[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWcifQOAThVzP8DjxcPNWVpvEIz7dEsO2Bff2N9-bS2Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":135,"fingerprints":179},"rest-api-key-authentication","WP REST API Key Authentication","1.0","Kamal Hosen","https:\u002F\u002Fprofiles.wordpress.org\u002Fikamal\u002F","\u003Cp>\u003Cstrong>WP REST API Key Authentication\u003C\u002Fstrong> adds a simple API key-based authentication method to the WordPress REST API. This plugin is perfect for developers who want to interact with the REST API securely without relying on complex OAuth authentication mechanisms.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple API Keys\u003C\u002Fstrong>: Create and manage multiple API keys with custom names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure API Key Storage\u003C\u002Fstrong>: API keys are hashed and securely stored in the WordPress database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Display for Security\u003C\u002Fstrong>: API keys are shown only once after creation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Access Control\u003C\u002Fstrong>: Authenticate requests by including an API key in the \u003Ccode>Authorization\u003C\u002Fcode> header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Interface\u003C\u002Fstrong>: Manage API keys with a user-friendly admin page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Copy to Clipboard Popup\u003C\u002Fstrong>: Easily copy generated API keys with a built-in popup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is lightweight and integrates seamlessly with WordPress.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Generate an API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>API Keys\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Enter a name for the API key and click “Generate API Key”.\u003C\u002Fli>\n\u003Cli>The API key will appear in a popup. Copy it immediately, as it will not be displayed again.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use the API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Include the API key in the \u003Ccode>Authorization\u003C\u002Fcode> header of your REST API requests:\u003Cbr \u002F>\n \u003Ccode>Authorization: Bearer YOUR_API_KEY\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Delete API Keys\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To revoke access, delete an API key from the \u003Cstrong>API Keys\u003C\u002Fstrong> admin page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the License URI for details.\u003C\u002Fp>\n","A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.",20,952,0,"2025-01-16T09:18:00.000Z","6.7.5","5.0","7.2",[19,20,21,22,23],"access-control","api-authentication","api-key","rest-api","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-key-authentication.1.0.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"ikamal",9,1160,91,30,88,"2026-04-04T01:06:34.151Z",[39,56,80,96,113],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":13,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":16,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"pkl-wpz-rest-api-auth","PKL WPz REST API Authentication","1.1.0","Kittinan Lamkaek","https:\u002F\u002Fprofiles.wordpress.org\u002Fkittlam\u002F","\u003Cp>PKL WPz REST API Authentication provides a simple way to authenticate WordPress REST API requests using API keys. Users can generate their own API keys from their profile page and use them to make authenticated API requests.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User-friendly API key generation from profile page\u003C\u002Fli>\n\u003Cli>Secure API key storage with WordPress security standards\u003C\u002Fli>\n\u003Cli>Easy integration with WordPress REST API\u003C\u002Fli>\n\u003Cli>Support for Bearer token authentication\u003C\u002Fli>\n\u003Cli>API key revocation capability\u003C\u002Fli>\n\u003Cli>Admin can manage all users’ API keys\u003C\u002Fli>\n\u003Cli>Multiple authentication methods (Bearer Token, X-API-Key Header, Form-data, Query Parameter)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>For detailed API documentation and examples, visit the plugin settings page in your WordPress admin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and feature requests, please visit our GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPalmiizKittinan\" rel=\"nofollow ugc\">@PalmiizKittinan\u003C\u002Fa> .\u003C\u002Fp>\n","Control WordPress REST API access by requiring user authentication with API key system.",194,"2025-10-04T08:48:00.000Z","6.8.5","7.4",[21,52,22,23],"authentication","https:\u002F\u002Fgithub.com\u002FPalmiizKittinan\u002Fpkl-wpz-rest-api-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpkl-wpz-rest-api-auth.1.1.0.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":36,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":13,"last_vuln_date":79,"fetched_at":28},"wp-rest-api-authentication","JWT Authentication for WP REST APIs","4.3.0","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Cstrong>WordPress REST API endpoints\u003C\u002Fstrong> are \u003Cstrong>open and unsecured by default\u003C\u002Fstrong> which can be used to access your site data. Secure WordPress APIs from unauthorized users with our \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-authentication\" rel=\"nofollow ugc\">JWT Authentication for WP REST APIs plugin\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Our plugin offers below authentication methods to \u003Cstrong>Protect WP REST API endpoints\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-jwt-authentication-method\" rel=\"nofollow ugc\">JWT Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-basic-authentication-method\" rel=\"nofollow ugc\">Basic Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Frest-api-key-authentication-method\" rel=\"nofollow ugc\">API Key Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-oauth-2-0-authentication-method\" rel=\"nofollow ugc\">OAuth 2.0 Authentication\u003C\u002Fa>\u003Cbr \u002F>\n– External Token based Authentication 2.0\u002FOIDC\u002FJWT\u002F\u003Ca href=\"https:\u002F\u002Ffirebase.google.com\u002Fdocs\u002Fauth\u002Fadmin\u002Fcreate-custom-tokens\" rel=\"nofollow ugc\">Firebase\u003C\u002Fa> provider’s token authentication methods.\u003C\u002Fp>\n\u003Cp>You can authenticate default WordPress endpoints and custom-developed REST endpoints and third-party plugin REST API endpoints like that of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">Woocommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.learndash.com\u002F\" rel=\"nofollow ugc\">Learndash\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">Buddypress\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcart-rest-api-for-woocommerce\u002F\" rel=\"ugc\">CoCart\u003C\u002Fa>, etc.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIsyKI7eEV-I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WP REST API Authentication Methods in our plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-jwt-authentication-method#step_a1\" rel=\"nofollow ugc\">JWT Authentication\u003C\u002Fa>\u003Cbr \u002F>\nProvides an endpoint where you can pass the user credentials, and it will generate a JWT (JSON Web Token), which you can use to access the WordPress REST APIs accordingly.\u003Cbr \u002F>\nAdditionally, to maintain a seamless user experience without frequent logins needed due to token expiry, you can use our \u003Cem>Refresh and Revoke token\u003C\u002Fem> mechanisms feature.\u003Cbr \u002F>\nWhen the access token expires, instead of forcing the user to log in again, the client can request a new access token using a valid refresh token.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Frest-api-key-authentication-method#step_a\" rel=\"nofollow ugc\">API Key Authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-basic-authentication-method\" rel=\"nofollow ugc\">Basic Authentication\u003C\u002Fa>:\u003Cbr \u002F>\n        – 1. \u003Cstrong>Username: Password\u003C\u002Fstrong>\u003Cbr \u002F>\n        – 2. \u003Cstrong>Client-ID: Client-Secret\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-oauth-2-0-authentication-method#step_a\" rel=\"nofollow ugc\">OAuth 2.0 Authentication\u003C\u002Fa>\u003Cbr \u002F>\n        – 1. \u003Cstrong>Password Grant\u003C\u002Fstrong>\u003Cbr \u002F>\n            – 2. \u003Cstrong>Client Credentials Grant\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-rest-api-authentication-using-third-party-provider#step_a\" rel=\"nofollow ugc\">Third Party Provider Authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Following are some of the integrations that are possible with WP REST API Authentication:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Learndash API Authentication\u003C\u002Fli>\n\u003Cli>Custom Built REST API Endpoints Authentication\u003C\u002Fli>\n\u003Cli>BuddyPress API Authentication\u003C\u002Fli>\n\u003Cli>WooCommerce API Authentication\u003C\u002Fli>\n\u003Cli>Gravity Form API Authentication\u003C\u002Fli>\n\u003Cli>External\u002FThird-party plugin API endpoints integration in WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also disable the WP REST APIs with our plugin such that no one can make API calls to your WordPress REST API endpoints.Our plugin also provides \u003Cstrong>Refresh and Revoke Token\u003C\u002Fstrong> that can be used to improve the API security.\u003C\u002Fp>\n\u003Ch3>Benefits of Refresh Token\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enhances security by keeping access tokens short-lived.\u003C\u002Fli>\n\u003Cli>Improves user experience with uninterrupted sessions.\u003C\u002Fli>\n\u003Cli>Reduces login frequency.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits of Revoke Token\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Protects against token misuse if a device is lost or compromised.\u003C\u002Fli>\n\u003Cli>Enables admin-triggered logouts or session control.\u003C\u002Fli>\n\u003Cli>Useful for complying with stricter session policies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With this plugin, the user is allowed to access your site’s resources only after successful WP REST API authentication. JWT Authentication for WP REST APIs plugin will make your \u003Cstrong>WordPress endpoints secure from unauthorized access.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Plugin Feature List\u003C\u002Fh3>\n\u003Ch3>FREE PLAN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Authenticate only default core WordPress REST API endpoints.\u003C\u002Fli>\n\u003Cli>Basic Authentication with username and password.\u003C\u002Fli>\n\u003Cli>JWT Authentication (JSON Web Token Authentication).\u003C\u002Fli>\n\u003Cli>Enable Selective API protection.\u003C\u002Fli>\n\u003Cli>Restrict non-logged-in users to access REST API endpoints.\u003C\u002Fli>\n\u003Cli>Disable WP REST APIs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>PREMIUM PLAN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Authenticate all REST API endpoints (Default WP, Custom APIs,Third-Party plugins)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Token Authentication\u003C\u002Fstrong> (JSON Web Token Authentication)\u003C\u002Fli>\n\u003Cli>Login, Refresh and Revoke token endpoints for token management\u003C\u002Fli>\n\u003Cli>API Key Authentication\u003C\u002Fli>\n\u003Cli>Basic Authentication (username\u002Fpassword and email\u002Fpassword)\u003C\u002Fli>\n\u003Cli>OAuth 2.0 Authentication\u003C\u002Fli>\n\u003Cli>Universal API key and User-specific API key for authentication\u003C\u002Fli>\n\u003Cli>Selective API protection.\u003C\u002Fli>\n\u003Cli>Disable WP REST APIs\u003C\u002Fli>\n\u003Cli>Time-based token expiry\u003C\u002Fli>\n\u003Cli>Role-based WP REST API authentication\u003C\u002Fli>\n\u003Cli>Custom Header support rather than just \u003Cem>Authorization\u003C\u002Fem> to increase security.\u003C\u002Fli>\n\u003Cli>Create users in WordPress based on third-party provider access tokens (JWT tokens) authentication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not store any user data.\u003C\u002Fp>\n","Secure and protect WordPress REST API from unauthorized access using JWT token, Basic Authentication, API Key, OAuth 2, or external token.",20000,490496,73,"2026-02-09T05:11:00.000Z","6.9.4","3.0.1","5.6",[21,72,73,22,74],"jwt-authentication","rest","secure-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-rest-api-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-authentication.4.3.0.zip",97,2,"2025-04-16 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":55,"num_ratings":78,"last_updated":90,"tested_up_to":15,"requires_at_least":91,"requires_php":70,"tags":92,"homepage":94,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"smntcs-disable-rest-api-user-endpoints","SMNTCS Disable REST API User Endpoints","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>. This plugin disables the REST API user endpoints to obscure the user slugs.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Contributions are more than welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and open an issue or a pull request.\u003C\u002Fp>\n","Disable the REST API user endpoints due to obscure user slugs.",6000,29155,"2024-12-31T06:23:00.000Z","5.5",[93,22,23],"endpoints","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-disable-rest-api-user-endpoints.2.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":55,"num_ratings":106,"last_updated":107,"tested_up_to":68,"requires_at_least":16,"requires_php":108,"tags":109,"homepage":24,"download_link":112,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"easy-basic-authentication","Easy Basic Authentication – Add basic auth to site or admin area","3.9.1","Matteo Enna","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteoenna\u002F","\u003Cp>The Easy Basic Authentication plugin provides a simple method to add basic authentication to your WordPress site. You can enable basic authentication for the entire site or only for the admin area by setting a custom username and password. Secure your site by restricting access only to authorized users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it on a free mock site: \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Feasy-basic-authentication\u002F\" rel=\"nofollow ugc\">click here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple Configuration:\u003C\u002Fstrong> With Easy Basic Authentication, you can easily set up basic authentication for your entire website or specifically for the admin area. Set a custom username and password to ensure secure access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Area Protection:\u003C\u002Fstrong> If you wish to restrict access to your WordPress admin area, Easy Basic Authentication allows you to do so quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Entire site protection:\u003C\u002Fstrong> If you wish, there is an option to extend the access limitation to the entire site and not just for your WordPress admin area, Easy Basic authentication allows you to do this quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Access Logging:\u003C\u002Fstrong> The plugin keeps track of failed login attempts, helping you identify unauthorized access attempts. This is particularly useful for monitoring your site’s security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access Log:\u003C\u002Fstrong> If you choose to enable this feature, Easy Basic Authentication allows you to log successful logins, providing a comprehensive overview of login activities on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong> The plugin’s intuitive interface makes it simple to manage basic authentication settings. You can easily enable or disable basic authentication and adjust credentials to suit your needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Alert Functionality:\u003C\u002Fstrong> Easy Basic Authentication includes an email alert feature to notify you of unauthorized access attempts. You can receive email alerts when someone tries to access your site without proper credentials.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>White List Functionality:\u003C\u002Fstrong> Easy Basic Authentication now includes a White List feature, allowing you to specify trusted IP addresses exempt from basic authentication. Configure this list to grant immediate access to known users or systems without requiring credentials, enhancing convenience while maintaining security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress site with basic authentication quickly and reliably. Easy Basic Authentication gives you control to ensure that only authorized users can access your online resources. Maintain your site’s security and prevent unwanted access today with Easy Basic Authentication.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Visit the plugin settings page to configure your desired basic authentication options.\u003C\u002Fli>\n\u003Cli>Choose whether to enable basic authentication for the entire site or just the admin area.\u003C\u002Fli>\n\u003Cli>Set a custom username and password for secure access.\u003C\u002Fli>\n\u003Cli>Monitor failed access attempts and access logs for added security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting: Resetting Basic Authentication\u003C\u002Fh3>\n\u003Cp>If you’re having trouble logging in due to the basic authentication, you can reset it and regain access by following these steps:\u003C\u002Fp>\n\u003Cp>1 \u003Cstrong>Connect to your website via FTP.\u003C\u002Fstrong>\u003Cbr \u002F>\n2 \u003Cstrong>Navigate to the plugin directory:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>wp-content\u002Fplugins\u002Feasy-basic-authentication\u002Fclass\u002F\u003C\u002Fpre>\n\u003Cp>3 \u003Cstrong>Locate the file:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>easy-basic-authentication-class.php\u003C\u002Fpre>\n\u003Cp>4 \u003Cstrong>Find the following line:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>5 \u003Cstrong>Comment out that line\u003C\u002Fstrong> by adding a \u003Ccode>#\u003C\u002Fcode> at the beginning:\u003C\u002Fp>\n\u003Cpre>#add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>6 \u003Cstrong>Save the file\u003C\u002Fstrong> and re-upload it to your server.\u003C\u002Fp>\n\u003Cp>This will disable the basic authentication temporarily, allowing you to log in. Once logged in, you can adjust the plugin settings as needed.\u003C\u002Fp>\n\u003Cp>If you need further assistance, feel free to reach out.\u003C\u002Fp>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code and contribute to the project on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEllusu\u002Feasy-basic-authentication\" rel=\"nofollow ugc\">Easy Basic Authentication on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Secure your WordPress site with easy and effective basic authentication. Restrict access, monitor attempts, and enhance security.",600,11185,3,"2025-12-03T06:03:00.000Z","7.2.5",[19,52,110,23,111],"login","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-basic-authentication.3.9.1.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":78,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":70,"tags":127,"homepage":132,"download_link":133,"security_score":134,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wpcontrol","WPControl – The Easiest Optimization Plugin for WordPress","1.0.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WPControl is the ultimate way to clean up your WordPress site.\u003C\u002Fp>\n\u003Cp>With over 20 built-in optimizations, WPControl allows you to easily enable and disable WordPress Core features, letting you remove those features that you don’t use from the dashboard you and your users see.\u003C\u002Fp>\n\u003Cp>Simply put, WPControl is the ultimate plugin that you need to control your website. With our single plugin, you can remove the need to have plugins for things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling emails\u003C\u002Fli>\n\u003Cli>Disabling comments\u003C\u002Fli>\n\u003Cli>Disabling the WordPress REST API\u003C\u002Fli>\n\u003Cli>and so much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All in a single, easy to use plugin that helps boost both the performance and security of your WordPress install.\u003C\u002Fp>\n\u003Cp>WPControl is designed for simplicity first, made by the same \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa> that makes your favorite WordPress tutorials.\u003C\u002Fp>\n\u003Cp>Our plugin is used by the plugin authors behind many of your favorite WordPress plugins including \u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> , \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa>  and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple, yet powerful. I love that I can easily disable all of the features of WordPress I’m not using in a single plugin. It makes new site setup a breeze!\u003Cbr \u002F>\n  \u003Cbr \u002F>\n  Chris Christoff\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>At WPControl, we found that there are many unused features of WordPress that make it a hassle sometimes or we just don’t need. There are tons of plugins already out there that will disable a specific feature. But taking the time and energy to optimize all of them was too much. We made just one plugin that has the features of many so you can have a one stop shop for disabling unused features of WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other methods of disabling features, WPControl allows you to disable many features with just a few clicks (no need to hire a developer).\u003C\u002Fp>\n\u003Ch4>Settings Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Comments\u003C\u002Fstrong> – You can disable comments site wide or on specific post types such as posts, pages, and media.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gutenberg\u003C\u002Fstrong> – Disables the Gutenberg block editor and reverts it the Classic Editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable “Try Gutenberg” Nag\u003C\u002Fstrong> – Removes the annoying admin notice that keeps nagging you to try Gutenberg\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Shortlinks\u003C\u002Fstrong> – The tag is auto generated by WordPress and is used to create shortlinks. If you are already using pretty permalinks, such as the PrettyLinks plugin. Then there is no need for this unnecessary tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable RSD Link\u003C\u002Fstrong> – RSD Links are used by blog clients and some 3rd parties that utilize XML-RPC requests. If you edit your site through your browser, then you do not need it. Most of the time, it is just unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove XFN Profile Link\u003C\u002Fstrong> – The XFN Profile Link is used to add semantic data to links to be used by browsers to assign relationships between profiles. Basically it tells browsers that the site contains links that use XFN Specification\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable wlwmanifest Link\u003C\u002Fstrong> – The wlwmanifest link is used by Windows Live Writer. If you don’t use Windows Live Writer then disable the link as it is unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Links to Previous and Next Post\u003C\u002Fstrong> – If your site is not a blog and is used as a CMS, then this feature will remove the previous and next post links in your WordPress theme.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable XML-RPC Pingback\u003C\u002Fstrong> – Removes XML-RPC method to prevent abuse of site’s pingback while you can use the rest of the XML-RPC Pingback method.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Blocks users WordPress from getting user Gravatar from their email to add privacy for the users or prevent inappropriate avatars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Rest API\u003C\u002Fstrong> – Disables the REST-API to prevent abuse of Rest\u002FJSON API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login Errors\u003C\u002Fstrong> – An attacker can find the authors login using a similar request as mysite.com\u002F?author=1.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove HTML comments\u003C\u002Fstrong> – Removes HTML comments in source code to add a layer of defense from attackers trying to find the version of plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove Meta Generator\u003C\u002Fstrong> – This meta tag allows attackers to see the version of WordPress, it serves no useful purpose.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Right Click\u003C\u002Fstrong> – You can disable the ability to right click on your site, or just specific things like posts, pages, media, front page, and even have the ability to show an alert to the user that right click is disabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Admin Notices\u003C\u002Fstrong> – You can disable all admin notices that appear in the admin settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable New User Emails\u003C\u002Fstrong> – Stops WordPress from sending new user notification emails to admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Search\u003C\u002Fstrong> – Disable the front-end search bar in WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Lazy Loading\u003C\u002Fstrong> – Removes the lazy loading functionality that was added in WordPress 5.3.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Admin Toolbar\u003C\u002Fstrong> – Hides the admin toolbar when the admin is on the front-end\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Dashboard Widgets\u003C\u002Fstrong> – Gives you the option to disable whichever default dashboard widgets you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After reading this feature list, you can probably imagine why WPControl is the best disable plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Give WPControl a try today!\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by Zain Balkhi of the \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa> – The original WordPress SEO plugin to help you rank higher in search results (trusted by over 2 million sites)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Most popular coming soon & maintenance mode plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F\" title=\"WP Mail SMTP\" rel=\"friend nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F\" title=\"RafflePress\" rel=\"friend nofollow ugc\">RafflePress\u003C\u002Fa> – Best WordPress giveaway and contest plugin to grow traffic and social followers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsmashballoon.com\u002F\" title=\"Smash Balloon\" rel=\"friend nofollow ugc\">Smash Balloon\u003C\u002Fa> – #1 social feeds plugin for WordPress – display social media content in WordPress without code\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpushengage.com\u002F\" title=\"PushEngage\" rel=\"friend nofollow ugc\">PushEngage\u003C\u002Fa> – Connect with visitors after they leave your website with the leading web push notification plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrustpulse.com\u002F\" title=\"TrustPulse\" rel=\"friend nofollow ugc\">TrustPulse\u003C\u002Fa> – Add real-time social proof notifications to boost your store conversions by up to 15%\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin would not be possible without the help and support of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site. You can learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">free WordPress Tutorials\u003C\u002Fa> like \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fhow-to-install-wordpress\u002F\" title=\"How to Install WordPress - Step by Step\" rel=\"friend nofollow ugc\">how to install WordPress\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" title=\"How to choose the best WordPress hosting\" rel=\"friend nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fglossary\u002F\" title=\"WordPress Glossary Terms for Beginners\" rel=\"friend nofollow ugc\">WordPress glossary\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>You can also learn about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to improve your website's security, performance, and user experience.",200,4235,90,"2022-04-18T21:12:00.000Z","5.9.13","3.8.0",[128,129,130,131,23],"disable-comments","disable-gutenberg","disable-rest-api","performance","https:\u002F\u002Fwww.wpcontrol.com\u002F?utm_source=liteplugin&utm_medium=pluginheader&utm_campaign=pluginurl&utm_content=7%2E0%2E0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcontrol.1.0.1.zip",85,{"attackSurface":136,"codeSignals":156,"taintFlows":171,"riskAssessment":172,"analyzedAt":178},{"hooks":137,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[138,144,148],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","register_admin_menu","rest-api-key-authentication.php",27,{"type":145,"name":146,"callback":147,"file":142,"line":35},"filter","rest_authentication_errors","authenticate_api_key",{"type":139,"name":149,"callback":150,"file":142,"line":151},"admin_enqueue_scripts","enqueue_admin_assets",47,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":166,"fileOperations":13,"externalRequests":13,"nonceChecks":78,"capabilityChecks":169,"bundledLibraries":170},[],{"prepared":13,"raw":78,"locations":159},[160,164],{"file":161,"line":162,"context":163},"admin\\admin-page.php",31,"$wpdb->get_results() with variable interpolation",{"file":142,"line":165,"context":163},115,{"escaped":167,"rawEcho":13,"locations":168},10,[],1,[],[],{"summary":173,"deductions":174},"The \"rest-api-key-authentication\" v1.0 plugin presents a generally positive security posture based on the provided static analysis. The plugin demonstrates good practices by avoiding dangerous functions, performing output escaping on all outputs, and having no recorded file operations or external HTTP requests.  Its attack surface appears to be minimal with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. The presence of nonce and capability checks, while limited, also indicates an awareness of security fundamentals.\n\nHowever, a significant concern lies in the handling of SQL queries.  With two SQL queries present and none utilizing prepared statements, there is a high risk of SQL injection vulnerabilities. This is a critical oversight, as user-supplied data could potentially be manipulated to compromise the database.  The absence of any taint analysis results might be due to the limited scope of the analysis or the plugin's functionality, but it doesn't negate the explicit risk identified with the SQL queries.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator.  This suggests that historically, the plugin has not been a source of major security flaws.  However, the lack of history doesn't absolve the current codebase of potential issues, especially given the identified SQL query concerns. In conclusion, while the plugin excels in minimizing its attack surface and good output handling, the lack of prepared statements for its SQL queries represents a substantial security weakness that needs immediate attention. The plugin's future security will depend on addressing this critical area.",[175],{"reason":176,"points":177},"SQL queries without prepared statements",8,"2026-03-16T23:03:29.336Z",{"wat":180,"direct":189},{"assetPaths":181,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[182,183],"\u002Fwp-content\u002Fplugins\u002Frest-api-key-authentication\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Frest-api-key-authentication\u002Fjs\u002Fadmin-script.js",[],[183],[187,188],"rest-api-key-authentication\u002Fcss\u002Fadmin-style.css?ver=","rest-api-key-authentication\u002Fjs\u002Fadmin-script.js?ver=",{"cssClasses":190,"htmlComments":191,"htmlAttributes":192,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":195},[],[],[],[],[],[]]