[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBAifGpMrH68EIYcimoDlH4dKOyYsGSlZ3HkfHwzjKvU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":128,"fingerprints":262},"swiftninjapro-wp-login-whitelist-ip","WP-Login and WP-Admin Whitelist","1.11.1","SwiftNinjaPro","https:\u002F\u002Fprofiles.wordpress.org\u002Fswiftninjapro\u002F","\u003Cp>A Plugin That only allows whitelisted IP’s, or optionally whitelisted browsers, to access wp-login.\u003Cbr \u002F>\nThis plugin does Not effect front-end login plugins.\u003Cbr \u002F>\nIf an IP is not whitelisted, the wp-login page will be killed and replaced with a message saying “your IP\u002FBrowser is not whitelisted”, or optionally redirect the user to 404 page instead.\u003C\u002Fp>\n\u003Cp>A better way to hide wp-login. You can add a list of admin IP’s to this plugin, where you want to allow usage of wp-login.\u003Cbr \u002F>\nEven if you have other users that login, its better to use another plugin for a more secure front end login, and this plugin will only allow a specific list of IP’s to access the wp-login page.\u003Cbr \u002F>\nYou can also (optionally) have this plugin attempt to redirect anyone to 404 page, if they try and access wp-login without the right IP.\u003Cbr \u002F>\nYou can also choose to disable the 404 redirect, and instead tell users there IP is not whitelisted, and that they should contact the admin if this is in error.\u003Cbr \u002F>\nThe plugin does Not block wp-admin, so once logged in, you can still edit your site on the go.\u003Cbr \u002F>\nThe plugin also has an option to whitelist your favorite common browsers to wp-login. This means you can keep users from accessing the wp-login page, simply because there using Internet Explore, and not what you chose to allow.\u003Cbr \u002F>\nThere is another option (which may return false positives), that attempts to check if the source of an IP is commonly used by a proxy server, and can block proxy IP’s to try and reduce spoofing.\u003C\u002Fp>\n","A Plugin That only allows whitelisted IP's, or optionally whitelisted browsers, to access wp-login, or optionally wp-admin.",10,2507,0,"2020-11-04T18:56:00.000Z","5.5.18","3.0.1","5.2.4",[19,20,21,22,23],"login","security","whitelist","wp-login","wp-admin","https:\u002F\u002Fwww.swiftninjapro.com\u002Fplugins\u002Fwordpress\u002F?plugin=swiftninjapro-wp-login-whitelist-ip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswiftninjapro-wp-login-whitelist-ip.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"swiftninjapro",7,710,84,30,83,"2026-04-04T02:48:02.450Z",[39,58,79,98,115],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":54,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"unauthorised-login-redirect","Unauthorised Login Redirect","0.3.9.1","RSimpson","https:\u002F\u002Fprofiles.wordpress.org\u002Frsimpson\u002F","\u003Cp>This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL of your specification, with every other request being redirected to a different URL of your specification.\u003C\u002Fp>\n","This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL.",200,5874,86,4,"2023-12-21T03:14:00.000Z","6.4.8","4.3","",[19,56,20,22,23],"redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funauthorised-login-redirect.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"admin-login-hide-pti","Admin Login Hide – PTI","1.0.3","PTI WebTech","https:\u002F\u002Fprofiles.wordpress.org\u002Fptiwebtech2025\u002F","\u003Cp>\u003Cstrong>Admin Login Hide – PTI\u003C\u002Fstrong> helps protect your WordPress site by hiding or customizing the default login URLs (\u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode>). This helps reduce automated bot attacks, brute-force attempts, and unauthorized login access.\u003C\u002Fp>\n\u003Cp>With just a few clicks, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change the default login URL to a custom path\u003C\u002Fli>\n\u003Cli>Prevent access to the default \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>wp-admin\u003C\u002Fcode> paths\u003C\u002Fli>\n\u003Cli>Improve your site’s overall login security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for WordPress users who want a lightweight, easy-to-use security enhancement without needing complex settings or heavy plugins.\u003C\u002Fp>\n","Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.",347,100,3,"2025-07-01T05:30:00.000Z","6.8.5","5.0","7.2",[74,75,20,23,76],"custom-login-url","hide-login","wp-login-php","https:\u002F\u002Fgithub.com\u002Fptiwebtech\u002Fadmin-login-hide-pti","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-login-hide-pti.1.0.3.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":13,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":71,"requires_php":54,"tags":90,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"admin-allow-by-ip","Admin Allow by IP","1.0.2","Apsara Aruna","https:\u002F\u002Fprofiles.wordpress.org\u002Fapsaraaruna\u002F","\u003Cp>Protect your admin form hackers!. You can allow your wp-admin for specific IP(s).\u003C\u002Fp>\n\u003Cp>You can select redirect after blocked wp-admin to others. and also you can customize as you want. we provide sample landing page \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapsaraaruna\u002Fmaintenance-landing\" title=\"Landing page\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Also see my other plugins\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-youtube-subscribtion\u002F\" title=\"Easy Subscribe Button Widget\" rel=\"ugc\">Easy Subscribe Button Widget\u003C\u002Fa> \u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembed-page-facebook\u002F\" title=\"Easy Embed Page Widget\" rel=\"ugc\">Easy Embed Page Widget\u003C\u002Fa>\u003C\u002Fp>\n","Protect your admin form hackers!. You can allow your wp-admin for specific IP(s).",1356,"2023-10-19T10:42:00.000Z","6.3.8",[91,92,93,94,95],"securityadmin","spam","wp-admin-login","wp-security","wp-security-whitelist-ip","http:\u002F\u002Fadmin-allow-by-ip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-allow-by-ip.1.0.2.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":13,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":54,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":114},"basic-auth-for-wp-admin","Basic Auth for WP-Admin","1.0","Walid Sadfi","https:\u002F\u002Fprofiles.wordpress.org\u002Fevolurise\u002F","\u003Cp>This plugin adds an additional layer of security to your WordPress website by adding a basic authentication HTTP to the wp-admin and wp-login pages. This means that before accessing these pages, users will be prompted to enter a username and password. This can help to prevent unauthorized access to your website’s backend.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was developed by Evolurise (https:\u002F\u002Fwww.evolurise.com\u002F)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.",2481,"6.1.10","3.0","5.6.20",[111,20,22,23],"basic-auth","https:\u002F\u002Fwww.evolurise.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-auth-for-wp-admin.zip","2026-03-15T10:48:56.248Z",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":13,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":125,"requires_at_least":71,"requires_php":72,"tags":126,"homepage":54,"download_link":127,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"change-hide-login-url","Secure WordPress Admin – Change & Hide Login URL","1.2","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>\u003Cstrong>Secure WordPress Admin – Change & Hide Login URL\u003C\u002Fstrong> improves your website’s login security by allowing you to replace the default WordPress login page (wp-login.php) with any custom slug of your choice. It also blocks direct access to both \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong> for all non-logged-in users.\u003C\u002Fp>\n\u003Cp>Upon activation, the plugin automatically sets the custom login slug to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>.\u003Cbr \u002F>\nExample:\u003Cbr \u002F>\n    https:\u002F\u002Fyourwebsite.com\u002Fmysecretlogin\u003C\u002Fp>\n\u003Cp>You can update the slug anytime from the settings page.\u003Cbr \u002F>\n\u003Cstrong>Important:\u003C\u002Fstrong> After changing the custom slug, go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Permalinks\u003C\u002Fstrong> and click \u003Cstrong>Save Changes\u003C\u002Fstrong> to ensure the new login URL works correctly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, fast, and follows WordPress coding standards without modifying core files.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Change \u003Cstrong>wp-login.php\u003C\u002Fstrong> to a custom login slug  \u003C\u002Fli>\n\u003Cli>Default login slug automatically set to \u003Cstrong>mysecretlogin\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks direct access to \u003Cstrong>wp-login.php\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Blocks unauthorized access to \u003Cstrong>\u002Fwp-admin\u002F\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Simple admin settings page to manage the slug  \u003C\u002Fli>\n\u003Cli>Fully translation-ready  \u003C\u002Fli>\n\u003Cli>Uses WordPress security best practices  \u003C\u002Fli>\n\u003Cli>Zero impact on site performance\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin &hellip;",179,"2025-12-10T04:07:00.000Z","6.9.4",[74,19,20,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-hide-login-url.zip",{"attackSurface":129,"codeSignals":155,"taintFlows":204,"riskAssessment":250,"analyzedAt":261},{"hooks":130,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":153,"entryPointCount":154,"unprotectedCount":13},[131,137,142],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","after_setup_theme","run_after_theme","main.php",39,{"type":132,"name":138,"callback":139,"file":140,"line":141},"wp_enqueue_scripts","enqueue","swiftninjapro-wp-login-whitelist-ip.php",108,{"type":132,"name":143,"callback":144,"file":140,"line":145},"admin_menu","add_admin_pages",109,[],[],[149],{"tag":150,"callback":151,"file":140,"line":152},"wp-login-recovery-page","shortcode_recovery_page",115,[],1,{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":160,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":202,"bundledLibraries":203},[],{"prepared":158,"raw":13,"locations":159},2,[],{"escaped":35,"rawEcho":161,"locations":162},18,[163,167,169,171,173,175,177,179,181,183,185,187,190,192,194,196,198,200],{"file":164,"line":165,"context":166},"templates\\admin.php",92,"raw output",{"file":164,"line":168,"context":166},103,{"file":164,"line":170,"context":166},135,{"file":164,"line":172,"context":166},186,{"file":164,"line":174,"context":166},188,{"file":164,"line":176,"context":166},205,{"file":164,"line":178,"context":166},225,{"file":164,"line":180,"context":166},254,{"file":164,"line":182,"context":166},258,{"file":164,"line":184,"context":166},259,{"file":164,"line":186,"context":166},329,{"file":188,"line":189,"context":166},"templates\\recovery.php",149,{"file":188,"line":191,"context":166},150,{"file":188,"line":193,"context":166},247,{"file":188,"line":195,"context":166},296,{"file":188,"line":197,"context":166},298,{"file":188,"line":199,"context":166},315,{"file":188,"line":201,"context":166},335,5,[],[205,223,239],{"entryPoint":206,"graph":207,"unsanitizedCount":13,"severity":222},"SwiftNinjaPro_settings_GetOption (templates\\admin.php:139)",{"nodes":208,"edges":219},[209,214],{"id":210,"type":211,"label":212,"file":164,"line":213},"n0","source","$_POST",148,{"id":215,"type":216,"label":217,"file":164,"line":189,"wp_function":218},"n1","sink","update_option() [Settings Manipulation]","update_option",[220],{"from":210,"to":215,"sanitized":221},true,"low",{"entryPoint":224,"graph":225,"unsanitizedCount":13,"severity":222},"\u003Cadmin> (templates\\admin.php:0)",{"nodes":226,"edges":236},[227,228,229,232],{"id":210,"type":211,"label":212,"file":164,"line":213},{"id":215,"type":216,"label":217,"file":164,"line":189,"wp_function":218},{"id":230,"type":211,"label":231,"file":164,"line":186},"n2","$_SERVER['REMOTE_ADDR']",{"id":233,"type":216,"label":234,"file":164,"line":186,"wp_function":235},"n3","echo() [XSS]","echo",[237,238],{"from":210,"to":215,"sanitized":221},{"from":230,"to":233,"sanitized":221},{"entryPoint":240,"graph":241,"unsanitizedCount":68,"severity":222},"\u003Crecovery> (templates\\recovery.php:0)",{"nodes":242,"edges":247},[243,246],{"id":210,"type":211,"label":244,"file":188,"line":245},"$_POST (x3)",78,{"id":215,"type":216,"label":234,"file":188,"line":189,"wp_function":235},[248],{"from":210,"to":215,"sanitized":249},false,{"summary":251,"deductions":252},"The \"swiftninjapro-wp-login-whitelist-ip\" plugin version 1.11.1 demonstrates a generally good security posture, with no known CVEs and a complete lack of critical or high severity issues in its vulnerability history. The static analysis reveals good practices such as using prepared statements for all SQL queries and performing capability checks for critical operations.  However, there are some areas for concern. The plugin has a low number of entry points, with none found to be unprotected, which is positive.  Despite this, the taint analysis flagged one flow with unsanitized paths, which, while not rated as critical or high severity, represents a potential avenue for unexpected behavior or information disclosure if exploited. Furthermore, the output escaping is only 63% properly escaped, indicating a moderate risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining outputs. The absence of nonce checks on the identified entry point is also a weakness, potentially allowing for Cross-Site Request Forgery (CSRF) attacks if the shortcode's functionality can be triggered maliciously.",[253,255,258],{"reason":254,"points":11},"Taint flow with unsanitized path",{"reason":256,"points":257},"Moderate unescaped output risk",6,{"reason":259,"points":260},"Missing nonce check on entry point",8,"2026-03-16T23:49:10.664Z",{"wat":263,"direct":272},{"assetPaths":264,"generatorPatterns":267,"scriptPaths":268,"versionParams":269},[265,266],"\u002Fwp-content\u002Fplugins\u002Fswiftninjapro-wp-login-whitelist-ip\u002Fassets\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fswiftninjapro-wp-login-whitelist-ip\u002Fassets\u002Fscript.js",[],[266],[270,271],"swiftninjapro-wp-login-whitelist-ip\u002Fassets\u002Fstyle.css?ver=","swiftninjapro-wp-login-whitelist-ip\u002Fassets\u002Fscript.js?ver=",{"cssClasses":273,"htmlComments":274,"htmlAttributes":277,"restEndpoints":278,"jsGlobals":279,"shortcodeOutput":282},[],[275,276],"\u003C!-- BEGIN SwiftNinjaPro Whitelist Login IP -->","\u003C!-- END SwiftNinjaPro Whitelist Login IP -->",[],[],[280,281],"window.SwiftNinjaProWhitelistLoginIP","SwiftNinjaProWhitelistLoginIP",[283],"[wp-login-recovery-page]"]