[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4C1vCXiG2eYRnNwcYXRelyOaDVU2YeU1G2sH562CBzw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":133,"fingerprints":254},"passwordlessi","PasswordleSSI","1.0.0","sideosgmbh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsideosgmbh\u002F","\u003Cp>This plugin allows passwordless login for Worpdress using SSI as a decentralized technology. Sideos has deployed a proxy service for you to use with your WordPress Instance. If you wish to use your own server, check the documentation on how to deploy your own SSI service integration.\u003Cbr \u002F>\nHere you can see a document that explain step by step how to do it\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fraspilab.org\u002Fallgemein\u002Fwordpress-login-mit-qr-code\u002F#more-1853\" rel=\"nofollow ugc\">Auf Deutsch\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdocs.sideos.io\u002Fdoc\u002Fpasswordlessi\" rel=\"nofollow ugc\">In English\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Passwordless login for Worpress powered by Self Sovereign Identity and Sideos Gmbh\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsideos-publicimages.s3.eu-west-1.amazonaws.com\u002Fassets\u002Fpowered.png\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds a QRCode on the login page to scan for log in\u003C\u002Fli>\n\u003Cli>Ability to send credentials to users, using their email as ID\u003C\u002Fli>\n\u003Cli>Ability to give credentials based on the domain e.g. email-domain is the key to allow login\u003C\u002Fli>\n\u003Cli>Ability to disable completely the username\u002Fpassword submission to avoid possible brute force attacks\u003C\u002Fli>\n\u003Cli>Ability to enable-disable username\u002Fpassword via http post secure call\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disable Username\u002FPassword submit\u003C\u002Fh3>\n\u003Cp>The plug in has a checkbox that when checked, disable the submission of the login page. This is useful to allow only login via the PasswordleSSI plugin. If you want to enable the feature back, you can use the REST API endpoint, and use the Juno Token as a header token to reset the status. After the call you can login again with Username\u002FPassword.\u003C\u002Fp>\n\u003Cp>The CURL command is the following:\u003Cbr \u002F>\n    curl -d ‘{}’ -H “X-Token: ” -H “Content-Type: application\u002Fjson” -X POST \u002Fwp-json\u002Fsideos-ssi\u002Fv1\u002Fenable“\u003Cbr \u002F>\nReplace  with the token you have in the options, and  with the instance of your WordPress website.\u003C\u002Fp>\n","This plugin allows passwordless login for Worpdress using SSI as a decentralized technology. Sideos has deployed a proxy service for you to use with y &hellip;",0,630,"2023-03-01T15:32:00.000Z","6.1.10","6.0","5.6",[18,19,20,21,22],"authentication","login","passwordless","qrcode-login","ssi","https:\u002F\u002Fgithub.com\u002Fsideos\u002Fwp-ssi-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswordlessi.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T23:10:41.177Z",[35,59,79,98,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":30,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"sessions","Sessions","3.3.0","Pierre Lannoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpierrelannoy\u002F","\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is a powerful sessions manager for WordPress with a multi-criteria sessions limiter and full analytics reporting about logins, logouts and account creation. It relies on the standard WordPress sessions manager and add it extra features and controls.\u003C\u002Fp>\n\u003Cp>You can limit concurrent sessions, on a per role basis for the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>count per user;\u003C\u002Fli>\n\u003Cli>count per IP adresses;\u003C\u002Fli>\n\u003Cli>count per country (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-locator\u002F\" rel=\"ugc\">IP Locator\u003C\u002Fa> plugin);\u003C\u002Fli>\n\u003Cli>count per device classes and types, client types, browser or OS (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevice-detector\u002F\" rel=\"ugc\">Device Detector\u003C\u002Fa> plugin).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each roles defined on your site, you can also block login based on private\u002Fpublic IP ranges, and define idle times for sessions auto-termination.\u003C\u002Fp>\n\u003Cp>You can also set a maximum number of IPs used for each user – useful to limit credential sharing between many people.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> can report the following main items and metrics:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>KPIs: login success, active sessions, cleaned sessions, active users, turnover and spam sessions;\u003C\u002Fli>\n\u003Cli>active and cleaned sessions details;\u003C\u002Fli>\n\u003Cli>users and sessions variations;\u003C\u002Fli>\n\u003Cli>moves distribution;\u003C\u002Fli>\n\u003Cli>login\u002Flogout breakdowns;\u003C\u002Fli>\n\u003Cli>password resets;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> supports a set of WP-CLI commands to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>manage WordPress active sessions (list, kill) – see \u003Ccode>wp help sessions active\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>toggle on\u002Foff main settings – see \u003Ccode>wp help sessions settings\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>modify operations mode – see \u003Ccode>wp help sessions mode\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>display sessions and accounts statistics – see \u003Ccode>wp help sessions analytics\u003C\u002Fcode> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a full help on WP-CLI commands in Sessions, please \u003Ca href=\"https:\u002F\u002Fperfops.one\u002Fsessions-wpcli\" rel=\"nofollow ugc\">read this guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is part of \u003Ca href=\"https:\u002F\u002Fperfops.one\u002F\" rel=\"nofollow ugc\">PerfOps One\u003C\u002Fa>, a suite of free and open source WordPress plugins dedicated to observability and operations performance.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Sessions\u003C\u002Fstrong> is a free and open source plugin for WordPress. It integrates many other free and open source works (as-is or modified). Please, see ‘about’ tab in the plugin settings to see the details.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>This plugin is free and provided without warranty of any kind. Use it at your own risk, I’m not responsible for any improper use of this plugin, nor for any damage it might cause to your site. Always backup all your data before installing a new plugin.\u003C\u002Fp>\n\u003Cp>Anyway, I’ll be glad to help you if you encounter issues when using this plugin. Just use the support section of this plugin page.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin, as any piece of software, is neither compliant nor non-compliant with privacy laws and regulations. It is your responsibility to use it – by activating the corresponding options or services – with respect for the personal data of your users and applicable laws.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t set any cookie in the user’s browser.\u003C\u002Fp>\n\u003Cp>This plugin may handle personally identifiable information (PII). If the GDPR or CCPA or similar regulation applies to your case, you must adapt your processes (consent management, security measure, treatment register, etc.).\u003C\u002Fp>\n\u003Ch4>Donation\u003C\u002Fh4>\n\u003Cp>If you like this plugin or find it useful and want to thank me for the work done, please consider making a donation to \u003Ca href=\"https:\u002F\u002Fwww.laquadrature.net\u002Fen\" rel=\"nofollow ugc\">La Quadrature Du Net\u003C\u002Fa> or the \u003Ca href=\"https:\u002F\u002Fwww.eff.org\u002F\" rel=\"nofollow ugc\">Electronic Frontier Foundation\u003C\u002Fa> which are advocacy groups defending the rights and freedoms of citizens on the Internet. By supporting them, you help the daily actions they perform to defend our fundamental freedoms!\u003C\u002Fp>\n","Powerful sessions manager for WordPress with sessions limiter and full analytics reporting capabilities.",900,23786,96,8,"2025-11-22T10:58:00.000Z","6.9.4","6.2","8.1",[18,19,52,53,54],"protection","role","session","https:\u002F\u002Fperfops.one\u002Fsessions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsessions.3.3.0.zip",99,"2025-08-22 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":31,"downloaded":67,"rating":11,"num_ratings":11,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"keyless-auth","Keyless Auth – Login without Passwords","3.2.4","Chris Martens","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrmrtns\u002F","\u003Cp>Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.\u003C\u002Fp>\n\u003Ch4>Why Choose Keyless Auth?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: No more weak, reused, or compromised passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better User Experience\u003C\u002Fstrong>: One click instead of remembering complex passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduced Support\u003C\u002Fstrong>: Eliminate “forgot password” requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication\u003C\u002Fstrong>: Enterprise-grade security used by Slack, Medium, and others\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening\u003C\u002Fstrong>: Built-in protection against brute force attacks and username enumeration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Start\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Create a new page and add the shortcode \u003Ccode>[keyless-auth]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Configure email templates in \u003Cstrong>Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Templates\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Done! Users can now login passwordlessly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Ready to Use\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Magic Link Authentication\u003C\u002Fstrong> – Secure, one-time login links via email\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication (2FA)\u003C\u002Fstrong> – Complete TOTP support with Google Authenticator\u003Cbr \u002F>\n* \u003Cstrong>Role-Based 2FA\u003C\u002Fstrong> – Require 2FA for specific user roles (admins, editors, etc.)\u003Cbr \u002F>\n* \u003Cstrong>Custom 2FA Setup URLs\u003C\u002Fstrong> – Direct users to branded frontend 2FA setup pages\u003Cbr \u002F>\n* \u003Cstrong>SMTP Integration\u003C\u002Fstrong> – Reliable email delivery through your mail server\u003Cbr \u002F>\n* \u003Cstrong>Email Templates\u003C\u002Fstrong> – Professional, customizable login emails\u003Cbr \u002F>\n* \u003Cstrong>Mail Logging\u003C\u002Fstrong> – Track all sent emails with delivery status\u003Cbr \u002F>\n* \u003Cstrong>Custom Database Tables\u003C\u002Fstrong> – Scalable architecture with dedicated audit logs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Token Security\u003C\u002Fstrong>: 10-minute expiration, single-use tokens\u003Cbr \u002F>\n* \u003Cstrong>Audit Logging\u003C\u002Fstrong>: IP addresses, device types, login attempts\u003Cbr \u002F>\n* \u003Cstrong>Emergency Mode\u003C\u002Fstrong>: Grace period system with admin controls\u003Cbr \u002F>\n* \u003Cstrong>Secure Storage\u003C\u002Fstrong>: SMTP credentials in wp-config.php option\u003Cbr \u002F>\n* \u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>: Block brute force attacks via XML-RPC interface\u003Cbr \u002F>\n* \u003Cstrong>Application Passwords Control\u003C\u002Fstrong>: Disable programmatic authentication when not needed\u003Cbr \u002F>\n* \u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>: Block username discovery attacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>WYSIWYG Email Editor\u003C\u002Fstrong>: Full HTML support with live preview\u003Cbr \u002F>\n* \u003Cstrong>Advanced Color Controls\u003C\u002Fstrong>: Hex, RGB, HSL color formats\u003Cbr \u002F>\n* \u003Cstrong>Template System\u003C\u002Fstrong>: German, English, and custom templates\u003Cbr \u002F>\n* \u003Cstrong>Branding Options\u003C\u002Fstrong>: Custom sender names and professional styling\u003C\u002Fp>\n\u003Ch4>Installation & Setup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic Installation\u003C\u002Fstrong>\u003Cbr \u002F>\n1. WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003Cbr \u002F>\n2. Search for “Keyless Auth”\u003Cbr \u002F>\n3. Install and activate\u003Cbr \u002F>\n4. Add [keyless-auth] shortcode to any page\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SMTP Configuration (Recommended)\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Navigate to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> SMTP\u003Cbr \u002F>\n2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)\u003Cbr \u002F>\n3. Test email delivery\u003Cbr \u002F>\n4. Save settings\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication Setup\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Go to Keyless Auth \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Options\u003Cbr \u002F>\n2. Enable “Two-Factor Authentication”\u003Cbr \u002F>\n3. Select required user roles\u003Cbr \u002F>\n4. Users scan QR code with authenticator app\u003C\u002Fp>\n\u003Ch4>Email Templates\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Options\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>German Professional\u003C\u002Fstrong>: Sleek German-language template\u003Cbr \u002F>\n* \u003Cstrong>English Simple\u003C\u002Fstrong>: Clean, minimalist design\u003Cbr \u002F>\n* \u003Cstrong>Custom HTML\u003C\u002Fstrong>: Create your own with WYSIWYG editor\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Customization Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Full HTML and CSS support\u003Cbr \u002F>\n* Color picker for buttons and links\u003Cbr \u002F>\n* Responsive email design\u003Cbr \u002F>\n* Live template preview\u003Cbr \u002F>\n* Placeholder system for dynamic content\u003C\u002Fp>\n\u003Ch4>Security & Compliance\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Token Security\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generated using WordPress security standards\u003Cbr \u002F>\n* Based on user ID, timestamp, and wp-config.php salt\u003Cbr \u002F>\n* 10-minute expiration with single-use enforcement\u003Cbr \u002F>\n* Secure database storage with automatic cleanup\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\n* TOTP-based system compatible with Google Authenticator, Authy\u003Cbr \u002F>\n* Role-based requirements for granular control\u003Cbr \u002F>\n* Grace period system for smooth user transitions\u003Cbr \u002F>\n* Custom verification forms with professional styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom tables for optimal performance\u003Cbr \u002F>\n* Comprehensive audit logging\u003Cbr \u002F>\n* Device tracking and IP monitoring\u003Cbr \u002F>\n* Automatic maintenance and cleanup routines\u003C\u002Fp>\n\u003Ch4>Security Hardening\u003C\u002Fh4>\n\u003Cp>Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Disable\u003C\u002Fstrong>\u003Cbr \u002F>\n* Prevents brute force attacks via WordPress XML-RPC interface\u003Cbr \u002F>\n* Reduces attack surface by disabling legacy API\u003Cbr \u002F>\n* Recommended for sites not using Jetpack, mobile apps, or pingbacks\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Application Passwords Control\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable REST API and XML-RPC authentication when programmatic access isn’t needed\u003Cbr \u002F>\n* Prevents unauthorized API access\u003Cbr \u002F>\n* Recommended for simple sites without third-party integrations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Enumeration Prevention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks REST API user endpoints (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>)\u003Cbr \u002F>\n* Redirects author archives and \u003Ccode>?author=N\u003C\u002Fcode> queries\u003Cbr \u002F>\n* Removes login error messages that reveal usernames\u003Cbr \u002F>\n* Strips comment author CSS classes\u003Cbr \u002F>\n* Removes author data from oEmbed responses\u003Cbr \u002F>\n* Recommended for business\u002Fcorporate sites without author profiles\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits\u003C\u002Fstrong>\u003Cbr \u002F>\n* Combined protection against brute force attacks\u003Cbr \u002F>\n* Prevents username discovery for targeted attacks\u003Cbr \u002F>\n* Reduces unauthorized API access\u003Cbr \u002F>\n* Easy to configure without code or .htaccess modifications\u003Cbr \u002F>\n* All features include comprehensive documentation\u003Cbr \u002F>\n* FTP recovery available if needed\u003C\u002Fp>\n\u003Ch4>SMTP & Email Delivery\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supported Providers\u003C\u002Fstrong>\u003Cbr \u002F>\n* Gmail \u002F Google Workspace\u003Cbr \u002F>\n* Outlook \u002F Microsoft 365\u003Cbr \u002F>\n* Mailgun, SendGrid, Amazon SES\u003Cbr \u002F>\n* Any SMTP-compatible service\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Email Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Message-ID domain alignment for deliverability\u003Cbr \u002F>\n* SPF\u002FDKIM\u002FDMARC compliance\u003Cbr \u002F>\n* Custom sender names and addresses\u003Cbr \u002F>\n* Bulk email log management\u003Cbr \u002F>\n* Delivery status tracking\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Credential Storage\u003C\u002Fstrong>\u003Cbr \u002F>\nStore SMTP credentials securely in wp-config.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('CHRMRTNS_KLA_SMTP_USERNAME', 'your-email@example.com');\ndefine('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Page Integration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Optional magic login field on wp-login.php\u003Cbr \u002F>\n* Seamless integration with existing login flow\u003Cbr \u002F>\n* Toggle control for easy enable\u002Fdisable\u003Cbr \u002F>\n* Clean, responsive form styling\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Shortcode Usage\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ccode>[keyless-auth]\u003C\u002Fcode> anywhere: pages, posts, widgets, or custom templates.\u003C\u002Fp>\n\u003Ch4>Developer Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hooks & Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Customize login redirect:\u003Cbr \u002F>\n    add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);\u003C\u002Fp>\n\u003Cp>Modify email headers:\u003Cbr \u002F>\n    add_filter(‘wpa_email_headers’, ‘custom_email_headers’);\u003C\u002Fp>\n\u003Cp>Change token expiration:\u003Cbr \u002F>\n    add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modular Architecture\u003C\u002Fstrong>\u003Cbr \u002F>\n* Clean, organized class structure\u003Cbr \u002F>\n* Separated concerns for easy maintenance\u003Cbr \u002F>\n* WordPress coding standards compliance\u003Cbr \u002F>\n* Extensive documentation and comments\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong>: 3.9 or higher (tested up to 6.8)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP\u003C\u002Fstrong>: 7.4 or higher\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Delivery\u003C\u002Fstrong>: SMTP recommended for reliability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.",1177,"2025-11-24T22:55:00.000Z","6.8.5","3.9","",[73,18,20,74,75],"2fa","secure-login","smtp","https:\u002F\u002Fgithub.com\u002Fchrmrtns\u002Fkeyless-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyless-auth.3.2.4.zip",100,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":78,"num_ratings":30,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",20,2392,"2022-08-29T22:06:00.000Z","5.8.13","5.5.1","7.3",[18,19,94,20,95],"magiclink","security","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":11,"num_ratings":11,"last_updated":71,"tested_up_to":108,"requires_at_least":109,"requires_php":71,"tags":110,"homepage":112,"download_link":113,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":114},"phpmydirectory","phpMyDirectory","1.1","atdev","https:\u002F\u002Fprofiles.wordpress.org\u002Fatdev\u002F","\u003Cp>The phpMyDirectory WordPress plugin allows wordpress users to log into phpMyDirectory.  The plugin is configured in the WordPress admin area.\u003C\u002Fp>\n\u003Cp>Users only need to log in once and they will be automatically logged into phpMyDirectory.  This allows phpMyDirectory to be used alongside WordPress and for a directory to be easily created for WordPress.\u003C\u002Fp>\n","Allows wordpress users to automatically log into phpMyDirectory.  The sessions are shared and accounts are created automatically if they do not exist.",10,1837,"4.4.34","3.5.2",[18,111,19,54],"directory","http:\u002F\u002Fwww.phpmydirectory.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphpmydirectory.zip","2026-03-15T10:48:56.248Z",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":106,"downloaded":123,"rating":78,"num_ratings":124,"last_updated":71,"tested_up_to":125,"requires_at_least":126,"requires_php":71,"tags":127,"homepage":71,"download_link":131,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":132},"sn-extend-authentication","SN Extend Authentication","1.3","pgautam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpgautam\u002F","\u003Cp>This plugin allows admin to disable anonymous (non authenticated users) browsing of selective posts, pages, feeds or complete WordPress site.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Ch4>WordPress Integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to install\u003C\u002Fli>\n\u003Cli>Plays well with other Plugins\u003C\u002Fli>\n\u003Cli>Supports regular WordPress widgets\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff browsing on specific post\u002Fpages for non authenticated users.\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff browsing for non authenticated users on complete website.\u003C\u002Fli>\n\u003Cli>Site admin can turn on\u002Foff feed reading for non authenticated users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Using the Plugin\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fsnideas.wordpress.com\u002F2013\u002F05\u002F19\u002Fsn-extend-authentication-5-minute-guide\u002F\" rel=\"nofollow ugc\">Configuration Instruction\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>For Advanced Users\u003C\u002Fh3>\n\u003Cp>Advanced users can edit the CSS for post\u002Fpage widget and ‘SN Authentication Settings’ page.\u003C\u002Fp>\n\u003Cp>We would appreciate your views and suggestions to make this plugin more useful. Please mail us at paritoshgautam@hotmail.com\u003C\u002Fp>\n","This plugin allows admin to disable anonymous (non authenticated users) browsing of selective posts, pages, feeds or complete WordPress site.",2410,5,"3.7.41","2.8",[128,129,18,19,130],"access","accessible","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsn-extend-authentication.1.3.zip","2026-03-15T14:44:11.924Z",{"attackSurface":134,"codeSignals":208,"taintFlows":240,"riskAssessment":241,"analyzedAt":253},{"hooks":135,"ajaxHandlers":185,"restRoutes":197,"shortcodes":205,"cronEvents":206,"entryPointCount":207,"unprotectedCount":207},[136,142,145,149,151,155,160,164,168,173,177,181],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","show_user_profile","extra_user_profile_fields","classes\\adminui.php",27,{"type":137,"name":143,"callback":139,"file":140,"line":144},"edit_user_profile",28,{"type":137,"name":146,"callback":147,"file":140,"line":148},"personal_options_update","userMetaDIDSave",29,{"type":137,"name":150,"callback":147,"file":140,"line":31},"edit_user_profile_update",{"type":137,"name":152,"callback":153,"file":154,"line":141},"login_form","ssi_login","classes\\loginform.php",{"type":137,"name":156,"callback":157,"file":158,"line":159},"admin_menu","ssi_options_page","classes\\options.php",230,{"type":137,"name":161,"callback":162,"file":158,"line":163},"admin_init","ssi_settings_fields",231,{"type":137,"name":165,"callback":166,"file":167,"line":87},"rest_api_init","closure","classes\\restapi.php",{"type":137,"name":169,"callback":170,"file":171,"line":172},"admin_enqueue_scripts","admin_scripts","enqueue.php",44,{"type":137,"name":174,"callback":175,"file":171,"line":176},"wp_enqueue_scripts","frontend_scripts",45,{"type":137,"name":178,"callback":179,"file":171,"line":180},"login_enqueue_scripts","login_scripts",46,{"type":137,"name":182,"callback":166,"file":183,"line":184},"login_init","sideoslogin.php",32,[186,191,194],{"action":187,"nopriv":188,"callback":187,"hasNonce":188,"hasCapCheck":188,"file":189,"line":190},"username_login",false,"classes\\loginaction.php",61,{"action":187,"nopriv":192,"callback":187,"hasNonce":188,"hasCapCheck":188,"file":189,"line":193},true,62,{"action":195,"nopriv":188,"callback":195,"hasNonce":188,"hasCapCheck":188,"file":196,"line":180},"send_credential","classes\\sendaction.php",[198],{"namespace":199,"route":200,"methods":201,"callback":203,"permissionCallback":26,"file":167,"line":204},"sideos-ssi\u002Fv1","\u002Fenable",[202],"POST","ssi_enable_submit",21,[],[],4,{"dangerousFunctions":209,"sqlUsage":210,"outputEscaping":212,"fileOperations":11,"externalRequests":238,"nonceChecks":11,"capabilityChecks":238,"bundledLibraries":239},[],{"prepared":11,"raw":11,"locations":211},[],{"escaped":124,"rawEcho":213,"locations":214},13,[215,217,219,220,222,224,226,227,229,230,232,234,236],{"file":189,"line":106,"context":216},"raw output",{"file":189,"line":218,"context":216},38,{"file":189,"line":180,"context":216},{"file":189,"line":221,"context":216},49,{"file":189,"line":223,"context":216},52,{"file":189,"line":225,"context":216},55,{"file":154,"line":87,"context":216},{"file":158,"line":228,"context":216},56,{"file":158,"line":228,"context":216},{"file":196,"line":231,"context":216},12,{"file":196,"line":233,"context":216},33,{"file":196,"line":235,"context":216},35,{"file":196,"line":237,"context":216},40,2,[],[],{"summary":242,"deductions":243},"The \"passwordlessi\" v1.0.0 plugin exhibits a concerning security posture due to a significant portion of its entry points lacking proper authentication and authorization checks. All identified AJAX handlers and REST API routes are unprotected, exposing them to potential unauthorized access and manipulation. While the code signals indicate no dangerous functions or SQL injection vulnerabilities, and SQL queries are prepared, the lack of output escaping in a significant percentage of outputs (72%) is a weakness that could lead to cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers is a direct invitation for CSRF attacks. The plugin has no recorded vulnerability history, which is a positive indicator, suggesting a lack of past exploitable issues. However, this does not negate the immediate risks identified in the static analysis. The plugin's strengths lie in its use of prepared statements for SQL and the absence of dangerous functions. The major weaknesses are the unprotected attack surface and insufficient output escaping.",[244,246,248,251],{"reason":245,"points":106},"AJAX handlers without auth checks",{"reason":247,"points":106},"REST API routes without permission callbacks",{"reason":249,"points":250},"Low output escaping rate",6,{"reason":252,"points":124},"No nonce checks on AJAX handlers","2026-03-17T07:22:34.612Z",{"wat":255,"direct":264},{"assetPaths":256,"generatorPatterns":261,"scriptPaths":262,"versionParams":263},[257,258,259,260],"\u002Fwp-content\u002Fplugins\u002Fpasswordlessi\u002Fscripts\u002Futility.js","\u002Fwp-content\u002Fplugins\u002Fpasswordlessi\u002Fstyles\u002Fssilogin.css","\u002Fwp-content\u002Fplugins\u002Fpasswordlessi\u002Fscripts\u002Fqrcode.js","\u002Fwp-content\u002Fplugins\u002Fpasswordlessi\u002Fscripts\u002Fssilogin.js",[],[257,259,260],[],{"cssClasses":265,"htmlComments":267,"htmlAttributes":281,"restEndpoints":285,"jsGlobals":287,"shortcodeOutput":289},[266],"ssilogin-qrcode",[268,269,270,271,272,273,274,275,276,272,277,278,279,280],"SSI Passwordless Login powered by Sideos","BEGIN ---DISABLE POST SUBMIT TO AVOID BRUTE FORCE ATTACK","If you selected the option to disable the username\u002Fpassword form, you can\n\tre-enable it by calling the rest API endpoint using the SSI token \n\tin the X-Token header parameter.","END ---DISABLE POST SUBMIT TO AVOID BRUCE FORCE ATTACK","*********************","ENQUEUE SCRIPTS AND STYLES","Translations **************","Styles **************","Utility to manage Ajax functionality **************","REST API TO RE-ENABLE SUBMIT USERAME PASSWORD","You need the SSI token in order to make this happen","SSI Information","Please enter your DID.",[282,283,284],"data-sideos-url","data-challenge","data-token",[286],"\u002Fsideos-ssi\u002Fv1\u002Fenable",[288],"SIDEOS",[]]