[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjHpu3eIgp0IxWt16AeO9YcM63LrZ1vDudbhvc20tDI0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":132,"fingerprints":161},"ozh-simpler-login-url","Ozh' Simpler Login URL","0.1","Ozh","https:\u002F\u002Fprofiles.wordpress.org\u002Fozh\u002F","\u003Cp>Creates a Rewrite Rule that will allow users to log in from the custom URL \u003Ccode>yoursite.com\u002Flogin\u003C\u002Fcode> instead of \u003Ccode>\u002Fwp-login.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>This plugin is an example of one of the many possibilities of WordPress’ Rewrite API. See the whole \u003Ca href=\"http:\u002F\u002Fplanetozh.com\u002Fblog\u002F2011\u002F01\u002Fpretty-login-url-a-simple-rewrite-api-plugin-example\u002F\" rel=\"nofollow ugc\">Rewrite API tutorial\u003C\u002Fa> on Ozh’ blog.\u003C\u002Fp>\n","Creates a Rewrite Rule that will allow users to log in from the custom URL yoursite.com\u002Flogin instead of \u002Fwp-login.php.",100,11637,0,"2014-09-13T16:05:00.000Z","9.9","1.0","",[19,20,21,22,23],"htaccess","login","ozh","rewrite","rewrite-api","http:\u002F\u002Fplanetozh.com\u002Fblog\u002F2011\u002F01\u002Fpretty-login-url-a-simple-rewrite-api-plugin-example\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fozh-simpler-login-url.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":21,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":26,"computed_at":35},27,5470,87,30,"2026-04-04T16:29:59.008Z",[37,55,75,94,114],{"slug":38,"name":39,"version":16,"author":7,"author_profile":8,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":11,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"always-remember-me","Always Remember Me","\u003Cp>Tired of regularly logging in and clicking the “Remember me” checkbox? No more. With this plugin, once\u003Cbr \u002F>\nyou have logged in and until you voluntarily log out, your blog will remember you.\u003C\u002Fp>\n\u003Cp>The ‘Remember Me’ checkbox on the login form will be always checked, and instead of logging you in for 14 days, the expiration is set to one year.\u003C\u002Fp>\n\u003Cp>Related: for your \u003Cem>localhost\u003C\u002Fem> hacking, see plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fno-login\u002F\" rel=\"ugc\">No Login\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>On \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fozh\u002Falways-remember-me\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. I don’t read WordPress support forums.\u003C\u002Fp>\n","Always checked 'Remember Me' checkbox and longer auth cookie expiration. Your blog will remember you.",200,6025,2,"2020-06-07T14:42:00.000Z","5.4.19","3.0","5.6",[50,51,20,21,52],"checkbox","cookie","remember","http:\u002F\u002Fplanetozh.com\u002Fblog\u002Fmy-projects\u002Fwordpress-plugin-always-remember-me-login-checkbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falways-remember-me.zip",{"slug":56,"name":57,"version":16,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":11,"num_ratings":64,"last_updated":65,"tested_up_to":46,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":17,"download_link":72,"security_score":73,"vuln_count":64,"unpatched_count":64,"last_vuln_date":74,"fetched_at":28},"htaccess-ip-blocker","HTACCESS IP Blocker","Taraprasad Swain","https:\u002F\u002Fprofiles.wordpress.org\u002Fswaintara\u002F","\u003Cp>Blocks failed attempted IPs in htaccess\u003C\u002Fp>\n","Blocks failed attempted IPs in htaccess",70,2459,1,"2020-07-21T19:07:00.000Z","5.4","7.0",[69,19,70,71,20],"block","ip","ip-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtaccess-ip-blocker.zip",63,"2025-09-26 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":34,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":47,"requires_php":17,"tags":88,"homepage":92,"download_link":93,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"configurable-hotlink-protection","Configurable Hotlink Protection","0.2","deltafactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeltafactory\u002F","\u003Cp>Save bandwidth by easily blocking links to video, audio, and other files from unapproved 3rd-party sites.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose from a list of common file extensions and include your own\u003C\u002Fli>\n\u003Cli>Allow linking from multiple authorized websites\u003C\u002Fli>\n\u003Cli>Selectively control direct linking\u003C\u002Fli>\n\u003Cli>Generate the rules for your \u003Ccode>.htaccess\u003C\u002Fcode> file with minimal effort\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin modifies the site’s .htaccess file and requires mod_rewrite or compatible modules like \u003Ca href=\"http:\u002F\u002Fwww.helicontech.com\u002Fisapi_rewrite\u002F\" rel=\"nofollow ugc\">ISAPI_rewrite for IIS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>This plugin was inspired by the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwordpress-automatic-image-hotlink-protection\u002F\" rel=\"ugc\">Hotlink Protection\u003C\u002Fa> plugin. There was a need for a more flexible implementation and so this plugin was created.\u003C\u002Fp>\n","Save bandwidth by easily blocking links to video, audio, and other files from unapproved 3rd-party sites. Requires mod_rewrite.",5504,20,4,"2011-08-20T04:07:00.000Z","3.2.1",[89,19,90,91],"hotlink","mod_rewrite","protection","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fconfigurable-hotlink-protection\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconfigurable-hotlink-protection.0.2.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":84,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":112,"download_link":113,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"aspexi-easy-login-url","Aspexi Easy Login URL","1.1.1","Krzysztof Dryja (Aspexi)","https:\u002F\u002Fprofiles.wordpress.org\u002Fcih997\u002F","\u003Cp>Aspexi Easy Login URL:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>changes your url\u002Fwp-login.php URL into your custom string i.e. url\u002Flogin\u003C\u002Fli>\n\u003Cli>changes your url\u002Fwp-login.php?action=register URL into your custom string i.e. url\u002Fregister\u003C\u002Fli>\n\u003Cli>changes your url\u002Fwp-login.php?action=lostpassword URL into your custom string i.e. url\u002Fforgot\u003C\u002Fli>\n\u003Cli>related URLs fix (i.e. on login page) >=3.3.2\u003C\u002Fli>\n\u003Cli>\n\u003Cp>backups original .htaccess file, restore option included\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Not tested on multisite. Use at your own risk.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Not tested on IIS7. Use at your own risk.\u003C\u002Fli>\n\u003Cli>Be careful using this plugin with other which modify .htaccess file\u003C\u002Fli>\n\u003C\u002Ful>\n","Aspexi Easy Login URL changes your url\u002Fwp-login.php URL into your custom string i.e. url\u002Flogin and more (incl. Register and Forgot password links).",4906,74,3,"2012-10-07T20:43:00.000Z","3.4.2","3.1",[109,19,20,110,111],"custom","logout","url","http:\u002F\u002Fdryja.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faspexi-easy-login-url.1.1.1.zip",{"slug":115,"name":116,"version":16,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":67,"tags":126,"homepage":130,"download_link":131,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"fix-htaccess-wpml-language","Fix .htaccess WPML language","David Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Fsultanicq\u002F","\u003Cp>The problem actually comes from certain third-party plugins calling flush_rewrite_rules(true) function too often. This causes WordPress to overwrite .htaccess. However, in some cases, this happens so often, sometimes even on every page request, that it’s called while browsing the front-end in another language.\u003C\u002Fp>\n\u003Cp>When this happens, WPML goes ahead and adds the language folder to home_url as usual. This, however, results with an incorrect RewriteBase in .htaccess and ends up breaking the front-end.\u003C\u002Fp>\n\u003Cp>Additionally, you’ll get a 500 Internal Server Error error.\u003C\u002Fp>\n\u003Cp>And this is what we’ll see in server logs:\u003C\u002Fp>\n\u003Cp>AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace.\u003C\u002Fp>\n","In certain cases, the .htaccess may get overwritten with the language folder.",10,608,"2023-10-30T10:38:00.000Z","6.3.8","4.9",[19,127,128,129],"language","rewriterules","wpml","https:\u002F\u002Fwww.davidgarcia.es","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffix-htaccess-wpml-language.zip",{"attackSurface":133,"codeSignals":145,"taintFlows":152,"riskAssessment":153,"analyzedAt":160},{"hooks":134,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":13,"unprotectedCount":13},[135],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","init","wp_ozh_plu_rewrite","plugin.php",25,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":151},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":13,"rawEcho":13,"locations":150},[],[],[],{"summary":154,"deductions":155},"The static analysis of \"ozh-simpler-login-url\" v0.1 reveals a strong security posture in terms of direct code vulnerabilities. The plugin has no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in zero attack surface points and no unprotected entry points.  Furthermore, the code signals indicate a lack of dangerous functions, with all SQL queries (though none are present in this version) being prepared statements and all outputs being properly escaped. There are no file operations or external HTTP requests, and crucially, no nonces or capability checks are required for any functionality, which suggests a very simple and likely inert operation in the absence of specific vulnerabilities.\n\nThe vulnerability history is also clean, with no recorded CVEs for this plugin. This, combined with the static analysis findings, suggests that the plugin has historically been developed with security in mind or has not been a target for attackers due to its perceived simplicity or lack of features that would present exploitable attack vectors. However, the complete absence of nonces and capability checks, while not an immediate vulnerability in itself given the lack of entry points, represents a potential weakness if the plugin were to be expanded or if its core function (simplifying login URLs) were to introduce any new, albeit minor, interaction points that could be manipulated without proper authorization verification.\n\nIn conclusion, \"ozh-simpler-login-url\" v0.1 presents a very low immediate risk due to its lack of attack surface and clean vulnerability history. The code follows good practices by avoiding dangerous functions and potentially problematic operations. The main area for consideration is the complete absence of authorization checks, which, while not exploited in this version, is a good practice to incorporate even for simple functionalities to ensure future extensibility and maintain a robust security model.",[156,158],{"reason":157,"points":121},"Missing nonce checks",{"reason":159,"points":121},"Missing capability checks","2026-03-16T21:10:49.350Z",{"wat":162,"direct":167},{"assetPaths":163,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[],[],[],[],{"cssClasses":168,"htmlComments":169,"htmlAttributes":170,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":173},[],[],[],[],[],[]]