[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fga0l9gkT9wRkhksvSwKYYM5U11nUlT27jrCbpWHdtik":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":133,"fingerprints":187},"secure-dashboard-login-notifier","Secure Dashboard Login Notifier","1.0.0","Shemon Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fshemon99\u002F","\u003Cp>\u003Cstrong>Secure Dashboard Login Notifier\u003C\u002Fstrong> enhances the security of your WordPress site by instantly notifying the designated admin whenever a user logs into the dashboard.\u003C\u002Fp>\n\u003Cp>Whether you’re managing a team or simply monitoring activity on your site, this lightweight plugin gives you real-time visibility into user logins and lets you take quick action when needed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Instant email notifications to the main admin on every dashboard login\u003Cbr \u002F>\n– Live list of currently logged-in users\u003Cbr \u002F>\n– One-click “Log Out” and “Delete” options for user management\u003Cbr \u002F>\n– Admin-only access to plugin settings and actions\u003Cbr \u002F>\n– Clean, minimal interface designed for ease of use\u003C\u002Fp>\n\u003Cp>Only the email address you designate as the \u003Cstrong>Main Admin\u003C\u002Fstrong> will have access to these features, keeping control in the right hands.\u003C\u002Fp>\n","Notify the main admin when any user logs in to the dashboard. Track logins, and securely manage users with logout\u002Fdelete options.",0,321,100,1,"2025-05-16T18:14:00.000Z","6.8.5","5.6","7.2",[20,21,22,23],"admin-alert","login-notification","security","user-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-dashboard-login-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-dashboard-login-notifier.zip",null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"shemon99",30,94,"2026-04-04T13:48:43.905Z",[35,54,73,92,110],{"slug":36,"name":37,"version":6,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":11,"num_ratings":11,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":52,"download_link":53,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"tw-login-alert-tracker","TW Login Alert & Tracker","Technology Wisdom","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechnologywisdom\u002F","\u003Cp>\u003Cstrong>TW Login Alert & Tracker\u003C\u002Fstrong> is a lightweight yet powerful plugin designed to help administrators monitor login activity and enhance site security.\u003Cbr \u002F>\nIt automatically tracks every user login and saves the date\u002Ftime to their profile. A new \u003Cstrong>“Last Login”\u003C\u002Fstrong> column appears in the WordPress Users list, helping you quickly view user activity.\u003Cbr \u002F>\nThe plugin also sends real-time email notifications to the site administrator each time a user logs in, including when the admin logs in. You now have full control over these alerts with a dedicated \u003Cstrong>Settings\u003C\u002Fstrong> page where you can enable or disable email notifications as needed.\u003Cbr \u002F>\nNo configuration is required on activation. However, the \u003Cstrong>Login Alert Settings\u003C\u002Fstrong> page (under \u003Cstrong>Settings\u003C\u002Fstrong>) gives you the flexibility to toggle notifications anytime.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tracks each user login and records the timestamp as user meta\u003C\u002Fli>\n\u003Cli>Adds a \u003Cstrong>“Last Login”\u003C\u002Fstrong> column to the \u003Cstrong>Users\u003C\u002Fstrong> admin table\u003C\u002Fli>\n\u003Cli>Sends real-time email alerts to the site administrator on every login\u003C\u002Fli>\n\u003Cli>Settings page with checkbox to enable or disable email alerts\u003C\u002Fli>\n\u003Cli>Emails are sent from a smart “info@yourdomain.com” address dynamically\u003C\u002Fli>\n\u003Cli>Fully supports all WordPress user roles (admins, editors, customers, etc.)\u003C\u002Fli>\n\u003Cli>Built-in \u003Cstrong>Tutorial\u003C\u002Fstrong> page for guidance\u003C\u002Fli>\n\u003Cli>Lightweight, fast, and requires no configuration out of the box\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL-2.0+ License. You can freely use, modify, and distribute it under the terms of this license. See the full license at: https:\u002F\u002Fopensource.org\u002Flicenses\u002FGPL-2.0\u003C\u002Fp>\n","Track who logs in and when — and receive instant email alerts for every login event.",20,240,"2025-12-02T10:14:00.000Z","6.9.4","5.0","7.4",[49,50,21,51,23],"last-login","login-alert","login-tracker","https:\u002F\u002Ftechnologywisdom.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftw-login-alert-tracker.1.0.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":11,"num_ratings":11,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":70,"download_link":71,"security_score":72,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"second-factor","Second Factor","1.0","apokalyptik","https:\u002F\u002Fprofiles.wordpress.org\u002Fapokalyptik\u002F","\u003Cp>This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication.  The process goes like this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>A user logs into your blog.\n\u003Cul>\n\u003Cli>Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The user gets the email with the code.\u003C\u002Fli>\n\u003Cli>The user then enters the code at the page which is now presented to them when they are trying to access your blog\n\u003Cul>\n\u003Cli>Behind the scenes the token is checked for validity, and a cookie is added to the users session.  They are now allowed access to your blog.  If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Require secondary authentication for registered user access",10,1996,"2010-11-18T22:29:00.000Z","3.1.4","3.0.1","",[69],"authentication-security-email-login-notification-factor","http:\u002F\u002Fwordpress.org\u002F#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecond-factor.1.0.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":62,"downloaded":81,"rating":11,"num_ratings":11,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":90,"download_link":91,"security_score":72,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"was-it-you","Was it you? Account login notifications","1.0.1","bogdand","https:\u002F\u002Fprofiles.wordpress.org\u002Fbogdand\u002F","\u003Cp>This plugin solves an increasing problem nowadays: account security.\u003Cbr \u002F>\nThe plugin notifies by email a user whenever there is a new sign-in to their account from a new IP.\u003Cbr \u002F>\nThis helps you and your users get in control of their account access.\u003C\u002Fp>\n","Send an email notification to users each time someone logs in from a new IP. This helps users figure out if someone accessed their accounts without th &hellip;",959,"2020-05-14T15:52:00.000Z","5.4.19","4.3","7.0",[87,88,89,21,22],"access","account-protect","login","https:\u002F\u002Felevenplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwas-it-you.1.0.1.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":11,"downloaded":100,"rating":11,"num_ratings":11,"last_updated":101,"tested_up_to":45,"requires_at_least":102,"requires_php":47,"tags":103,"homepage":108,"download_link":109,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"no-need-for-password","NNFP – Passwordless Email OTP Login","1.0.2","Ramesh Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperramesh\u002F","\u003Cp>\u003Cstrong>No Need For Password – WordPress OTP Login Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-need-for-password\u002F\" rel=\"ugc\"> No Need For Password \u003C\u002Fa> is a WordPress authentication plugin that enables users to log in and register using a one-time password (OTP) sent to their email address. Traditional passwords are not required.\u003C\u002Fp>\n\u003Cp>The plugin is developed by \u003Ca href=\"https:\u002F\u002Fin.linkedin.com\u002Fin\u002Fdeveloper-ramesh\" rel=\"nofollow ugc\"> Ramesh Kumar \u003C\u002Fa>, a web developer and technical lead with over a decade of experience building WordPress plugins, custom systems, and scalable web solutions. His background includes hands-on development and leading engineering teams on complex projects.\u003C\u002Fp>\n\u003Cp>This plugin is designed for WordPress websites that prioritize usability, simplified authentication flows, and reduced dependency on password-based systems—often required in modern \u003Ca href=\"https:\u002F\u002Fcapsquery.com\u002F\" rel=\"nofollow ugc\"> custom website development \u003C\u002Fa> projects.\u003C\u002Fp>\n\u003Cp>Perfect for:\u003Cbr \u002F>\n– Blogs\u003Cbr \u002F>\n– Membership sites\u003Cbr \u002F>\n– WooCommerce stores\u003Cbr \u002F>\n– SaaS-style WordPress websites\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No external services. No third-party APIs. Everything runs inside WordPress.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cp>Here are list of features that you enjoy by getting hands on password-free authentication plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Passwordless login via email OTP\u003C\u002Fli>\n\u003Cli>Automatic user registration for new emails\u003C\u002Fli>\n\u003Cli>Secure OTP with expiry time\u003C\u002Fli>\n\u003Cli>Login popup with clean UI\u003C\u002Fli>\n\u003Cli>Logout link for logged-in users\u003C\u002Fli>\n\u003Cli>Gutenberg & Full Site Editing (FSE) compatible\u003C\u002Fli>\n\u003Cli>Works with block themes like Twenty Twenty-Three\u003C\u002Fli>\n\u003Cli>ACF support for user registration fields\u003C\u002Fli>\n\u003Cli>AJAX-based (no page reloads)\u003C\u002Fli>\n\u003Cli>Lightweight & fast\u003C\u002Fli>\n\u003Cli>Developer-friendly and extensible\u003C\u002Fli>\n\u003Cli>Compatible with modern block themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These OTP-based WordPress login plugin features are great choice for modern websites.\u003C\u002Fp>\n\u003Ch3>🚀 How It Works\u003C\u002Fh3>\n\u003Cp>Below are 5 easy step to working process of secure email OTP login for WordPress plugin\u003C\u002Fp>\n\u003Col>\n\u003Cli>User clicks \u003Cstrong>Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Enters email address\u003C\u002Fli>\n\u003Cli>Receives a 6-digit OTP by email\u003C\u002Fli>\n\u003Cli>Enters OTP\u003C\u002Fli>\n\u003Cli>Logged in instantly\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No passwords. No reset links. No friction.\u003C\u002Fp>\n\u003Ch3>👨‍💻 Who Is It For?\u003C\u002Fh3>\n\u003Cp>Here are top cases where this No Need For Password by Ramesh is ideal choice:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Membership websites\u003C\u002Fli>\n\u003Cli>WooCommerce stores\u003C\u002Fli>\n\u003Cli>Blogs and communities\u003C\u002Fli>\n\u003Cli>SaaS-style WordPress apps\u003C\u002Fli>\n\u003Cli>Anyone who wants password-free authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧱 Shortcodes\u003C\u002Fh3>\n\u003Cp>Use these shortcodes anywhere on your site:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login button\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_login_button]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login page container\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_login_form]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Registration popup button\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_register_popup_button]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Registration form\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[nnfp_registration_form]\u003C\u002Fp>\n\u003Ch3>🎨 Theme Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin works with:\u003Cbr \u002F>\n– Classic themes\u003Cbr \u002F>\n– Block themes (Full Site Editing)\u003Cbr \u002F>\n– Twenty Twenty-Three\u003Cbr \u002F>\n– Twenty Twenty-Four\u003Cbr \u002F>\n– Most modern WordPress themes\u003C\u002Fp>\n\u003Cp>No theme files need to be edited.\u003C\u002Fp>\n\u003Ch3>🔌 ACF Integration (Optional)\u003C\u002Fh3>\n\u003Cp>If \u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> is installed:\u003Cbr \u002F>\n– User registration fields are automatically detected\u003Cbr \u002F>\n– ACF values are saved to the user profile after OTP verification\u003C\u002Fp>\n\u003Cp>ACF is optional — the plugin works perfectly without it.\u003C\u002Fp>\n\u003Ch3>🔒 Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>OTP is time-limited\u003C\u002Fli>\n\u003Cli>Nonce protection on all AJAX requests\u003C\u002Fli>\n\u003Cli>Sanitized and validated user input\u003C\u002Fli>\n\u003Cli>Uses WordPress authentication APIs\u003C\u002Fli>\n\u003Cli>No passwords stored or transmitted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>👨‍💻 Developer Friendly\u003C\u002Fh3>\n\u003Cp>Hooks and filters can be added easily.\u003Cbr \u002F>\nClean class-based architecture.\u003Cbr \u002F>\nNo hard dependencies.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fdeveloper-ramesh\u003C\u002Fp>\n","Short Description: Enable secure passwordless login and registration using secure email-based one-time passwords (OTP).",265,"2026-02-10T11:11:00.000Z","5.8",[104,105,106,22,107],"acf-supported","otp-base-login","passwordless-login","user-login-and-registration","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnnfp-passwordless-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-need-for-password.1.0.2.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":32,"num_ratings":120,"last_updated":121,"tested_up_to":45,"requires_at_least":122,"requires_php":85,"tags":123,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":11,"last_vuln_date":132,"fetched_at":27},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,4829,"2025-12-20T21:06:00.000Z","4.7",[124,125,126,127,22],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",96,12,"2022-09-06 00:00:00",{"attackSurface":134,"codeSignals":167,"taintFlows":182,"riskAssessment":183,"analyzedAt":186},{"hooks":135,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":11,"unprotectedCount":11},[136,142,146,150,155,158,160],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_menu","add_menu","includes\\class-admin-page.php",8,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_init","register_settings",9,{"type":137,"name":147,"callback":148,"priority":62,"file":149,"line":141},"wp_login","handle_login","includes\\class-login-handler.php",{"type":151,"name":152,"callback":153,"file":154,"line":141},"filter","all_plugins","closure","includes\\class-security.php",{"type":151,"name":152,"callback":153,"file":156,"line":157},"secure-dashboard-login-notifier.php",31,{"type":137,"name":143,"callback":153,"file":156,"line":159},39,{"type":137,"name":161,"callback":153,"file":156,"line":162},"plugins_loaded",71,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":11,"externalRequests":11,"nonceChecks":172,"capabilityChecks":14,"bundledLibraries":181},[],{"prepared":11,"raw":11,"locations":170},[],{"escaped":42,"rawEcho":172,"locations":173},3,[174,177,179],{"file":140,"line":175,"context":176},29,"raw output",{"file":140,"line":178,"context":176},36,{"file":140,"line":180,"context":176},57,[],[],{"summary":184,"deductions":185},"The 'secure-dashboard-login-notifier' plugin v1.0.0 demonstrates a strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface, with zero unprotected entry points. The code signals also indicate good practices: no dangerous functions are used, all SQL queries are prepared, and file operations and external HTTP requests are absent. The high percentage of properly escaped output (87%) and the presence of nonce and capability checks further reinforce this positive assessment. The vulnerability history is also clean, with no known CVEs, indicating a well-maintained or less-targeted plugin.  While the taint analysis shows zero flows, this could be due to the limited entry points or a very small codebase. Overall, the plugin appears to be developed with security in mind, lacking evident vulnerabilities in this version. The primary concern is the minimal code analyzed (0 taint flows), which, while not a direct vulnerability, means the analysis might not be exhaustive if the plugin were more complex. However, based solely on the data presented, the plugin is rated as highly secure.",[],"2026-03-17T06:28:21.544Z",{"wat":188,"direct":196},{"assetPaths":189,"generatorPatterns":193,"scriptPaths":194,"versionParams":195},[190,191,192],"\u002Fwp-content\u002Fplugins\u002Fsecure-dashboard-login-notifier\u002Fincludes\u002Fhelpers.php","\u002Fwp-content\u002Fplugins\u002Fsecure-dashboard-login-notifier\u002Fincludes\u002Fclass-login-handler.php","\u002Fwp-content\u002Fplugins\u002Fsecure-dashboard-login-notifier\u002Fincludes\u002Fclass-admin-page.php",[],[],[],{"cssClasses":197,"htmlComments":198,"htmlAttributes":199,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":202},[],[],[],[],[],[]]