[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIj7_O2-n-hfnkws-TxbhnVJew1fYWfCnpZCoG3UIHoY":3,"$ffglfv3DIWgdIcRAXDIf1xxOA2jmM8kxxvKONwYsm_FI":172,"$fzMcJiqQ7MBamLABsOHQdpIZisX38_lrRf4iOW_Mx4wE":177},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":134,"fingerprints":159},"restless","RESTless","1.0","BjornW","https:\u002F\u002Fprofiles.wordpress.org\u002Fbjornw\u002F","\u003Cp>RESTless is a tiny WordPress plugin which disables access to the REST API (available in WordPress since version 4.4) for non-authenticated users.\u003Cbr \u002F>\nThis prevents usage of the REST API by the general public and limits access to those with login credentials. No REST for the wicked.\u003C\u002Fp>\n\u003Cp>It also supports WordPress Multisite installations.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Credits:\u003C\u002Fp>\n\u003Cp>Sword icon used in the WordPress plugin repository and found as \u002Fassets\u002Ficon*\u003Cbr \u002F>\nFrom the series \u003Ca href=\"http:\u002F\u002Fwww.toicon.com\u002Fseries\u002Fsketchy\" rel=\"nofollow ugc\">‘Sketchy’\u003C\u002Fa> By \u003Ca href=\"http:\u002F\u002Fwww.toicon.com\u002Fauthors\u002F1\" rel=\"nofollow ugc\">Shannon E Thomas\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks Shannon E Thomas and to[icon] for sharing your work!\u003C\u002Fp>\n\u003Cp>WordPress repository banner image found in \u002Fassets\u002Fbanner*:\u003C\u002Fp>\n\u003Cp>Orginal painting: \u003Ca href=\"http:\u002F\u002Fhdl.handle.net\u002F10934\u002FRM0001.COLLECT.319230\" rel=\"nofollow ugc\">‘Draak’\u003C\u002Fa>\u003Cbr \u002F>\nDrawn by: \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FUtagawa_Kuniyoshi\" rel=\"nofollow ugc\">Utagawa Kuniyoshi\u003C\u002Fa>\u003Cbr \u002F>\nDated around 1808 – 1861\u003Cbr \u002F>\nRepository: Rijksmuseum.nl\u003Cbr \u002F>\nModified by: \u003Ca href=\"https:\u002F\u002Fburobjorn.nl\" rel=\"nofollow ugc\">Bj&ouml;rn Wijers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks Rijksmuseum!\u003C\u002Fp>\n","RESTless disables REST calls for non-authenticated requests.",10,1265,0,"2018-06-29T08:28:00.000Z","4.9.29","4.4","",[19,20,21],"rest","rest-api","security","https:\u002F\u002Fburobjorn.nl\u002Ffloss\u002Fwordpress-plugins\u002Frestless","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestless.zip",85,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"bjornw",8,10390,30,84,"2026-05-19T20:40:57.463Z",[37,59,80,100,116],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":58},"smntcs-disable-rest-api-user-endpoints","SMNTCS Disable REST API User Endpoints","2.4","Niels Lange","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielslange\u002F","\u003Cp>With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fcode>. This plugin disables the REST API user endpoints to obscure the user slugs.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Contributions are more than welcome. Simply head over to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa> and open an issue or a pull request.\u003C\u002Fp>\n","Disable the REST API user endpoints due to obscure user slugs.",6000,29425,100,2,"2024-12-31T06:23:00.000Z","6.7.5","5.5","5.6",[54,20,21],"endpoints","https:\u002F\u002Fgithub.com\u002Fnielslange\u002Fsmntcs-disable-rest-api-user-endpoints","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmntcs-disable-rest-api-user-endpoints.2.4.zip",92,"2026-04-16T10:56:18.058Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":48,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":52,"tags":73,"homepage":78,"download_link":79,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":58},"wpcontrol","WPControl – The Easiest Optimization Plugin for WordPress","1.0.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WPControl is the ultimate way to clean up your WordPress site.\u003C\u002Fp>\n\u003Cp>With over 20 built-in optimizations, WPControl allows you to easily enable and disable WordPress Core features, letting you remove those features that you don’t use from the dashboard you and your users see.\u003C\u002Fp>\n\u003Cp>Simply put, WPControl is the ultimate plugin that you need to control your website. With our single plugin, you can remove the need to have plugins for things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling emails\u003C\u002Fli>\n\u003Cli>Disabling comments\u003C\u002Fli>\n\u003Cli>Disabling the WordPress REST API\u003C\u002Fli>\n\u003Cli>and so much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All in a single, easy to use plugin that helps boost both the performance and security of your WordPress install.\u003C\u002Fp>\n\u003Cp>WPControl is designed for simplicity first, made by the same \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa> that makes your favorite WordPress tutorials.\u003C\u002Fp>\n\u003Cp>Our plugin is used by the plugin authors behind many of your favorite WordPress plugins including \u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> , \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa>  and more.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple, yet powerful. I love that I can easily disable all of the features of WordPress I’m not using in a single plugin. It makes new site setup a breeze!\u003Cbr \u002F>\n  \u003Cbr \u002F>\n  Chris Christoff\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>At WPControl, we found that there are many unused features of WordPress that make it a hassle sometimes or we just don’t need. There are tons of plugins already out there that will disable a specific feature. But taking the time and energy to optimize all of them was too much. We made just one plugin that has the features of many so you can have a one stop shop for disabling unused features of WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other methods of disabling features, WPControl allows you to disable many features with just a few clicks (no need to hire a developer).\u003C\u002Fp>\n\u003Ch4>Settings Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Comments\u003C\u002Fstrong> – You can disable comments site wide or on specific post types such as posts, pages, and media.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gutenberg\u003C\u002Fstrong> – Disables the Gutenberg block editor and reverts it the Classic Editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable “Try Gutenberg” Nag\u003C\u002Fstrong> – Removes the annoying admin notice that keeps nagging you to try Gutenberg\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Shortlinks\u003C\u002Fstrong> – The tag is auto generated by WordPress and is used to create shortlinks. If you are already using pretty permalinks, such as the PrettyLinks plugin. Then there is no need for this unnecessary tag.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable RSD Link\u003C\u002Fstrong> – RSD Links are used by blog clients and some 3rd parties that utilize XML-RPC requests. If you edit your site through your browser, then you do not need it. Most of the time, it is just unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove XFN Profile Link\u003C\u002Fstrong> – The XFN Profile Link is used to add semantic data to links to be used by browsers to assign relationships between profiles. Basically it tells browsers that the site contains links that use XFN Specification\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable wlwmanifest Link\u003C\u002Fstrong> – The wlwmanifest link is used by Windows Live Writer. If you don’t use Windows Live Writer then disable the link as it is unnecessary code.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Links to Previous and Next Post\u003C\u002Fstrong> – If your site is not a blog and is used as a CMS, then this feature will remove the previous and next post links in your WordPress theme.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable XML-RPC Pingback\u003C\u002Fstrong> – Removes XML-RPC method to prevent abuse of site’s pingback while you can use the rest of the XML-RPC Pingback method.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Blocks users WordPress from getting user Gravatar from their email to add privacy for the users or prevent inappropriate avatars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Rest API\u003C\u002Fstrong> – Disables the REST-API to prevent abuse of Rest\u002FJSON API.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login Errors\u003C\u002Fstrong> – An attacker can find the authors login using a similar request as mysite.com\u002F?author=1.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove HTML comments\u003C\u002Fstrong> – Removes HTML comments in source code to add a layer of defense from attackers trying to find the version of plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remove Meta Generator\u003C\u002Fstrong> – This meta tag allows attackers to see the version of WordPress, it serves no useful purpose.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Right Click\u003C\u002Fstrong> – You can disable the ability to right click on your site, or just specific things like posts, pages, media, front page, and even have the ability to show an alert to the user that right click is disabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Admin Notices\u003C\u002Fstrong> – You can disable all admin notices that appear in the admin settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable New User Emails\u003C\u002Fstrong> – Stops WordPress from sending new user notification emails to admin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Search\u003C\u002Fstrong> – Disable the front-end search bar in WordPress.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Lazy Loading\u003C\u002Fstrong> – Removes the lazy loading functionality that was added in WordPress 5.3.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Admin Toolbar\u003C\u002Fstrong> – Hides the admin toolbar when the admin is on the front-end\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Disable Dashboard Widgets\u003C\u002Fstrong> – Gives you the option to disable whichever default dashboard widgets you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After reading this feature list, you can probably imagine why WPControl is the best disable plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Give WPControl a try today!\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by Zain Balkhi of the \u003Ca href=\"https:\u002F\u002Fwpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.monsterinsights.com\u002F\" title=\"MonsterInsights\" rel=\"friend nofollow ugc\">MonsterInsights\u003C\u002Fa> – Best Google Analytics plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Foptinmonster.com\u002F\" title=\"OptinMonster\" rel=\"friend nofollow ugc\">OptinMonster\u003C\u002Fa> – Get More Email Subscribers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" title=\"WPForms\" rel=\"friend nofollow ugc\">WPForms\u003C\u002Fa> – Best WordPress Contact Form Plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Faioseo.com\u002F\" title=\"AIOSEO\" rel=\"friend nofollow ugc\">AIOSEO\u003C\u002Fa> – The original WordPress SEO plugin to help you rank higher in search results (trusted by over 2 million sites)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.seedprod.com\u002F\" title=\"SeedProd\" rel=\"friend nofollow ugc\">SeedProd\u003C\u002Fa> – Most popular coming soon & maintenance mode plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmailsmtp.com\u002F\" title=\"WP Mail SMTP\" rel=\"friend nofollow ugc\">WP Mail SMTP\u003C\u002Fa> – Improve email deliverability for your contact form with the most popular SMTP plugin for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frafflepress.com\u002F\" title=\"RafflePress\" rel=\"friend nofollow ugc\">RafflePress\u003C\u002Fa> – Best WordPress giveaway and contest plugin to grow traffic and social followers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsmashballoon.com\u002F\" title=\"Smash Balloon\" rel=\"friend nofollow ugc\">Smash Balloon\u003C\u002Fa> – #1 social feeds plugin for WordPress – display social media content in WordPress without code\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpushengage.com\u002F\" title=\"PushEngage\" rel=\"friend nofollow ugc\">PushEngage\u003C\u002Fa> – Connect with visitors after they leave your website with the leading web push notification plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrustpulse.com\u002F\" title=\"TrustPulse\" rel=\"friend nofollow ugc\">TrustPulse\u003C\u002Fa> – Add real-time social proof notifications to boost your store conversions by up to 15%\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin would not be possible without the help and support of \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>, the largest WordPress resource site. You can learn from our \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" title=\"WordPress Tutorials\" rel=\"friend nofollow ugc\">free WordPress Tutorials\u003C\u002Fa> like \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fhow-to-install-wordpress\u002F\" title=\"How to Install WordPress - Step by Step\" rel=\"friend nofollow ugc\">how to install WordPress\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fwordpress-hosting\u002F\" title=\"How to choose the best WordPress hosting\" rel=\"friend nofollow ugc\">choose the best WordPress hosting\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fglossary\u002F\" title=\"WordPress Glossary Terms for Beginners\" rel=\"friend nofollow ugc\">WordPress glossary\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>You can also learn about other \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fplugins\u002F\" title=\"Best WordPress Plugins\" rel=\"friend nofollow ugc\">best WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","The easiest way to improve your website's security, performance, and user experience.",200,4358,90,"2022-04-18T21:12:00.000Z","5.9.13","3.8.0",[74,75,76,77,21],"disable-comments","disable-gutenberg","disable-rest-api","performance","https:\u002F\u002Fwww.wpcontrol.com\u002F?utm_source=liteplugin&utm_medium=pluginheader&utm_campaign=pluginurl&utm_content=7%2E0%2E0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcontrol.1.0.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":13,"num_ratings":13,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":58},"ghostgate","GhostGate","1.3.3","codegee0958","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodegee0958\u002F","\u003Cp>\u003Cstrong>GhostGate\u003C\u002Fstrong> is a lightweight yet powerful WordPress security plugin that eliminates the login page as an attack surface. Instead of just defending, it \u003Cstrong>erases the entrance\u003C\u002Fstrong> entirely with dynamic login URLs and multi-layer access verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🔒 Hide your login URL with a custom slug and time-based code\u003C\u002Fli>\n\u003Cli>🔑 Built-in 2FA via email verification\u003C\u002Fli>\n\u003Cli>🚫 Auto-block brute force attacks by IP\u003C\u002Fli>\n\u003Cli>🧱 Disable\u002Flimit unused endpoints like XML-RPC and REST API\u003C\u002Fli>\n\u003Cli>👤 Prevent user enumeration via REST, RSS, and author queries\u003C\u002Fli>\n\u003Cli>🔍 Visualize security status and detect conflicts\u003C\u002Fli>\n\u003Cli>📜 Activity logs with optional file rotation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>GhostGate doesn’t just defend — it disappears.\u003Cbr \u002F>\nInvisible to bots. Intuitive for users.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Full features \u002F screenshots \u002F pricing \u002F docs\u003C\u002Fstrong>:\u003Cbr \u002F>\nhttps:\u002F\u002Farce-experience.com\u002Fproduct\u002F\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>GhostGate can store the following data locally on your site to provide rate-limiting and security auditing:\u003Cbr \u002F>\n– IP addresses (for temporary throttling \u002F block lists)\u003Cbr \u002F>\n– Timestamps and event metadata (login attempts, REST\u002FXML-RPC hits)\u003Cbr \u002F>\n– Optional log files under \u003Ccode>wp-content\u002Fuploads\u002Fghostgate\u002Flogs\u003C\u002Fcode> (if enabled)\u003C\u002Fp>\n\u003Cp>No data is sent to third-party services.\u003Cbr \u002F>\nSite owners are responsible for informing users\u002Fvisitors where required by local laws. You can clear blocks\u002Flogs from the admin UI or by deleting the log files.\u003C\u002Fp>\n","Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.",20,460,"2026-01-21T00:06:00.000Z","6.9.4","5.8","7.4",[95,20,21,96,97],"limit-login-attempts","two-factor-authentication","xml-rpc","https:\u002F\u002Farce-experience.com\u002Fproduct\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fghostgate.1.3.3.zip",{"slug":101,"name":102,"version":6,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":88,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":108,"tested_up_to":50,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":17,"download_link":115,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":58},"rest-api-key-authentication","WP REST API Key Authentication","Kamal Hosen","https:\u002F\u002Fprofiles.wordpress.org\u002Fikamal\u002F","\u003Cp>\u003Cstrong>WP REST API Key Authentication\u003C\u002Fstrong> adds a simple API key-based authentication method to the WordPress REST API. This plugin is perfect for developers who want to interact with the REST API securely without relying on complex OAuth authentication mechanisms.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple API Keys\u003C\u002Fstrong>: Create and manage multiple API keys with custom names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure API Key Storage\u003C\u002Fstrong>: API keys are hashed and securely stored in the WordPress database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Display for Security\u003C\u002Fstrong>: API keys are shown only once after creation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Access Control\u003C\u002Fstrong>: Authenticate requests by including an API key in the \u003Ccode>Authorization\u003C\u002Fcode> header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Interface\u003C\u002Fstrong>: Manage API keys with a user-friendly admin page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Copy to Clipboard Popup\u003C\u002Fstrong>: Easily copy generated API keys with a built-in popup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is lightweight and integrates seamlessly with WordPress.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Generate an API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>API Keys\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Enter a name for the API key and click “Generate API Key”.\u003C\u002Fli>\n\u003Cli>The API key will appear in a popup. Copy it immediately, as it will not be displayed again.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use the API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Include the API key in the \u003Ccode>Authorization\u003C\u002Fcode> header of your REST API requests:\u003Cbr \u002F>\n \u003Ccode>Authorization: Bearer YOUR_API_KEY\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Delete API Keys\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To revoke access, delete an API key from the \u003Cstrong>API Keys\u003C\u002Fstrong> admin page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the License URI for details.\u003C\u002Fp>\n","A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.",1019,"2025-01-16T09:18:00.000Z","5.0","7.2",[112,113,114,20,21],"access-control","api-authentication","api-key","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-key-authentication.1.0.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":13,"num_ratings":13,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":132,"download_link":133,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":58},"keys-master","Keys Master","2.5.0","Pierre Lannoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpierrelannoy\u002F","\u003Cp>\u003Cstrong>Keys Master\u003C\u002Fstrong> is a powerful application passwords manager for WordPress with role-based usage control and full analytics reporting about passwords usages. It relies on the “application password” core feature introduced in WordPress 5.6. and add it extra features and controls.\u003C\u002Fp>\n\u003Cp>You can limit usage of application passwords, on a per role basis:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>maximum passwords per user;\u003C\u002Fli>\n\u003Cli>specific usage: none (blocks usage), only authentication and revocation or full management (with password creation).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each roles defined on your site, you can define a period during which a password can be unused before auto-revocation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keys Master\u003C\u002Fstrong> can report the following main items and metrics:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>KPIs: authentication success, number, creations and revocations of passwords, adoption and usage rate;\u003C\u002Fli>\n\u003Cli>channels breakdown;\u003C\u002Fli>\n\u003Cli>clients breakdown (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdevice-detector\u002F\" rel=\"ugc\">Device Detector\u003C\u002Fa> plugin);\u003C\u002Fli>\n\u003Cli>countries breakdown (requires the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-locator\u002F\" rel=\"ugc\">IP Locator\u003C\u002Fa> plugin);\u003C\u002Fli>\n\u003Cli>site breakdowns in multisites environments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Keys Master\u003C\u002Fstrong> supports a set of WP-CLI commands to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>manage WordPress application passwords (list, create and revoke) – see \u003Ccode>wp help apwd password\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>toggle on\u002Foff main settings – see \u003Ccode>wp help apwd settings\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>modify operations mode – see \u003Ccode>wp help apwd mode\u003C\u002Fcode> for details;\u003C\u002Fli>\n\u003Cli>display passwords statistics – see \u003Ccode>wp help apwd analytics\u003C\u002Fcode> for details.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a full help on WP-CLI commands in Keys Master, please \u003Ca href=\"https:\u002F\u002Fperfops.one\u002Fkeys-master-wpcli\" rel=\"nofollow ugc\">read this guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Keys Master\u003C\u002Fstrong> is part of \u003Ca href=\"https:\u002F\u002Fperfops.one\u002F\" rel=\"nofollow ugc\">PerfOps One\u003C\u002Fa>, a suite of free and open source WordPress plugins dedicated to observability and operations performance.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Keys Master\u003C\u002Fstrong> is a free and open source plugin for WordPress. It integrates many other free and open source works (as-is or modified). Please, see ‘about’ tab in the plugin settings to see the details.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>This plugin is free and provided without warranty of any kind. Use it at your own risk, I’m not responsible for any improper use of this plugin, nor for any damage it might cause to your site. Always backup all your data before installing a new plugin.\u003C\u002Fp>\n\u003Cp>Anyway, I’ll be glad to help you if you encounter issues when using this plugin. Please read carefully the FAQ at the bottom of this page before requesting support.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin, as any piece of software, is neither compliant nor non-compliant with privacy laws and regulations. It is your responsibility to use it – by activating the corresponding options or services – with respect for the personal data of your users and applicable laws.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t set any cookie in the user’s browser.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t handle personally identifiable information (PII).\u003C\u002Fp>\n\u003Ch4>Donation\u003C\u002Fh4>\n\u003Cp>If you like this plugin or find it useful and want to thank me for the work done, please consider making a donation to \u003Ca href=\"https:\u002F\u002Fwww.laquadrature.net\u002Fen\" rel=\"nofollow ugc\">La Quadrature Du Net\u003C\u002Fa> or the \u003Ca href=\"https:\u002F\u002Fwww.eff.org\u002F\" rel=\"nofollow ugc\">Electronic Frontier Foundation\u003C\u002Fa> which are advocacy groups defending the rights and freedoms of citizens on the Internet. By supporting them, you help the daily actions they perform to defend our fundamental freedoms!\u003C\u002Fp>\n","Powerful application passwords manager for WordPress with role-based usage control and full analytics reporting capabilities.",6133,"2026-03-20T08:59:00.000Z","7.0","6.4","8.2",[130,131,20,21,97],"application-password","authentication","https:\u002F\u002Fperfops.one\u002Fkeys-master","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeys-master.2.5.0.zip",{"attackSurface":135,"codeSignals":147,"taintFlows":154,"riskAssessment":155,"analyzedAt":158},{"hooks":136,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":13,"unprotectedCount":13},[137],{"type":138,"name":139,"callback":140,"file":141,"line":142},"filter","rest_authentication_errors","restless_enable_authenticated_only_rest_api","restless.php",39,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":151,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":153},[],{"prepared":13,"raw":13,"locations":150},[],{"escaped":13,"rawEcho":13,"locations":152},[],[],[],{"summary":156,"deductions":157},"The 'restless' v1.0 plugin exhibits an exceptionally clean static analysis report, showing no identifiable attack surface, dangerous functions, or security-related code signals like SQL queries, file operations, or external requests. The absence of taint flows with unsanitized paths further strengthens this positive assessment. This suggests the plugin has been developed with security best practices in mind, or its functionality is so minimal that it doesn't expose common vulnerability vectors.\n\nThe vulnerability history is equally reassuring, with zero known CVEs reported for this plugin. This lack of past issues, especially critical or high-severity ones, indicates a stable and well-maintained codebase over time. Coupled with the static analysis findings, this paints a picture of a highly secure plugin at this version.\n\nWhile the current state is excellent, the extremely low attack surface reported (zero entry points) might also suggest very limited functionality. For a plugin with such minimal exposed interfaces and no recorded vulnerabilities, the security posture is very good. However, it's always prudent to remain vigilant, as even seemingly simple plugins can harbor subtle issues if their functionality grows or if integrations with other components introduce new risks.",[],"2026-03-17T00:01:26.317Z",{"wat":160,"direct":165},{"assetPaths":161,"generatorPatterns":162,"scriptPaths":163,"versionParams":164},[],[],[],[],{"cssClasses":166,"htmlComments":167,"htmlAttributes":168,"restEndpoints":169,"jsGlobals":170,"shortcodeOutput":171},[],[],[],[],[],[],{"error":173,"url":174,"statusCode":175,"statusMessage":176,"message":176},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Frestless\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":178},[]]