[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOhtoM6lsmQ2K_tmNPjVG2x5A0ry_41tgwCKGS7ccP8Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":152,"fingerprints":298},"oauth-proxy-service","Infusionsoft Proxy Service","1.0.1","Adrian Tobey","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrainingbusinesspros\u002F","\u003Cp>Install this plugin to turn your WP installation into a proxy service to connect your WordPress plugins to Infusionsoft using their Oauth API.\u003Cbr \u002F>\nThis plugin was created to create an Oauth connect for FormLift and is now being released for global use for other developers.\u003C\u002Fp>\n\u003Cp>This plugin is only for developers who plan on distributing their own plugins among the WordPress community with the need of connecting those plugins via Oauth to Infusionsoft.\u003C\u002Fp>\n\u003Cp>Because of the limitations of Oauth, a proxy server is needed to keep your Infusionsoft Developer App’s client_id and client_secret protected as you do not want to place those in your\u003Cbr \u002F>\nplugins files as that could create a massive breach of security, and Infusionsoft might revoke your developer priviledges.\u003C\u002Fp>\n\u003Cp>So, follow the setup procedure on \u003Ca href=\"https:\u002F\u002Foauth.formlift.net\" rel=\"nofollow ugc\">This Page\u003C\u002Fa> to setup your plugin to use this plugin on your proxy site to connect to Infusiosnoft.\u003C\u002Fp>\n\u003Cp>To see how to integrate this with your WordPress plugins, visit the plugin homepage at \u003Ca href=\"https:\u002F\u002Foauth.formlift.net\" rel=\"nofollow ugc\">oauth.formlift.net\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Disclaimers\u003C\u002Fh3>\n\u003Cp>By using this plugin in conjuction with your own, you are required to tell your users the following in your reamdme.txt for compliance reasons in all parts of the world:\u003C\u002Fp>\n\u003Cp>By using the Ouathentication method for [Your Plugin Here], you consent to anonymous API usage statatics being collected by infusionsoft for the following reasons.\u003Cbr \u002F>\n* To provide API usage information to help us create a better plugin.\u003Cbr \u002F>\n* To engage API throttling in the event too many API requests are made within a short period of time.\u003C\u002Fp>\n\u003Cp>By using [Your Plugin Here] you also consent to the use of [Your Proxy Site] as a connection service between [Your Plugin Here] and Infusionsoft. We reserve the right\u003Cbr \u002F>\nto refuse any API authentication requests made and collect anonymous usage statistics.\u003C\u002Fp>\n\u003Cp>However, any API requests made by [Your Plugin Here] will communicate directly with Infusionsoft and forgo [Your Proxy Site]. [Your Proxy Site] only acts as a communication\u003Cbr \u002F>\nservice between [Your Plugin Here] and Infusionsoft during the initial Authentication procedure and subsequent refreshing of autentication tokens. No client information of any kind, such as names, email addresses, or phone numbers\u003Cbr \u002F>\nis ever sent through [Your Proxy Site].\u003C\u002Fp>\n","This plugin is for Infusionsoft Wordpress plugin developers only. Setup your WordPress as a super fast Proxy service for your wordpress based Infusion &hellip;",10,1339,0,"2020-08-07T16:54:00.000Z","4.9.29","4.0","5.6",[19,20,21],"infusionsoft","oauth","proxy","https:\u002F\u002Foauth.formlift.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foauth-proxy-service.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"trainingbusinesspros",7,5900,91,275,73,"2026-04-04T04:22:25.429Z",[37,61,82,108,132],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[54,55,20,56,57],"json-web-authentication","jwt","rest-api","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":47,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":80,"download_link":81,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"varnish-http-purge","Proxy Cache Purge","5.7.0","Danila Vershinin","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvershinin\u002F","\u003Cp>\u003Cstrong>This plugin \u003Cem>does not\u003C\u002Fem> install nor configure a cache proxy. It acts as an interface with such services.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>One common method of caching content for websites is via the use of reverse proxy caching. Common examples of this are \u003Ca href=\"https:\u002F\u002Fwww.varnish-cache.org\u002F\" rel=\"nofollow ugc\">Varnish\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.nginx.org\u002F\" rel=\"nofollow ugc\">NGINX\u003C\u002Fa>. These systems allow a website to update content and have the visitor’s experience cached without the need for complex plugins storing the files locally and using up a user’s disk space.\u003C\u002Fp>\n\u003Cp>A reverse proxy cache is installed in front of a server and reviews requests. If the page being requested is already cached, it delivers the cached content. Otherwise it generates the page and the cache on demand.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The Proxy Cache Purge plugin sends a request to delete (aka flush) the cached data of a page or post every time it’s modified.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Cp>When content on a site is updated by WordPress, the plugin reaches out to the proxy cache service with the URL of the page, requesting the cache be deleted.\u003C\u002Fp>\n\u003Cp>Not all pages are deleted from the cache on every change. For example, when a post, page, or custom post type is edited, or a new comment is added, \u003Cem>only\u003C\u002Fem> the following pages will purge:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The front page\u003C\u002Fli>\n\u003Cli>The post\u002Fpage edited\u003C\u002Fli>\n\u003Cli>Any categories, tags, and\u002For custom taxonomies associated with the page\u003C\u002Fli>\n\u003Cli>Related feeds\u003C\u002Fli>\n\u003Cli>Associated JSON API pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, your \u003Cem>entire\u003C\u002Fem> cache will be deleted on the following actions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Changing themes\u003C\u002Fli>\n\u003Cli>Pressing the \u003Cstrong>Empty Cache\u003C\u002Fstrong> button on the toolbar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugins can hook into the purge actions as well, to filter their own events to trigger a purge.\u003C\u002Fp>\n\u003Cp>On a multisite network using subfolders, only \u003Cstrong>network admins\u003C\u002Fstrong> can purge the main site.\u003C\u002Fp>\n\u003Ch4>Development Mode\u003C\u002Fh4>\n\u003Cp>If you’re working on a site and need to turn off caching in one of two ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add \u003Ccode>define( 'VHP_DEVMODE', true );\u003C\u002Fcode> to your \u003Ccode>wp-config.php\u003C\u002Fcode> file\u003C\u002Fli>\n\u003Cli>Go to Proxy Cache -> Settings and enable Debug Mode for 24 hours at a time\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That will break cache on page loads. It is \u003Cem>not\u003C\u002Fem> recommended for production!\u003C\u002Fp>\n\u003Ch4>Cache Tags (BETA)\u003C\u002Fh4>\n\u003Cp>As of version 5.4.0, Proxy Cache Purge includes an \u003Cstrong>optional Cache Tags \u002F Surrogate Keys purge mode\u003C\u002Fstrong>. This feature is marked as \u003Cstrong>BETA\u003C\u002Fstrong> and is disabled by default.\u003C\u002Fp>\n\u003Cp>When enabled, the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds cache-tag headers to WordPress responses (for example, tagging pages by post ID, post type, taxonomy terms, author, and archives).\u003C\u002Fli>\n\u003Cli>Uses tag-based purges instead of individual URL purges when content is updated, which can reduce purge traffic and improve consistency on complex sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Requirements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A proxy cache that supports Cache Tags \u002F Surrogate Keys and advertises this via standard \u003Ccode>Surrogate-Capability\u003C\u002Fcode> headers (for example, \u003Ccode>Surrogate-Capability: vhp=\"Surrogate\u002F1.0 tags\u002F1\"\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to enable:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Proxy Cache \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Purge Method\u003C\u002Fstrong> and check \u003Cstrong>“Use Cache Tags (Surrogate Keys)”\u003C\u002Fstrong>. The checkbox is only enabled when your cache tells WordPress it supports tags (or when you explicitly enable it via a define).\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Alternatively, you can force-enable or force-disable detection via \u003Ccode>wp-config.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cp>define( ‘VHP_VARNISH_TAGS’, true );  \u002F\u002F Force treat cache as tag-capable\u003Cbr \u002F>\ndefine( ‘VHP_VARNISH_TAGS’, false ); \u002F\u002F Force treat cache as not tag-capable\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Because this feature depends on your cache configuration, it is recommended that you test it carefully in staging before enabling it on production.\u003C\u002Fp>\n\u003Ch4>Background Purging with WP-Cron\u003C\u002Fh4>\n\u003Cp>On busy sites, sending many PURGE requests directly from admin requests can slow things down. When you define \u003Ccode>DISABLE_WP_CRON\u003C\u002Fcode> as \u003Ccode>true\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode> (because you are running a real system cron that calls \u003Ccode>wp-cron.php\u003C\u002Fcode>), Proxy Cache Purge automatically switches to an asynchronous mode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purge requests (both URL-based and tag-based, when Cache Tags are enabled) are collected into a small per-site queue.\u003C\u002Fli>\n\u003Cli>The queue is processed by WP-Cron in the background, keeping your admin and content-editing actions responsive even when many URLs or tags must be invalidated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Object-cache purges (the “Purge Database Cache” option) remain synchronous and are not affected by this behaviour. The Proxy Cache settings page and Site Health integration expose basic queue status so you can verify that background purging is healthy; if the queue appears large or very old, check that your system cron is correctly invoking WordPress cron.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important: Cron Frequency and Cache Freshness\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When using background purging, the frequency of your system cron determines how quickly cache invalidations are processed. The longer the interval between cron runs, the longer visitors may see stale content after updates.\u003C\u002Fp>\n\u003Cp>For minimal stale content, run your system cron every minute:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* * * * * \u002Fusr\u002Fbin\u002Fphp \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-cron.php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you can tolerate slightly longer delays, every 2-5 minutes is also acceptable. However, running cron less frequently (e.g., every 15 minutes) means cache purges may be delayed by that amount after content changes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Scheduled posts are handled specially. When a scheduled post is published via WP-Cron, the cache is purged synchronously within the same cron run, ensuring immediate cache invalidation without waiting for the next cron execution.\u003C\u002Fp>\n\u003Cp>For detailed instructions on setting up a proper Linux-based WordPress cron, see: \u003Ca href=\"https:\u002F\u002Fwww.getpagespeed.com\u002Fweb-apps\u002Fwordpress\u002Fwordpress-cron-optimization\" rel=\"nofollow ugc\">WordPress Cron Optimization\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disabling Background Purging\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have \u003Ccode>DISABLE_WP_CRON\u003C\u002Fcode> defined but do not want background purging (for example, on low-traffic sites where immediate purges are preferred), you can force-disable cron-based purging by adding this to your \u003Ccode>wp-config.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'VHP_DISABLE_CRON_PURGING', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>With this constant set, all cache purges will execute immediately during the request, regardless of the \u003Ccode>DISABLE_WP_CRON\u003C\u002Fcode> setting.\u003C\u002Fp>\n\u003Ch3>WP-CLI\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Purge\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Purge commands let you empty the cache.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp varnish purge\u003C\u002Fcode> – Flush the entire site cache (equivalent to clicking “Empty Cache” in admin)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge --all\u003C\u002Fcode> – Explicitly flush the entire site cache\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge \u003Curl>\u003C\u002Fcode> – Flush cache for a specific URL and all content below it (wildcard)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge \u003Curl> --url-only\u003C\u002Fcode> – Flush cache for only the exact URL specified (no wildcard)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge --tag=\u003Ctag>\u003C\u002Fcode> – Flush cache by tag (requires Cache Tags mode to be enabled)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp varnish purge\u003C\u002Fcode> – Purge entire site\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge --all\u003C\u002Fcode> – Same as above, more explicit\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge https:\u002F\u002Fexample.com\u002Fhello-world\u002F\u003C\u002Fcode> – Purge this URL and everything below it\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge https:\u002F\u002Fexample.com\u002Fhello-world\u002F --url-only\u003C\u002Fcode> – Purge only this exact URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge https:\u002F\u002Fexample.com\u002Fwp-content\u002Fthemes\u002F --wildcard\u003C\u002Fcode> – Purge all theme files\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge --tag=p-123\u003C\u002Fcode> – Purge all pages tagged with post ID 123\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish purge --tag=pt-post\u003C\u002Fcode> – Purge all cached pages of post type “post”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Debug\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Debugging can help you figure out why your cache isn’t working as well as it could. The default is for your home page, but you can pass any URL on your domain.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp varnish debug [\u003Curl>]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Available parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[--include-headers]\u003C\u002Fcode> —  Include headers in debug check output\u003C\u002Fli>\n\u003Cli>\u003Ccode>[--include-grep]\u003C\u002Fcode> — Grep active theme and plugin directories for common issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>DevMode\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Development mode allows you to disable the cache, temporarily.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp varnish devmode [\u003Cactivate|deactivate|toggle>]\u003C\u002Fcode> – Change development mode state\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Async purge queue (cron-mode)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you define \u003Ccode>DISABLE_WP_CRON\u003C\u002Fcode> as \u003Ccode>true\u003C\u002Fcode> and run a real system cron for WordPress, Proxy Cache Purge can move heavy purge work into a small background queue that is processed by WP‑Cron.\u003C\u002Fp>\n\u003Cp>You can inspect and manage that queue via WP‑CLI:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp varnish queue status\u003C\u002Fcode> – show whether cron-mode is active, if a full purge is queued, counts of queued URLs\u002Ftags, and the last queue run time.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish queue process\u003C\u002Fcode> – process any items currently in the queue (useful to run after deploys or cache‑sensitive operations).\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp varnish queue clear\u003C\u002Fcode> – clear the queue without sending any PURGE requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These commands do not replace your normal WordPress cron (you still need a cron entry that calls \u003Ccode>wp cron event run --due-now\u003C\u002Fcode> or hits \u003Ccode>wp-cron.php\u003C\u002Fcode>), but they give you a simple operational handle when using cron‑mode.\u003C\u002Fp>\n\u003Ch4>Understanding Purge Behavior\u003C\u002Fh4>\n\u003Cp>There are different types of cache purges, and they behave differently:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Purges (Admin Bar)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>“Purge Cache (All Pages)”\u003C\u002Fstrong> – Sends a single regex purge request to invalidate the entire cache. Always executes immediately.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Purge Cache (this page)”\u003C\u002Fstrong> – Purges only the exact URL you’re viewing. Always executes immediately.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Manual purges are always immediate, even when background cron-mode is enabled. This is intentional: when you click a button, you expect immediate results.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Purges (Post Save\u002FUpdate)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you save or update a post, the plugin automatically purges:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The post’s URL\u003C\u002Fli>\n\u003Cli>The homepage\u003C\u002Fli>\n\u003Cli>Category archive pages\u003C\u002Fli>\n\u003Cli>Tag archive pages\u003C\u002Fli>\n\u003Cli>Author archive page\u003C\u002Fli>\n\u003Cli>Date-based archives\u003C\u002Fli>\n\u003Cli>RSS feeds\u003C\u002Fli>\n\u003Cli>Related REST API endpoints\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This can be 20-50+ URLs depending on your site structure. When cron-mode is enabled, these automatic purges are queued and processed in the background to avoid slowing down the post editor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Difference\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>  Action\u003Cbr \u002F>\n  URLs Purged\u003Cbr \u002F>\n  Uses Cron Queue?\u003C\u002Fp>\n\u003Cp>  “Purge Cache (All Pages)”\u003Cbr \u002F>\n  1 (regex)\u003Cbr \u002F>\n  No – always immediate\u003C\u002Fp>\n\u003Cp>  “Purge Cache (this page)”\u003Cbr \u002F>\n  1\u003Cbr \u002F>\n  No – always immediate\u003C\u002Fp>\n\u003Cp>  Post save\u002Fupdate\u003Cbr \u002F>\n  20-50+\u003Cbr \u002F>\n  Yes (if cron-mode enabled)\u003C\u002Fp>\n\u003Cp>If you need to immediately purge all URLs related to a specific post (not just the post URL), save the post – the automatic purge will handle all related URLs.\u003C\u002Fp>\n","Automatically empty proxy cached content when your site is modified.",40000,2164070,26,"2026-03-13T00:00:00.000Z","6.3.8","5.0",[76,77,21,78,79],"cache","nginx","purge","varnish","https:\u002F\u002Fgithub.com\u002Fdvershinin\u002Fvarnish-http-purge","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvarnish-http-purge.5.7.0.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":50,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":103,"download_link":104,"security_score":105,"vuln_count":106,"unpatched_count":13,"last_vuln_date":107,"fetched_at":26},"ip2location-country-blocker","IP2Location Country Blocker","2.41.2","IP2Location","https:\u002F\u002Fprofiles.wordpress.org\u002Fip2location\u002F","\u003Cp>\u003Cem>This plugin will NOT work if any cache plugin is enabled.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin enables user to block unwanted traffic from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers. It helps to reduce spam and unwanted sign ups easily by preventing unwanted visitors from browsing a particular page or entire website.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow you to block the access from multiple countries.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by country grouping, such as EU, APAC, and so on.\u003C\u002Fli>\n\u003Cli>Allow you to block the access from anonymous proxies.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by IP ranges.\u003C\u002Fli>\n\u003Cli>Allow you to whitelist the crawler, for example, Google, Bing, Yandex, and so on, to index your pages (SEO friendly).\u003C\u002Fli>\n\u003Cli>Supports IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>Default to 403 error (Permission Denied) display\u003C\u002Fli>\n\u003Cli>Allow you to customize your own 403 page.\u003C\u002Fli>\n\u003Cli>Send you an email notification if some one is trying to access your admin area.\u003C\u002Fli>\n\u003Cli>Provide you statistical report of traffics blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin supports both IP2Location BIN data and web service for IP geolocation lookup. If you would like to use the IP2Location geolocation BIN data, you can easily download and update the BIN data via the plugin settings page. Alternatively, you can also download and update the BIN data file manually using the below links:\u003C\u002Fp>\n\u003Cp>IP Geolocation file download:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" title=\"IP2Location LITE database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy LITE database (Free)\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fip2location.com\" title=\"IP2Location commercial database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy Commercial database (Comprehensive)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To use the IP2Location IP geolocation web service (REST API) for geolocation, you’ll need to register an account at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.io\" title=\"IP2Location.io IP Geolocation API\" rel=\"nofollow ugc\">IP2Location.io IP Geolocation API\u003C\u002Fa>. A free plan is available.\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Please visit us at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"https:\u002F\u002Fwww.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.ip2location.com\u003C\u002Fa>\u003C\u002Fp>\n","Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.",30000,1626215,84,124,"2025-12-03T07:19:00.000Z","4.6","7.4",[98,99,100,101,102],"block-country","block-proxy","ip-address","ip2location","redirection","https:\u002F\u002Fip2location.com\u002Fresources\u002Fwordpress-ip2location-country-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip2location-country-blocker.2.41.2.zip",93,9,"2025-02-21 19:56:54",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":60,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":74,"requires_php":96,"tags":121,"homepage":127,"download_link":128,"security_score":129,"vuln_count":130,"unpatched_count":13,"last_vuln_date":131,"fetched_at":26},"daggerhart-openid-connect-generic","OpenID Connect Generic Client","3.11.3","Jonathan Daggerhart","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaggerhart\u002F","\u003Cp>This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.\u003Cbr \u002F>\nOnce installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”\u003Cbr \u002F>\nbutton on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while\u003Cbr \u002F>\nnew users are created in WordPress database.\u003C\u002Fp>\n\u003Cp>Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.\u003C\u002Fp>\n\u003Cp>Please submit issues to the Github repo: https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic\u003C\u002Fp>\n","A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.",10000,177319,20,"2026-02-13T04:36:00.000Z","6.9.0",[122,123,124,125,126],"apps","login","oauth2","openidconnect","security","https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaggerhart-openid-connect-generic.3.11.3.zip",98,2,"2025-12-17 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":116,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":50,"requires_at_least":144,"requires_php":17,"tags":145,"homepage":150,"download_link":151,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"gmail-smtp","Gmail SMTP","1.2.3.18","Noor Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnaa986\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fgmail-smtp-plugin-for-wordpress-1341\" rel=\"nofollow ugc\">Gmail SMTP\u003C\u002Fa> plugin allows you to authenticate with your Gmail account to send email via Gmail SMTP server.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_MCxcvfoGj4?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Most shared hosting servers have restrictions when it comes to email. Usually email will get blocked or missing for no reason. Sometimes it will get blocked when your website reaches the daily limit of outgoing email. This plugin can bypass this issue by routing the email through Gmail’s SMTP server.\u003C\u002Fp>\n\u003Ch3>Gmail SMTP Add-ons\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fhow-to-add-a-reply-to-address-in-the-gmail-smtp-wordpress-plugin-6756\" rel=\"nofollow ugc\">Reply-To\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fgmail-smtp-plugin-cc-configuration-6770\" rel=\"nofollow ugc\">Cc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fgmail-smtp-email-logger-7336\" rel=\"nofollow ugc\">Email Logger\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gmail SMTP Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Gmail SMTP plugin is not like most SMTP plugins. It uses the OAuth 2.0 protocol to authorize access to the Gmail API – which means a more secure login system and users won’t have to enter any username or password.\u003C\u002Fli>\n\u003Cli>Gmail SMTP plugin uses PHPMailer – a very popular library used for sending email through PHP’s mail function. This libary is also used in the core WordPress to send email.\u003C\u002Fli>\n\u003Cli>Gmail SMTP plugin utilizes “wp_mail” (A function used by WordPress to send email) instead of completely overriding it. This way you still get all the benefits of the default mail function. \u003C\u002Fli>\n\u003Cli>You no longer need to enable \u003Cstrong>Allow less secure apps\u003C\u002Fstrong> on your gmail account to fix SMTP connection issue. This issue became prominent from December 2014, when Google started imposing XOAUTH2 authentication (based on OAuth2) to access their apps. This issue still affects almost all the SMTP plugins because they authenticate via username and password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How OAuth 2.0 Authorization Works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You register an application in the Google Developers Console.\u003C\u002Fli>\n\u003Cli>The application is launched and it requests that you give it access to data in your Google account.\u003C\u002Fli>\n\u003Cli>If you consent, the application receives credentials to access the Gmail API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gmail SMTP Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Configure your website to send email using Gmail SMTP server\u003C\u002Fli>\n\u003Cli>Authenticate using OAuth 2.0 protocol\u003C\u002Fli>\n\u003Cli>Authenticate with encryption when sending an email (TLS\u002FSSL)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gmail SMTP Basic Setup\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create a new project in Google Developers Console.\u003C\u002Fli>\n\u003Cli>Enable Gmail API in it.\u003C\u002Fli>\n\u003Cli>Create credentials (OAuth client ID) to access this API.\u003C\u002Fli>\n\u003Cli>Configure the consent screen for the web application.\u003C\u002Fli>\n\u003Cli>Enter a \u003Cstrong>Product Name\u003C\u002Fstrong> and a \u003Cstrong>Privacy policy URL\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Once the consent screen is configured, create a web application.\u003C\u002Fli>\n\u003Cli>Go to the plugin settings (\u003Ccode>Settings->Gmail SMTP\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Set the \u003Cstrong>Authorized Redirect URL\u003C\u002Fstrong> of the application as the one shown in the settings.\u003C\u002Fli>\n\u003Cli>Finish creating the web app.\u003C\u002Fli>\n\u003Cli>Copy the newly created \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Client secret\u003C\u002Fstrong> and paste into the settings area.\u003C\u002Fli>\n\u003Cli>Enter your OAuth Email, From Email and From name.\u003C\u002Fli>\n\u003Cli>Select an encryption.\u003C\u002Fli>\n\u003Cli>Enter a port number.\u003C\u002Fli>\n\u003Cli>Save the settings.\u003C\u002Fli>\n\u003Cli>Now you can authorize your application to access the Gmail API by clicking on the \u003Cstrong>Grant Permission\u003C\u002Fstrong> button.\u003C\u002Fli>\n\u003Cli>Once the application has been authorized Gmail SMTP plugin will be able to take control of all outgoing email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gmail SMTP Settings\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authorized Redirect URI\u003C\u002Fstrong>: Authorized redirect URL for your website. You need to copy this URL into your web application.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client ID\u003C\u002Fstrong>: The client ID of your web application.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client secret\u003C\u002Fstrong>: The client secret of your web application.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>OAuth Email Address\u003C\u002Fstrong>: The email address that you will use for SMTP authentication. This should be the same email used in the Google Developers Console.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Email Address\u003C\u002Fstrong>: The email address which will be used as the From Address when sending an email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Name\u003C\u002Fstrong>: The name which will be used as the From Name when sending an email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Type of Encryption\u003C\u002Fstrong>: The encryption which will be used when sending an email (TLS\u002FSSL. TLS is recommended).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Port\u003C\u002Fstrong>: The port which will be used when sending an email. If you choose TLS it should be set to 587. For SSL use port 465 instead.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable SSL Certificate Verification\u003C\u002Fstrong>: As of PHP 5.6 a warning\u002Ferror will be displayed if the SSL certificate on the server is not properly configured. You can check this option to disable that default behaviour.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gmail SMTP Test Email\u003C\u002Fh3>\n\u003Cp>Once you have configured the settings you can send a test email to check the functionality of the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>To\u003C\u002Fstrong>: Email address of the recipient.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subject\u003C\u002Fstrong>: Subject of the email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Message\u003C\u002Fstrong>: Email body.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For detailed setup instructions please visit the \u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fgmail-smtp-plugin-for-wordpress-1341\" rel=\"nofollow ugc\">Gmail SMTP\u003C\u002Fa> plugin page.\u003C\u002Fp>\n","Connect to Gmail SMTP server to automatically send email from your WordPress site. Configure wp_mail() to use SMTP with OAuth 2.0 authentication.",721794,82,101,"2026-02-19T03:05:00.000Z","6.9",[146,147,148,20,149],"email","gmail","mail","smtp","https:\u002F\u002Fwphowto.net\u002Fgmail-smtp-plugin-for-wordpress-1341","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgmail-smtp.zip",{"attackSurface":153,"codeSignals":194,"taintFlows":208,"riskAssessment":285,"analyzedAt":297},{"hooks":154,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":13,"unprotectedCount":13},[155,161,164,167,170,173,178,181,184,187],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","plugins_loaded","app_init","infusionsoft-manager-example.php",154,{"type":156,"name":157,"callback":162,"file":159,"line":163},"connect",155,{"type":156,"name":157,"callback":165,"file":159,"line":166},"listen_for_tokens",156,{"type":156,"name":157,"callback":168,"file":159,"line":169},"refresh_oauth",157,{"type":156,"name":157,"callback":171,"file":159,"line":172},"disconnect_app",158,{"type":156,"name":174,"callback":175,"file":176,"line":177},"admin_menu","add_page","oauth.php",118,{"type":156,"name":157,"callback":179,"file":176,"line":180},"save_settings",119,{"type":156,"name":157,"callback":162,"file":182,"line":183},"service.php",168,{"type":156,"name":157,"callback":185,"file":182,"line":186},"finish",169,{"type":156,"name":157,"callback":188,"file":182,"line":189},"refresh_token",170,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":13,"externalRequests":205,"nonceChecks":206,"capabilityChecks":13,"bundledLibraries":207},[],{"prepared":13,"raw":13,"locations":197},[],{"escaped":199,"rawEcho":130,"locations":200},14,[201,204],{"file":182,"line":202,"context":203},151,"raw output",{"file":182,"line":166,"context":203},3,1,[],[209,228,245,258,266,277],{"entryPoint":210,"graph":211,"unsanitizedCount":130,"severity":227},"finish (service.php:55)",{"nodes":212,"edges":224},[213,218],{"id":214,"type":215,"label":216,"file":182,"line":217},"n0","source","$_SERVER (x2)",62,{"id":219,"type":220,"label":221,"file":182,"line":222,"wp_function":223},"n1","sink","wp_redirect() [Open Redirect]",97,"wp_redirect",[225],{"from":214,"to":219,"sanitized":226},false,"medium",{"entryPoint":229,"graph":230,"unsanitizedCount":205,"severity":227},"\u003Cservice> (service.php:0)",{"nodes":231,"edges":242},[232,233,234,238],{"id":214,"type":215,"label":216,"file":182,"line":217},{"id":219,"type":220,"label":221,"file":182,"line":222,"wp_function":223},{"id":235,"type":215,"label":236,"file":182,"line":237},"n2","$_GET",79,{"id":239,"type":220,"label":240,"file":182,"line":166,"wp_function":241},"n3","echo() [XSS]","echo",[243,244],{"from":214,"to":219,"sanitized":226},{"from":235,"to":239,"sanitized":226},{"entryPoint":246,"graph":247,"unsanitizedCount":206,"severity":257},"listen_for_tokens (infusionsoft-manager-example.php:61)",{"nodes":248,"edges":255},[249,252],{"id":214,"type":215,"label":250,"file":159,"line":251},"$_REQUEST['appDomain']",78,{"id":219,"type":220,"label":253,"file":159,"line":251,"wp_function":254},"update_option() [Settings Manipulation]","update_option",[256],{"from":214,"to":219,"sanitized":226},"low",{"entryPoint":259,"graph":260,"unsanitizedCount":206,"severity":257},"\u003Cinfusionsoft-manager-example> (infusionsoft-manager-example.php:0)",{"nodes":261,"edges":264},[262,263],{"id":214,"type":215,"label":250,"file":159,"line":251},{"id":219,"type":220,"label":253,"file":159,"line":251,"wp_function":254},[265],{"from":214,"to":219,"sanitized":226},{"entryPoint":267,"graph":268,"unsanitizedCount":13,"severity":257},"save_settings (oauth.php:94)",{"nodes":269,"edges":274},[270,273],{"id":214,"type":215,"label":271,"file":176,"line":272},"$_POST['inf_oauth_settings']",112,{"id":219,"type":220,"label":253,"file":176,"line":272,"wp_function":254},[275],{"from":214,"to":219,"sanitized":276},true,{"entryPoint":278,"graph":279,"unsanitizedCount":13,"severity":257},"\u003Coauth> (oauth.php:0)",{"nodes":280,"edges":283},[281,282],{"id":214,"type":215,"label":271,"file":176,"line":272},{"id":219,"type":220,"label":253,"file":176,"line":272,"wp_function":254},[284],{"from":214,"to":219,"sanitized":276},{"summary":286,"deductions":287},"The \"oauth-proxy-service\" plugin v1.0.1 exhibits a generally good security posture with no reported vulnerabilities or critical code signals. The plugin impressively uses prepared statements for all SQL queries and has a high percentage of properly escaped output, indicating strong development practices regarding data handling and output sanitization. The absence of external HTTP requests that are not explicitly documented or handled with care could also be a positive sign.\n\nHowever, the static analysis reveals potential areas of concern. The presence of 4 taint flows with unsanitized paths, even without critical or high severity, suggests that user-supplied data might not be adequately validated before being used in certain operations. While the attack surface appears to be zero, this might be a simplification or a function of the specific analysis scope; a more thorough review of potential entry points would be beneficial. The lack of capability checks on any functionality, coupled with a single nonce check that might not cover all sensitive operations, raises questions about robust authorization and protection against common web vulnerabilities.\n\nOverall, the plugin shows promise with its commitment to secure coding practices in areas like SQL and output handling. Nonetheless, the identified taint flows and limited capability checks warrant further investigation to ensure no vulnerabilities are present. The absence of any historical vulnerabilities is a positive indicator, suggesting a stable codebase, but it doesn't guarantee future security, especially given the identified taint concerns. A balanced approach would involve addressing the unsanitized paths and ensuring proper authorization checks are in place.",[288,291,294],{"reason":289,"points":290},"Taint flows with unsanitized paths",8,{"reason":292,"points":293},"No capability checks found",6,{"reason":295,"points":296},"Low number of total outputs escaped",4,"2026-03-17T01:31:29.940Z",{"wat":299,"direct":304},{"assetPaths":300,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[],[],[],[],{"cssClasses":305,"htmlComments":306,"htmlAttributes":307,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":310},[],[],[],[],[],[]]