[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsB4kYisZOW35A9J2kYqQpXOUewo-liKKW8EKPmZfCIU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":135,"fingerprints":250},"swift-wp-login","Swift WP-Login.php","1.0","beginnerwebtips","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeginnerwebtips\u002F","\u003Cp>\u003Cstrong>I Provide offer support through the support forum. Use \u003Ca href=\"\u002F\u002Fwww.beginnerwebtips.com\u002Fiseulde\u002Fswift-wp-login\u002F\" rel=\"nofollow ugc\">Website\u003C\u002Fa> instead.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>swift wp-login.php\u003C\u002Fem> is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally swift or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Woocommerce,\u003C\u002Fli>\n\u003Cli>TML,\u003C\u002Fli>\n\u003Cli>UserPro,\u003C\u002Fli>\n\u003Cli>Limit Login Attempts,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, but not tested with subdomains. Activating it for a network allows you to set a networkwide default. Individual sites can still swift their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> you should add the slug of the new login url to the list of pages not to cache.\u003C\u002Fp>\n\u003Cp>If you wish, you can block wp-login.php with \u003Ccode>.htaccess\u003C\u002Fcode> from now on.\u003C\u002Fp>\n","Change Your wp-login.php to anything you want.",10,1263,0,"","4.4.34","5.0",[18,19,20,21,22],"custom-login-url","login","swift","wp-login","wp-login-php","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswift-wp-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswift-wp-login.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T05:54:20.236Z",[35,57,77,96,113],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":14,"download_link":53,"security_score":54,"vuln_count":11,"unpatched_count":13,"last_vuln_date":55,"fetched_at":56},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","6.9.4","4.1","7.0",[18,19,52,21,22],"rename","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00","2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":25,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":14,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"rename-wp-loginphp-to-anything-you-want","Rename wp-login.php to anything you want","2.0.1","travispluse","https:\u002F\u002Fprofiles.wordpress.org\u002Ftravispluse\u002F","\u003Cp>This plugin changes the way you login into your website.\u003C\u002Fp>\n\u003Cp>–loginsecurity includes–\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blocks IP after maximum retries allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Extended Lockout after maximum lockouts allowed\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Email notification to admin after max lockouts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Blacklist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Whitelist IP\u002FIP range\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Check logs of failed attempts\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Create IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Delete IP ranges\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Licensed under GNU GPL version 3\u003Cbr \u002F>\n\u003Cbr \u002F>\n* Safe & Secure\u003Cbr \u002F>\u003C\u002Fp>\n","This plugin changes the way you login into your website.",500,8851,5,"2016-08-13T06:36:00.000Z","4.5.33","3.0",[72,18,19,73,22],"custom","login-custom","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-loginphp-to-anything-you-want\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-loginphp-to-anything-you-want.2.0.1.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":25,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":16,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",347,3,"2025-07-01T05:30:00.000Z","6.8.5","7.2",[18,91,92,93,22],"hide-login","security","wp-admin","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":48,"requires_at_least":16,"requires_php":14,"tags":109,"homepage":111,"download_link":112,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"rename-wp-admin-login","Rename wp-admin login","1.0.0","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>\u003Cem>Rename wp-admin login\u003C\u002Fem> is a plugin that allows us to rename wp-admin login URL to anything you want. It does not change WordPress core files, the plugin simply intercepts page requests and works on any WordPress website. After you activate this plugin the wp-admin URL and wp-login.php will become unavailable, so you should bookmark or remember the url. Disable this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Like this plugin?\u003C\u002Fstrong> Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002Freviews\u002F?filter=5\" rel=\"ugc\">Rate It\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fnunosarmento\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a problem?\u003C\u002Fstrong> Please write a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frename-wp-admin-login\u002F\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use the plugin\u003C\u002Fh3>\n\u003Cp>Go under Settings and then click on “Permalinks” and change your URL under “Rename wp-admin login”.\u003C\u002Fp>\n\u003Cp>Step 1: Add new login URL\u003C\u002Fp>\n\u003Cp>Step 2: Add redirect URL\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was forked\u002Fadapted\u002Ffixed\u002Fupdated from this plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-login\u002F – @ellatrix thank you for starting the base of my plugin.\u003C\u002Fp>\n","Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want",7000,17102,86,6,"2025-12-02T13:00:00.000Z",[110,18,19,97,93],"change-wp-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frename-wp-admin-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-wp-admin-login.1.0.0.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":14,"tags":128,"homepage":133,"download_link":134,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"blue-login-style","Blue Login Style","1.4.0","Alimir","https:\u002F\u002Fprofiles.wordpress.org\u002Falimir\u002F","\u003Cp>Blue Login Style is a tiny WordPress plugin that allows you to customize your login page with beautiful themes. Its features: ability to add message, change the login logo, ability to set login, logout and register redirect links and many more…\u003Cbr \u002F>\nScreenshots are available in \u003Ca href=\"http:\u002F\u002Fpreview.alimir.ir\u002Fwordpress-blue-login-style\u002F\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability to choose nice themes with great options.\u003C\u002Fli>\n\u003Cli>Ability to add message in your login page.\u003C\u002Fli>\n\u003Cli>Add a custom logo of your wordPress blog as piece of cake.\u003C\u002Fli>\n\u003Cli>Add custom background image.\u003C\u002Fli>\n\u003Cli>Ability to set \u003Ccode>login\u003C\u002Fcode>, \u003Ccode>logout\u003C\u002Fcode> and \u003Ccode>register\u003C\u002Fcode> redirect links.\u003C\u002Fli>\n\u003Cli>Simple configuration panel.\u003C\u002Fli>\n\u003Cli>And so on…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Author\u003C\u002Fh4>\n\u003Cp>Website: \u003Ca href=\"http:\u002F\u002Fabout.alimir.ir\" rel=\"nofollow ugc\">Ali Mirzaei\u003C\u002Fa>\u003Cbr \u002F>\nFollow on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Falimir.ir\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003Cbr \u002F>\nYou can catch catch me on twitter as @alimirir\u003C\u002Fp>\n","Blue Login Style is a tiny plugin which allows to customize your wp-login theme easily with a click.",300,29099,98,17,"2014-12-26T19:38:00.000Z","4.1.42","3.5",[129,130,131,132,21],"admin","customize-wp-login-php-plugin","front-end-login","login-form","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblue-login-style\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblue-login-style.1.4.0.zip",{"attackSurface":136,"codeSignals":183,"taintFlows":206,"riskAssessment":234,"analyzedAt":249},{"hooks":137,"ajaxHandlers":179,"restRoutes":180,"shortcodes":181,"cronEvents":182,"entryPointCount":13,"unprotectedCount":13},[138,144,147,150,152,153,156,159,162,165,169,172,175],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_notices","admin_notices_incompatible","shift-wp-login.php",83,{"type":139,"name":145,"callback":141,"file":142,"line":146},"network_admin_notices",84,{"type":139,"name":148,"callback":148,"file":142,"line":149},"admin_init",92,{"type":139,"name":140,"callback":140,"file":142,"line":151},93,{"type":139,"name":145,"callback":140,"file":142,"line":32},{"type":139,"name":154,"callback":154,"file":142,"line":155},"wpmu_options",105,{"type":139,"name":157,"callback":157,"file":142,"line":158},"update_wpmu_options",106,{"type":139,"name":160,"callback":160,"priority":30,"file":142,"line":161},"plugins_loaded",109,{"type":139,"name":163,"callback":163,"file":142,"line":164},"wp_loaded",110,{"type":166,"name":167,"callback":167,"priority":11,"file":142,"line":168},"filter","site_url",112,{"type":166,"name":170,"callback":170,"priority":11,"file":142,"line":171},"network_site_url",113,{"type":166,"name":173,"callback":173,"priority":11,"file":142,"line":174},"wp_redirect",114,{"type":166,"name":176,"callback":177,"file":142,"line":178},"site_option_welcome_email","welcome_email",116,[],[],[],[],{"dangerousFunctions":184,"sqlUsage":185,"outputEscaping":190,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":205},[],{"prepared":13,"raw":30,"locations":186},[187],{"file":142,"line":188,"context":189},134,"$wpdb->get_col() with variable interpolation",{"escaped":13,"rawEcho":107,"locations":191},[192,195,197,199,201,203],{"file":142,"line":193,"context":194},122,"raw output",{"file":142,"line":196,"context":194},163,{"file":142,"line":198,"context":194},230,{"file":142,"line":200,"context":194},235,{"file":142,"line":202,"context":194},237,{"file":142,"line":204,"context":194},245,[],[207,226],{"entryPoint":208,"graph":209,"unsanitizedCount":30,"severity":225},"admin_init (shift-wp-login.php:176)",{"nodes":210,"edges":222},[211,216],{"id":212,"type":213,"label":214,"file":142,"line":215},"n0","source","$_POST",196,{"id":217,"type":218,"label":219,"file":142,"line":220,"wp_function":221},"n1","sink","update_option() [Settings Manipulation]",203,"update_option",[223],{"from":212,"to":217,"sanitized":224},false,"low",{"entryPoint":227,"graph":228,"unsanitizedCount":30,"severity":225},"\u003Cshift-wp-login> (shift-wp-login.php:0)",{"nodes":229,"edges":232},[230,231],{"id":212,"type":213,"label":214,"file":142,"line":215},{"id":217,"type":218,"label":219,"file":142,"line":220,"wp_function":221},[233],{"from":212,"to":217,"sanitized":224},{"summary":235,"deductions":236},"The \"swift-wp-login\" v1.0 plugin presents a mixed security posture. On the positive side, there is no recorded vulnerability history, which suggests a relatively stable and well-maintained codebase. The absence of external HTTP requests and file operations also reduces potential attack vectors.\n\nHowever, the static analysis reveals significant concerns. The plugin exhibits a complete lack of input sanitization for output and lacks any capability or nonce checks. This is further exacerbated by the fact that 100% of its SQL queries are not prepared, indicating a high risk of SQL injection vulnerabilities. While taint analysis did not flag critical or high severity issues, the presence of unsanitized paths in the analyzed flows is concerning given the lack of other security measures.\n\nIn conclusion, while the plugin's limited attack surface and clean vulnerability history are strengths, the critical weaknesses in output escaping, SQL query preparation, and the absence of essential WordPress security checks (nonces, capabilities) create a substantial security risk. Developers should prioritize addressing these code-level vulnerabilities.",[237,239,241,244,247],{"reason":238,"points":11},"100% of SQL queries use prepared statements",{"reason":240,"points":107},"0% of output is properly escaped",{"reason":242,"points":243},"0 Nonce checks",8,{"reason":245,"points":246},"0 Capability checks",7,{"reason":248,"points":67},"2 Flows with unsanitized paths","2026-03-16T23:29:12.548Z",{"wat":251,"direct":260},{"assetPaths":252,"generatorPatterns":255,"scriptPaths":256,"versionParams":257},[253,254],"\u002Fwp-content\u002Fplugins\u002Fswift-wp-login\u002Fcss\u002Flogin.css","\u002Fwp-content\u002Fplugins\u002Fswift-wp-login\u002Fjs\u002Flogin.js",[],[254],[258,259],"swift-wp-login\u002Fcss\u002Flogin.css?ver=","swift-wp-login\u002Fjs\u002Flogin.js?ver=",{"cssClasses":261,"htmlComments":262,"htmlAttributes":264,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":269},[],[263],"\u003C!-- swift wp-login.php -->",[265,266],"id=\"rwl-page-input\"","name=\"rwl_page\"",[],[],[]]