[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fV7IBjjqDBxUFFDTyZ999Y2-LJbRkY70chzDDhN_uxiM":3,"$fMdRQel9pYqJqrXErrdV0esYglzRPEzketoi44zdxOI0":402,"$fScRbP58b0qljvNel1wfgLnUfTWW1jKfdEMnOHX4W5dM":406},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":78,"fingerprints":374},"themepaste-secure-admin","Themepaste Secure Admin","1.1","Jewel Majumder","https:\u002F\u002Fprofiles.wordpress.org\u002Fjewelmajumder\u002F","\u003Cp>Themepaste secure admin protects your wp-admin and you would be able to change wp-admin URLs, check login attempts, email activation verification during login, custom layout of login form, set your logo in login form, set login only by email or userid\u002Femail, customize email template of login activation, set login captha normal captha or google captha, blocked specific users, allowled only specific users, manage users roles.\u003C\u002Fp>\n\u003Cp>Major features in Themepaste Secure Admin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Layout of WP-Login, upload your logo in login form change color, background color, button, input field etc.\u003C\u002Fli>\n\u003Cli>Custom URL of wp-admin. ex(http:\u002F\u002Fexample.com\u002Fwp-admin to http:\u002F\u002Fexample.com\u002F{your-text}).\u003C\u002Fli>\n\u003Cli>Captcha during login google captcha and custom captcha.\u003C\u002Fli>\n\u003Cli>Email activation during login and email template customization.\u003C\u002Fli>\n\u003Cli>Login attempts, Logs of login attempts, blocked ip options, allowled ip options.\u003C\u002Fli>\n\u003Cli>User roles manager, adding new role, adding new capability, manage roles, manage capabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: 24\u002F7 \u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fsupport\" rel=\"nofollow ugc\">Supports\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fthemepaste.com\u002Fdocumentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Themepaste secure admin protects your wp-admin and you can change wp-admin URLs yourself, check login attempts manage users roles.",0,1183,"2025-01-17T14:08:00.000Z","6.7.5","3.7","",[18,19,4,20,21],"protect-wordpress-admin","secure-wordpress-admin","wordpress-site-security","wordpress-wp-admin-plugin","http:\u002F\u002Fthemepaste.com\u002Fproduct\u002Fthemepaste-secure-admin-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemepaste-secure-admin.1.1.zip",92,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"jewelmajumder",1,30,88,"2026-05-19T21:16:30.910Z",[36,55],{"slug":37,"name":38,"version":6,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":11,"num_ratings":11,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":52,"download_link":53,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"unoapp-protects-wp-admin","Unoapp Protect WP Admin","Kartik Busa","https:\u002F\u002Fprofiles.wordpress.org\u002Funoapp\u002F","\u003Cp>Many time sites hacked by admin access because it’s common URL for all wp-admin, this unoapp protect wp admin gives advanced security against hackers.\u003C\u002Fp>\n\u003Cp>Are you seeing a lot of attacks on your WordPress admin area? Protecting the admin area from unauthorized access allows you to block many common security threats\u003Cbr \u002F>\nunoapp protect wp admin helps solve this problem by allowing webmasters to customize their admin panel URL and access allows only selected ips.\u003C\u002Fp>\n\u003Cp>After installed and configured unoapp protect wp admin plugin, administrator able to change the “sitename.com\u002Fwp-admin” link into “sitename.com\u002Fcustom-admin”.\u003C\u002Fp>\n\u003Cp>The plugin also restrict admin access by multiple ips based\u003C\u002Fp>\n\u003Cp>** NOTE: You should keed backup your database before activating this plugin.**\u003Cbr \u002F>\nfor some reason, you find it necessary to restore your database from these backups.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to change custom wp-admin into both sides after logged in and before login URL(i.e http:\u002F\u002Fyourdomain.com\u002Fcustom-admin)\u003C\u002Fli>\n\u003Cli>Automatically change “Register” page URL\u003C\u002Fli>\n\u003Cli>Automatically change “Lost Password” page URL\u003C\u002Fli>\n\u003Cli>Restrict applied for registered non-admin users from wp-admin\u003C\u002Fli>\n\u003Cli>Allow admin access by defining comma separated multiple ips\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cp>1) Save the slug.\u003C\u002Fp>\n\u003Cp>2) Please put below two lines code in your wp-config.php file above of Absolute path (ABSPATH).\u003C\u002Fp>\n\u003Cp>define(‘WP_ADMIN_DIR’, ‘office-admin’);\u003C\u002Fp>\n\u003Cp>define(‘ADMIN_COOKIE_PATH’, SITECOOKIEPATH . WP_ADMIN_DIR);\u003C\u002Fp>\n\u003Cp>3)\u003Cbr \u002F>\nSometimes it’s issuing while permalink settings not updated.\u003Cbr \u002F>\nSome time .htaccess not updated due to permission issue, permalink issue or some other security plugins, in that case, you can update .htaccess manually.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># BEGIN WordPress\n\u003CIfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase \u002F\nRewriteRule ^index\\.php$ - [L]\nRewriteRule ^custom-admin\u002F(.*) wp-admin\u002F$1?%{QUERY_STRING} [L]\nRewriteRule ^custom-admin\u002F?$ wp-login.php [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \u002Findex.php [L]\n\u003C\u002FIfModule>\n# END WordPress\n\u003C\u002Fcode>\u003C\u002Fpre>\n","unoapp protect wp admin allows access for you only by URL change and access on IP based.",1334,"2022-05-19T09:50:00.000Z","5.9.13","4.0","5.2.4",[49,50,18,19,51],"change-wp-admin-slug","ip-based-login","unoapp-protect-wp-admin","http:\u002F\u002Fwww.unoapp.com\u002Fwp-plugins\u002Funoapp-protects-wp-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funoapp-protects-wp-admin.zip",85,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":11,"num_ratings":11,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":16,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":31,"unpatched_count":11,"last_vuln_date":76,"fetched_at":77},"echbay-admin-security","EchBay Admin Security","1.3.1","Dao Quoc Dai","https:\u002F\u002Fprofiles.wordpress.org\u002Fitvn9online\u002F","\u003Cp>If you run a WordPress website, you should absolutely use echbay-admin-security to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin helps solve this problem by allowing webmasters to setup PIN number or password for login page.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fitvn9online\u002F5\" rel=\"nofollow ugc\"> Thanks for donate \u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect Your Website Admin Against Hackers & Modify Login Page Design ( Nhiệm vụ: chặn mọi truy cập trực tiếp vào trang quản trị wordpress dưới dạ &hellip;",100,11314,"2025-11-28T02:58:00.000Z","6.9.4","4.8",[69,70,18,71,72],"change-admin-url","change-wp-admin-url","rename-admin-url","secure-admin","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwordpresseb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechbay-admin-security.zip",99,"2025-11-20 19:30:13","2026-04-16T10:56:18.058Z",{"attackSurface":79,"codeSignals":187,"taintFlows":285,"riskAssessment":358,"analyzedAt":373},{"hooks":80,"ajaxHandlers":169,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":186,"unprotectedCount":186},[81,87,91,96,100,105,110,114,119,123,127,131,136,141,146,149,153,156,158,162,166],{"type":82,"name":83,"callback":84,"file":85,"line":86},"action","admin_init","wptpsa_layout_page_fields","themepaste-custom-layout.php",312,{"type":82,"name":88,"callback":89,"file":85,"line":90},"login_enqueue_scripts","wptpsa_login_page_template",395,{"type":92,"name":93,"callback":94,"file":85,"line":95},"filter","login_headerurl","wptpsa_login_power_url",401,{"type":92,"name":97,"callback":98,"file":85,"line":99},"login_headertitle","wptpsa_login_power_title",405,{"type":92,"name":101,"callback":102,"file":103,"line":104},"login_redirect","wptpsa_login_redirect","themepaste-functions.php",48,{"type":92,"name":106,"callback":107,"priority":108,"file":103,"line":109},"site_url","wptpsa_site_url",10,51,{"type":92,"name":111,"callback":112,"priority":108,"file":103,"line":113},"wp_redirect","wptpsa_wp_redirect",52,{"type":82,"name":115,"callback":116,"file":117,"line":118},"plugins_loaded","wptpsa_plugin_check","themepaste-install.php",16,{"type":82,"name":83,"callback":120,"file":121,"line":122},"wptpsa_main_page_fields","themepaste-main-page.php",182,{"type":92,"name":124,"callback":125,"priority":108,"file":121,"line":126},"logout_url","wptpsa_logout_page",194,{"type":92,"name":128,"callback":129,"priority":75,"file":121,"line":130},"lostpassword_url","wptpsa_lost_password_page",203,{"type":82,"name":132,"callback":133,"file":134,"line":135},"admin_menu","wptpsa_menu_items","themepaste-menu.php",18,{"type":82,"name":137,"callback":138,"file":139,"line":140},"admin_notices","wptpsa_free_version_notification","themepaste-pro-features.php",11,{"type":82,"name":142,"callback":143,"file":144,"line":145},"init","wptpsa_init_urls","themepaste-secure-admin.php",68,{"type":82,"name":142,"callback":147,"file":144,"line":148},"wptpsa_init_redirect",69,{"type":82,"name":150,"callback":151,"file":144,"line":152},"generate_rewrite_rules","wptpsa_generate_rewrite_rules",71,{"type":82,"name":154,"callback":155,"file":144,"line":54},"wp_enqueue_scripts","wptpsa_frontend_script",{"type":82,"name":83,"callback":157,"file":144,"line":33},"wptpsa_backend_script",{"type":82,"name":159,"callback":160,"file":144,"line":161},"admin_head","wptpsa_backend_style",95,{"type":82,"name":163,"callback":164,"file":144,"line":165},"admin_enqueue_scripts","wptpsa_load_media_files",120,{"type":82,"name":167,"callback":167,"file":144,"line":168},"wptpsa_check_login_status",124,[170,175,178,181],{"action":171,"nopriv":172,"callback":171,"hasNonce":172,"hasCapCheck":172,"file":173,"line":174},"wptpsa_master_status_action",false,"templates\u002Fmaster_status.php",25,{"action":171,"nopriv":176,"callback":171,"hasNonce":172,"hasCapCheck":172,"file":173,"line":177},true,26,{"action":179,"nopriv":172,"callback":179,"hasNonce":172,"hasCapCheck":172,"file":85,"line":180},"wptpsa_reset_layout",12,{"action":179,"nopriv":176,"callback":179,"hasNonce":172,"hasCapCheck":172,"file":85,"line":182},13,[],[],[],4,{"dangerousFunctions":188,"sqlUsage":193,"outputEscaping":195,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":281},[189],{"fn":190,"file":144,"line":191,"context":192},"ini_set",14,"ini_set('display_errors','Off');",{"prepared":11,"raw":11,"locations":194},[],{"escaped":196,"rawEcho":197,"locations":198},34,42,[199,203,204,206,208,210,212,214,216,218,220,221,223,225,227,229,231,233,235,237,239,241,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280],{"file":200,"line":201,"context":202},"classes\u002FWPTPSABase.php",46,"raw output",{"file":200,"line":152,"context":202},{"file":173,"line":205,"context":202},21,{"file":173,"line":207,"context":202},43,{"file":85,"line":209,"context":202},8,{"file":85,"line":211,"context":202},155,{"file":85,"line":213,"context":202},162,{"file":85,"line":215,"context":202},170,{"file":85,"line":217,"context":202},178,{"file":85,"line":219,"context":202},186,{"file":85,"line":126,"context":202},{"file":85,"line":222,"context":202},204,{"file":85,"line":224,"context":202},213,{"file":85,"line":226,"context":202},221,{"file":85,"line":228,"context":202},228,{"file":85,"line":230,"context":202},236,{"file":85,"line":232,"context":202},245,{"file":85,"line":234,"context":202},253,{"file":85,"line":236,"context":202},327,{"file":85,"line":238,"context":202},345,{"file":85,"line":240,"context":202},348,{"file":85,"line":240,"context":202},{"file":85,"line":243,"context":202},349,{"file":85,"line":245,"context":202},357,{"file":85,"line":247,"context":202},358,{"file":85,"line":249,"context":202},359,{"file":85,"line":251,"context":202},360,{"file":85,"line":253,"context":202},366,{"file":85,"line":255,"context":202},367,{"file":85,"line":257,"context":202},368,{"file":85,"line":259,"context":202},377,{"file":85,"line":261,"context":202},378,{"file":85,"line":263,"context":202},381,{"file":85,"line":265,"context":202},383,{"file":144,"line":267,"context":202},98,{"file":144,"line":269,"context":202},103,{"file":144,"line":271,"context":202},104,{"file":144,"line":273,"context":202},105,{"file":144,"line":275,"context":202},111,{"file":144,"line":277,"context":202},112,{"file":279,"line":118,"context":202},"themepaste-settings.php",{"file":279,"line":135,"context":202},[282],{"name":283,"version":25,"knownCves":284},"DataTables",[],[286,303,311,324,332,348],{"entryPoint":287,"graph":288,"unsanitizedCount":31,"severity":302},"wptpsa_init_redirect (themepaste-functions.php:192)",{"nodes":289,"edges":300},[290,295],{"id":291,"type":292,"label":293,"file":103,"line":294},"n0","source","$_GET",211,{"id":296,"type":297,"label":298,"file":103,"line":299,"wp_function":111},"n1","sink","wp_redirect() [Open Redirect]",232,[301],{"from":291,"to":296,"sanitized":172},"medium",{"entryPoint":304,"graph":305,"unsanitizedCount":31,"severity":302},"\u003Cthemepaste-functions> (themepaste-functions.php:0)",{"nodes":306,"edges":309},[307,308],{"id":291,"type":292,"label":293,"file":103,"line":294},{"id":296,"type":297,"label":298,"file":103,"line":299,"wp_function":111},[310],{"from":291,"to":296,"sanitized":172},{"entryPoint":312,"graph":313,"unsanitizedCount":31,"severity":323},"wptpsa_master_status_action (templates\u002Fmaster_status.php:2)",{"nodes":314,"edges":321},[315,318],{"id":291,"type":292,"label":316,"file":173,"line":317},"$_POST['status']",6,{"id":296,"type":297,"label":319,"file":173,"line":317,"wp_function":320},"update_option() [Settings Manipulation]","update_option",[322],{"from":291,"to":296,"sanitized":172},"low",{"entryPoint":325,"graph":326,"unsanitizedCount":31,"severity":323},"\u003Cmaster_status> (templates\u002Fmaster_status.php:0)",{"nodes":327,"edges":330},[328,329],{"id":291,"type":292,"label":316,"file":173,"line":317},{"id":296,"type":297,"label":319,"file":173,"line":317,"wp_function":320},[331],{"from":291,"to":296,"sanitized":172},{"entryPoint":333,"graph":334,"unsanitizedCount":31,"severity":323},"wptpsa_layout_page (themepaste-custom-layout.php:48)",{"nodes":335,"edges":345},[336,339,342],{"id":291,"type":292,"label":337,"file":85,"line":338},"$_POST",54,{"id":296,"type":340,"label":341,"file":85,"line":338},"transform","→ wptpsa_layout_update_options()",{"id":343,"type":297,"label":319,"file":85,"line":344,"wp_function":320},"n2",116,[346,347],{"from":291,"to":296,"sanitized":172},{"from":296,"to":343,"sanitized":172},{"entryPoint":349,"graph":350,"unsanitizedCount":31,"severity":323},"\u003Cthemepaste-custom-layout> (themepaste-custom-layout.php:0)",{"nodes":351,"edges":355},[352,353,354],{"id":291,"type":292,"label":337,"file":85,"line":338},{"id":296,"type":340,"label":341,"file":85,"line":338},{"id":343,"type":297,"label":319,"file":85,"line":344,"wp_function":320},[356,357],{"from":291,"to":296,"sanitized":172},{"from":296,"to":343,"sanitized":172},{"summary":359,"deductions":360},"The \"themepaste-secure-admin\" v1.1 plugin exhibits a concerning security posture primarily due to its unprotected entry points.  While the plugin demonstrates good practices in its database interactions by using prepared statements exclusively, and it does not appear to have a history of known vulnerabilities, the static analysis reveals significant weaknesses.  A substantial portion of its output is not properly escaped, and critically, all four AJAX handlers lack authentication checks.  This creates a large attack surface where unauthorized users could potentially interact with these endpoints.  Furthermore, the taint analysis, while not revealing critical or high-severity vulnerabilities, did identify unsanitized paths in all analyzed flows, which warrants attention.  The presence of a dangerous function like `ini_set` further contributes to potential risks if not handled with extreme care.  In conclusion, the plugin has some positive technical aspects, but the lack of authorization on its AJAX endpoints and the prevalence of unescaped output represent significant security risks that need immediate remediation.",[361,363,365,368,370],{"reason":362,"points":108},"AJAX handlers without auth checks",{"reason":364,"points":317},"Output escaping not properly handled (45%)",{"reason":366,"points":367},"Taint analysis: flows with unsanitized paths",5,{"reason":369,"points":186},"Use of dangerous function: ini_set",{"reason":371,"points":372},"Missing nonce checks on AJAX",7,"2026-04-16T13:11:58.194Z",{"wat":375,"direct":394},{"assetPaths":376,"generatorPatterns":384,"scriptPaths":385,"versionParams":386},[377,378,379,380,381,382,383],"\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fcss\u002Fwptpsa-frontend.css","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fwptpsa.js","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fbootstrap\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fbootstrap\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fjscolor.js","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fthemepaste-secure-admin\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.min.js",[],[378,380,381,383],[387,388,389,390,391,392,393],"wptpsa-secure-admin\u002Fcss\u002Fwptpsa-frontend.css?v=","wptpsa-secure-admin\u002Fjs\u002Fwptpsa.js?v=","wptpsa-secure-admin\u002Fjs\u002Fbootstrap\u002Fbootstrap.min.css?v=","wptpsa-secure-admin\u002Fjs\u002Fbootstrap\u002Fbootstrap.min.js?v=","wptpsa-secure-admin\u002Fjs\u002Fjscolor.js?v=","wptpsa-secure-admin\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.min.css?v=","wptpsa-secure-admin\u002Fjs\u002Fdatatable\u002Fjquery.dataTables.min.js?v=",{"cssClasses":395,"htmlComments":396,"htmlAttributes":397,"restEndpoints":398,"jsGlobals":399,"shortcodeOutput":401},[],[],[],[],[400],"wptpsa_version",[],{"error":176,"url":403,"statusCode":404,"statusMessage":405,"message":405},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fthemepaste-secure-admin\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":407,"versions":408},2,[409,414],{"version":6,"download_url":23,"svn_tag_url":410,"released_at":25,"has_diff":172,"diff_files_changed":411,"diff_lines":25,"trac_diff_url":412,"vulnerabilities":413,"is_current":176},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fthemepaste-secure-admin\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fthemepaste-secure-admin%2Ftags%2F1.0&new_path=%2Fthemepaste-secure-admin%2Ftags%2F1.1",[],{"version":415,"download_url":416,"svn_tag_url":417,"released_at":25,"has_diff":172,"diff_files_changed":418,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":419,"is_current":172},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemepaste-secure-admin.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fthemepaste-secure-admin\u002Ftags\u002F1.0\u002F",[],[]]