[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY2vjhI2kcFNPUW9X-mgOvSbpAS9dGKhoXmvTdMDSQWk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":131,"fingerprints":212},"simple-user-locking","Simple User Locking","1.0.1","Blackbam","https:\u002F\u002Fprofiles.wordpress.org\u002Fblackbam\u002F","\u003Cp>Prevent users from logging into your WordPress installation for a certain timeframe or permanently. Works also great with the multisite user management area.\u003C\u002Fp>\n\u003Cp>The locked users are easily manageable within the users overview page. The settings are within the user edit pages.\u003C\u002Fp>\n\u003Cp>No user can lock himself. No user with a lower role can lock a higher user and administrators in a network can not lock super administrators.\u003C\u002Fp>\n\u003Cp>If a user is locked, he is instantly logged out of any session until the lock expires or is removed.\u003C\u002Fp>\n\u003Cp>No useless overhead, no ads. Just a tiny, but very effective plugin to keep your website secure.\u003C\u002Fp>\n\u003Cp>Use cases:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>you do not want to delete a user, but you want to make sure he can not access the site (at least for a certain timeframe)\u003C\u002Fli>\n\u003Cli>an employee leaves your company and access should be removed, but you want to keep his user as an author in the system\u003C\u002Fli>\n\u003Cli>you want to punish a certain user which did bad things for a certain timeframe\u003C\u002Fli>\n\u003Cli>you want only few persons to have access to your WordPress site in order to minimize risk of incidents\u003C\u002Fli>\n\u003Cli>… or maybe some other use case\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Feature requests\u003C\u002Fh3>\n\u003Cp>Currently none.\u003C\u002Fp>\n","Prevent users (like e.g. ex-employees, rule breakers or spamers) from logging into your WordPress installation for a certain timeframe or permanently  &hellip;",0,1152,100,1,"2019-07-04T13:15:00.000Z","5.2.24","5.0","7.0",[20,21,22,23,24],"authentication","control","locking","security","user","https:\u002F\u002Fwww.blackbam.at\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-user-locking.1.0.1.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"blackbam",3,200,3450,69,"2026-04-05T14:42:26.121Z",[39,59,78,98,114],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":33,"last_updated":49,"tested_up_to":50,"requires_at_least":17,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":58},"easy-basic-authentication","Easy Basic Authentication – Add basic auth to site or admin area","3.9.1","Matteo Enna","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteoenna\u002F","\u003Cp>The Easy Basic Authentication plugin provides a simple method to add basic authentication to your WordPress site. You can enable basic authentication for the entire site or only for the admin area by setting a custom username and password. Secure your site by restricting access only to authorized users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it on a free mock site: \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Feasy-basic-authentication\u002F\" rel=\"nofollow ugc\">click here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple Configuration:\u003C\u002Fstrong> With Easy Basic Authentication, you can easily set up basic authentication for your entire website or specifically for the admin area. Set a custom username and password to ensure secure access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Area Protection:\u003C\u002Fstrong> If you wish to restrict access to your WordPress admin area, Easy Basic Authentication allows you to do so quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Entire site protection:\u003C\u002Fstrong> If you wish, there is an option to extend the access limitation to the entire site and not just for your WordPress admin area, Easy Basic authentication allows you to do this quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Access Logging:\u003C\u002Fstrong> The plugin keeps track of failed login attempts, helping you identify unauthorized access attempts. This is particularly useful for monitoring your site’s security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access Log:\u003C\u002Fstrong> If you choose to enable this feature, Easy Basic Authentication allows you to log successful logins, providing a comprehensive overview of login activities on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong> The plugin’s intuitive interface makes it simple to manage basic authentication settings. You can easily enable or disable basic authentication and adjust credentials to suit your needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Alert Functionality:\u003C\u002Fstrong> Easy Basic Authentication includes an email alert feature to notify you of unauthorized access attempts. You can receive email alerts when someone tries to access your site without proper credentials.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>White List Functionality:\u003C\u002Fstrong> Easy Basic Authentication now includes a White List feature, allowing you to specify trusted IP addresses exempt from basic authentication. Configure this list to grant immediate access to known users or systems without requiring credentials, enhancing convenience while maintaining security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress site with basic authentication quickly and reliably. Easy Basic Authentication gives you control to ensure that only authorized users can access your online resources. Maintain your site’s security and prevent unwanted access today with Easy Basic Authentication.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Visit the plugin settings page to configure your desired basic authentication options.\u003C\u002Fli>\n\u003Cli>Choose whether to enable basic authentication for the entire site or just the admin area.\u003C\u002Fli>\n\u003Cli>Set a custom username and password for secure access.\u003C\u002Fli>\n\u003Cli>Monitor failed access attempts and access logs for added security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting: Resetting Basic Authentication\u003C\u002Fh3>\n\u003Cp>If you’re having trouble logging in due to the basic authentication, you can reset it and regain access by following these steps:\u003C\u002Fp>\n\u003Cp>1 \u003Cstrong>Connect to your website via FTP.\u003C\u002Fstrong>\u003Cbr \u002F>\n2 \u003Cstrong>Navigate to the plugin directory:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>wp-content\u002Fplugins\u002Feasy-basic-authentication\u002Fclass\u002F\u003C\u002Fpre>\n\u003Cp>3 \u003Cstrong>Locate the file:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>easy-basic-authentication-class.php\u003C\u002Fpre>\n\u003Cp>4 \u003Cstrong>Find the following line:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>5 \u003Cstrong>Comment out that line\u003C\u002Fstrong> by adding a \u003Ccode>#\u003C\u002Fcode> at the beginning:\u003C\u002Fp>\n\u003Cpre>#add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>6 \u003Cstrong>Save the file\u003C\u002Fstrong> and re-upload it to your server.\u003C\u002Fp>\n\u003Cp>This will disable the basic authentication temporarily, allowing you to log in. Once logged in, you can adjust the plugin settings as needed.\u003C\u002Fp>\n\u003Cp>If you need further assistance, feel free to reach out.\u003C\u002Fp>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code and contribute to the project on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEllusu\u002Feasy-basic-authentication\" rel=\"nofollow ugc\">Easy Basic Authentication on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Secure your WordPress site with easy and effective basic authentication. Restrict access, monitor attempts, and enhance security.",600,11185,"2025-12-03T06:03:00.000Z","6.9.4","7.2.5",[53,20,54,23,55],"access-control","login","wordpress-security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-basic-authentication.3.9.1.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":76,"download_link":77,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":58},"attributes-user-access","Attributes User Access","1.2.2","Attributes WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fattributeswp\u002F","\u003Cp>Attributes User Access is a lightweight and flexible authentication solution for WordPress. It empowers site administrators with detailed control over login processes, enhancing user authentication and access experience with a focus on security and performance.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Custom Login Page Creation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate fully integrated login pages with WordPress\u003C\u002Fli>\n\u003Cli>Use shortcode-based forms for easy theme compatibility\u003C\u002Fli>\n\u003Cli>Automatically adapts to WordPress core updates\u003C\u002Fli>\n\u003Cli>Template override system for complete customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Flexible Login Redirection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect native WordPress login requests\u003C\u002Fli>\n\u003Cli>Define role-based and context-aware redirection rules\u003C\u002Fli>\n\u003Cli>Custom redirect URLs per user role\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developer-Focused Architecture\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PSR-4 autoloading and object-oriented design\u003C\u002Fli>\n\u003Cli>Extensible with action and filter hooks\u003C\u002Fli>\n\u003Cli>Modular components for easy customization\u003C\u002Fli>\n\u003Cli>Comprehensive API for extensions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security & Performance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress.org compliant security practices\u003C\u002Fli>\n\u003Cli>Nonce verification on all forms and AJAX requests\u003C\u002Fli>\n\u003Cli>Transient-based error handling (no PHP sessions)\u003C\u002Fli>\n\u003Cli>Optimized asset loading\u003C\u002Fli>\n\u003Cli>Minified CSS and JavaScript for production\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic login form:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [attributes_login_form]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With parameters:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [attributes_login_form redirect=”\u002Fdashboard” remember=”false”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>redirect\u003C\u002Fcode> – Target URL after login (default: Dashboard)\u003C\u002Fli>\n\u003Cli>\u003Ccode>remember\u003C\u002Fcode> – Show “Remember Me” checkbox (default: true)\u003C\u002Fli>\n\u003Cli>\u003Ccode>form_id\u003C\u002Fcode> – Custom form identifier (default: attributes_login_form)\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_username\u003C\u002Fcode> – Custom username field label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_password\u003C\u002Fcode> – Custom password field label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_remember\u003C\u002Fcode> – Custom remember me label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_log_in\u003C\u002Fcode> – Custom login button text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Template System\u003C\u002Fh4>\n\u003Ch4>Template System\u003C\u002Fh4>\n\u003Cp>Override templates in your theme for complete customization.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Template location in theme:\u003C\u002Fstrong>\u003Cbr \u002F>\n    your-theme\u002Fattributes\u002Ffront\u002Fforms\u002Flogin-form.php\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Original template location:\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp-content\u002Fplugins\u002Fattributes-user-access\u002Ftemplates\u002Ffront\u002Fforms\u002Flogin-form.php\u003C\u002Fp>\n\u003Cp>Copy the original template to your theme and customize as needed. The plugin automatically uses your theme’s template when available.\u003C\u002Fp>\n\u003Ch4>Developer Hooks\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Actions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>attrua_before_login_form\u003C\u002Fcode> – Fires before rendering the login form wrapper\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_after_login_form\u003C\u002Fcode> – Fires after rendering the login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_form_fields\u003C\u002Fcode> – Hook for adding custom fields to login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_failed\u003C\u002Fcode> – Fires when a login attempt fails\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_successful_login\u003C\u002Fcode> – Fires after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_before_page_creation\u003C\u002Fcode> – Fires before creating authentication pages\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_after_page_creation\u003C\u002Fcode> – Fires after creating authentication pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>attrua_login_redirect_url\u003C\u002Fcode> – Customize login redirection\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_error_message\u003C\u002Fcode> – Modify login error messages\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_credentials\u003C\u002Fcode> – Filter login credentials before authentication\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_action_links\u003C\u002Fcode> – Modify plugin action links\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_row_meta\u003C\u002Fcode> – Modify plugin row meta links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Attributes User Access does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Send data to external servers\u003C\u002Fli>\n\u003Cli>Use cookies for tracking\u003C\u002Fli>\n\u003Cli>Store sensitive information\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin settings in WordPress options table\u003C\u002Fli>\n\u003Cli>Temporary error messages in WordPress transients (auto-expire)\u003C\u002Fli>\n\u003Cli>Page IDs for custom authentication pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally in your WordPress database and is completely removed upon plugin uninstallation.\u003C\u002Fp>\n\u003Ch3>Support & Contributing\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fattributeswp.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Fattributeswp.com\u002Fdocs\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Support Forum:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fattributes-user-access\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fattributes-user-access\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>GitHub Repository:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Report Issues:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n","Lightweight WordPress authentication with custom login pages, role-based redirections, and secure user access control.",20,529,2,"2026-02-10T16:59:00.000Z","6.7.5","5.8","7.4",[53,20,75,54,23],"custom-login","https:\u002F\u002Fattributeswp.com\u002F#features","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fattributes-user-access.1.2.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":67,"downloaded":86,"rating":13,"num_ratings":14,"last_updated":87,"tested_up_to":88,"requires_at_least":17,"requires_php":73,"tags":89,"homepage":95,"download_link":96,"security_score":97,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":58},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",2924,"2024-11-03T13:58:00.000Z","6.6.5",[90,91,92,93,94],"admin-only-password-control","disable-password-reset","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",92,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":67,"downloaded":106,"rating":11,"num_ratings":11,"last_updated":107,"tested_up_to":71,"requires_at_least":17,"requires_php":108,"tags":109,"homepage":56,"download_link":113,"security_score":97,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":58},"rest-api-key-authentication","WP REST API Key Authentication","1.0","Kamal Hosen","https:\u002F\u002Fprofiles.wordpress.org\u002Fikamal\u002F","\u003Cp>\u003Cstrong>WP REST API Key Authentication\u003C\u002Fstrong> adds a simple API key-based authentication method to the WordPress REST API. This plugin is perfect for developers who want to interact with the REST API securely without relying on complex OAuth authentication mechanisms.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multiple API Keys\u003C\u002Fstrong>: Create and manage multiple API keys with custom names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure API Key Storage\u003C\u002Fstrong>: API keys are hashed and securely stored in the WordPress database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single Display for Security\u003C\u002Fstrong>: API keys are shown only once after creation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Access Control\u003C\u002Fstrong>: Authenticate requests by including an API key in the \u003Ccode>Authorization\u003C\u002Fcode> header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Interface\u003C\u002Fstrong>: Manage API keys with a user-friendly admin page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Copy to Clipboard Popup\u003C\u002Fstrong>: Easily copy generated API keys with a built-in popup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is lightweight and integrates seamlessly with WordPress.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Generate an API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>API Keys\u003C\u002Fstrong> in the WordPress admin menu.\u003C\u002Fli>\n\u003Cli>Enter a name for the API key and click “Generate API Key”.\u003C\u002Fli>\n\u003Cli>The API key will appear in a popup. Copy it immediately, as it will not be displayed again.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use the API Key\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Include the API key in the \u003Ccode>Authorization\u003C\u002Fcode> header of your REST API requests:\u003Cbr \u002F>\n \u003Ccode>Authorization: Bearer YOUR_API_KEY\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Delete API Keys\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To revoke access, delete an API key from the \u003Cstrong>API Keys\u003C\u002Fstrong> admin page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the License URI for details.\u003C\u002Fp>\n","A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.",952,"2025-01-16T09:18:00.000Z","7.2",[53,110,111,112,23],"api-authentication","api-key","rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-key-authentication.1.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":67,"downloaded":122,"rating":13,"num_ratings":14,"last_updated":123,"tested_up_to":50,"requires_at_least":17,"requires_php":108,"tags":124,"homepage":129,"download_link":130,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":28,"fetched_at":58},"user-approval-manager","User Approval Manager","1.0.5","Sotiris Rallios","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrallios\u002F","\u003Cp>\u003Cstrong>User Approval Manager\u003C\u002Fstrong> adds an approval layer to WordPress user registration.\u003C\u002Fp>\n\u003Cp>When a new user registers, the plugin prevents immediate login and notifies the site administrator(s) by email. The administrator can approve or reject the user directly via action buttons included in the email.\u003C\u002Fp>\n\u003Cp>At the same time, the user receives an automatic email informing them that their account is pending approval. Once approved, the user is notified and can log in normally.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for:\u003Cbr \u002F>\n– Membership websites\u003Cbr \u002F>\n– B2B platforms\u003Cbr \u002F>\n– Private communities\u003Cbr \u002F>\n– WooCommerce stores requiring verified customers\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Blocks login for newly registered users until approved\u003C\u002Fli>\n\u003Cli>Sends notification email to up to \u003Cstrong>two administrator email addresses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Approve or reject users directly from email buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password button\u003C\u002Fstrong> — use the {reset_password_button} placeholder in the User Approval Email to send new users a one-click “Set Password” link (respects custom login URLs and wp_lang)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-approval checkbox\u003C\u002Fstrong> — optionally auto-approve new users so they can log in immediately without manual approval\u003C\u002Fli>\n\u003Cli>Sends automatic status emails to users (pending \u002F approved)\u003C\u002Fli>\n\u003Cli>Simple configuration via WordPress admin\u003C\u002Fli>\n\u003Cli>Lightweight and focused — no unnecessary complexity\u003C\u002Fli>\n\u003C\u002Ful>\n","Requires administrator approval before new users can log in. Sends email notifications to admins and users during the approval process.",351,"2026-02-20T21:31:00.000Z",[125,126,23,127,128],"admin-approval","login-control","user-approval","user-registration","https:\u002F\u002Fwww.rallios.gr\u002Fportfolio\u002Fuser-approval-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-approval-manager.1.0.5.zip",{"attackSurface":132,"codeSignals":189,"taintFlows":203,"riskAssessment":204,"analyzedAt":211},{"hooks":133,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":11,"unprotectedCount":11},[134,140,144,147,151,155,157,160,163,168,171,176,181],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","admin_enqueue_scripts","sulock_admin_scripts_and_styles","admin.php",6,{"type":135,"name":141,"callback":142,"file":138,"line":143},"show_user_profile","extra_user_profile_fields",24,{"type":135,"name":145,"callback":142,"file":138,"line":146},"edit_user_profile",25,{"type":135,"name":148,"callback":149,"file":138,"line":150},"edit_user_profile_update","sulock_save_profile_fields",141,{"type":135,"name":152,"callback":153,"file":138,"line":154},"wp_redirect","closure",146,{"type":135,"name":152,"callback":153,"file":138,"line":156},149,{"type":135,"name":158,"callback":153,"file":138,"line":159},"load-user-edit.php",155,{"type":135,"name":161,"callback":153,"file":138,"line":162},"admin_notices",159,{"type":164,"name":165,"callback":166,"file":138,"line":167},"filter","manage_users_columns","sulock_modify_user_table",170,{"type":164,"name":169,"callback":166,"file":138,"line":170},"wpmu_users_columns",171,{"type":164,"name":172,"callback":173,"priority":174,"file":138,"line":175},"manage_users_custom_column","sulock_modify_user_table_row",10,195,{"type":164,"name":177,"callback":178,"priority":13,"file":179,"line":180},"authenticate","chk_active_user","simple-user-locking.php",87,{"type":135,"name":182,"callback":183,"file":179,"line":184},"admin_init","sulock_perform_logout_if_locked",91,[],[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":69,"bundledLibraries":202},[],{"prepared":11,"raw":11,"locations":192},[],{"escaped":194,"rawEcho":33,"locations":195},8,[196,199,200],{"file":138,"line":197,"context":198},59,"raw output",{"file":138,"line":197,"context":198},{"file":138,"line":201,"context":198},63,[],[],{"summary":205,"deductions":206},"The static analysis of the \"simple-user-locking\" plugin v1.0.1 indicates a generally strong security posture with no identified critical vulnerabilities in code signals or taint analysis. The plugin exhibits good practices by avoiding dangerous functions, file operations, and external HTTP requests.  Notably, all SQL queries use prepared statements, which significantly mitigates SQL injection risks.  The plugin also demonstrates an awareness of security by including two capability checks.  However, a concerning aspect is the complete absence of nonce checks across all entry points, which are critical for preventing Cross-Site Request Forgery (CSRF) attacks, especially if any functionality were to be added that modifies data.\n\nThe vulnerability history shows a clean slate with zero known CVEs. This lack of past vulnerabilities, combined with the positive findings in static analysis, suggests a plugin that is either very new, has been meticulously developed, or has not been subjected to extensive security scrutiny. The limited attack surface with zero entry points is a positive indicator, but it's important to note that the lack of protection on these zero entry points is still a concern as it represents a potential oversight for future development.  While the current state appears safe, the lack of nonce checks represents a significant weakness that should be addressed proactively.",[207,209],{"reason":208,"points":194},"No nonce checks across all entry points",{"reason":210,"points":33},"Output escaping is not fully implemented (73% proper)","2026-03-17T06:09:37.041Z",{"wat":213,"direct":222},{"assetPaths":214,"generatorPatterns":217,"scriptPaths":218,"versionParams":219},[215,216],"\u002Fwp-content\u002Fplugins\u002Fsimple-user-locking\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsimple-user-locking\u002Fjs\u002Fadmin.js",[],[216],[220,221],"simple-user-locking\u002Fcss\u002Fadmin.css?ver=","simple-user-locking\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":223,"htmlComments":225,"htmlAttributes":229,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[224],"sulock-nowrap",[226,227,228],"Contains all visible admin stuff like e.g. the extra user profile fields.","If you check this the user is permanently locked and can not log into the admin dashboard anymore.","If you check this the user is temporarily locked out of the site and can not log into the admin dashboard until the specified point in time. Must be at least 5 minutes in the future, otherwise the templock is deactivated.",[230,231,232],"sulock_permanently_locked","sulock_templock_date","sulock_templock_time",[],[235],"sulock_resempty",[]]