[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHNw5YSKGTD92gau0GTQ3nOuz15u6DoDjzlCw95bqhhg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":134,"fingerprints":171},"secure-password-generator","Secure Password Generator","1.0.1","oakcreekdev","https:\u002F\u002Fprofiles.wordpress.org\u002Foakcreekdev\u002F","\u003Cp>Secure Password Generator is a plugin written by Oak Creek Development that allows you to add a secure password generator to your WordPress website. Just place the shortcode: [secure_pw_gen][\u002Fsecure_pw_gen] on any page.\u003C\u002Fp>\n\u003Cp>This can be a great way to encourage your users within your organization to start using secure random passwords for everything. It is easy and convenient to keep a pinned tab open on your public or internal website.\u003C\u002Fp>\n","Adds a secure password generator to your WordPress website.",10,2575,0,"2023-03-04T05:30:00.000Z","6.1.10","5.1","7.1",[19,20,21,22,23],"password-generator","secure-password","security","special-characters","strong-password","https:\u002F\u002Fwww.oakcreekdev.com\u002Ftools\u002Fsecure-password-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-password-generator.1.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T15:11:47.197Z",[36,61,77,95,111],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":13,"last_vuln_date":60,"fetched_at":28},"password-policy-manager","Password Policy Manager | Password Manager","2.0.6","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-password-policy-manager-to-enforce-wordpress-password-security\" rel=\"nofollow ugc\">Setup Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fpassword-policy-manager#free-demo\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Enforce Strong and Secure Password Policies with Password Policy Manager\u003C\u002Fh3>\n\u003Cp>The miniOrange \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin helps you enforce strong and secure password policies with features like \u003Cstrong>password reset\u003C\u002Fstrong>, \u003Cstrong>password expiry\u003C\u002Fstrong>, \u003Cstrong>password score\u003C\u002Fstrong>, and \u003Cstrong>strong password rules\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can manage user passwords efficiently using the user password manager, password strength meter, and history manager to enhance overall password security.\u003Cbr \u002F>\nIn case of a breach, take quick action with one-click password reset, lock inactive users, and enforce random password rules.\u003C\u002Fp>\n\u003Cp>This ensures complete protection by securing passwords, and managing both active and lock inactive users to prevent password-based attacks.\u003Cbr \u002F>\nHave questions? Reach us at \u003Cstrong>mfasupport@xecurify.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What is the Password Policy Manager Plugin for WordPress?\u003C\u002Fh3>\n\u003Cp>WordPress plugin for password expiry, strength check, and secure policy enforcement. Easy to install and configure, this Password Security plugin secures your site without disrupting the user experience.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZnwEDbedz1A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress PPM Key Features (Free Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enforce strong passwords:\u003C\u002Fstrong> Force all users to create strong passwords according to the password policy set by the admin for high Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-policy-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Users password manager:\u003C\u002Fa>\u003C\u002Fstrong> User password manager allows the admin to manage the users’ passwords (like password strength, how many passwords are strong, etc) to check the Password Security. [password policy setup guide]\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enforce password change:\u003C\u002Fstrong> Administrators can force users to change their password on their next login using this functionality use to enforce strong passwords on their users and ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-setting-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">One click reset password:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to invalidate the current password and force their users to generate a new strong password. This can be done for all users in case of any breach. This will kill all the current sessions and users will be forced to set a new strong password via email hence reinforcing the Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-score-or-password-strength-checker-password-policy\" rel=\"nofollow ugc\">Password Score:\u003C\u002Fa>\u003C\u002Fstrong> It will show all the users’ password strengths. You can check whether the passwords being used are strong, medium or weak. Based on that you can use the enforce strong passwords feature to improve Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-password-expiry-time-wordpress-password-policy-plugin\" rel=\"nofollow ugc\">Auto Password Expiry:\u003C\u002Fa>\u003C\u002Fstrong> This feature allows the admin to enforce a custom time-based password expiry to improve Password Security. Once the password has expired, the users will be forced to create a new password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password strength:\u003C\u002Fstrong> The admin can set the minimum and maximum length of the password. You can also add constraints that you want your users to follow while setting a strong password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Users:\u003C\u002Fstrong> There is no user limit on the password policy manager plugin and it can be used to create password policies for unlimited users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Which Key Features does Password Policy Manager support in the Enterprise Plan?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Role-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force specific users roles to create strong passwords according to the password policy set by the admin on their first login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based One-click password Reset and Logout:\u003C\u002Fstrong> Admin can reset passwords of users at once and terminate their logged-in sessions with just one click in case of any suspicious activity using the One-click reset password. Admin can then send password reset links over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect URL:\u003C\u002Fstrong> The admin can redirect their users to a different \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-custom-redirect-url-password-policy-manager-on-wordpress\" rel=\"nofollow ugc\">custom URL\u003C\u002Fa> using this functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active & Inactive Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all active as well as lock inactive users using this tool of the Password Policy Enterprise plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout Inactive Users:\u003C\u002Fstrong> When this setting is enabled, a user is logged out and their session is destroyed if they are inactive for more than the customizable set time limit.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> The Password Policy Manager Enterprise plugin is multisite compatible and can be used to create password policies for an entire multisite network.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For any customization-related queries, reach us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n\u003Ch3>Upgrade to miniOrange Password Policy Manager Premium Plan for Advanced Security\u003C\u002Fh3>\n\u003Cp>The premium plan of miniOrange WordPress Password Policy Manager gives you complete control over how users can secure passwords, helping you enforce policies across all roles, customize the login experience, and secure even the most complex WordPress setups.\u003C\u002Fp>\n\u003Cp>With the premium \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin offers advanced \u003Cstrong>password security features\u003C\u002Fstrong>, including role-based and user-based password policies. It also supports custom login forms like WooCommerce, Elementor, Ultimate Member, and more.\u003C\u002Fp>\n\u003Ch4>Premium Features List\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based and User-Based Password Policies:\u003C\u002Fa>\u003C\u002Fstrong> Admin can set different [role-based as well as user-based policies] and enforce password policy changes to ensure strong Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Enforce Strong Password on First Login:\u003C\u002Fstrong> Force a specific set of users to create strong passwords according to the password policy set by the admin on their first login to maintain strong Password Security. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Enforce Password Change:\u003C\u002Fstrong> Administrators can enforce specific sets of roles to change their passwords on their next login using this configuration to enhance Password Security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-one-click-reset-password-policy-role-based\" rel=\"nofollow ugc\">Role-Based One-click password Reset and Logout:\u003C\u002Fa>\u003C\u002Fstrong> Using [one-click reset password])  feature, the admin can reset passwords of all users \u002F particular roles at once and terminate all logged-in sessions with just one click in case of any suspicious activity. Admin can then send the password reset link over email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-generate-random-password\" rel=\"nofollow ugc\">Generate Random Passwords:\u003C\u002Fa>\u003C\u002Fstrong> Generate random passwords generates a random strong password containing all variations to make the password security strong and secure against brute force attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-apply-automatically-lock-inactive-user\" rel=\"nofollow ugc\">Automatically Lock Inactive Users:\u003C\u002Fa>\u003C\u002Fstrong> It will lock the user automatically if the user is inactive for the custom-specified time period. This can be set for particular roles as well as users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-password-history-management\" rel=\"nofollow ugc\">Password History Manager:\u003C\u002Fa>\u003C\u002Fstrong> It will manage the history of all the recently used passwords for each user, so no user can reuse a previous password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active Users Activity Log:\u003C\u002Fstrong> The admin can track the activity of all Active Users using this setting of the Password Policy Premium plan.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Login Forms Supported:\u003C\u002Fstrong>  The Premium plan also supports the following custom login forms: WooCommerce, Ultimate Member, Elementor Pro, BBPress, Gravity Forms, Ninja Forms, Buddy Press, User Registration, User Pro, MemberPress, and many others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Site:\u003C\u002Fstrong> The Password Policy Manager Premium plugin is single-site compatible and can be used to create password policies on only one site at a time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Why You Need to Register with miniOrange\u003C\u002Fh3>\n\u003Cp>Some advanced features in the \u003Cstrong>Password Policy Manager\u003C\u002Fstrong> plugin, like one-click password reset and random password generation.\u003Cbr \u002F>\nCore functionalities such as enforcing strong password policies, password expiry, password history, and locking inactive users work without registration.\u003C\u002Fp>\n\u003Cp>Customized solutions and active support for the miniOrange Password Policy Manager plugin are available. Email us at mfasupport@xecurify.com or call us at +1 9786589387.\u003C\u002Fp>\n","Enforce strong passwords with expiry, reset, score checks, inactive user lock, and user password management using Password Policy Manager.",6000,93974,88,14,"2025-10-20T08:18:00.000Z","6.8.5","4.6","5.3.0",[53,54,55,20,23],"password-security","password-strength","reset-password","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-policy-manager.2.0.6.zip",96,2,"2025-10-24 18:09:09",{"slug":19,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":59,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":56,"tags":74,"homepage":75,"download_link":76,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"Password Generator","1.7","Outerbridge","https:\u002F\u002Fprofiles.wordpress.org\u002Fouterbridge\u002F","\u003Cp>Password Generator is a plugin written by Outerbridge which adds a widget to WordPress which generates various length random passwords (with or without special characters).\u003C\u002Fp>\n","Password Generator is a plugin which adds a widget to WordPress which generates various length random passwords (with or without special characters).",90,4633,100,"2022-09-01T16:48:00.000Z","6.0.11","4.7",[19,22,23],"https:\u002F\u002Fouterbridge.co.uk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-generator.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":70,"downloaded":85,"rating":70,"num_ratings":31,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":93,"download_link":94,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"password-requirements","WP Password Policy","3.6.0","Teydea Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fteydeastudio\u002F","\u003Cp>\u003Cstrong>WP Password Policy lets you define and enforce password policies for all users on your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set rules for password length, complexity (uppercase, lowercase, digits, special characters), restricted characters, password expiration, and more. The plugin validates passwords on login, registration, password changes, and during active sessions — automatically redirecting users to reset non-compliant passwords.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key benefits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enforce password length and complexity rules from a single settings page.\u003C\u002Fli>\n\u003Cli>Set password expiration to ensure users update their passwords regularly.\u003C\u002Fli>\n\u003Cli>Require users to confirm their current password before making changes.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress multisite networks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you manage a personal blog, a membership site, or a multisite network, WP Password Policy helps you maintain consistent password standards across all user accounts.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">wppasswordpolicy.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why password policies matter\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Weak passwords remain one of the most common entry points for unauthorized access to WordPress sites. Enforcing password rules helps reduce this risk and supports compliance with security best practices.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Minimum password length\u003C\u002Fstrong> — Set and enforce the minimum number of characters for user passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum password length\u003C\u002Fstrong> — Limit password length to prevent denial-of-service attacks caused by hashing very long passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password complexity rules\u003C\u002Fstrong> — Require a mix of uppercase letters, lowercase letters, digits, special characters, and a minimum number of unique characters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consecutive username symbols\u003C\u002Fstrong> — Restrict how many consecutive characters from the username can appear in the password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restricted characters\u003C\u002Fstrong> — Block specific characters from being used in passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum password age\u003C\u002Fstrong> — Force users to update their passwords periodically (e.g., every 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum password age\u003C\u002Fstrong> — Prevent users from changing their password too frequently, discouraging rapid cycling back to an old password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require current password\u003C\u002Fstrong> — Add a “Current Password” field to the user profile screen and validate it before allowing password changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom password hints\u003C\u002Fstrong> — Replace the default WordPress password hint with a policy-specific hint based on active rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Health integration\u003C\u002Fstrong> — A Site Health test reports whether your plugin settings are properly configured.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite\u002Fnetwork support\u003C\u002Fstrong> — Works with both standard and multisite WordPress installations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fai-integration\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">AI integration\u003C\u002Fa>\u003C\u002Fstrong> — On WordPress 6.9+ with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmcp-adapter\u002F\" rel=\"ugc\">MCP Adapter\u003C\u002Fa> plugin, list, configure, and delete password policies through natural language commands from any connected AI provider.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation-ready\u003C\u002Fstrong> — Localize the plugin into any language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fpasswords-reuse-prevention\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Prevent password reuse\u003C\u002Fa>\u003C\u002Fstrong> — Block users from reusing their previous passwords, encouraging new, unique passwords every time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Fdedicated-policies-by-user-and-or-role\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Custom password policies per role or user\u003C\u002Fa>\u003C\u002Fstrong> — Assign different password rules for administrators, editors, WooCommerce customers, or specific users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Ffeatures\u002Frestricted-passwords-list\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">Block common, weak passwords\u003C\u002Fa>\u003C\u002Fstrong> — Over 100,000 common passwords are blocked, preventing users from choosing easy-to-guess passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> — Enforce password policies on WooCommerce account pages, password reset, and registration forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member integration\u003C\u002Fstrong> — Enforce password policies within Ultimate Member registration and account forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority support and updates\u003C\u002Fstrong> — Get premium email support and updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more about the PRO version at \u003Ca href=\"https:\u002F\u002Fwppasswordpolicy.com\u002Fpricing\u002F?utm_source=WP+Password+Policy\" rel=\"nofollow ugc\">wppasswordpolicy.com\u002Fpricing\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cp>See the plugin in action:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7g_hWHZ4IFs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Related Plugins\u003C\u002Fh3>\n\u003Cp>Looking for a way to force users to reset their passwords immediately? Check our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpassword-reset-enforcement\u002F\" rel=\"ugc\">Password Reset Enforcement\u003C\u002Fa> plugin — it lets you require password resets site-wide, by role, or for individual users, with WP-CLI support for automation.\u003C\u002Fp>\n","Define and enforce password policies for your WordPress site with length, complexity, and expiration rules.",4554,"2026-03-13T23:03:00.000Z","6.9.4","6.6","7.4",[91,54,92,21,23],"password-policy","passwords","https:\u002F\u002Fwppasswordpolicy.com\u002F?utm_source=WP+Password+Policy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-requirements.3.6.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":11,"downloaded":103,"rating":70,"num_ratings":104,"last_updated":105,"tested_up_to":49,"requires_at_least":50,"requires_php":106,"tags":107,"homepage":56,"download_link":110,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"strong-password-maker","Strong Password generator widget","1.0","vaibhav31gangrade","https:\u002F\u002Fprofiles.wordpress.org\u002Fvaibhav31gangrade\u002F","\u003Cp>A Plugin for generating random pasword with numbers only ,characters only ,special characters only and with all of them together.\u003C\u002Fp>\n\u003Ch3>How to Use\u003C\u002Fh3>\n\u003Cp>After Installing visit widget section password generator widget will be visibled there just drag and drop and you are ready to use. .\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>It can run on any wordpress version.\u003C\u002Fp>\n","A Plugin for generating random pasword with numbers only ,characters only ,special characters only and with all of them together.",1114,5,"2025-09-27T05:04:00.000Z","5.2.4",[19,108,109],"random-password-generator","strong-password-generator-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstrong-password-maker.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":87,"requires_at_least":73,"requires_php":124,"tags":125,"homepage":130,"download_link":131,"security_score":58,"vuln_count":132,"unpatched_count":13,"last_vuln_date":133,"fetched_at":28},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,94,4829,"2025-12-20T21:06:00.000Z","7.0",[126,127,128,129,21],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",12,"2022-09-06 00:00:00",{"attackSurface":135,"codeSignals":155,"taintFlows":162,"riskAssessment":163,"analyzedAt":170},{"hooks":136,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":154,"entryPointCount":31,"unprotectedCount":13},[137,143],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","init","register_shortcodes","secure-password-generator.php",42,{"type":138,"name":144,"callback":145,"file":141,"line":146},"wp_enqueue_scripts","register_scripts",43,[],[],[150],{"tag":151,"callback":152,"file":141,"line":153},"secure_pw_gen","shortcode",47,[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":161},[],{"prepared":13,"raw":13,"locations":158},[],{"escaped":13,"rawEcho":13,"locations":160},[],[],[],{"summary":164,"deductions":165},"The secure-password-generator plugin, version 1.0.1, exhibits a generally strong security posture based on the provided static analysis. The code demonstrates adherence to secure coding practices, with no dangerous functions identified, all SQL queries utilizing prepared statements, and all outputs being properly escaped. Furthermore, there are no file operations or external HTTP requests, and the absence of known vulnerabilities in its history suggests a history of stable and secure development.  \n\nHowever, the analysis does reveal potential areas for improvement. The presence of a shortcode as an entry point, while not currently unprotected, warrants attention. The total lack of nonce checks and capability checks across all entry points is a significant concern, as it leaves the plugin vulnerable to various cross-site request forgery (CSRF) and privilege escalation attacks if an attacker can manipulate the shortcode's execution context or introduce new entry points in the future.  \n\nIn conclusion, while the current codebase appears robust in its direct implementation, the fundamental lack of authorization and integrity checks on its entry points represents a notable weakness. The plugin's history of zero vulnerabilities is positive, but it should not be relied upon as a guarantee against future issues, especially given the identified architectural oversight in authentication and authorization.",[166,168],{"reason":167,"points":11},"Missing nonce checks on entry points",{"reason":169,"points":11},"Missing capability checks on entry points","2026-03-17T01:14:46.740Z",{"wat":172,"direct":181},{"assetPaths":173,"generatorPatterns":176,"scriptPaths":177,"versionParams":178},[174,175],"\u002Fwp-content\u002Fplugins\u002Fsecure-password-generator\u002Fsecure-password-generator.js","\u002Fwp-content\u002Fplugins\u002Fsecure-password-generator\u002Fsecure-password-generator.css",[],[174],[179,180],"secure-password-generator\u002Fsecure-password-generator.js?ver=","secure-password-generator\u002Fsecure-password-generator.css?ver=",{"cssClasses":182,"htmlComments":192,"htmlAttributes":193,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":196},[183,184,185,186,187,188,189,190,191],"ocdpw","ocdpw-count","ocdpw-number","ocdpw-special","ocdpw-lower","ocdpw-upper","ocdpw-good","ocdpw-bad","ocdpw-dupe",[],[],[],[],[197,198,199,200,201,202,203,204,205,206],"\u003Cdiv class=\"ocdpw\" style=\"display: none;\">","\u003Cp class=\"ocdpw-count\">Characters selected: \u003Cspan class=\"ocdpw-bad\">0\u003C\u002Fspan>\u003C\u002Fp>","\u003Cp class=\"ocdpw-number\">Number selected: \u003C\u002Fp>","\u003Cp class=\"ocdpw-special\">Special character selected: \u003C\u002Fp>","\u003Cp class=\"ocdpw-lower\">Lowercase character selected: \u003C\u002Fp>","\u003Cp class=\"ocdpw-upper\">Uppercase character selected: \u003C\u002Fp>","\u003Cspan class=\"ocdpw-good\">Yes\u003C\u002Fspan>","\u003Cspan class=\"ocdpw-bad\">No\u003C\u002Fspan>","\u003Cp class=\"ocdpw-dupe\">This shortcode has already been placed on this page. You can only use it once per page.\u003C\u002Fp>","\u003C\u002Fdiv>"]