[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkCUmvJRe2zIFPsYfvDY085Y4M9lPTkkY-DWvaBdIThY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":20,"download_link":21,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":132,"fingerprints":158},"remove-suggested-passwords","Remove Suggested Passwords","1.0","Kostas Vrouvas","https:\u002F\u002Fprofiles.wordpress.org\u002Fkosvrouvas\u002F","\u003Cp>During the COVID-19 pandemic and the rise of online classes we noticed that often students assumed that their password has already been set to this new suggested password.\u003C\u002Fp>\n\u003Cp>This led to repeated password reset requests, transactional emails flying around, and infinite unnecessary tickets opened to our support agents every day.\u003C\u002Fp>\n\u003Cp>This is a WordPress snippet wrapped up in a plugin to remove this feature. Read more here: https:\u002F\u002Fkosvrouvas.com\u002Fremove-suggested-passwords-from-wordpress\u003C\u002Fp>\n","During the COVID-19 pandemic and the rise of online classes we noticed that often students assumed that their password has already been set to this ne &hellip;",0,905,"2021-02-23T16:24:00.000Z","5.6.17","5.3","",[18,19],"passwords","suggested-passwords","https:\u002F\u002Fkosvrouvas.com\u002Fremove-suggested-passwords-from-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-suggested-passwords.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"kosvrouvas",7,260,30,84,"2026-04-04T12:18:30.055Z",[34,56,78,97,116],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":54,"download_link":55,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"wc-password-strength-settings","Password Strength Settings for WooCommerce","3.0.1","Danny Santoro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielsantoro\u002F","\u003Cp>Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.\u003C\u002Fp>\n\u003Ch3>What does this plugin do?\u003C\u002Fh3>\n\u003Cp>WooCommerce has an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between five password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielSantoro\u002Fwc-password-strength-settings\u002Fwiki\u002FHow-Password-Strength-is-Determined\" rel=\"nofollow ugc\">please read the documentation here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cp>Version 3.0.0 is a bit of a rewrite to bring the plugin up to modern coding standards. Functionality should not be impacted, but if it is, please reach out on the support forums.\u003C\u002Fp>\n\u003Cp>Version 3.0.1 is simply a hotfix declaring compatibility with WooCommerce HPOS. Since this plugin doesn’t touch anything with the orders or order metadata, it shouldn’t be impacted at all. \u003Cem>However\u003C\u002Fem>, if you notice any issues then please reach out via the contact form on my website.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – \u003Cem>especially\u003C\u002Fem> for administrators!\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to remove “- Please enter a stronger password.” that is added by WordPress.\u003C\u002Fli>\n\u003Cli>Nothing else at the moment, but let me know if you have any ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n","Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.",10000,176985,90,24,"2023-10-11T20:51:00.000Z","6.3.8","5.8",[50,18,51,52,53],"accounts","security","users","woocommerce","https:\u002F\u002Fdanielsantoro.com\u002Fproject\u002Fwoocommerce-password-strength-settings-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-password-strength-settings.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":76,"download_link":77,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"login-security-solution","Login Security Solution","0.56.0","Daniel Convissor","https:\u002F\u002Fprofiles.wordpress.org\u002Fconvissor\u002F","\u003Cp>A simple way to lock down login security for multisite and regular\u003Cbr \u002F>\nWordPress installations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Blocks brute force and dictionary attacks without inconveniencing\u003Cbr \u002F>\nlegitimate users or administrators\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tracks IP addresses, usernames, and passwords\u003C\u002Fli>\n\u003Cli>Monitors logins made by form submissions, XML-RPC requests and\u003Cbr \u002F>\nauth cookies\u003C\u002Fli>\n\u003Cli>If a login failure uses data matching a past failure, the plugin\u003Cbr \u002F>\nslows down response times.  The more failures, the longer the delay.\u003Cbr \u002F>\nThis limits attackers ability to effectively probe your site,\u003Cbr \u002F>\nso they’ll give up and go find an easier target.\u003C\u002Fli>\n\u003Cli>If an account seems breached, the “user” is immediately logged out\u003Cbr \u002F>\nand forced to use WordPress’ password reset utility.  This prevents\u003Cbr \u002F>\nany damage from being done and verifies the user’s identity.  But\u003Cbr \u002F>\nif the user is coming in from an IP address they have used in the\u003Cbr \u002F>\npast, an email is sent to the user making sure it was them logging in.\u003Cbr \u002F>\nAll without intervention by an administrator.\u003C\u002Fli>\n\u003Cli>Can notify the administrator of attacks and breaches\u003C\u002Fli>\n\u003Cli>Supports IPv6\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Thoroughly examines and enforces password strength.  Includes full\u003Cbr \u002F>\nUTF-8 character set support if PHP’s \u003Ccode>mbstring\u003C\u002Fcode> extension is enabled.\u003Cbr \u002F>\nThe tests have caught every password dictionary entry I’ve tried.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minimum length (customizable)\u003C\u002Fli>\n\u003Cli>Doesn’t match blog info\u003C\u002Fli>\n\u003Cli>Doesn’t match user data\u003C\u002Fli>\n\u003Cli>Must either have numbers, punctuation, upper and lower case characters\u003Cbr \u002F>\nor be very long.  Note: alphabets with only one case (e.g. Arabic,\u003Cbr \u002F>\nHebrew, etc.) are automatically exempted from the upper\u002Flower case\u003Cbr \u002F>\nrequirement.\u003C\u002Fli>\n\u003Cli>Non-sequential codepoints\u003C\u002Fli>\n\u003Cli>Non-sequential keystrokes (custom sequence files can be added)\u003C\u002Fli>\n\u003Cli>Not in the password dictionary files you’ve provided (if any)\u003C\u002Fli>\n\u003Cli>Decodes “leet” speak\u003C\u002Fli>\n\u003Cli>The password\u002Fphrase is not found by the \u003Ccode>dict\u003C\u002Fcode> dictionary\u003Cbr \u002F>\nprogram (if available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blocks discovering user names via the “?author=” query string\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Password aging (optional) (not recommended)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users need to change password every x days (customizable)\u003C\u002Fli>\n\u003Cli>Grace period for picking a new password (customizable)\u003C\u002Fli>\n\u003Cli>Remembers old passwords (quantity is customizable)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Administrators can require all users to change their passwords\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Done via a flag in each user’s database entry\u003C\u002Fli>\n\u003Cli>No mail is sent, keeping your server off of spam lists\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Logs out idle sessions (optional) (idle time is customizable)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Maintenance mode (optional)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Publicly viewable content remains visible\u003C\u002Fli>\n\u003Cli>Disables logins by all users, except administrators\u003C\u002Fli>\n\u003Cli>Logs out existing sessions, except administrators\u003C\u002Fli>\n\u003Cli>Disables posting of comments\u003C\u002Fli>\n\u003Cli>Useful for maintenance or emergency reasons\u003C\u002Fli>\n\u003Cli>This is separate from WordPress’ maintenance mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Prevents information disclosures from failed logins\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Improvements Over Similar WordPress Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Multisite network support\u003C\u002Fli>\n\u003Cli>Monitors authentication cookies for bad user names and hashes\u003C\u002Fli>\n\u003Cli>Tracks logins from XML-RPC requests\u003C\u002Fli>\n\u003Cli>Adjusts WordPress’ password policy user interfaces\u003C\u002Fli>\n\u003Cli>Takes security seriously so the plugin itself does not open your site\u003Cbr \u002F>\nto SQL, HTML, or header injection vulnerabilities\u003C\u002Fli>\n\u003Cli>Notice-free code means no information disclosures if \u003Ccode>display_errors\u003C\u002Fcode>\u003Cbr \u002F>\nis on and \u003Ccode>error_reporting\u003C\u002Fcode> includes \u003Ccode>E_NOTICE\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Only loads files, actions, and filters needed for enabled options\u003Cbr \u002F>\nand the page’s context\u003C\u002Fli>\n\u003Cli>Provides an option to have deactivation remove all of this plugin’s\u003Cbr \u002F>\ndata from the database\u003C\u002Fli>\n\u003Cli>Uses WordPress’ features rather than fighting or overriding them\u003C\u002Fli>\n\u003Cli>No advertising, promotions, or beacons\u003C\u002Fli>\n\u003Cli>Proper internationalization support\u003C\u002Fli>\n\u003Cli>Clean, documented code\u003C\u002Fli>\n\u003Cli>Unit tests covering 100% of the main class\u003C\u002Fli>\n\u003Cli>Internationalized unit tests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For reference, the similar plugins include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F6scan-protection\u002F\" rel=\"ugc\">6Scan Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-wp-security\u002F\" rel=\"ugc\">Better WP Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenforce-strong-password\u002F\" rel=\"ugc\">Enforce Strong Password\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforce-strong-passwords\u002F\" rel=\"ugc\">Force Strong Passwords\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flimit-login-attempts\u002F\" rel=\"ugc\">Limit Login Attempts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-lock\u002F\" rel=\"ugc\">Login Lock\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-lockdown\u002F\" rel=\"ugc\">Login LockDown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpmc-lockdown\u002F\" rel=\"ugc\">PMC Lockdown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-login-lockdown\u002F\" rel=\"ugc\">Simple Login Lockdown\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-security\u002F\" rel=\"ugc\">WP Login Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-security-2\u002F\" rel=\"ugc\">WP Login Security 2\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility with Other Plugins\u003C\u002Fh4>\n\u003Cp>Some plugins provide similar functionality.  These overlaps can lead to\u003Cbr \u002F>\nconflicts during program execution.  Please read the FAQ!\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Deutsche, Deutschland (German, Germany) (de_DE) by Christian Foellmann\u003C\u002Fli>\n\u003Cli>Français, français (French, France) (fr_FR) by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmermouy\" rel=\"nofollow ugc\">mermouy\u003C\u002Fa> and and Fx Bénard\u003C\u002Fli>\n\u003Cli>Italiano, Italia (Italian, Italy) (it_IT) by Daniele Passalacqua\u003C\u002Fli>\n\u003Cli>日本語, 日本国 (Japanese, Japan) (ja_JP) by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmotoyamayuki\u002F\" rel=\"nofollow ugc\">motoyamayuki\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Nederlands, Nederland (Dutch, Netherlands) (nl_NL) by Friso van Wieringen\u003C\u002Fli>\n\u003Cli>polski, Polska (Polish, Poland) (pl_PL) by Michał Seweryniak \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fminiol\" rel=\"nofollow ugc\">miniol\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Português, Brasil (Portugese, Brazil) (pt_BR) by Valdir Trombini\u003C\u002Fli>\n\u003Cli>suomi, Suomi (Finnish, Finland) (fi_FI) by Juha Remes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNewman101\" rel=\"nofollow ugc\">Newman101\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Source Code, Bugs, and Feature Requests\u003C\u002Fh4>\n\u003Cp>Development of this plugin happens on\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003Cbr \u002F>\nPlease submit\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fissues\" rel=\"nofollow ugc\">bug and feature requests\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fpulls\" rel=\"nofollow ugc\">pull requests\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fconvissor\u002Flogin-security-solution\u002Fwiki\" rel=\"nofollow ugc\">wiki entries\u003C\u002Fa>\u003Cbr \u002F>\nthere.\u003Cbr \u002F>\nReleases are then squashed and pushed to WordPress’\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flogin-security-solution\u002F\" rel=\"nofollow ugc\">Plugins SVN repository\u003C\u002Fa>.\u003Cbr \u002F>\nThis division is necessary due having being chastised that “the Plugins SVN\u003Cbr \u002F>\nrepository is a release system, not a development system.”\u003C\u002Fp>\n\u003Cp>Old tickets are in the \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fquery?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id\" rel=\"nofollow ugc\">Plugins Trac\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Strong, Unique Passwords Are Important\u003C\u002Fh4>\n\u003Cp>Yeah, creating, storing\u002Fremembering, and using a \u003Cstrong>different\u003C\u002Fstrong>, \u003Cstrong>strong\u003C\u002Fstrong>\u003Cbr \u002F>\npassword for each site you use is a hassle.  \u003Cem>But it is absolutely\u003Cbr \u002F>\nnecessary.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Password lists get stolen on a regular basis from big name sites (like\u003Cbr \u002F>\nLinkedin for example!).  Criminals then have unlimited time to decode the\u003Cbr \u002F>\npasswords.  In general, 50% of those passwords are so weak they get figured\u003Cbr \u002F>\nout in a matter of seconds.  Plus there are computers on the Internet\u003Cbr \u002F>\ndedicated to pounding the sites with login attempts, hoping to get lucky.\u003C\u002Fp>\n\u003Cp>Many people use the same password for multiple sites.  Once an attacker\u003Cbr \u002F>\nfigures out your password on one site, they’ll try it on your accounts at\u003Cbr \u002F>\nother sites.  It gets ugly very fast.\u003C\u002Fp>\n\u003Cp>But don’t despair!  There are good, free tools that make doing the right\u003Cbr \u002F>\nthing a piece of cake.  For example: \u003Ca href=\"http:\u002F\u002Fwww.keepassx.org\u002F\" rel=\"nofollow ugc\">KeePassX\u003C\u002Fa>,\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fkeepass.info\u002F\" rel=\"nofollow ugc\">KeePass\u003C\u002Fa>,\u003Cbr \u002F>\nor \u003Ca href=\"https:\u002F\u002Fagilebits.com\u002Fonepassword\" rel=\"nofollow ugc\">1Password\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Securing Your WordPress Site is Important\u003C\u002Fh4>\n\u003Cp>You’re probably thinking “There’s nothing valuable on my website. No one\u003Cbr \u002F>\nwill bother breaking into it.”  What you need to realize is that attackers\u003Cbr \u002F>\nare going after your visitors.  They put stealth code on your website\u003Cbr \u002F>\nthat pushes malware into your readers’ browsers.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>According to SophosLabs more than 30,000 websites are infected\u003Cbr \u002F>\n  every day and 80% of those infected sites are legitimate.\u003Cbr \u002F>\n  Eighty-five percent of all malware, including viruses, worms,\u003Cbr \u002F>\n  spyware, adware and Trojans, comes from the web. Today,\u003Cbr \u002F>\n  drive-by downloads have become the top web threat.\u003C\u002Fp>\n\u003Cp>— \u003Ca href=\"http:\u002F\u002Fwww.sophos.com\u002Fen-us\u002Fsecurity-news-trends\u002Freports\u002Fsecurity-threat-report\u002Fhtml-08.aspx\" rel=\"nofollow ugc\">\u003Cem>Security Threat Report 2012\u003C\u002Fem>\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>So if your site does get cracked, not only do you waste hours cleaning up,\u003Cbr \u002F>\nyour reputation gets sullied, security software flags your site as dangerous,\u003Cbr \u002F>\nand worst of all, you’ve inadvertently helped infect the computers of your\u003Cbr \u002F>\nclients and friends.  Oh, and if the attack involves malware, that malware\u003Cbr \u002F>\nhas probably gotten itself into your computer.\u003C\u002Fp>\n\u003Ch3>Actions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>login_security_solution_insert_fail\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail\u003C\u002Fli>\n\u003Cli>login_security_solution_fail_tier_dos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The following filters allow customizing email subjects and messages.  If\u003Cbr \u002F>\neither the “subject”or “message” filters in a method returns an empty\u003Cbr \u002F>\nstring, the given method will skip calling \u003Ccode>wp_mail()\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>login_security_solution_notify_breach_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_message\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_user_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_breach_user_message\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail_subject\u003C\u002Fli>\n\u003Cli>login_security_solution_notify_fail_message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Unit Tests\u003C\u002Fh4>\n\u003Cp>A thorough set of unit tests are found in the \u003Ccode>tests\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Cp>The plugin needs to be installed and activated before running the tests.\u003C\u002Fp>\n\u003Cp>To execute the tests, \u003Ccode>cd\u003C\u002Fcode> into this plugin’s directory and\u003Cbr \u002F>\ncall \u003Ccode>phpunit tests\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Translations can be tested by changing the \u003Ccode>WPLANG\u003C\u002Fcode> value in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Please note that the tests make extensive use of database transactions.\u003Cbr \u002F>\nMany tests will be skipped if your \u003Ccode>wp_options\u003C\u002Fcode> and \u003Ccode>wp_usermeta\u003C\u002Fcode> tables\u003Cbr \u002F>\nare not using the \u003Ccode>InnoDB\u003C\u002Fcode> storage engine.\u003C\u002Fp>\n\u003Ch4>Removal\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>This plugin offers the ability to remove all of this plugin’s settings\u003Cbr \u002F>\nfrom your database.  Go to WordPress’ “Plugins” admin interface and\u003Cbr \u002F>\nclick the “Settings” link for this plugin.  In the “Deactivate” entry,\u003Cbr \u002F>\nclick the “Yes, delete the damn data” button and save the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Use WordPress’ “Plugins” admin interface to click the “Deactivate” link\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Remove the \u003Ccode>login-security-solution\u003C\u002Fcode> directory from the server\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>In the event you didn’t pick the “Yes, delete the damn data” option or\u003Cbr \u002F>\nyou manually deleted the plugin, you can get rid of the settings by running\u003Cbr \u002F>\nthree queries.  These  queries are exapmles, using the default table name\u003Cbr \u002F>\nprefix of, \u003Ccode>wp_\u003C\u002Fcode>.  If you have changed your database prefix, adjust the\u003Cbr \u002F>\nqueries accordingly.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    DROP TABLE wp_login_security_solution_fail;\n\n    DELETE FROM wp_options WHERE option_name LIKE 'login-security-solution%';\n\n    DELETE FROM wp_usermeta WHERE meta_key LIKE 'login-security-solution%';= Inspiration and References =\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\n\u003Cp>Password Research\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2012\u002F08\u002Fpasswords-under-assault\u002F\" rel=\"nofollow ugc\">Why passwords have never been weaker — and crackers have never been stronger\u003C\u002Fa>, Dan Goodin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cl.cam.ac.uk\u002F~jcb82\u002Fdoc\u002FB12-IEEESP-evaluating_a_huge_password_corpus.pdf\" rel=\"nofollow ugc\">You can never have too many passwords: techniques for evaluating a huge corpus\u003C\u002Fa>, Joseph Bonneau\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cs.ru.nl\u002Fbachelorscripties\u002F2010\u002FMartin_Devillers___0437999___Analyzing_password_strength.pdf\" rel=\"nofollow ugc\">Analyzing Password Strength\u003C\u002Fa>, Martin Devillers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.imperva.com\u002Fdocs\u002FWP_Consumer_Password_Worst_Practices.pdf\" rel=\"nofollow ugc\">Consumer Password Worst Practices\u003C\u002Fa>, Imperva\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.bryanrite.com\u002Fpreventing-brute-force-attacks-on-your-web-login\u002F\" rel=\"nofollow ugc\">Preventing Brute Force Attacks on your Web Login\u003C\u002Fa>, Bryan Rite\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fxkcd.com\u002F936\u002F\" rel=\"nofollow ugc\">Password Strength\u003C\u002Fa>, Randall Munroe\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Technical Info\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdoc.infosnel.nl\u002Fextreme_utf-8.html\" rel=\"nofollow ugc\">The Extreme UTF-8 Table\u003C\u002Fa>, infosnel.nl\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc5952\" rel=\"nofollow ugc\">A Recommendation for IPv6 Address Text Representation\u003C\u002Fa>, Seiichi Kawamura and Masanobu Kawashima\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Password Lists\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdazzlepod.com\u002Fsite_media\u002Ftxt\u002Fpasswords.txt\" rel=\"nofollow ugc\">Dazzlepod Password List\u003C\u002Fa>, Dazzlepod\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.searchlores.org\u002Fcommonpass1.htm\" rel=\"nofollow ugc\">Common Passwords\u003C\u002Fa>, Fravia\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.whatsmypass.com\u002Fthe-top-500-worst-passwords-of-all-time\" rel=\"nofollow ugc\">The Top 500 Worst Passwords of All Time\u003C\u002Fa>, Mark Burnett\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>To Do\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Provide a user interface to the \u003Ccode>fail\u003C\u002Fcode> table.\u003C\u002Fli>\n\u003C\u002Ful>\n","Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.",4000,290214,88,54,"2017-11-28T10:46:00.000Z","4.4.34","3.3",[72,73,18,74,75],"login","password","strength","strong","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-security-solution\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-solution.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":31,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":16,"download_link":95,"security_score":96,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[72,94,18,51,52],"membership","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",100,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":96,"num_ratings":107,"last_updated":108,"tested_up_to":90,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":96,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"disable-application-passwords","Disable Application Passwords","2.4","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>Does one thing: disables the “Application Passwords” feature.\u003C\u002Fp>\n\u003Cp>Activate this plugin to completely disable the new Application Passwords functionality (added in WP version 5.6). To re-enable Application Passwords, simply deactivate the plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lightweight – only one line of code.\u003C\u002Fli>\n\u003Cli>Simple to use – activate and done.\u003C\u002Fli>\n\u003Cli>No settings to worry about.\u003C\u002Fli>\n\u003Cli>Easy peasy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Because not every website is the same. Not every website needs this feature. Also disabling application passwords helps to limit unnecessary exposure and eliminate unwanted functionality (i.e., bloat). Whatever the reason, it is your choice. That’s the beauty of WordPress. So if, for whatever reason, you decide that application passwords should be disabled, this plugin will do it with a click.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More infos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For more information about the new Application Passwords feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F11\u002F05\u002Fapplication-passwords-integration-guide\u002F\" rel=\"nofollow ugc\">Application Passwords: Integration Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fperishablepress.com\u002Fwordpress-disable-application-passwords\u002F\" rel=\"nofollow ugc\">Free Plugin: Disable Application Passwords\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Disable Application Passwords is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Activate this plugin to disable the Application Passwords feature that was added in WP v5.6.",2000,43845,8,"2026-01-28T20:29:00.000Z","5.6","5.6.20",[112,113,18],"application","disable","https:\u002F\u002Fperishablepress.com\u002Fwordpress-disable-application-passwords\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-application-passwords.2.4.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":11,"num_ratings":11,"last_updated":126,"tested_up_to":16,"requires_at_least":127,"requires_php":16,"tags":128,"homepage":130,"download_link":131,"security_score":22,"vuln_count":11,"unpatched_count":11,"last_vuln_date":23,"fetched_at":24},"application-passwords-enable","Application Passwords Enable","1.1","banmaerp","https:\u002F\u002Fprofiles.wordpress.org\u002Fbanmaerp\u002F","\u003Cblockquote>\n\u003Cp>Does one thing: enable the “Application Passwords” feature.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Activate this plugin to completely enable the new Application Passwords functionality (added in WP version 5.6). To disable Application Passwords, simply deactivate the plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Lightweight – only one line of code.\u003C\u002Fli>\n\u003Cli>Simple to use – activate and done.\u003C\u002Fli>\n\u003Cli>No settings to worry about.\u003C\u002Fli>\n\u003Cli>Easy peasy.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More infos\u003C\u002Fh4>\n\u003Cp>For more information about the new Application Passwords feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F11\u002F05\u002Fapplication-passwords-integration-guide\u002F\" rel=\"nofollow ugc\">Application Passwords: Integration Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n","Activate this plugin to enable the Application Passwords feature that was added in WP v5.6.",700,6486,"2022-07-28T08:13:00.000Z","5.7.2",[112,129,18],"enable","https:\u002F\u002Ferp.banmaerp.com\u002Fplugins\u002Fapplication-passwords-enable.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapplication-passwords-enable.zip",{"attackSurface":133,"codeSignals":146,"taintFlows":153,"riskAssessment":154,"analyzedAt":157},{"hooks":134,"ajaxHandlers":142,"restRoutes":143,"shortcodes":144,"cronEvents":145,"entryPointCount":11,"unprotectedCount":11},[135],{"type":136,"name":137,"callback":138,"priority":139,"file":140,"line":141},"filter","random_password","rsp_disable_suggestions",10,"remove-suggested-passwords.php",27,[],[],[],[],{"dangerousFunctions":147,"sqlUsage":148,"outputEscaping":150,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":152},[],{"prepared":11,"raw":11,"locations":149},[],{"escaped":11,"rawEcho":11,"locations":151},[],[],[],{"summary":155,"deductions":156},"The plugin 'remove-suggested-passwords' v1.0 exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code signals show a clean bill of health with no dangerous functions, all SQL queries using prepared statements, and 100% proper output escaping.  The lack of file operations, external HTTP requests, and crucially, any identified nonce or capability checks, while seemingly positive in terms of avoiding common vulnerabilities, also points to a very minimal plugin functionality.  The vulnerability history is also clean, with no known CVEs.  This indicates a plugin that is either very simple and has not been a target, or has been developed with good security principles for its limited scope.  However, the complete absence of checks like nonces or capabilities, combined with a zero attack surface, raises questions about its actual functionality and whether it's truly doing anything that would necessitate such checks.  Overall, for its reported scope, the plugin appears secure, but its simplicity means there are no complex interactions to analyze for deeper security flaws.",[],"2026-03-17T06:29:54.257Z",{"wat":159,"direct":164},{"assetPaths":160,"generatorPatterns":161,"scriptPaths":162,"versionParams":163},[],[],[],[],{"cssClasses":165,"htmlComments":166,"htmlAttributes":167,"restEndpoints":168,"jsGlobals":169,"shortcodeOutput":170},[],[],[],[],[],[]]