[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFBTIBU1xzyEfxMjxZ20O6s4MG5RmMHBmDaUq8herPAk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":128,"fingerprints":200},"puzzle-gate","Puzzle Gate – Login Security with Smart Puzzle CAPTCHA","1.0.1","wpsqr","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsqr\u002F","\u003Cp>\u003Cstrong>Puzzle Gate\u003C\u002Fstrong> is a next-generation WordPress security plugin that replaces annoying traditional CAPTCHAs with an \u003Cstrong>intelligent, interactive puzzle system\u003C\u002Fstrong>. Unlike conventional image\u002Ftext CAPTCHAs that rely on external services and frustrate users, Puzzle Gate offers a fast, self-hosted solution that’s both highly secure and surprisingly user-friendly.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Why Website Owners Choose Puzzle Gate:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Blocks Automated Login Attacks\u003C\u002Fstrong> – Advanced puzzle logic stops bots before they can even attempt authentication\u003Cbr \u002F>\n   \u003Cstrong>Zero External Dependencies\u003C\u002Fstrong> – No Google services, no tracking, complete privacy compliance\u003Cbr \u002F>\n   \u003Cstrong>Lightning Fast\u003C\u002Fstrong> – Adds just 200ms to your login page load time\u003Cbr \u002F>\n   \u003Cstrong>Mobile-First Design\u003C\u002Fstrong> – Works perfectly on all devices without compromising security\u003Cbr \u002F>\n   \u003Cstrong>GDPR\u002FPrivacy Compliant\u003C\u002Fstrong> – No external API calls, no user data sharing\u003Cbr \u002F>\n   \u003Cstrong>Accessibility Focused\u003C\u002Fstrong> – Screen reader compatible with alternative input methods\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How It Works (The Smart Way):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Interactive Puzzle Challenge\u003C\u002Fstrong> – Users arrange randomized symbols into logical order\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server-Side Validation\u003C\u002Fstrong> – Each puzzle is uniquely generated and hashed for maximum security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Bot Blocking\u003C\u002Fstrong> – Failed attempts trigger puzzle regeneration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Login Experience\u003C\u002Fstrong> – Humans solve it in seconds, bots can’t crack it\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Puzzle data is generated server-side, hashed securely, and expires automatically to prevent replay attacks.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>Core Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Drag-and-drop puzzle CAPTCHA system\u003C\u002Fli>\n\u003Cli>Server-side validation with WordPress salts\u003C\u002Fli>\n\u003Cli>Automatic puzzle expiration (configurable)\u003C\u002Fli>\n\u003Cli>Brute-force attack protection\u003C\u002Fli>\n\u003Cli>Nonce-based replay attack prevention\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Administration & Control\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple settings panel in WordPress admin\u003C\u002Fli>\n\u003Cli>Adjustable puzzle difficulty (4-12 symbols)\u003C\u002Fli>\n\u003Cli>IP whitelisting capabilities\u003C\u002Fli>\n\u003Cli>Failed attempt threshold configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Experience\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully responsive design\u003C\u002Fli>\n\u003Cli>Mobile-optimized interface\u003C\u002Fli>\n\u003Cli>Keyboard navigation support\u003C\u002Fli>\n\u003Cli>Screen reader compatibility\u003C\u002Fli>\n\u003Cli>Visual feedback for interactions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Excellence\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>100% self-hosted solution\u003C\u002Fli>\n\u003Cli>No external API dependencies\u003C\u002Fli>\n\u003Cli>Lightweight codebase\u003C\u002Fli>\n\u003Cli>Regular security updates\u003C\u002Fli>\n\u003Cli>Compatible with most security plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Admin Configuration\u003C\u002Fh3>\n\u003Cp>Puzzle Gate includes a settings page where administrators can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable the puzzle CAPTCHA\u003C\u002Fli>\n\u003Cli>Set puzzle difficulty (number of symbols)\u003C\u002Fli>\n\u003Cli>Enable the puzzle only after X failed login attempts\u003C\u002Fli>\n\u003Cli>Whitelist trusted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation is available on our website:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.sigmasqr.com\u002F\" rel=\"nofollow ugc\">Puzzle Gate Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Ensure the Puzzle Gate plugin is activated and your WordPress version is at least 5.2.\u003C\u002Fli>\n\u003Cli>Deactivate other plugins to check for conflicts.\u003C\u002Fli>\n\u003C\u002Fol>\n","Stop bots in their tracks with a human-friendly puzzle CAPTCHA for WordPress logins.",0,157,"2026-02-02T12:24:00.000Z","6.9.4","6.3","7.4",[18,19,20,21],"anti-bot","login-security","protection","puzzle","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpuzzle-gate.1.0.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},6,430,30,94,"2026-04-04T05:25:49.765Z",[35,57,75,94,110],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":22,"tags":50,"homepage":22,"download_link":54,"security_score":24,"vuln_count":55,"unpatched_count":11,"last_vuln_date":56,"fetched_at":26},"cartpauj-register-captcha","Cartpauj Register Captcha","2.0.1","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress’s default registration form. There are no settings to configure. Just activate and watch those SPAM sign-ups fade away! Requires openssl PHP library.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds CAPTCHA to the WordPress register sign-up form.\u003C\u002Fli>\n\u003Cli>NO settings or configurations to deal with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>Built with a modified version of Phoca Captcha PHP library\u003Cbr \u002F>\nIcon by \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\u002Fauthors\u002Ffreepik\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa>\u003C\u002Fp>\n","Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.",1000,38872,84,24,"2025-05-20T23:09:00.000Z","6.8.5","6.0",[51,19,20,52,53],"captcha","recaptcha","turnstile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcartpauj-register-captcha.2.0.1.zip",1,"2023-08-21 00:00:00",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":24,"num_ratings":55,"last_updated":67,"tested_up_to":14,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":22,"download_link":74,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,"2025-12-03T10:41:00.000Z","4.6.0","5.3",[71,51,72,19,73],"brute-force-protection","login","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":24,"num_ratings":85,"last_updated":86,"tested_up_to":48,"requires_at_least":87,"requires_php":22,"tags":88,"homepage":22,"download_link":93,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"botfirewall","BotFirewall | Stop Spam Bots & Secure Login","2.3.5","SafeWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fhallemmit3\u002F","\u003Cp>\u003Cstrong>BotFirewall\u003C\u002Fstrong> is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks. Using advanced JavaScript verification and encrypted cookies, BotFirewall ensures robust security without disrupting the experience of real users.\u003C\u002Fp>\n\u003Ch3>Why Do You Need BotFirewall?\u003C\u002Fh3>\n\u003Cp>In today’s internet landscape, bots make up a significant portion of web traffic, and many of them are malicious. They can attack your site, send spam, scrape content, or attempt to hack login pages like \u003Ccode>wp-login.php\u003C\u002Fcode>. BotFirewall addresses these threats by providing \u003Cstrong>smart and flexible protection\u003C\u002Fstrong> that:\u003Cbr \u002F>\n– \u003Cstrong>Blocks bots\u003C\u002Fstrong> with seamless JavaScript verification that most bots cannot pass.\u003Cbr \u002F>\n– \u003Cstrong>Secures key pages\u003C\u002Fstrong> like \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access.\u003Cbr \u002F>\n– \u003Cstrong>Uses encrypted cookies\u003C\u002Fstrong> to ensure only verified users gain access.\u003Cbr \u002F>\n– \u003Cstrong>Offers customizable settings\u003C\u002Fstrong> through an intuitive interface in the WordPress admin panel.\u003C\u002Fp>\n\u003Ch3>Key Features of BotFirewall\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: Ensures visitors can execute JavaScript, effectively filtering out most bots.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted Cookies\u003C\u002Fstrong>: Cookies are tied to IP and User-Agent for enhanced security against spoofing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Page Protection\u003C\u002Fstrong>: Enable or disable protection for \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> pages via settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist and Blacklist\u003C\u002Fstrong>: Configure lists of allowed bots (e.g., Googlebot) and IPs, and block known malicious IPs, including subnet support (e.g., 192.168.0.0\u002F24).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude URLs\u003C\u002Fstrong>: Specify URLs to bypass bot protection entirely (e.g., for APIs or specific pages).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Statistics\u003C\u002Fstrong>: Monitor bot activity with detailed stats – filter by time periods (Last 24 hours, Last Week, Last Month).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Logging\u003C\u002Fstrong>: Logs blocks and successful verifications with URL details, keeping data for the last 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowed Bots Tab\u003C\u002Fstrong>: Easily select known bots to allow without verification, with quick filters for bot types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Activity\u003C\u002Fstrong>: View the latest 10 logged sessions with details like IP, URL, and status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast\u003C\u002Fstrong>: Optimized for minimal impact on site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>: Removes all data, including logs and settings, upon deactivation and deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Page\u003C\u002Fstrong>: Tailor the text (title, description, countdown), CSS styling, and logo of the verification page to match your site’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Support\u003C\u002Fstrong>: Get assistance directly through Live Chat in the Support tab for quick resolution of issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How Does BotFirewall Work?\u003C\u002Fh3>\n\u003Cp>BotFirewall employs a multi-layered protection system:\u003Cbr \u002F>\n1. \u003Cstrong>Cookie Check\u003C\u002Fstrong>: If a visitor has a valid cookie, they bypass additional checks.\u003Cbr \u002F>\n2. \u003Cstrong>Whitelist\u003C\u002Fstrong>: Known “good” bots (e.g., search engine crawlers) are automatically allowed.\u003Cbr \u002F>\n3. \u003Cstrong>JavaScript Verification\u003C\u002Fstrong>: If no cookie is present, the visitor is redirected to a verification page where they must execute a JavaScript request. Bots unable to run JavaScript are blocked.\u003Cbr \u002F>\n4. \u003Cstrong>Login Page Protection\u003C\u002Fstrong>: Optionally protect \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> to prevent brute-force attacks.\u003Cbr \u002F>\n5. \u003Cstrong>Post-Verification Redirect\u003C\u002Fstrong>: After successful verification, the user is redirected to their original page, and a cookie is set for future visits.\u003C\u002Fp>\n\u003Ch3>Why BotFirewall is a Must-Have for Your Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Spam and DDoS Protection\u003C\u002Fstrong>: Effectively blocks bots that attempt to spam or overload your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Security\u003C\u002Fstrong>: Safeguards \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-signup.php\u003C\u002Fcode> from unauthorized access and brute-force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexibility\u003C\u002Fstrong>: Customize protection with whitelists, blacklists, cookie lifetime settings, and verification page styling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparency\u003C\u002Fstrong>: Detailed statistics and logs let you monitor bot activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ease of Use\u003C\u002Fstrong>: A user-friendly interface in the WordPress admin panel makes configuration a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Look\u003C\u002Fstrong>: Customize the verification page with your own text, styles, logo, and a modern font (Roboto) for a polished appearance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable Support\u003C\u002Fstrong>: Access our support team via Live Chat for help with any technical or security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BotFirewall is an \u003Cstrong>essential tool\u003C\u002Fstrong> for WordPress site owners who want to protect their content, users, and server from malicious bots. Install BotFirewall today and secure your site with confidence!\u003C\u002Fp>\n","BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks.",20,738,2,"2025-06-05T14:29:00.000Z","5.0",[18,89,90,91,92],"bot-protection","firewall","login-protection","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotfirewall.2.3.5.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":48,"requires_at_least":87,"requires_php":105,"tags":106,"homepage":22,"download_link":109,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",10,612,"2025-05-09T10:19:00.000Z","7.2",[71,107,19,92,108],"custom-login-url","wp-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":102,"downloaded":118,"rating":24,"num_ratings":55,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":125,"download_link":126,"security_score":127,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"passwordsentry","PasswordSentry","1.0.15","DJ Abrams","https:\u002F\u002Fprofiles.wordpress.org\u002Flionsgate\u002F","\u003Cp>\u003Cstrong>Password Sentry\u003C\u002Fstrong> (PS) is the \u003Cstrong>must-have\u003C\u002Fstrong> application for every membership site! We developed and released Password Sentry in 1999. Password Sentry was groundbreaking as the first application of its kind. Password Sentry continues to be groundbreaking as we grow and re-invent Password Sentry to continue to be the leader in the industry – exceeding anything our competition offers. Password Sentry is an affordable and reliable tool used by thousands of clients to secure and protect thousands of websites from password trading and dictionary \u002F brute force attacks: saving webmasters hundreds or thousands of dollars each year in extra bandwidth, and lost sales. Password Sentry is a free Open Source App.\u003C\u002Fp>\n\u003Cp>WordPress (WP) has become a CMS (Content Management System) for many webmasters. In particular, paysite webmasters who offer paid memberships. To that end, we have seen an explosion of apps and WP plugins that enhance the membership functionality of WP. Our plugin is the perfect fit to WP and those plugins. PasswordSentry Plugin hooks into the WP Login to track and log logins to detect and block password sharing and compromised passwords. The PasswordSentry Plugin protects your members and your WP from hackers trying to access your members WP accounts. It also protects your bottom line if you run a paysite by blocking members from sharing their passwords with others. The PasswordSentry Plugin depends on the Password Sentry App: \u003Ca href=\"https:\u002F\u002Fwww.password-sentry.com\u002F\" title=\"Password Sentry\" rel=\"nofollow ugc\">Password Sentry\u003C\u002Fa>. The Password Sentry App includes a standalone, web-based control panel (PS AdminCP) to manage Password Sentry App and logged WP users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Detect and block password sharing via UserTracking and GeoTracking technology\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Web-based control panel to administer Password Sentry App, and monitor \u002F manage users\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Priority Support [Fee-Based]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> FREE Regular Forum Support\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> FREE updates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Unlimited Domains\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Capability to block logins from specified countries, and\u002For IP addresses\u003C\u002Fp>\n\u003Cp>\u003Cstrong>o\u003C\u002Fstrong> Monitor and throttle per-user bandwidth\u003C\u002Fp>\n\u003Cp>Before you use this plugin, you must FIRST install the Password Sentry App. Once the Password Sentry App is fully installed and configured, you can then activate and configure the PasswordSentry Plugin. This plugin monitors WP logins, checking for password sharing. If password sharing is detected for a given user, that user is automatically suspended, and you are emailed. Suspended users can either be manually restored via PS AdminCP, or you can setup a cron job to automatically restore suspended users after XX minutes.\u003C\u002Fp>\n","Secure WordPress by detecting shared passwords, and blocking password sharing. The plugin integrates Password Sentry app into WP to track logins.",3779,"2024-10-04T15:44:00.000Z","6.6.5","5.7.2","5.6",[124,72,19,20,92],"access-control","https:\u002F\u002Fwww.password-sentry.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpasswordsentry.zip",92,{"attackSurface":129,"codeSignals":182,"taintFlows":189,"riskAssessment":190,"analyzedAt":199},{"hooks":130,"ajaxHandlers":160,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":29,"unprotectedCount":181},[131,137,141,145,149,152,157],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_init","pgate_redirect_to_settings","inc\\class-pgate-puzzle-gate.php",37,{"type":132,"name":138,"callback":139,"file":135,"line":140},"login_enqueue_scripts","pgate_enqueue_scripts",38,{"type":132,"name":142,"callback":143,"file":135,"line":144},"wp_login","pgate_invalidate_puzzles_after_login",39,{"type":132,"name":146,"callback":147,"file":135,"line":148},"wp_login_failed","pgate_track_failed_login",40,{"type":132,"name":142,"callback":150,"file":135,"line":151},"pgate_reset_failed_login",41,{"type":132,"name":153,"callback":154,"file":155,"line":156},"admin_menu","pgate_add_settings_page","inc\\class-pgate-settings.php",26,{"type":132,"name":133,"callback":158,"file":155,"line":159},"pgate_register_settings",27,[161,166,168,171,173,176],{"action":162,"nopriv":163,"callback":162,"hasNonce":164,"hasCapCheck":164,"file":135,"line":165},"pgate_get_puzzle",true,false,42,{"action":162,"nopriv":164,"callback":162,"hasNonce":164,"hasCapCheck":164,"file":135,"line":167},43,{"action":169,"nopriv":163,"callback":169,"hasNonce":163,"hasCapCheck":164,"file":135,"line":170},"pgate_verify_puzzle",44,{"action":169,"nopriv":164,"callback":169,"hasNonce":163,"hasCapCheck":164,"file":135,"line":172},45,{"action":174,"nopriv":163,"callback":174,"hasNonce":164,"hasCapCheck":164,"file":135,"line":175},"pgate_check_required",46,{"action":174,"nopriv":164,"callback":174,"hasNonce":164,"hasCapCheck":164,"file":135,"line":177},47,[],[],[],4,{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":11,"externalRequests":11,"nonceChecks":55,"capabilityChecks":11,"bundledLibraries":188},[],{"prepared":11,"raw":11,"locations":185},[],{"escaped":83,"rawEcho":11,"locations":187},[],[],[],{"summary":191,"deductions":192},"The \"puzzle-gate\" v1.0.1 plugin demonstrates some good security practices, such as 100% proper output escaping for all identified outputs and 100% of SQL queries utilizing prepared statements.  The complete absence of known vulnerabilities, including critical or high-severity ones, and no recorded past issues is a strong positive indicator.  However, a significant concern arises from the presence of 6 AJAX handlers, of which 4 lack authentication checks. This exposes a substantial attack surface that could be exploited by unauthenticated users. While taint analysis shows no identified vulnerabilities, the absence of flows analyzed might be due to the nature of the analysis or a limited scope, and doesn't necessarily guarantee the complete absence of such issues.  The plugin also only implements one nonce check across its entry points, which is insufficient to protect against all potential Cross-Site Request Forgery (CSRF) attacks on its unprotected AJAX endpoints.",[193,196],{"reason":194,"points":195},"4 AJAX handlers without auth checks",8,{"reason":197,"points":198},"Insufficient nonce checks (1 total)",5,"2026-03-17T07:28:15.740Z",{"wat":201,"direct":210},{"assetPaths":202,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[203,204],"\u002Fwp-content\u002Fplugins\u002Fpuzzle-gate\u002Fassets\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fpuzzle-gate\u002Fassets\u002Fjs\u002Flogin-captcha.js",[],[204],[208,209],"puzzle-gate\u002Fassets\u002Fcss\u002Fstyles.css?ver=","puzzle-gate\u002Fassets\u002Fjs\u002Flogin-captcha.js?ver=",{"cssClasses":211,"htmlComments":212,"htmlAttributes":213,"restEndpoints":215,"jsGlobals":219,"shortcodeOutput":221},[],[],[214],"data-pgate-captcha",[216,217,218],"\u002Fwp-json\u002Fpuzzle-gate\u002Fv1\u002Fget-puzzle","\u002Fwp-json\u002Fpuzzle-gate\u002Fv1\u002Fverify-puzzle","\u002Fwp-json\u002Fpuzzle-gate\u002Fv1\u002Fcheck-required",[220],"pgate_vars",[]]