[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMZmnqSjureAzS3GN5E8uYTwvqR8fEIgBhvrGEsqe0qA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":125,"fingerprints":241},"rename-wp-admin-login","Rename wp-admin login","1.0.0","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>\u003Cem>Rename wp-admin login\u003C\u002Fem> is a plugin that allows us to rename wp-admin login URL to anything you want. It does not change WordPress core files, the plugin simply intercepts page requests and works on any WordPress website. After you activate this plugin the wp-admin URL and wp-login.php will become unavailable, so you should bookmark or remember the url. Disable this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002Freviews\u002F?filter=5\" rel=\"ugc\">Rate It\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fnunosarmento\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a problem?\u003C\u002Fstrong> Please write a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002F\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use the plugin\u003C\u002Fh3>\n\u003Cp>Go under Settings and then click on “Permalinks” and change your URL under “Rename wp-admin login”.\u003C\u002Fp>\n\u003Cp>Step 1: Add new login URL\u003C\u002Fp>\n\u003Cp>Step 2: Add redirect URL\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was forked\u002Fadapted\u002Ffixed\u002Fupdated from this plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-login\u002F – @ellatrix thank you for starting the base of my plugin.\u003C\u002Fp>\n","Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want",7000,17102,86,6,"2025-12-02T13:00:00.000Z","6.9.4","5.0","",[20,21,22,4,23],"change-wp-login","custom-login-url","login","wp-admin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-admin-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-admin-login.1.0.0.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"nunosarmento",3,7030,90,30,87,"2026-04-04T02:44:44.210Z",[40,59,78,92,105],{"slug":41,"name":42,"version":6,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":27,"num_ratings":27,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"hide-wp-admin-login","Hide WP Admin Login","AppAspect Technologies Pvt. Ltd.","https:\u002F\u002Fprofiles.wordpress.org\u002Fappaspect\u002F","\u003Cp>This plugin \u003Cem>Hide WP Admin Login\u003C\u002Fem> allows to change the default WordPress Admin URL from wp-login.php and wp-admin to anything you want. All original links turn the default theme to “404 Not Found” page without rename or change files in core, nor does it add rewrite rules. Secure your website in just minutes with the \u003Cem>Hide WP Admin Login\u003C\u002Fem> plugin. Protect your WordPress site against hacker bots and spammers. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n","Change WordPress wp-login.php URL to anything you want.",600,3118,"2023-12-18T09:22:00.000Z","6.4.8","5.6","7.1",[54,21,41,55],"change-login-url","wordpress-login-url","https:\u002F\u002Fappaspectshop.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-wp-admin-login.1.0.0.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":26,"num_ratings":33,"last_updated":69,"tested_up_to":70,"requires_at_least":17,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",10,347,"2025-07-01T05:30:00.000Z","6.8.5","7.2",[21,73,74,23,75],"hide-login","security","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":67,"downloaded":86,"rating":27,"num_ratings":27,"last_updated":87,"tested_up_to":70,"requires_at_least":17,"requires_php":71,"tags":88,"homepage":18,"download_link":91,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"fortress-login-pro","Fortress Login Pro – Secure, Hide & Rename Login URL","1.1.3","Hamdi Saidani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamdisaidani\u002F","\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> is a battle-ready security plugin that replaces your WordPress login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) with a private, rotating URL that only you control.\u003C\u002Fp>\n\u003Cp>🛡️ It doesn’t just hide the login—it lets you track, rotate, and control it.\u003C\u002Fp>\n\u003Cp>Perfect for freelancers, agencies, eCommerce owners, and anyone tired of blind brute-force attacks.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login URL:\u003C\u002Fstrong> Hide \u003Ccode>wp-login.php\u003C\u002Fcode> and set your own private login path  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rotate Slugs:\u003C\u002Fstrong> Automatically change your login URL on a custom schedule  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual-Slug Rotation Safety:\u003C\u002Fstrong> Keep the old URL live until the new one is used (fail-safe)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug Generator:\u003C\u002Fstrong> Choose readable word combos or full-random slugs (with number support)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logs & Charts:\u003C\u002Fstrong> See IPs, timestamps, referrers, and user-agents by login attempt  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Logs:\u003C\u002Fstrong> Download access history or slug changes in CSV or JSON  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug History Panel:\u003C\u002Fstrong> Restore, archive, or delete old slugs anytime  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Configuration:\u003C\u002Fstrong> Set up outgoing email for login slug alerts and rotation notices  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email & Rotation:\u003C\u002Fstrong> Built-in checks before activating rotation so you don’t get locked out  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>System File Protection:\u003C\u002Fstrong> Optional toggle to block access to \u003Ccode>install.php\u003C\u002Fcode> and \u003Ccode>setup-config.php\u003C\u002Fcode> via \u003Ccode>.htaccess\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Fast, modern dashboard with zero bloat or upsell traps  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✅ Works With\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce, Easy Digital Downloads, and major eCommerce plugins  \u003C\u002Fli>\n\u003Cli>Membership systems like MemberPress, Paid Memberships Pro  \u003C\u002Fli>\n\u003Cli>Popular security plugins: Wordfence, iThemes, Sucuri  \u003C\u002Fli>\n\u003Cli>Caching tools like WP Rocket, Cloudflare, W3 Total Cache  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Fortress (vs limit login or captcha plugins)?\u003C\u002Fh3>\n\u003Cp>Most plugins try to \u003Cstrong>respond\u003C\u002Fstrong> to brute-force.\u003Cbr \u002F>\nFortress prevents it by removing the login form from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No login page = no attack surface.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Final Word\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Fortress Login Pro\u003C\u002Fstrong> doesn’t just hide your login—it makes you smarter about who’s trying to reach it.\u003C\u002Fp>\n\u003Cp>Real logs. Real control. No BS.\u003Cbr \u002F>\nReady to lock down WordPress the way it should’ve shipped.\u003C\u002Fp>\n\u003Cp>Try our companion plugin: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa> — hide noisy dashboard alerts with one click.\u003C\u002Fp>\n","Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.",612,"2025-05-09T10:19:00.000Z",[89,21,90,74,23],"brute-force-protection","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffortress-login-pro.1.1.3.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":27,"downloaded":100,"rating":27,"num_ratings":27,"last_updated":101,"tested_up_to":16,"requires_at_least":17,"requires_php":71,"tags":102,"homepage":18,"download_link":104,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",179,"2025-12-10T04:07:00.000Z",[21,22,74,103,23],"wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":16,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":18,"download_link":122,"security_score":123,"vuln_count":67,"unpatched_count":27,"last_vuln_date":124,"fetched_at":29},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","4.1","7.0",[21,22,121,103,75],"rename","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"attackSurface":126,"codeSignals":175,"taintFlows":203,"riskAssessment":231,"analyzedAt":240},{"hooks":127,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":27,"unprotectedCount":27},[128,134,137,140,142,144,147,150,154,157,161,164,167],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_notices","admin_notices_incompatible","includes\\class-rename-wp-admin-login.php",50,{"type":129,"name":135,"callback":131,"file":132,"line":136},"network_admin_notices",51,{"type":129,"name":138,"callback":138,"file":132,"line":139},"admin_init",56,{"type":129,"name":130,"callback":130,"file":132,"line":141},57,{"type":129,"name":135,"callback":130,"file":132,"line":143},58,{"type":129,"name":145,"callback":145,"file":132,"line":146},"wpmu_options",65,{"type":129,"name":148,"callback":148,"file":132,"line":149},"update_wpmu_options",66,{"type":129,"name":151,"callback":151,"priority":152,"file":132,"line":153},"plugins_loaded",1,68,{"type":129,"name":155,"callback":155,"file":132,"line":156},"wp_loaded",69,{"type":158,"name":159,"callback":159,"priority":67,"file":132,"line":160},"filter","site_url",70,{"type":158,"name":162,"callback":162,"priority":67,"file":132,"line":163},"network_site_url",71,{"type":158,"name":165,"callback":165,"priority":67,"file":132,"line":166},"wp_redirect",72,{"type":158,"name":168,"callback":169,"file":132,"line":170},"site_option_welcome_email","welcome_email",73,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":182,"fileOperations":27,"externalRequests":27,"nonceChecks":152,"capabilityChecks":152,"bundledLibraries":202},[],{"prepared":27,"raw":152,"locations":178},[179],{"file":132,"line":180,"context":181},111,"$wpdb->get_col() with variable interpolation",{"escaped":33,"rawEcho":183,"locations":184},8,[185,188,190,192,194,196,198,200],{"file":132,"line":186,"context":187},99,"raw output",{"file":132,"line":189,"context":187},141,{"file":132,"line":191,"context":187},228,{"file":132,"line":193,"context":187},234,{"file":132,"line":195,"context":187},235,{"file":132,"line":197,"context":187},240,{"file":132,"line":199,"context":187},242,{"file":132,"line":201,"context":187},250,[],[204,223],{"entryPoint":205,"graph":206,"unsanitizedCount":27,"severity":222},"admin_init (includes\\class-rename-wp-admin-login.php:154)",{"nodes":207,"edges":219},[208,213],{"id":209,"type":210,"label":211,"file":132,"line":212},"n0","source","$_POST (x2)",186,{"id":214,"type":215,"label":216,"file":132,"line":217,"wp_function":218},"n1","sink","update_option() [Settings Manipulation]",187,"update_option",[220],{"from":209,"to":214,"sanitized":221},true,"low",{"entryPoint":224,"graph":225,"unsanitizedCount":27,"severity":222},"\u003Cclass-rename-wp-admin-login> (includes\\class-rename-wp-admin-login.php:0)",{"nodes":226,"edges":229},[227,228],{"id":209,"type":210,"label":211,"file":132,"line":212},{"id":214,"type":215,"label":216,"file":132,"line":217,"wp_function":218},[230],{"from":209,"to":214,"sanitized":221},{"summary":232,"deductions":233},"The rename-wp-admin-login plugin exhibits a generally good security posture based on the provided static analysis.  The lack of identified attack surface points like unprotected AJAX handlers, REST API routes, or shortcodes is a significant strength.  Furthermore, the absence of dangerous functions, file operations, and external HTTP requests further reduces the potential for common vulnerabilities.\n\nHowever, a key concern arises from the single SQL query identified which is not using prepared statements, representing a potential for SQL injection if the input used in that query is not properly sanitized and escaped beforehand. While the plugin includes a nonce check and a capability check, the limited number of output operations (11 total, with only 27% properly escaped) indicates a moderate risk of Cross-Site Scripting (XSS) vulnerabilities in the unescaped outputs. The plugin's vulnerability history is clean, with no known CVEs, which is a positive indicator, but it's important to remember that a lack of past vulnerabilities does not guarantee future security.\n\nIn conclusion, the plugin has a strong foundation with minimal attack surface and no critical code signals. The primary areas of concern are the potential for SQL injection due to the un-prepared SQL query and the risk of XSS due to insufficient output escaping. Addressing these specific issues would significantly improve the plugin's overall security.",[234,237],{"reason":235,"points":236},"SQL query not using prepared statements",7,{"reason":238,"points":239},"Low percentage of properly escaped output",5,"2026-03-16T18:00:01.254Z",{"wat":242,"direct":247},{"assetPaths":243,"generatorPatterns":244,"scriptPaths":245,"versionParams":246},[],[],[],[],{"cssClasses":248,"htmlComments":249,"htmlAttributes":250,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":253},[],[],[],[],[],[]]