[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd-Bs7CfSerRh6rY4a1VNbNLCGM0XOVH-yiCYjdZzYLw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":126,"fingerprints":245},"passwordsentry","PasswordSentry","1.0.15","DJ Abrams","https:\u002F\u002Fprofiles.wordpress.org\u002Flionsgate\u002F","\u003Cp>\u003Cstrong>Password Sentry\u003C\u002Fstrong> (PS) is the \u003Cstrong>must-have\u003C\u002Fstrong> application for every membership site! We developed and released Password Sentry in 1999. Password Sentry was groundbreaking as the first application of its kind. Password Sentry continues to be groundbreaking as we grow and re-invent Password Sentry to continue to be the leader in the industry – exceeding anything our competition offers. Password Sentry is an affordable and reliable tool used by thousands of clients to secure and protect thousands of websites from password trading and dictionary \u002F brute force attacks: saving webmasters hundreds or thousands of dollars each year in extra bandwidth, and lost sales. Password Sentry is a free Open Source App.\u003C\u002Fp>\n\u003Cp>WordPress (WP) has become a CMS (Content Management System) for many webmasters. In particular, paysite webmasters who offer paid memberships. To that end, we have seen an explosion of apps and WP plugins that enhance the membership functionality of WP. Our plugin is the perfect fit to WP and those plugins. PasswordSentry Plugin hooks into the WP Login to track and log logins to detect and block password sharing and compromised passwords. The PasswordSentry Plugin protects your members and your WP from hackers trying to access your members WP accounts. It also protects your bottom line if you run a paysite by blocking members from sharing their passwords with others. The PasswordSentry Plugin depends on the Password Sentry App: \u003Ca href=\"https:\u002F\u002Fwww.password-sentry.com\u002F\" title=\"Password Sentry\" rel=\"nofollow ugc\">Password Sentry\u003C\u002Fa>. The Password Sentry App includes a standalone, web-based control panel (PS AdminCP) to manage Password Sentry App and logged WP users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Detect and block password sharing via UserTracking and GeoTracking technology\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Web-based control panel to administer Password Sentry App, and monitor \u002F manage users\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Priority Support [Fee-Based]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> FREE Regular Forum Support\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> FREE updates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Unlimited Domains\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Capability to block logins from specified countries, and\u002For IP addresses\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Monitor and throttle per-user bandwidth\u003C\u002Fp>\n\u003Cp>Before you use this plugin, you must FIRST install the Password Sentry App. Once the Password Sentry App is fully installed and configured, you can then activate and configure the PasswordSentry Plugin. This plugin monitors WP logins, checking for password sharing. If password sharing is detected for a given user, that user is automatically suspended, and you are emailed. Suspended users can either be manually restored via PS AdminCP, or you can setup a cron job to automatically restore suspended users after XX minutes.\u003C\u002Fp>\n","Secure WordPress by detecting shared passwords, and blocking password sharing. The plugin integrates Password Sentry app into WP to track logins.",10,3779,100,1,"2024-10-04T15:44:00.000Z","6.6.5","5.7.2","5.6",[20,21,22,23,24],"access-control","login","login-security","protection","security","https:\u002F\u002Fwww.password-sentry.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswordsentry.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"lionsgate",30,88,"2026-04-04T03:38:33.433Z",[38,60,78,94,111],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":53,"download_link":58,"security_score":13,"vuln_count":14,"unpatched_count":28,"last_vuln_date":59,"fetched_at":30},"cartpauj-register-captcha","Cartpauj Register Captcha","2.0.1","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress’s default registration form. There are no settings to configure. Just activate and watch those SPAM sign-ups fade away! Requires openssl PHP library.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds CAPTCHA to the WordPress register sign-up form.\u003C\u002Fli>\n\u003Cli>NO settings or configurations to deal with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>Built with a modified version of Phoca Captcha PHP library\u003Cbr \u002F>\nIcon by \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\u002Fauthors\u002Ffreepik\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa>\u003C\u002Fp>\n","Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.",1000,38872,84,24,"2025-05-20T23:09:00.000Z","6.8.5","6.0","",[55,22,23,56,57],"captcha","recaptcha","turnstile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcartpauj-register-captcha.2.0.1.zip","2023-08-21 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":13,"num_ratings":14,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":53,"download_link":77,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,"2025-12-03T10:41:00.000Z","6.9.4","4.6.0","5.3",[75,55,21,22,76],"brute-force-protection","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":28,"num_ratings":28,"last_updated":87,"tested_up_to":51,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":53,"download_link":93,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",612,"2025-05-09T10:19:00.000Z","5.0","7.2",[75,91,22,24,92],"custom-login-url","wp-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":28,"downloaded":102,"rating":28,"num_ratings":28,"last_updated":103,"tested_up_to":71,"requires_at_least":18,"requires_php":104,"tags":105,"homepage":109,"download_link":110,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"esherpa-login-guard","eSherpa Login Guard","3.0.0","Ralf Naumann","https:\u002F\u002Fprofiles.wordpress.org\u002Fr2d3\u002F","\u003Cp>\u003Cstrong>eSherpa Login Guard\u003C\u002Fstrong> effectively and intelligently protects your WordPress site from brute-force attacks – Swiss precision, completely without external dependencies.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Honeypot-first bot defense\u003C\u002Fstrong>: JavaScript Honeypot detects non-browser bots and triggers immediate lockout logic.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected username trap\u003C\u002Fstrong>: Immediate lockout for defined usernames (e.g., “admin”, “test”), independent of the regular counter.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Proactive User-Agent blocking\u003C\u002Fstrong>: Block known bot signatures before login processing (exact match or substring mode).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blocked User-Agent attempt log\u003C\u002Fstrong>: Separate log table for blocked User-Agent requests including matching pattern.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress hardening options\u003C\u002Fstrong>: Disable XML-RPC (with fake-user honeypot response), hide REST user endpoint, and block author archive enumeration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional bot password capture\u003C\u002Fstrong>: Store attempted passwords from detected JS-honeypot bots for incident analysis.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Neutral login error option\u003C\u002Fstrong>: Hide username enumeration by using neutral WordPress login error responses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live security visibility\u003C\u002Fstrong>: Live alarm in admin, lockout badge in menu, and detailed failed-attempt logs with IP\u002FUser-Agent filters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive lockout durations\u003C\u002Fstrong>: Lockout time increases on repeat offenses (e.g., 15 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 30 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 60 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> 120 minutes).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login page guidance\u003C\u002Fstrong>: Clear countdown and “X attempts remaining” notice for transparent lock state.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-compliant\u003C\u002Fstrong>: IPs stored only as anonymized hashes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic cleanup\u003C\u002Fstrong> of old failed attempts (configurable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile-friendly admin tables\u003C\u002Fstrong>: Horizontal scrolling for wide security tables on small screens, including swipe hint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notification\u003C\u002Fstrong> to admin on attacks against existing users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Developed in Switzerland – fast, clean, performant, and multilingual ready.\u003C\u002Fp>\n\u003Cp>Compatible with WordPress 6.9 and tested up to PHP 8.5.3.\u003C\u002Fp>\n","Intelligent login protection with honeypot detection, WordPress hardening, and a clear security admin overview.",172,"2026-03-03T08:32:00.000Z","7.4",[106,75,107,22,108],"bot-protection","honeypot","wordpress-hardening","https:\u002F\u002Fesherpa.ch\u002Flogin-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fesherpa-login-guard.3.0.0.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":28,"downloaded":119,"rating":28,"num_ratings":28,"last_updated":120,"tested_up_to":71,"requires_at_least":121,"requires_php":104,"tags":122,"homepage":53,"download_link":125,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"puzzle-gate","Puzzle Gate – Login Security with Smart Puzzle CAPTCHA","1.0.1","wpsqr","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsqr\u002F","\u003Cp>\u003Cstrong>Puzzle Gate\u003C\u002Fstrong> is a next-generation WordPress security plugin that replaces annoying traditional CAPTCHAs with an \u003Cstrong>intelligent, interactive puzzle system\u003C\u002Fstrong>. Unlike conventional image\u002Ftext CAPTCHAs that rely on external services and frustrate users, Puzzle Gate offers a fast, self-hosted solution that’s both highly secure and surprisingly user-friendly.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Why Website Owners Choose Puzzle Gate:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Blocks Automated Login Attacks\u003C\u002Fstrong> – Advanced puzzle logic stops bots before they can even attempt authentication\u003Cbr \u002F>\n   \u003Cstrong>Zero External Dependencies\u003C\u002Fstrong> – No Google services, no tracking, complete privacy compliance\u003Cbr \u002F>\n   \u003Cstrong>Lightning Fast\u003C\u002Fstrong> – Adds just 200ms to your login page load time\u003Cbr \u002F>\n   \u003Cstrong>Mobile-First Design\u003C\u002Fstrong> – Works perfectly on all devices without compromising security\u003Cbr \u002F>\n   \u003Cstrong>GDPR\u002FPrivacy Compliant\u003C\u002Fstrong> – No external API calls, no user data sharing\u003Cbr \u002F>\n   \u003Cstrong>Accessibility Focused\u003C\u002Fstrong> – Screen reader compatible with alternative input methods\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How It Works (The Smart Way):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Interactive Puzzle Challenge\u003C\u002Fstrong> – Users arrange randomized symbols into logical order\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server-Side Validation\u003C\u002Fstrong> – Each puzzle is uniquely generated and hashed for maximum security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Bot Blocking\u003C\u002Fstrong> – Failed attempts trigger puzzle regeneration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Login Experience\u003C\u002Fstrong> – Humans solve it in seconds, bots can’t crack it\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Puzzle data is generated server-side, hashed securely, and expires automatically to prevent replay attacks.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>Core Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Drag-and-drop puzzle CAPTCHA system\u003C\u002Fli>\n\u003Cli>Server-side validation with WordPress salts\u003C\u002Fli>\n\u003Cli>Automatic puzzle expiration (configurable)\u003C\u002Fli>\n\u003Cli>Brute-force attack protection\u003C\u002Fli>\n\u003Cli>Nonce-based replay attack prevention\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Administration & Control\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple settings panel in WordPress admin\u003C\u002Fli>\n\u003Cli>Adjustable puzzle difficulty (4-12 symbols)\u003C\u002Fli>\n\u003Cli>IP whitelisting capabilities\u003C\u002Fli>\n\u003Cli>Failed attempt threshold configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Experience\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully responsive design\u003C\u002Fli>\n\u003Cli>Mobile-optimized interface\u003C\u002Fli>\n\u003Cli>Keyboard navigation support\u003C\u002Fli>\n\u003Cli>Screen reader compatibility\u003C\u002Fli>\n\u003Cli>Visual feedback for interactions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Excellence\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>100% self-hosted solution\u003C\u002Fli>\n\u003Cli>No external API dependencies\u003C\u002Fli>\n\u003Cli>Lightweight codebase\u003C\u002Fli>\n\u003Cli>Regular security updates\u003C\u002Fli>\n\u003Cli>Compatible with most security plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Admin Configuration\u003C\u002Fh3>\n\u003Cp>Puzzle Gate includes a settings page where administrators can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable the puzzle CAPTCHA\u003C\u002Fli>\n\u003Cli>Set puzzle difficulty (number of symbols)\u003C\u002Fli>\n\u003Cli>Enable the puzzle only after X failed login attempts\u003C\u002Fli>\n\u003Cli>Whitelist trusted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation is available on our website:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.sigmasqr.com\u002F\" rel=\"nofollow ugc\">Puzzle Gate Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Ensure the Puzzle Gate plugin is activated and your WordPress version is at least 5.2.\u003C\u002Fli>\n\u003Cli>Deactivate other plugins to check for conflicts.\u003C\u002Fli>\n\u003C\u002Fol>\n","Stop bots in their tracks with a human-friendly puzzle CAPTCHA for WordPress logins.",157,"2026-02-02T12:24:00.000Z","6.3",[123,22,23,124],"anti-bot","puzzle","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpuzzle-gate.1.0.1.zip",{"attackSurface":127,"codeSignals":156,"taintFlows":165,"riskAssessment":236,"analyzedAt":244},{"hooks":128,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":28,"unprotectedCount":28},[129,135,139,143,147],{"type":130,"name":131,"callback":132,"file":133,"line":134},"action","admin_menu","pswpp_add_options_page","passwordsentry.php",210,{"type":130,"name":136,"callback":137,"file":133,"line":138},"login_form","pswpp_credit_link",211,{"type":130,"name":140,"callback":141,"priority":11,"file":133,"line":142},"wp_login","pswpp_check",212,{"type":130,"name":144,"callback":145,"priority":11,"file":133,"line":146},"plugins_loaded","pswpp_init",213,{"type":148,"name":149,"callback":150,"priority":11,"file":133,"line":151},"filter","plugin_row_meta","pswpp_links",217,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":28,"externalRequests":163,"nonceChecks":14,"capabilityChecks":28,"bundledLibraries":164},[],{"prepared":28,"raw":28,"locations":159},[],{"escaped":161,"rawEcho":28,"locations":162},18,[],2,[],[166,195,215],{"entryPoint":167,"graph":168,"unsanitizedCount":193,"severity":194},"pswpp_check (passwordsentry.php:187)",{"nodes":169,"edges":189},[170,175,181,184],{"id":171,"type":172,"label":173,"file":133,"line":174},"n0","source","$_SERVER",190,{"id":176,"type":177,"label":178,"file":133,"line":179,"wp_function":180},"n1","sink","wp_remote_get() [SSRF]",191,"wp_remote_get",{"id":182,"type":172,"label":183,"file":133,"line":174},"n2","$_SERVER (x2)",{"id":185,"type":177,"label":186,"file":133,"line":187,"wp_function":188},"n3","header() [Header Injection]",196,"header",[190,192],{"from":171,"to":176,"sanitized":191},false,{"from":182,"to":185,"sanitized":191},3,"medium",{"entryPoint":196,"graph":197,"unsanitizedCount":28,"severity":214},"pswpp_load_settings_page (passwordsentry.php:32)",{"nodes":198,"edges":210},[199,202,204,207],{"id":171,"type":172,"label":200,"file":133,"line":201},"$_POST",49,{"id":176,"type":177,"label":178,"file":133,"line":203,"wp_function":180},51,{"id":182,"type":172,"label":205,"file":133,"line":206},"$_SERVER['REQUEST_URI']",103,{"id":185,"type":177,"label":208,"file":133,"line":206,"wp_function":209},"echo() [XSS]","echo",[211,213],{"from":171,"to":176,"sanitized":212},true,{"from":182,"to":185,"sanitized":212},"low",{"entryPoint":216,"graph":217,"unsanitizedCount":28,"severity":214},"\u003Cpasswordsentry> (passwordsentry.php:0)",{"nodes":218,"edges":231},[219,220,221,222,223,225,227,229],{"id":171,"type":172,"label":200,"file":133,"line":201},{"id":176,"type":177,"label":178,"file":133,"line":203,"wp_function":180},{"id":182,"type":172,"label":205,"file":133,"line":206},{"id":185,"type":177,"label":208,"file":133,"line":206,"wp_function":209},{"id":224,"type":172,"label":173,"file":133,"line":174},"n4",{"id":226,"type":177,"label":178,"file":133,"line":179,"wp_function":180},"n5",{"id":228,"type":172,"label":183,"file":133,"line":174},"n6",{"id":230,"type":177,"label":186,"file":133,"line":187,"wp_function":188},"n7",[232,233,234,235],{"from":171,"to":176,"sanitized":212},{"from":182,"to":185,"sanitized":212},{"from":224,"to":226,"sanitized":212},{"from":228,"to":230,"sanitized":212},{"summary":237,"deductions":238},"The \"passwordsentry\" v1.0.15 plugin exhibits a generally strong security posture based on the provided static analysis.  There are no identified dangerous functions, all SQL queries use prepared statements, and all output is properly escaped.  The plugin also includes a nonce check, indicating some awareness of security best practices. The absence of any recorded vulnerabilities in its history further reinforces this positive assessment.\n\nHowever, there are a couple of areas that warrant attention. The presence of one taint flow with an unsanitized path, while not classified as critical or high severity in this analysis, represents a potential avenue for exploitation if an attacker can control the input leading to this flow. Additionally, the plugin makes two external HTTP requests. While the analysis doesn't specify if these requests are authenticated or properly validated, such requests can sometimes be a vector for SSRF (Server-Side Request Forgery) or other vulnerabilities if not handled with extreme care. The lack of any capability checks or exposed AJAX\u002FREST API endpoints are positive indicators, but the taint flow and external requests introduce minor concerns.\n\nIn conclusion, \"passwordsentry\" v1.0.15 appears to be a well-developed plugin with a commendable focus on secure coding practices, particularly regarding SQL and output handling. The vulnerability history is excellent, suggesting a stable and secure codebase. The primary weaknesses lie in the single unsanitized taint flow and the external HTTP requests, which, while not indicating immediate critical risk, should be reviewed for potential vulnerabilities.",[239,242],{"reason":240,"points":241},"Flow with unsanitized path",5,{"reason":243,"points":163},"External HTTP requests (2)","2026-03-17T00:43:14.905Z",{"wat":246,"direct":256},{"assetPaths":247,"generatorPatterns":252,"scriptPaths":253,"versionParams":255},[248,249,250,251],"\u002Fwp-content\u002Fplugins\u002Fpasswordsentry\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswordsentry\u002Fassets\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fpasswordsentry\u002Fassets\u002Fcss\u002Fcssps.css","\u002Fwp-content\u002Fplugins\u002Fpasswordsentry\u002Fassets\u002Fjs\u002Fbootstrap.min.js",[],[254],"\u002F\u002Ftranslate.google.com\u002Ftranslate_a\u002Felement.js?cb=googleTranslateElementInit",[],{"cssClasses":257,"htmlComments":262,"htmlAttributes":263,"restEndpoints":271,"jsGlobals":272,"shortcodeOutput":274},[258,259,260,261],"alert-success","alert-danger","alert-info","form-control",[],[264,265,266,267,268,269,270],"name=\"pswpp_api_endpoint_url\"","name=\"pswpp_status\"","name=\"pswpp_show_credit_link\"","value=\"enabled\"","value=\"disabled\"","value=\"yes\"","value=\"no\"",[],[273],"google.translate.TranslateElement",[]]