"has_diff":217,"diff_files_changed":369,"diff_lines":28,"trac_diff_url":370,"vulnerabilities":371,"is_current":219},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmultidots-passkey-login\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmultidots-passkey-login%2Ftags%2F1.0&new_path=%2Fmultidots-passkey-login%2Ftags%2F1.1",[],{"version":373,"download_url":374,"svn_tag_url":375,"released_at":28,"has_diff":217,"diff_files_changed":376,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":377,"is_current":217},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultidots-passkey-login.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmultidots-passkey-login\u002Ftags\u002F1.0\u002F",[],[]]