[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fI8-MUm1RlxvcuUHNoIxTjSc-aqhpFpSVI4IDASVei7M":3,"$feoC1MIDyGKpVpHEY5kTJ3z8t56EcTyVMWyc5RZKQVjE":467,"$fVfirb1r9RB_dt0zAK-gkKhLwOTJDIhS92fCW05f_yP8":471},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":39,"analysis":132,"fingerprints":445},"onecode-login","OneCode Login","1.0.0","oaron","https:\u002F\u002Fprofiles.wordpress.org\u002Foaron\u002F","\u003Cp>OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passwordless Authentication\u003C\u002Fstrong> – Users log in with just their email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>6-Digit Verification Codes\u003C\u002Fstrong> – Secure, time-limited codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Built-in protection against brute force attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Request ID Binding\u003C\u002Fstrong> – Each code is bound to a specific login session for enhanced security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Neutral Feedback\u003C\u002Fstrong> – Prevents user enumeration attacks by not revealing if an email exists\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable\u003C\u002Fstrong> – Configure expiry times, cooldowns, and email templates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accessible\u003C\u002Fstrong> – Full keyboard navigation and screen reader support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg Block\u003C\u002Fstrong> – Easy to add login forms to any page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use [onecode_login] anywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>wp-login.php Integration\u003C\u002Fstrong> – Optionally replace the default WordPress login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Cryptographically secure code generation\u003C\u002Fli>\n\u003Cli>Configurable code expiry (default: 10 minutes)\u003C\u002Fli>\n\u003Cli>Resend cooldown to prevent spam\u003C\u002Fli>\n\u003Cli>IP-based and email-based rate limiting\u003C\u002Fli>\n\u003Cli>Automatic lockout after failed attempts\u003C\u002Fli>\n\u003Cli>Codes are single-use and invalidated after successful login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Membership sites where password fatigue is an issue\u003C\u002Fli>\n\u003Cli>Customer portals requiring simple authentication\u003C\u002Fli>\n\u003Cli>Internal tools where security without complexity is needed\u003C\u002Fli>\n\u003Cli>Any site wanting to improve user experience\u003C\u002Fli>\n\u003C\u002Ful>\n","Simple and secure passwordless login using email verification codes. No passwords to remember, just enter your email and verify with a 6-digit code.",10,179,100,1,"2026-01-05T19:16:00.000Z","6.9.4","5.8","7.4",[20,21,22,23,24],"authentication","email","login","otp","passwordless","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonecode-login.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},3,230,97,30,92,"2026-05-19T22:52:10.594Z",[40,59,77,100,118],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":27,"downloaded":48,"rating":27,"num_ratings":27,"last_updated":49,"tested_up_to":16,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":25,"download_link":58,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"authyo-passwordless-login","Authyo Passwordless Login","1.0.3","Konceptwise Digital Media Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonceptwise\u002F","\u003Cp>Authyo Passwordless Login enables secure \u003Cstrong>OTP login for WordPress\u003C\u002Fstrong> using email-based one-time passwords. It replaces traditional passwords with a modern \u003Cstrong>passwordless authentication system\u003C\u002Fstrong> that improves login security and simplifies the user experience.\u003C\u002Fp>\n\u003Cp>Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.\u003C\u002Fp>\n\u003Cp>This plugin is officially developed and maintained by \u003Cstrong>Konceptwise Digital Media Pvt. Ltd.\u003C\u002Fstrong> and uses \u003Cstrong>Authyo’s secure OTP authentication infrastructure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>With Authyo Passwordless Login, WordPress administrators can implement \u003Cstrong>passwordless login\u003C\u002Fstrong>, improve \u003Cstrong>account security\u003C\u002Fstrong>, and eliminate risks related to password leaks or weak credentials.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Passwordless login for WordPress using email OTP\u003C\u002Fli>\n\u003Cli>No passwords stored or required\u003C\u002Fli>\n\u003Cli>Secure token-based authentication (single-use and time-limited)\u003C\u002Fli>\n\u003Cli>OTP delivered via Authyo’s secure email service\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback Method:\u003C\u002Fstrong> Optional two-factor authenticator app if email OTP fails\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login page\u003C\u002Fli>\n\u003Cli>AJAX-powered login flow (no page reloads)\u003C\u002Fli>\n\u003Cli>Automatic dashboard redirect after successful login\u003C\u002Fli>\n\u003Cli>Enable or disable passwordless login anytime\u003C\u002Fli>\n\u003Cli>Compatible with custom login URL plugins (e.g., WPS Hide Login)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>This plugin is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress sites that want \u003Cstrong>OTP login instead of passwords\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Improving \u003Cstrong>WordPress login security\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enabling \u003Cstrong>passwordless authentication\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Preventing password brute-force attacks\u003C\u002Fli>\n\u003Cli>Membership websites and user portals\u003C\u002Fli>\n\u003Cli>Sites that want a \u003Cstrong>simple two-factor authentication alternative\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>User enters their email address on the WordPress login page\u003C\u002Fli>\n\u003Cli>Authyo sends a one-time password (OTP) via email\u003C\u002Fli>\n\u003Cli>User verifies the OTP\u003C\u002Fli>\n\u003Cli>WordPress logs the user in automatically using a secure single-use token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No password is required during the login process.\u003C\u002Fp>\n\u003Ch3>About Konceptwise & Authyo\u003C\u002Fh3>\n\u003Cp>Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authyo\u003C\u002Fstrong> is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.\u003C\u002Fp>\n\u003Cp>This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>How to Use Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FcStBvoHTzro?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.\u003C\u002Fp>\n\u003Cp>What data is sent:\u003Cbr \u002F>\n– User email address (sent to Authyo API when requesting OTP)\u003Cbr \u002F>\n– OTP code (sent to Authyo API for verification)\u003Cbr \u002F>\n– Mask ID (returned by Authyo API, used for OTP verification)\u003C\u002Fp>\n\u003Cp>When data is sent:\u003Cbr \u002F>\n– When the user requests an OTP: Email address is sent to Authyo API\u003Cbr \u002F>\n– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API\u003C\u002Fp>\n\u003Cp>Authentication Flow:\u003Cbr \u002F>\n– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions\u003Cbr \u002F>\n– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking\u003Cbr \u002F>\n– The token is stored temporarily in WordPress transients and expires after 5 minutes\u003Cbr \u002F>\n– The token allows WordPress to complete authentication without requiring a password\u003Cbr \u002F>\n– Token is deleted immediately after verification (single-use security)\u003C\u002Fp>\n\u003Cp>Purpose:\u003Cbr \u002F>\n– To verify ownership of the provided email address through OTP verification\u003Cbr \u002F>\n– After successful OTP verification, a secure browser-bound login token is generated\u003Cbr \u002F>\n– The token allows WordPress to authenticate users without passwords\u003C\u002Fp>\n\u003Cp>Data Storage:\u003Cbr \u002F>\n– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)\u003Cbr \u002F>\n– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)\u003Cbr \u002F>\n– No user data is permanently stored by this plugin\u003C\u002Fp>\n\u003Cp>Terms of Service:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fterms-service\u003C\u002Fp>\n\u003Cp>Privacy Policy:\u003Cbr \u002F>\nhttps:\u002F\u002Fauthyo.io\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.2 or higher\u003C\u002Fli>\n\u003Cli>An active Authyo account with API credentials\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Ch4>Getting Authyo API Credentials\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Sign up for an account at https:\u002F\u002Fauthyo.io\u003C\u002Fli>\n\u003Cli>Log in to your Authyo dashboard\u003C\u002Fli>\n\u003Cli>Navigate to your application settings\u003C\u002Fli>\n\u003Cli>Copy your \u003Cstrong>App ID\u003C\u002Fstrong>, \u003Cstrong>Client ID\u003C\u002Fstrong>, and \u003Cstrong>Client Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Plugin Setup\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Authyo Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enable \u003Cstrong>Passwordless Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enter your Authyo API credentials:\n\u003Cul>\n\u003Cli>Authyo App ID\u003C\u002Fli>\n\u003Cli>Authyo Client ID\u003C\u002Fli>\n\u003Cli>Authyo Client Secret\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once configured, the passwordless login form will appear on your WordPress login page.\u003C\u002Fp>\n","Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.",312,"2026-03-14T08:52:00.000Z","5.0","7.2",[53,54,55,56,57],"email-otp","otp-login","passwordless-login","two-factor-authentication","wordpress-otp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthyo-passwordless-login.1.0.3.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":27,"downloaded":67,"rating":27,"num_ratings":27,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":75,"download_link":76,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"password-less-login","Password Less Login","1.0.0.1","Sadekur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsadekur\u002F","\u003Cp>\u003Cstrong>Password Less Login\u003C\u002Fstrong> is a passwordless and OTP-based login system for WordPress.\u003Cbr \u002F>\nEvery user — both existing and new — must verify their identity using a \u003Cstrong>One-Time Password (OTP)\u003C\u002Fstrong> sent to their email before being logged in.\u003C\u002Fp>\n\u003Cp>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The user enters their email address.\u003C\u002Fli>\n\u003Cli>The plugin sends a \u003Cstrong>6-digit OTP\u003C\u002Fstrong> to that email.\u003C\u002Fli>\n\u003Cli>The user enters the OTP:\n\u003Cul>\n\u003Cli>If the email exists \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user is securely logged in.\u003C\u002Fli>\n\u003Cli>If the email is new \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> the user provides a username, verifies the OTP, and a new account is created automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The OTP is valid for \u003Cstrong>10 minutes\u003C\u002Fstrong> and expires after use.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The plugin never logs in users without OTP verification.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>OTP-Based Authentication for All Users\u003C\u002Fstrong> – Both existing and new users must verify the OTP before login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Passwordless Login\u003C\u002Fstrong> – Securely log in using only your email and OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto User Registration\u003C\u002Fstrong> – New users can register instantly after OTP verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary OTP (10 Minutes)\u003C\u002Fstrong> – Each OTP expires after 10 minutes and can only be used once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nonce Verification\u003C\u002Fstrong> – Protects REST API endpoints from unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Email Handling\u003C\u002Fstrong> – Emails are hashed when stored in transients to protect user data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience\u003C\u002Fstrong> – Clean, minimal login flow with conditional fields for existing vs. new users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Password Less Login?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No passwords to remember or reset.\u003C\u002Fli>\n\u003Cli>OTP verification ensures true ownership of email.\u003C\u002Fli>\n\u003Cli>Protects against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Simple setup – works with the native WordPress login page.\u003C\u002Fli>\n\u003Cli>Modern and user-friendly design.\u003C\u002Fli>\n\u003Cli>Reduces “Forgot Password” support requests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to your WordPress login page.\u003C\u002Fli>\n\u003Cli>Enter your email address and click “Send OTP”.\u003C\u002Fli>\n\u003Cli>Check your email for the OTP.\u003C\u002Fli>\n\u003Cli>Enter the OTP in the login form:\n\u003Cul>\n\u003Cli>If your account exists, you’ll be logged in.\u003C\u002Fli>\n\u003Cli>If not, you’ll be prompted to provide a username before registration and login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>You’ll be redirected to your dashboard after successful verification.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL license. You are free to use and modify it.\u003C\u002Fp>\n\u003Cp>For support, contact: \u003Ca href=\"mailto:sadekur0rahman@gmail.com\" rel=\"nofollow ugc\">sadekur0rahman@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n","A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.",273,"2026-01-07T16:26:00.000Z","6.8.5","5.9",[72,73,54,55,74],"easy-login","email-authentication","secure-login","https:\u002F\u002Fgithub.com\u002Fsadekur\u002Fpassword-less-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-less-login.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":16,"requires_at_least":90,"requires_php":25,"tags":91,"homepage":95,"download_link":96,"security_score":97,"vuln_count":98,"unpatched_count":27,"last_vuln_date":99,"fetched_at":29},"user-verification","User Verification by PickPlugins","2.0.46","PickPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpickplugins\u002F","\u003Cp>User Verification – Complete WordPress User Authentication & Security Plugin\u003C\u002Fp>\n\u003Ch3>User Verification by \u003Ca href=\"http:\u002F\u002Fwww.pickplugins.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.pickplugins.com\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fitem\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fsupport\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpickplugins.com\u002Fdocumentation\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Secure Your WordPress Site with Advanced User Verification & Authentication\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Verification\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides multiple layers of user authentication and spam protection to safeguard your website from unauthorized access and malicious registrations.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>Email Verification System\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mandatory Email Verification\u003C\u002Fstrong>: Ensure all new users verify their email addresses before accessing your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Pages\u003C\u002Fstrong>: Choose custom redirect pages for successful and failed verifications  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Login\u003C\u002Fstrong>: Seamlessly log users in after successful email verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Control\u003C\u002Fstrong>: Exclude specific user roles (like Administrators) from verification requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Enable\u002Fdisable email verification with simple toggle controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Magic Login (Passwordless Authentication)\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>🆕 NEW Feature\u003C\u002Fstrong>: Enable secure passwordless login for enhanced user experience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email-Based Authentication\u003C\u002Fstrong>: Users receive login links directly in their inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Key Length\u003C\u002Fstrong>: Set secure authentication key length (default: 6 characters)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attempt Limits\u003C\u002Fstrong>: Configure maximum login attempts for security (default: 3 attempts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Pages\u003C\u002Fstrong>: Set specific pages for successful logins, failures, and magic login forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Verification Integration\u003C\u002Fstrong>: Require verified emails for magic login access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Implementation\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_magic_login_form]\u003C\u002Fcode> for frontend display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>OTP (One-Time Password) Login\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMS\u002FEmail OTP\u003C\u002Fstrong>: Secure one-time password authentication system\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable OTP Length\u003C\u002Fstrong>: Customize OTP length (default: 6 digits)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Character Flexibility\u003C\u002Fstrong>: Support for numbers, uppercase, lowercase, and special characters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Success\u002FError Messages\u003C\u002Fstrong>: Personalized user feedback for OTP processes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Login Redirects\u003C\u002Fstrong>: Direct users to specific pages after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Integration\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_otp_login_form]\u003C\u002Fcode> implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Advanced Spam Protection\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain Blocking\u003C\u002Fstrong>: Block registrations from specific email domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Allowlist\u003C\u002Fstrong>: Allow only approved email domains for registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username Protection\u003C\u002Fstrong>: Block specific usernames from registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Domain Management\u003C\u002Fstrong>: Easy-to-use interface for managing blocked\u002Fallowed domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>reCAPTCHA Integration\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong>: Complete bot protection with checkbox verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Implementation Points\u003C\u002Fstrong>: Add reCAPTCHA to login, registration, password reset, and comment forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with site key and secret key\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>User Management Tools\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unverified User Cleanup\u003C\u002Fstrong>: Automatically delete unverified user accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Existing User Verification\u003C\u002Fstrong>: Mark existing users as verified with customizable intervals\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Status Monitoring\u003C\u002Fstrong>: Track verification status across your user base\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Email Customization\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Email Templates\u003C\u002Fstrong>: Personalize verification and notification emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPAutoP Support\u003C\u002Fstrong>: Enable\u002Fdisable automatic paragraph formatting in emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Communications\u003C\u002Fstrong>: Add your logo and customize email appearance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Email Types\u003C\u002Fstrong>: Templates for registration, verification, OTP, magic login, and activation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>E-commerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce login, registration, and password reset forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer Protection\u003C\u002Fstrong>: Prevent fake customer registrations and protect customer data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Experience\u003C\u002Fstrong>: Maintain smooth checkout process while ensuring security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong>: Protect exclusive content with verified users only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce Stores\u003C\u002Fstrong>: Prevent fake customer accounts and fraudulent orders  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Corporate Websites\u003C\u002Fstrong>: Ensure legitimate user registrations for business platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Forums\u003C\u002Fstrong>: Maintain quality user base with verified members\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Educational Platforms\u003C\u002Fstrong>: Secure student and instructor account creation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any WordPress Site\u003C\u002Fstrong>: Enhance security for blogs, portfolios, and business websites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚡ Easy Setup & Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Intuitive admin dashboard for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Ready\u003C\u002Fstrong>: Simple shortcodes for frontend form implementation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Configuration\u003C\u002Fstrong>: Enable\u002Fdisable features with simple toggle switches\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Documentation\u003C\u002Fstrong>: Detailed setup guides and troubleshooting support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 Technical Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Compatibility\u003C\u002Fstrong>: Works with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 7.4+ Support\u003C\u002Fstrong>: Modern PHP compatibility for optimal performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: All forms and interfaces work perfectly on mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Multi-language support for global websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Clean code structure with hooks and filters for customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Default Email Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Professional Setup\u003C\u002Fstrong>: Comes with pre-configured professional email settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom From Address\u003C\u002Fstrong>: Set your preferred sender email (e.g., public.nurhasan@gmail.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Sender Name\u003C\u002Fstrong>: Customize sender name (default: wordpress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Variety\u003C\u002Fstrong>: Multiple email templates for different verification scenarios\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Choose User Verification?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Complete Security Solution\u003C\u002Fstrong>: Multiple authentication methods in one plugin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Spam Guarantee\u003C\u002Fstrong>: Advanced filtering eliminates fake registrations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Experience Focused\u003C\u002Fstrong>: Smooth verification process that doesn’t frustrate legitimate users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly Customizable\u003C\u002Fstrong>: Adapt every aspect to match your site’s needs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regular Updates\u003C\u002Fstrong>: Continuously updated with new features and security improvements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Support\u003C\u002Fstrong>: Dedicated support for setup and troubleshooting\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation & Usage\u003C\u002Fh3>\n\u003Cp>Simply install the plugin, configure your preferred verification methods, and add the provided shortcodes to your pages. The plugin integrates seamlessly with WordPress default forms and popular plugins like WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Transform your WordPress site security today with User Verification – the most comprehensive user authentication plugin available.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Ch3>Spam Protection by [https:\u002F\u002Fisspammy.com](http:\u002F\u002Fisspammy.com)\u003C\u002Fh3>\n\u003Cp>isspammy.com is owned by PickPlugins and it’s used to protect spam users from login in, registering, commenting, posting reviews and etc. Once you mark a comment as spam it will send a request to isspammy.com and it will create a record for this mail and marked as spam, so later when the same email is used to post a comment it will block them as a spammer. isspammy.com is commited to keep user email private and only accessible when requested.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002FAbout Us\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Email verification for user registration to protect spam.",5000,332451,90,63,"2026-02-14T03:45:00.000Z","4.1",[53,92,93,94,55],"email-validation","email-verification","hide-login","http:\u002F\u002Fpickplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-verification.zip",87,4,"2026-05-01 15:46:35",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":13,"downloaded":108,"rating":13,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":25,"requires_php":112,"tags":113,"homepage":116,"download_link":117,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"email-otp-authenticator","Email OTP Authenticator – Login, Register, 2FA & Session Lock","6.3.5","cs7.in","https:\u002F\u002Fprofiles.wordpress.org\u002Filvchandan\u002F","\u003Cp>\u003Cstrong>Email OTP Authenticator\u003C\u002Fstrong> is an Authentication & Security plugin designed to simplify WordPress login while strengthening user protection. It replaces traditional passwords with secure OTP verification and adds advanced session protection for better control over user access.\u003C\u002Fp>\n\u003Cp>Built as a modular security system, the plugin operates through three dedicated protection engines while maintaining a fully self-contained architecture without external service dependency.\u003C\u002Fp>\n\u003Ch3>Delivering these key benefits:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Reduce login friction\u003C\u002Fli>\n\u003Cli>Increase signup conversions\u003C\u002Fli>\n\u003Cli>Reduce password reset requests\u003C\u002Fli>\n\u003Cli>Strengthen multi-layered website security\u003C\u002Fli>\n\u003Cli>Enhance user trust with secure authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed to make WordPress authentication faster, smarter and more secure.\u003C\u002Fp>\n\u003Ch3>Core Security Architecture\u003C\u002Fh3>\n\u003Cp>The plugin is engineered around three dedicated security engines:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Access Engine\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Handles secure user entry through passwordless authentication.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* OTP Login\u003Cbr \u002F>\n* OTP Registration\u003Cbr \u002F>\n* Guest Verification\u003Cbr \u002F>\n* Email authorization\u003Cbr \u002F>\n* Fast Authentication Flow\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Validation Engine\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Adds identity confirmation and verification controls.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* New Device detection\u003Cbr \u002F>\n* Auto-popup with UI lock\u003Cbr \u002F>\n* Parallel login validation\u003Cbr \u002F>\n* Two-Factor Authentication\u003Cbr \u002F>\n* Login Validity Enforcement\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Engine\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Protects active sessions and detects abnormal activity.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Dynamic Session Shield\u003Cbr \u002F>\n* Session Validity Check\u003Cbr \u002F>\n* Session Inactivity Lock\u003Cbr \u002F>\n* Adaptive 2FA Enforcement\u003Cbr \u002F>\n* Suspicious Activity Guard\u003C\u002Fp>\n\u003Ch3>Key Highlights\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Login & Signup\u003C\u002Fstrong> – Instant, easy, and password-free; Login & signup with OTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Two-Factor Authentication\u003C\u002Fstrong> – Additional identity protection layer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Verified Access Control\u003C\u002Fstrong> – Verify users without login for access to restricted pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dynamic Session Shield\u003C\u002Fstrong> – Intelligent session protection engine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero External Dependency\u003C\u002Fstrong> – Works without third-party services.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Vanilla JavaScript Engine\u003C\u002Fstrong> – No jQuery dependency.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Integration Options\u003C\u002Fstrong> – Add authentication anywhere.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Admin Control\u003C\u002Fstrong> – Fine-tune authentication behavior.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Interface System\u003C\u002Fstrong> – Attractive ready-to-use templates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – Optimized for performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Flexible Integration Options\u003C\u002Fh3>\n\u003Cp>Add authentication forms anywhere on your website using simple integration methods.\u003C\u002Fp>\n\u003Cp>Integration methods include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shortcode integration (auto-popup, popup or inline forms)\u003C\u002Fli>\n\u003Cli>Menu trigger integration (popup forms)\u003C\u002Fli>\n\u003Cli>Redirect support for auto-popup & inline form pages\u003C\u002Fli>\n\u003Cli>Multiple forms on the same page\u003C\u002Fli>\n\u003Cli>Easy setup without coding complexity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in Templates\u003C\u002Fh3>\n\u003Cp>Attractive 27 ready-to-use templates with auto-popup, popup and inline support.\u003C\u002Fp>\n\u003Cp>Easy-to-apply modern designs that match your website style, with options to customize pre-built templates or create your own.\u003C\u002Fp>\n\u003Ch3>Complete Admin Control\u003C\u002Fh3>\n\u003Cp>Customize authentication behavior, layout options, security restrictions and verification rules with ease. Admins gain complete control over user access and interaction across the website.\u003C\u002Fp>\n\u003Ch3>Zero External Dependency\u003C\u002Fh3>\n\u003Cp>Run a complete authentication system without relying on any third-party services.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full data control\u003C\u002Fli>\n\u003Cli>Standalone operation\u003C\u002Fli>\n\u003Cli>No external APIs required\u003C\u002Fli>\n\u003Cli>Self-hosted OTP processing\u003C\u002Fli>\n\u003Cli>Reliable authentication flow\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Modern Architecture\u003C\u002Fh3>\n\u003Cp>Built using modern development practices:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vanilla JavaScript implementation (no jQuery)\u003C\u002Fli>\n\u003Cli>Optimized settings storage\u003C\u002Fli>\n\u003Cli>Secure token validation\u003C\u002Fli>\n\u003Cli>Lightweight execution flow\u003C\u002Fli>\n\u003Cli>Improved performance structure\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cp>This plugin is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Membership websites\u003C\u002Fli>\n\u003Cli>WooCommerce stores\u003C\u002Fli>\n\u003Cli>SaaS dashboards\u003C\u002Fli>\n\u003Cli>Community platforms\u003C\u002Fli>\n\u003Cli>Agencies managing client websites\u003C\u002Fli>\n\u003Cli>Developers needing flexible authentication\u003C\u002Fli>\n\u003Cli>Beginners and small websites needing simple security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed to scale from beginner websites to enterprise environments.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Works smoothly with popular WordPress tools:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>MemberPress\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>ProfileGrid\u003C\u002Fli>\n\u003Cli>ProfilePress\u003C\u002Fli>\n\u003Cli>User Registration\u003C\u002Fli>\n\u003Cli>WP User Manager\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>RegistrationMagic\u003C\u002Fli>\n\u003Cli>Forminator\u003C\u002Fli>\n\u003Cli>Login\u002FSignup Popup plugins\u003C\u002Fli>\n\u003Cli>And many more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose This Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FAST – Quick OTP authentication process\u003C\u002Fli>\n\u003Cli>FRIENDLY – Simple user experience\u003C\u002Fli>\n\u003Cli>SMART – Intelligent access handling\u003C\u002Fli>\n\u003Cli>SMOOTH – Clean UI integration\u003C\u002Fli>\n\u003Cli>SECURED – Strong authentication protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Feedback helps improve this plugin.\u003Cbr \u002F>\nSend suggestions or issues to:\u003Cbr \u002F>\n\u003Ca href=\"mailto:Mr.Chandan.Shrivastava@gmail.com\" rel=\"nofollow ugc\">Mr.Chandan.Shrivastava@gmail.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>This is the Lite version with advanced features included for exploration.\u003C\u002Fp>\n","An advanced OTP-powered plugin for Login, Registration, 2FA Protection and Dynamic Session Security. It is FAST, FRIENDLY, SMART, SMOOTH & SECURE.",9086,11,"2026-03-27T19:47:00.000Z","7.0","7.3",[53,54,55,114,115],"session-security","wordpress-2fa","https:\u002F\u002Feotpa.cs7.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-otp-authenticator.6.3.5.zip",{"slug":119,"name":120,"version":6,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":36,"downloaded":125,"rating":126,"num_ratings":14,"last_updated":127,"tested_up_to":69,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":25,"download_link":131,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"email-otp-login","Email OTP Login","Tushar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fricheal\u002F","\u003Cp>Email OTP Login adds an additional layer of security to your WordPress site by requiring users to verify an OTP sent to their email after entering their username and password. This ensures that only users with access to the registered email can log in.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email OTP verification during \u003Cstrong>login\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>OTP expires in 5 minutes (configurable).\u003C\u002Fli>\n\u003Cli>OTP stored securely using WordPress password hashing.\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login form.\u003C\u002Fli>\n\u003Cli>Uses WordPress built-in \u003Ccode>wp_mail()\u003C\u002Fcode> function (works with SMTP plugins).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does \u003Cstrong>not modify WordPress core files\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 or later.\u003C\u002Fp>\n\u003Cp>This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Adds OTP (One-Time Password) verification after login for enhanced security in WordPress. OTP is sent to the user's email.",469,60,"2025-08-29T18:30:00.000Z","6.3",[93,22,23,130,56],"security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-otp-login.1.0.0.zip",{"attackSurface":133,"codeSignals":215,"taintFlows":227,"riskAssessment":436,"analyzedAt":444},{"hooks":134,"ajaxHandlers":186,"restRoutes":205,"shortcodes":206,"cronEvents":211,"entryPointCount":214,"unprotectedCount":27},[135,141,145,149,154,159,163,167,170,174,179,182],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","add_settings_page","includes\u002Fclass-admin-settings.php",56,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_init","register_settings",57,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_enqueue_scripts","enqueue_admin_assets",58,{"type":136,"name":150,"callback":151,"file":152,"line":153},"onecode_login_cleanup","cleanup_expired","includes\u002Fclass-code-handler.php",67,{"type":136,"name":155,"callback":156,"file":157,"line":158},"init","register_block","includes\u002Fclass-gutenberg-block.php",52,{"type":136,"name":160,"callback":161,"file":157,"line":162},"enqueue_block_editor_assets","enqueue_editor_assets",53,{"type":136,"name":155,"callback":164,"file":165,"line":166},"handle_magic_link","includes\u002Fclass-login-handler.php",68,{"type":136,"name":150,"callback":151,"file":168,"line":169},"includes\u002Fclass-rate-limiter.php",91,{"type":136,"name":171,"callback":172,"file":173,"line":148},"login_init","maybe_replace_login","includes\u002Fclass-wp-login-integration.php",{"type":175,"name":176,"callback":177,"priority":11,"file":173,"line":178},"filter","login_url","filter_login_url",59,{"type":136,"name":180,"callback":181,"file":173,"line":126},"wp_logout","redirect_after_logout",{"type":136,"name":183,"callback":184,"file":185,"line":37},"wp_enqueue_scripts","enqueue_frontend_assets","onecode-login.php",[187,192,194,198,199,203],{"action":188,"nopriv":189,"callback":190,"hasNonce":191,"hasCapCheck":189,"file":165,"line":126},"onecode_login_send_code",false,"ajax_send_code",true,{"action":188,"nopriv":191,"callback":190,"hasNonce":191,"hasCapCheck":189,"file":165,"line":193},61,{"action":195,"nopriv":189,"callback":196,"hasNonce":191,"hasCapCheck":189,"file":165,"line":197},"onecode_login_verify_code","ajax_verify_code",62,{"action":195,"nopriv":191,"callback":196,"hasNonce":191,"hasCapCheck":189,"file":165,"line":88},{"action":200,"nopriv":189,"callback":201,"hasNonce":191,"hasCapCheck":189,"file":165,"line":202},"onecode_login_resend_code","ajax_resend_code",64,{"action":200,"nopriv":191,"callback":201,"hasNonce":191,"hasCapCheck":189,"file":165,"line":204},65,[],[207],{"tag":208,"callback":209,"file":210,"line":126},"onecode_login","render","includes\u002Fclass-shortcode.php",[212],{"hook":150,"callback":150,"file":185,"line":213},278,7,{"dangerousFunctions":216,"sqlUsage":217,"outputEscaping":220,"fileOperations":27,"externalRequests":27,"nonceChecks":33,"capabilityChecks":14,"bundledLibraries":226},[],{"prepared":218,"raw":27,"locations":219},23,[],{"escaped":221,"rawEcho":14,"locations":222},240,[223],{"file":173,"line":224,"context":225},148,"raw output",[],[228,245,254,296,335,346,377],{"entryPoint":229,"graph":230,"unsanitizedCount":14,"severity":244},"render_login_page (includes\u002Fclass-wp-login-integration.php:104)",{"nodes":231,"edges":242},[232,237],{"id":233,"type":234,"label":235,"file":173,"line":236},"n0","source","$_REQUEST",109,{"id":238,"type":239,"label":240,"file":173,"line":224,"wp_function":241},"n1","sink","echo() [XSS]","echo",[243],{"from":233,"to":238,"sanitized":189},"medium",{"entryPoint":246,"graph":247,"unsanitizedCount":14,"severity":253},"\u003Cclass-wp-login-integration> (includes\u002Fclass-wp-login-integration.php:0)",{"nodes":248,"edges":251},[249,250],{"id":233,"type":234,"label":235,"file":173,"line":236},{"id":238,"type":239,"label":240,"file":173,"line":224,"wp_function":241},[252],{"from":233,"to":238,"sanitized":189},"low",{"entryPoint":255,"graph":256,"unsanitizedCount":33,"severity":295},"handle_magic_link (includes\u002Fclass-login-handler.php:81)",{"nodes":257,"edges":288},[258,260,263,268,271,274,279,282,285],{"id":233,"type":234,"label":259,"file":165,"line":236},"$_GET",{"id":238,"type":261,"label":262,"file":165,"line":236},"transform","→ is_limited()",{"id":264,"type":239,"label":265,"file":168,"line":266,"wp_function":267},"n2","get_var() [SQLi]",125,"get_var",{"id":269,"type":234,"label":259,"file":165,"line":270},"n3",114,{"id":272,"type":261,"label":273,"file":165,"line":270},"n4","→ verify_magic_link_token()",{"id":275,"type":239,"label":276,"file":152,"line":277,"wp_function":278},"n5","get_row() [SQLi]",393,"get_row",{"id":280,"type":234,"label":259,"file":165,"line":281},"n6",117,{"id":283,"type":261,"label":284,"file":165,"line":281},"n7","→ record_attempt()",{"id":286,"type":239,"label":276,"file":168,"line":287,"wp_function":278},"n8",155,[289,290,291,292,293,294],{"from":233,"to":238,"sanitized":189},{"from":238,"to":264,"sanitized":189},{"from":269,"to":272,"sanitized":189},{"from":272,"to":275,"sanitized":189},{"from":280,"to":283,"sanitized":189},{"from":283,"to":286,"sanitized":189},"high",{"entryPoint":297,"graph":298,"unsanitizedCount":334,"severity":295},"ajax_send_code (includes\u002Fclass-login-handler.php:159)",{"nodes":299,"edges":325},[300,303,304,305,307,309,311,313,315,317,321,323],{"id":233,"type":234,"label":301,"file":165,"line":302},"$_POST",209,{"id":238,"type":261,"label":262,"file":165,"line":302},{"id":264,"type":239,"label":265,"file":168,"line":266,"wp_function":267},{"id":269,"type":234,"label":301,"file":165,"line":306},210,{"id":272,"type":261,"label":308,"file":165,"line":306},"→ get_lockout_remaining()",{"id":275,"type":239,"label":265,"file":168,"line":310,"wp_function":267},249,{"id":280,"type":234,"label":301,"file":165,"line":312},223,{"id":283,"type":261,"label":314,"file":165,"line":312},"→ get_cooldown_remaining()",{"id":286,"type":239,"label":265,"file":152,"line":316,"wp_function":267},279,{"id":318,"type":234,"label":319,"file":165,"line":320},"n9","$_POST (x2)",250,{"id":322,"type":261,"label":284,"file":165,"line":320},"n10",{"id":324,"type":239,"label":276,"file":168,"line":287,"wp_function":278},"n11",[326,327,328,329,330,331,332,333],{"from":233,"to":238,"sanitized":189},{"from":238,"to":264,"sanitized":189},{"from":269,"to":272,"sanitized":189},{"from":272,"to":275,"sanitized":189},{"from":280,"to":283,"sanitized":189},{"from":283,"to":286,"sanitized":189},{"from":318,"to":322,"sanitized":189},{"from":322,"to":324,"sanitized":189},5,{"entryPoint":336,"graph":337,"unsanitizedCount":14,"severity":295},"ajax_resend_code (includes\u002Fclass-login-handler.php:330)",{"nodes":338,"edges":343},[339,341,342],{"id":233,"type":234,"label":301,"file":165,"line":340},367,{"id":238,"type":261,"label":314,"file":165,"line":340},{"id":264,"type":239,"label":265,"file":152,"line":316,"wp_function":267},[344,345],{"from":233,"to":238,"sanitized":189},{"from":238,"to":264,"sanitized":189},{"entryPoint":347,"graph":348,"unsanitizedCount":98,"severity":295},"ajax_verify_code (includes\u002Fclass-login-handler.php:417)",{"nodes":349,"edges":368},[350,352,353,354,356,357,358,360,362,364,366,367],{"id":233,"type":234,"label":301,"file":165,"line":351},461,{"id":238,"type":261,"label":262,"file":165,"line":351},{"id":264,"type":239,"label":265,"file":168,"line":266,"wp_function":267},{"id":269,"type":234,"label":301,"file":165,"line":355},462,{"id":272,"type":261,"label":308,"file":165,"line":355},{"id":275,"type":239,"label":265,"file":168,"line":310,"wp_function":267},{"id":280,"type":234,"label":301,"file":165,"line":359},475,{"id":283,"type":261,"label":361,"file":165,"line":359},"→ verify_code()",{"id":286,"type":239,"label":276,"file":152,"line":363,"wp_function":278},194,{"id":318,"type":234,"label":301,"file":165,"line":365},479,{"id":322,"type":261,"label":284,"file":165,"line":365},{"id":324,"type":239,"label":276,"file":168,"line":287,"wp_function":278},[369,370,371,372,373,374,375,376],{"from":233,"to":238,"sanitized":189},{"from":238,"to":264,"sanitized":189},{"from":269,"to":272,"sanitized":189},{"from":272,"to":275,"sanitized":189},{"from":280,"to":283,"sanitized":189},{"from":283,"to":286,"sanitized":189},{"from":318,"to":322,"sanitized":189},{"from":322,"to":324,"sanitized":189},{"entryPoint":378,"graph":379,"unsanitizedCount":435,"severity":295},"\u003Cclass-login-handler> (includes\u002Fclass-login-handler.php:0)",{"nodes":380,"edges":418},[381,382,383,384,385,386,387,388,389,390,391,392,393,395,397,399,401,403,405,408,410,412,414,416],{"id":233,"type":234,"label":259,"file":165,"line":236},{"id":238,"type":261,"label":262,"file":165,"line":236},{"id":264,"type":239,"label":265,"file":168,"line":266,"wp_function":267},{"id":269,"type":234,"label":259,"file":165,"line":270},{"id":272,"type":261,"label":273,"file":165,"line":270},{"id":275,"type":239,"label":276,"file":152,"line":277,"wp_function":278},{"id":280,"type":234,"label":259,"file":165,"line":281},{"id":283,"type":261,"label":284,"file":165,"line":281},{"id":286,"type":239,"label":276,"file":168,"line":287,"wp_function":278},{"id":318,"type":234,"label":319,"file":165,"line":302},{"id":322,"type":261,"label":262,"file":165,"line":302},{"id":324,"type":239,"label":265,"file":168,"line":266,"wp_function":267},{"id":394,"type":234,"label":319,"file":165,"line":306},"n12",{"id":396,"type":261,"label":308,"file":165,"line":306},"n13",{"id":398,"type":239,"label":265,"file":168,"line":310,"wp_function":267},"n14",{"id":400,"type":234,"label":319,"file":165,"line":312},"n15",{"id":402,"type":261,"label":314,"file":165,"line":312},"n16",{"id":404,"type":239,"label":265,"file":152,"line":316,"wp_function":267},"n17",{"id":406,"type":234,"label":407,"file":165,"line":320},"n18","$_POST (x3)",{"id":409,"type":261,"label":284,"file":165,"line":320},"n19",{"id":411,"type":239,"label":276,"file":168,"line":287,"wp_function":278},"n20",{"id":413,"type":234,"label":301,"file":165,"line":359},"n21",{"id":415,"type":261,"label":361,"file":165,"line":359},"n22",{"id":417,"type":239,"label":276,"file":152,"line":363,"wp_function":278},"n23",[419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434],{"from":233,"to":238,"sanitized":189},{"from":238,"to":264,"sanitized":189},{"from":269,"to":272,"sanitized":189},{"from":272,"to":275,"sanitized":189},{"from":280,"to":283,"sanitized":189},{"from":283,"to":286,"sanitized":189},{"from":318,"to":322,"sanitized":189},{"from":322,"to":324,"sanitized":189},{"from":394,"to":396,"sanitized":189},{"from":396,"to":398,"sanitized":189},{"from":400,"to":402,"sanitized":189},{"from":402,"to":404,"sanitized":189},{"from":406,"to":409,"sanitized":189},{"from":409,"to":411,"sanitized":189},{"from":413,"to":415,"sanitized":189},{"from":415,"to":417,"sanitized":189},13,{"summary":437,"deductions":438},"The \"onecode-login\" plugin v1.0.0 exhibits a generally good security posture regarding common WordPress vulnerabilities.  The code analysis shows excellent practices with 100% of SQL queries using prepared statements and all output being properly escaped.  Furthermore, there are no dangerous functions, file operations, or external HTTP requests detected.  The presence of nonce and capability checks on entry points is also a positive sign. However, the taint analysis reveals a significant concern: all 7 analyzed flows have unsanitized paths, with 5 classified as high severity. This indicates that data processed by the plugin might not be sufficiently validated or cleansed, potentially leading to unexpected behavior or vulnerabilities if that data is user-controlled or originates from an untrusted source.  The plugin also has no recorded vulnerability history, which is a strong positive, suggesting a history of secure development or a lack of past exploitation. Despite the promising foundation, the high number of unsanitized taint flows is a notable weakness that requires careful investigation and remediation.",[439,442],{"reason":440,"points":441},"High severity unsanitized taint flows",15,{"reason":443,"points":11},"Unsanitized paths in all taint flows","2026-04-16T12:05:42.643Z",{"wat":446,"direct":455},{"assetPaths":447,"generatorPatterns":450,"scriptPaths":451,"versionParams":452},[448,449],"\u002Fwp-content\u002Fplugins\u002Fonecode-login\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fonecode-login\u002Fassets\u002Fjs\u002Ffrontend.js",[],[449],[453,454],"onecode-login.css?ver=","frontend.js?ver=",{"cssClasses":456,"htmlComments":457,"htmlAttributes":458,"restEndpoints":463,"jsGlobals":464,"shortcodeOutput":466},[],[],[459,460,461,462],"data-action-type=\"login_code\"","data-action-type=\"login_code_resend\"","data-action-type=\"login_code_verify\"","data-action-type=\"magic_link_request\"",[],[465],"onecodeLogin",[],{"error":191,"url":468,"statusCode":469,"statusMessage":470,"message":470},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fonecode-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":472},[]]