[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1d_YximRXBQUj7iHi7eXQuNyf8vXeeaTQRCDT4MFPrY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":145,"fingerprints":214},"tiny-2fa","Tiny 2FA + Brute Force Protection","0.3","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa\u002Fissues\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is probably the 2FA plugin you’re looking for.\u003C\u002Fp>\n\u003Cp>Secure, private, and \u003Cem>lightweight\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>Integrates into WordPress like a native feature.\u003C\u002Fp>\n\u003Ch4>Proactive vs Reactive Security\u003C\u002Fh4>\n\u003Cp>Prevents attacks instead of reacting to them. The best breach is the one that never happens.\u003C\u002Fp>\n\u003Ch4>How it Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to \u003Cem>Users > Profile > Two-Factor Authentication\u003C\u002Fem> (near the bottom)\u003C\u002Fli>\n\u003Cli>Check the box next to “Enable 2FA” and click “Update Profile”\u003C\u002Fli>\n\u003Cli>2FA and Backup Codes are now enabled\u003C\u002Fli>\n\u003Cli>Scan the QR code or manually enter the secret key into your auth app of choice (and be sure to rename the generic site name “2FA” to something more useful)\u003C\u002Fli>\n\u003Cli>Once successful login with a 2FA code from your app has been confirmed, you should disable Backup Codes\u003C\u002Fli>\n\u003Cli>Brute force protection is enabled by default and can be managed site-wide by admins in profile settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Backup Codes have been rethought from the usual method you might be used to. Read more about that in the FAQ below.\u003C\u002Fp>\n\u003Ch4>Need Support?\u003C\u002Fh4>\n\u003Cp>Ask for help \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa\u002Fissues\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","A simple two-factor authentication plugin that just works.",10,316,0,"2026-01-23T06:59:00.000Z","6.8.5","5.0","7.4",[19,20,21,22],"2fa","login","mfa","security","https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Ftiny-2fa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftiny-2fa.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"webguyio",30,52370,629,79,"2026-04-05T18:37:33.603Z",[37,60,80,101,123],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":52,"download_link":57,"security_score":47,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":27},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","6.9.4","3.0","",[19,54,55,56,22],"brute-force","firewall","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":50,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"two-factor","Two Factor","0.15.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>The Two-Factor plugin adds an extra layer of security to your WordPress login by requiring users to provide a second form of authentication in addition to their password.  This helps protect against unauthorized access even if passwords are compromised.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Each user must individually configure their two-factor authentication settings.  There are no site-wide settings for this plugin.\u003C\u002Fp>\n\u003Ch3>For Individual Users\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Navigate to your profile\u003C\u002Fstrong>: Go to “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile” in the WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find Two-Factor Options\u003C\u002Fstrong>: Scroll down to the “Two-Factor Options” section\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose your methods\u003C\u002Fstrong>: Enable one or more authentication providers (noting a site admin may have hidden one or more so what is available could vary):\n\u003Cul>\n\u003Cli>\u003Cstrong>Authenticator App (TOTP)\u003C\u002Fstrong> – Use apps like Google Authenticator, Authy, or 1Password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Codes\u003C\u002Fstrong> – Receive one-time codes via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FIDO U2F Security Keys\u003C\u002Fstrong> – Use physical security keys (requires HTTPS)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup Codes\u003C\u002Fstrong> – Generate one-time backup codes for emergencies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dummy Method\u003C\u002Fstrong> – For testing purposes only (requires WP_DEBUG)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure each method\u003C\u002Fstrong>: Follow the setup instructions for each enabled provider\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Set primary method\u003C\u002Fstrong>: Choose which method to use as your default authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save changes\u003C\u002Fstrong>: Click “Update Profile” to save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For Site Administrators\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No global settings\u003C\u002Fstrong>: This plugin operates on a per-user basis only. For more, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Ftwo-factor\u002Fissues\u002F249\" rel=\"nofollow ugc\">GH#249\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User management\u003C\u002Fstrong>: Administrators can configure 2FA for other users by editing their profiles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security recommendations\u003C\u002Fstrong>: Encourage users to enable backup methods to prevent account lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Available Authentication Methods\u003C\u002Fh3>\n\u003Ch3>Authenticator App (TOTP) – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Time-based one-time passwords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Scan QR code with authenticator app\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with Google Authenticator, Authy, 1Password, and other TOTP apps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Most users, provides excellent security with good usability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Backup Codes – Recommended\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time use codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Generate 10 backup codes for emergency access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works everywhere, no special hardware needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Emergency access when other methods are unavailable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Email Codes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: Medium – One-time codes sent via email\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Automatic – uses your WordPress email address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatibility\u003C\u002Fstrong>: Works with any email-capable device\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users who prefer email-based authentication\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>FIDO U2F Security Keys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: High – Hardware-based authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Register physical security keys (USB, NFC, or Bluetooth)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Requirements\u003C\u002Fstrong>: HTTPS connection required, compatible browser needed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser Support\u003C\u002Fstrong>: Chrome, Firefox, Edge (varies by key type)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Users with security keys who want maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dummy Method\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>: None – Always succeeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup\u003C\u002Fstrong>: Only available when WP_DEBUG is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Testing and development only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Best for\u003C\u002Fstrong>: Developers testing the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Ch3>HTTPS Requirement\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F Security Keys require an HTTPS connection to function\u003C\u002Fli>\n\u003Cli>Other methods work on both HTTP and HTTPS sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Browser Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>FIDO U2F requires a compatible browser and may not work on all devices\u003C\u002Fli>\n\u003Cli>TOTP and email methods work on all devices and browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Account Recovery\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Always enable backup codes to prevent being locked out of your account\u003C\u002Fli>\n\u003Cli>If you lose access to all authentication methods, contact your site administrator\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Best Practices\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use multiple authentication methods when possible\u003C\u002Fli>\n\u003Cli>Keep backup codes in a secure location\u003C\u002Fli>\n\u003Cli>Regularly review and update your authentication settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about two-factor authentication in WordPress, see the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fadvanced-administration\u002Fsecurity\u002Fmfa\u002F\" rel=\"nofollow ugc\">WordPress Advanced Administration Security Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For more history, see \u003Ca href=\"https:\u002F\u002Fgeorgestephanis.wordpress.com\u002F2013\u002F08\u002F14\u002Ftwo-cents-on-two-factor\u002F\" rel=\"nofollow ugc\">this post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Actions & Filters\u003C\u002Fh4>\n\u003Cp>Here is a list of action and filter hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>two_factor_providers\u003C\u002Fcode> filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_providers_for_user\u003C\u002Fcode> filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object \u003Ccode>WP_User\u003C\u002Fcode> is available as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_enabled_providers_for_user\u003C\u002Fcode> filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_authenticated\u003C\u002Fcode> action which receives the logged in \u003Ccode>WP_User\u003C\u002Fcode> object as the first argument for determining the logged in user right after the authentication workflow.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_user_api_login_enable\u003C\u002Fcode> filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_ttl\u003C\u002Fcode> filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the \u003Ccode>WP_User\u003C\u002Fcode> object being authenticated.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_email_token_length\u003C\u002Fcode> filter overrides the default 8 character count for email tokens.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_backup_code_length\u003C\u002Fcode> filter overrides the default 8 character count for backup codes. Provides the \u003Ccode>WP_User\u003C\u002Fcode> of the associated user as the second argument.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_rest_api_can_edit_user\u003C\u002Fcode> filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current \u003Ccode>$can_edit\u003C\u002Fcode> boolean, the second argument is the user ID.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_before_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires prior to the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode> action which receives the provider object and fires after the prompt shown on the authentication input form.\u003C\u002Fli>\n\u003Cli>\u003Ccode>two_factor_after_authentication_input\u003C\u002Fcode>action which receives the provider object and fires after the input shown on the authentication input form (if form contains no input, action fires immediately after \u003Ccode>two_factor_after_authentication_prompt\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.",100000,1526344,96,199,"2026-02-17T13:21:00.000Z","6.8","7.2",[19,76,21,22,77],"authentication","totp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor.0.15.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":52,"download_link":99,"security_score":100,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[19,97,56,22,98],"captcha","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":50,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":70,"vuln_count":121,"unpatched_count":13,"last_vuln_date":122,"fetched_at":27},"wp-hide-security-enhancer","WP Hide & Security Enhancer","2.8.3","nsp-code","https:\u002F\u002Fprofiles.wordpress.org\u002Fnsp-code\u002F","\u003Cp>Effortlessly conceal your WordPress site from detection! With over 99.99% of hacks targeting specific plugin and theme vulnerabilities, this plugin significantly boosts site security by making it invisible to hackers’ web scanners.\u003C\u002Fp>\n\u003Cp>By removing all traces of WordPress, including themes and plugins, potential exploits are rendered harmless. This method ensures that your site is safe without affecting SEO; in fact, it can enhance certain SEO aspects when used strategically.\u003C\u002Fp>\n\u003Cp>WP-Hide has launched the \u003Cstrong>easiest way to completely hide your WordPress\u003C\u002Fstrong> core files, login page, theme and plugins paths from being shown on front side. This is a huge improvement over Site Security, since no one will know whether you are running or not a WordPress. It also provides a simple way to clean up html by removing all WordPress fingerprints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No file and directory change!\u003C\u002Fstrong>\u003Cbr \u002F>\nNo file and directory will be changed anywhere. Everything is processed virtually. The plugin code uses URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically without user intervention required at all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Real hide of WordPress core files and plugins\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin not only allows you to change default URLs of you WordPress, but it also hides\u002Fblocks such defaults. Other similar plugins, just change the slugs, but the defaults are still accessible, obviously revealing WordPress as CMS.\u003C\u002Fp>\n\u003Cp>You can change the default WordPress login URL from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to guess a login and hack into your site. It becomes totally invisible.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPJstAU34SlQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Full plugin documentation available at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>When testing with WordPress theme and plugins detector services\u002Fsites, any setting change may not reflect right away on their reports, since they use cache. So, you may want to check again later, or try a different inner URL. Homepage URL usage is not mandatory.\u003C\u002Fp>\n\u003Cp>Being the best content management system, widely used, WordPress is susceptible to a large range of hacking attacks including brute-force, SQL injections, XSS, XSRF etc. Despite the fact the WordPress core is a very secure code maintained by a team of professional enthusiast, the additional plugins and themes make ita vulnerable spot for every website. In many cases, those are created by pseudo-developers who do not follow the best coding practices or simply do not own the experience to create a secure plugin.\u003Cbr \u002F>\nStatistics reveal that every day new vulnerabilities are discovered, many affecting hundreds of thousands of WordPress websites.\u003Cbr \u002F>\nOver 99,9% of hacked WordPress websites are target of automated malware scripts, which search for certain WordPress fingerprints. This plugin hides or replaces those traces, making the hacking bots attacks useless.\u003C\u002Fp>\n\u003Cp>It works well with custom WordPress directory structures,e.g. custom plugins, themes, and upload folders.\u003C\u002Fp>\n\u003Cp>Once configured, you need to \u003Cstrong>clear server cache data and\u002For any cache plugins\u003C\u002Fstrong> (e.g. W3 Cache), for a new html data to be created. If you use CDN this should be cache clear as well.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample usage\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F192011678\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Main plugin functionality:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customizes Admin URL\u003C\u002Fli>\n\u003Cli>Blocks default admin URL\u003C\u002Fli>\n\u003Cli>Blocks any direct folder access to completely hide the structure\u003C\u002Fli>\n\u003Cli>Customize wp-login.php filename\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Email Verification Code\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Authenticator App\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Recovery Codes\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – Shortcode for front-side user settings interface\u003C\u002Fli>\n\u003Cli>2FA – Two-factor Authentication – My Account > Account Details – area for 2FA user settings interface\u003C\u002Fli>\n\u003Cli>Google Captcha \u003C\u002Fli>\n\u003Cli>Blocks default wp-login.php\u003C\u002Fli>\n\u003Cli>Blocks default wp-signup.php\u003C\u002Fli>\n\u003Cli>Blocks XML-RPC API\u003C\u002Fli>\n\u003Cli>Creates New XML-RPC paths\u003C\u002Fli>\n\u003Cli>Adjusts theme URL\u003C\u002Fli>\n\u003Cli>Creates New child Theme URL\u003C\u002Fli>\n\u003Cli>Changes theme style file name\u003C\u002Fli>\n\u003Cli>Cleans any headers for theme style file\u003C\u002Fli>\n\u003Cli>Customizes wp-include \u003C\u002Fli>\n\u003Cli>Blocks default wp-include paths\u003C\u002Fli>\n\u003Cli>Blocks default wp-content\u003C\u002Fli>\n\u003Cli>Customizes plugins URL\u003C\u002Fli>\n\u003Cli>Changes Individual plugin URL \u003C\u002Fli>\n\u003Cli>Blocks default plugins paths\u003C\u002Fli>\n\u003Cli>Creates New upload URL\u003C\u002Fli>\n\u003Cli>Blocks default upload URL\u003C\u002Fli>\n\u003Cli>Removes WordPress version\u003C\u002Fli>\n\u003Cli>Blocks Meta Generator\u003C\u002Fli>\n\u003Cli>Disables the emoji and required javascript code\u003C\u002Fli>\n\u003Cli>Removes pingback tag\u003C\u002Fli>\n\u003Cli>Removes wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Removes rsd_link Meta\u003C\u002Fli>\n\u003Cli>Removes wpemoji\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Minifies Html, Css, JavaScript\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Security Headers\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other plugin functionality will be blocked or interfered in any way by WP-Hide\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows to change the default Admin URL from \u003Cstrong>wp-login.php\u003C\u002Fstrong> and \u003Cstrong>wp-admin\u003C\u002Fstrong> to something else. All original links turn the default theme to “404 Not Found” page, as if nothing exists there. Besides the huge security advantage, the WP-Hide plugin saves lots of server processing time by reducing php code and MySQL usage since brute-force attacks target the weakURL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> Compared to all other similar plugins which mainly use redirects, this plugin turns a default theme to“404 error” page for all \u003Cstrong>blocked URL\u003C\u002Fstrong> functionalities, without revealing the link existence at all.\u003C\u002Fp>\n\u003Cp>Since version 1.2, WP-Hide change individual plugin URLs and made them unrecognizable. For example,the change of the default WooCommerce plugin URL and its dependencies from domain.com\u002Fwp-content\u002Fplugins\u002Fwoocommerce\u002F into domain.com\u002Fecommerce\u002Fcdn\u002F or anything customized.\u003C\u002Fp>\n\u003Ch4>Plugin Sections\u003C\u002Fh4>\n\u003Cp>**Hide -> Scan\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exhaustive system security examination with analysis and improvements guidance and fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Theme\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Theme Path – Changes default theme path\u003C\u002Fli>\n\u003Cli>New Style File Path – Changes default style file name and path\u003C\u002Fli>\n\u003Cli>Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003Cli>Child – New Theme Path – Changes default child theme path\u003C\u002Fli>\n\u003Cli>Child – New Style File Path – Changes child theme style-sheet file path and name\u003C\u002Fli>\n\u003Cli>Child – Remove description header from Style file – Replaces any WordPress metadata information (like theme name, version etc.,) from style file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP includes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Include Path – Changes default wp-include path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-include URL – Blocks default wp-include URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > WP content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Content Path – Change default wp-content path\u002FURL\u003C\u002Fli>\n\u003Cli>Block wp-content URL – Blocks the default content URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Plugin Path – Changes default wp-content\u002Fplugins path\u002FURL\u003C\u002Fli>\n\u003Cli>Block plugin URL – Blocks default wp-content\u002Fplugins URL\u003C\u002Fli>\n\u003Cli>New path \u002F URL for Every Active Plugin\u003C\u002Fli>\n\u003Cli>Customize path and name for any active plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Uploads\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Upload Path – Changes default media files path\u002FURL\u003C\u002Fli>\n\u003Cli>Block upload URL – Blocks default media files URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Comments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-comments-post.php Path\u003C\u002Fli>\n\u003Cli>Block wp-comments-post.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Author\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Author Path\u003C\u002Fli>\n\u003Cli>Prevent Access to Author Archives\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Search\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Search Path\u003C\u002Fli>\n\u003Cli>Block default path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > XML-RPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New XML-RPC Path – Changes default XML-RPC path \u002F URL\u003C\u002Fli>\n\u003Cli>Block default xmlrpc.php – Blocks default XML-RPC URL\u003C\u002Fli>\n\u003Cli>Disable XML-RPC authentication – Filters whether XML-RPC methods require authentication\u003C\u002Fli>\n\u003Cli>Remove pingback – Removes pingback link tag from theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > JSON REST\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clean the REST API response\u003C\u002Fli>\n\u003Cli>Disable JSON REST V1 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Disable JSON REST V2 service – Disables an API service for WordPress which is active by default\u003C\u002Fli>\n\u003Cli>Block any JSON REST calls – Any call for JSON REST API service will be blocked\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Disable JSON REST WP RSD endpoint from XML-RPC responses\u003C\u002Fli>\n\u003Cli>Disable Sends a Link header for the REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > Root Files\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block license.txt – Blocks access to license.txt root file\u003C\u002Fli>\n\u003Cli>Block readme.html – Blocks access to readme.html root file\u003C\u002Fli>\n\u003Cli>Block wp-activate.php – Blocks access to wp-activate.php file\u003C\u002Fli>\n\u003Cli>Block wp-cron.php – Blocks outside access to wp-cron.php file\u003C\u002Fli>\n\u003Cli>Block wp-signup.php – Blocks default wp-signup.php file\u003C\u002Fli>\n\u003Cli>Block other wp-*.php files – Blocks other wp-.php files within WordPress Root\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Rewrite > URL Slash\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>URL’s add Slash – Add a slash to any links without it. This disguisesthe existence of a file, folder or a wrong URL, which will all be slashed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Core\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabling Directory Listing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Meta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Other Generator Meta\u003C\u002Fli>\n\u003Cli>Remove Shortlink Meta\u003C\u002Fli>\n\u003Cli>Remove DNS Prefetch\u003C\u002Fli>\n\u003Cli>Remove Resource Hints\u003C\u002Fli>\n\u003Cli>Remove wlwmanifest Meta\u003C\u002Fli>\n\u003Cli>Remove feed_links Meta\u003C\u002Fli>\n\u003Cli>Disable output the REST API link tag into page header\u003C\u002Fli>\n\u003Cli>Remove rsd_link Meta\u003C\u002Fli>\n\u003Cli>Remove adjacent_posts_rel Meta\u003C\u002Fli>\n\u003Cli>Remove profile link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Block Detectors\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block Detectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Emulate CMS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Emulate CMS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Admin Bar\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Admin Bar for specified urser roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Feed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove feed|rdf|rss|rss2|atom links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Robots.txt\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable admin URL within Robots.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Emoji\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Emoji\u003C\u002Fli>\n\u003Cli>Disable TinyMC Emoji\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Styles\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003Cli>Remove ID from link tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Scripts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Oembed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Oembed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Link Header\u003C\u002Fli>\n\u003Cli>Remove X-Powered-By Header\u003C\u002Fli>\n\u003Cli>Remove Server Header\u003C\u002Fli>\n\u003Cli>Remove X-Pingback Header\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove HTML Comments\u003C\u002Fli>\n\u003Cli>Minify Html, CSS, JavaScript\u003C\u002Fli>\n\u003Cli>Remove general classes from body tag\u003C\u002Fli>\n\u003Cli>Remove ID from Menu items\u003C\u002Fli>\n\u003Cli>Remove class from Menu items\u003C\u002Fli>\n\u003Cli>Remove general classes from post\u003C\u002Fli>\n\u003Cli>Remove general classes from images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> General \u002F Html > User Interactions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable Mouse right click\u003C\u002Fli>\n\u003Cli>Disable Text Selection\u003C\u002Fli>\n\u003Cli>Disable Copy\u003C\u002Fli>\n\u003Cli>Disable Cut\u003C\u002Fli>\n\u003Cli>Disable Paste\u003C\u002Fli>\n\u003Cli>Disable Print\u003C\u002Fli>\n\u003Cli>Disable Print Screen\u003C\u002Fli>\n\u003Cli>Disable Developer Tools\u003C\u002Fli>\n\u003Cli>Disable View Source\u003C\u002Fli>\n\u003Cli>Disable Drag \u002F Drop\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > wp-login.php\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New wp-login.php – Maps a new wp-login.php instead of the default one\u003C\u002Fli>\n\u003Cli>Block default wp-login.php – Blocks default wp-login.php file from being accessible\u003C\u002Fli>\n\u003Cli>Customize the default login page Logo image \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hide -> Admin > Admin URL\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Admin URL – Creates a new admin URL instead of the default ”\u002Fwp-admin”. This also applies for admin-ajax.php calls\u003C\u002Fli>\n\u003Cli>Disable customized Admin Url redirect to the Login page\u003C\u002Fli>\n\u003Cli>Block default Admin Url – Blocks default admin URL and files from being accessible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable 2FA\u003C\u002Fli>\n\u003Cli>Enable the 2FA for specific roles\u003C\u002Fli>\n\u003Cli>Enforce User to Configure 2FA\u003C\u002Fli>\n\u003Cli>Primary option for Two-Factor\u003C\u002Fli>\n\u003Cli>Disable 2FA when using Temporary Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Email\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Auth App\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate Authenticator app (TOTP)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> 2FA Recovery Codes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Activate 2FA Recovery Codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Captcha\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Captcha V2\u003C\u002Fli>\n\u003Cli>Google Captcha V3\u003C\u002Fli>\n\u003Cli>CloudFlare Turnstile ( PRO )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Settings -> CDN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CDN Url – Sets-up CDN if applied. Some providers replace site assets with custom URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security -> Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>HTTP Response Headers are a powerful tool to Harden Your Website Security.\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* X-Download-Options\u003Cbr \u002F>\n* X-Frame-Options (XFO)\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* X-XSS-Protection\u003C\u002Fp>\n\u003Cp>This free version works with Apache and IIS server types. For all server types, check with \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a basic version that can hide everything for basic sites, example \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa>. When using complex plugins and themes, the WP Hide PRO may be required. We provide free assistance to hide everything on your site, along with the commercial product.\u003C\u002Fp>\n\u003Cp>Anything wrong with this plugin on your site? Just use the forum or get in touch with us at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact\u003C\u002Fa> and we’ll check it out.\u003C\u002Fp>\n\u003Cp>A website example can be found at \u003Ca href=\"https:\u002F\u002Fdemo.wp-hide.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.wp-hide.com\u002F\u003C\u002Fa> or our website \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WP Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Plugin homepage at \u003Ca href=\"https:\u002F\u002Fwp-hide.com\u002F\" rel=\"nofollow ugc\">WordPress Hide and Security Enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">Nsp-Code\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Please help and translate this plugin to your language at \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-hide-security-enhancer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You are kindly asked to promote this plugin if it comes up to your expectations via an article on your site or any other place. If you liked this code\u002FWP-Hide or if it helped with your project, why not leave a 5 star review on this board.\u003C\u002Fp>\n","Protect your website by concealing vulnerable WordPress traces, plugins, themes, login\u002Fadmin url. 2FA, Captcha, Firewall, Security Headers etc.",60000,3363758,86,275,"2026-03-06T08:34:00.000Z","4.0","5.4",[19,117,118,20,22],"headers","hide","https:\u002F\u002Fwp-hide.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-security-enhancer.2.8.3.zip",3,"2024-12-05 16:25:18",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":100,"num_ratings":133,"last_updated":134,"tested_up_to":50,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":140,"download_link":141,"security_score":142,"vuln_count":143,"unpatched_count":13,"last_vuln_date":144,"fetched_at":27},"login-with-ajax","Login With Ajax – Fast Logins, 2FA, Redirects","4.5.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>Login With Ajax is for sites that need user logins or registrations and would like to avoid the normal wordpress login pages, or add AJAX effects to the regular login pages. This plugin adds the capability of placing a login widget in the sidebar with smooth AJAX login effects.\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AJAX-powered logins, no screen refreshes!\n\u003Cul>\n\u003Cli>Login\u003C\u002Fli>\n\u003Cli>Registration\u003C\u002Fli>\n\u003Cli>Remember\u002FReset Password\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>PassKeys \u003Cstrong>(new in 4.4)\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Next-Generation security, no passwords required!\u003C\u002Fli>\n\u003Cli>Users can log in without a username AND password.\u003C\u002Fli>\n\u003Cli>Biometric support (fingerprint, face ID, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>2FA – Two-Factor Authentication\n\u003Cul>\n\u003Cli>TOTP – Time-based One-Time Password\u003C\u002Fli>\n\u003Cli>Scan a QR code with popular authenticator apps like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Email – Send a code to the user’s email address\u003C\u002Fli>\n\u003Cli>Backup Codes – Generate and use backup codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Integrate 2FA setup options in other plugin account pages\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>“AJAXify” other login forms\n\u003Cul>\n\u003Cli>Create a better login experience in the default WP login form with AJAX effects for logins, password recovery and registration.\u003C\u002Fli>\n\u003Cli>Regular WP login and registration forms\u003C\u002Fli>\n\u003Cli>WooCommerce login forms\u003C\u002Fli>\n\u003Cli>Events Manager login forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Many ways to display and customize your login form:\n\u003Cul>\n\u003Cli>Gutenberg Blocks\u003C\u002Fli>\n\u003Cli>Full-site editor compatible\u003C\u002Fli>\n\u003Cli>Widgets (classic and blocks)\u003C\u002Fli>\n\u003Cli>Shortcode\u003C\u002Fli>\n\u003Cli>Template Tags\u003C\u002Fli>\n\u003Cli>PHP API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Flexible templates and options\n\u003Cul>\n\u003Cli>Multiple templates to choose from\u003C\u002Fli>\n\u003Cli>Including Modal\u002FPop-Up login forms\u003C\u002Fli>\n\u003Cli>Responsive and Accessible!\u003C\u002Fli>\n\u003Cli>Choose a base color for each individual login form.\u003C\u002Fli>\n\u003Cli>Individual display options via all display methods (e.g. Gutenberg Blocks, Shortcode etc.)\u003C\u002Fli>\n\u003Cli>Create your own upgrade-safe templates, or override our own ones.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Custom Login\u002FLogout redirections\n\u003Cul>\n\u003Cli>Redirect users to custom URLs on Login and Logout\u003C\u002Fli>\n\u003Cli>Redirect users with different roles to custom URLs\u003C\u002Fli>\n\u003Cli>WPML – Language-specific redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Modify registration email templates\u003C\u002Fli>\n\u003Cli>Other Features\n\u003Cul>\n\u003Cli>Disable CSS styling (via shortcode or PHP display methods)\u003C\u002Fli>\n\u003Cli>SSL-compatible\u003C\u002Fli>\n\u003Cli>Fallback mechanism, will still work on javascript-disabled browsers\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, MultiSite, BuddyPress and many other plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Developer Friendly\n\u003Cul>\n\u003Cli>Multiple PHP and JS hooks\u003C\u002Fli>\n\u003Cli>Overridable CSS and JS files\u003C\u002Fli>\n\u003Cli>Easy-to-customize and overridable template files\u003C\u002Fli>\n\u003Cli>Well-documented\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>First released in 2009, the oldest login plugin for WordPress, regularly maintained and updated since then!\u003C\u002Fp>\n\u003Ch4>Pro Add-On Features\u003C\u002Fh4>\n\u003Cp>As of version 4.0, \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002F\" rel=\"nofollow ugc\">we now offer a Pro add-on\u003C\u002Fa> which extends Login With AJAX with multiple new features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Security Features\u003C\u002Fem> – Harden the security of your login forms\n\u003Cul>\n\u003Cli>2FA – Additional Two-Factor Authentication Methods:\u003C\u002Fli>\n\u003Cli>SMS – Send a code to the user’s phone\u003C\u002Fli>\n\u003Cli>WhatsApp – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>Telegram – Send a message, user clicks a button, done!\u003C\u002Fli>\n\u003Cli>reCaptcha (v2, v2 Invisible and v3)\u003C\u002Fli>\n\u003Cli>Login limiter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cem>3rd Party Page Builder Blocks\u002FWidgets\u002FModules\u003C\u002Fem>\n\u003Cul>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>More on the way!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Help\u002FSupport\u003C\u002Fh4>\n\u003Cblockquote>\u003Cp> Version 4 is a major overhaul of the plugin, which has remained largely unchanged for 11 years yet remained a staple tool for logins to WordPress! Changes include a complete rewrite of login templates updated to modern stadnards and practices, as well as new WP features such as Gutenberg Blocks. \u003C\u002Fp>\u003C\u002Fblockquote>\n\u003Cp>If you’re stuck, we strongly suggest visiting our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\u002F\" rel=\"nofollow ugc\">Documentation Site\u003C\u002Fa> which contains exensive information and advice on setup and troubleshooting.\u003C\u002Fp>\n\u003Cp>If you have any problems with the plugin after reading our \u003Ca href=\"https:\u002F\u002Fdoocs.loginwithajax.com\u002Ftroubleshooting\u002F\" rel=\"nofollow ugc\">Troubleshooting\u003C\u002Fa>, please visit our freely supported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Flogin-with-ajax\" rel=\"ugc\">community forums\u003C\u002Fa>, or \u003Ca href=\"https:\u002F\u002Floginwithajax.com\u002Fgopro\u002F\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> for premium support.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Please visit our \u003Ca href=\"https:\u002F\u002Fdocs.loginwithajax.com\" rel=\"nofollow ugc\">documentation site\u003C\u002Fa>, which is regularly and extensively maintained and updated with all the information relevant to getting started, advanced setup and troubleshooting common issues.\u003C\u002Fp>\n","Add beautiful login forms with smooth AJAX login\u002Fregistration effects, 2FA support, custom redrection options and many more login-related features!",20000,1126792,166,"2025-12-03T15:37:00.000Z","4.8","5.2",[19,20,138,139,22],"passkeys","registration","https:\u002F\u002Floginwithajax.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-ajax.4.5.1.zip",97,6,"2024-04-10 00:00:00",{"attackSurface":146,"codeSignals":196,"taintFlows":207,"riskAssessment":208,"analyzedAt":213},{"hooks":147,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":13,"unprotectedCount":13},[148,153,157,160,164,167,171,175,180,184,188],{"type":149,"name":150,"callback":151,"file":152,"line":31},"action","plugins_loaded","tiny_2fa_maybe_migrate","tiny-2fa.php",{"type":149,"name":154,"callback":155,"file":152,"line":156},"show_user_profile","tiny_2fa_render_profile_fields",33,{"type":149,"name":158,"callback":155,"file":152,"line":159},"edit_user_profile",34,{"type":149,"name":161,"callback":162,"file":152,"line":163},"personal_options_update","tiny_2fa_save_profile_settings",35,{"type":149,"name":165,"callback":162,"file":152,"line":166},"edit_user_profile_update",36,{"type":149,"name":168,"callback":169,"file":152,"line":170},"admin_init","tiny_2fa_handle_regenerate",37,{"type":149,"name":172,"callback":173,"file":152,"line":174},"login_form","tiny_2fa_render_login_field",39,{"type":176,"name":177,"callback":178,"priority":31,"file":152,"line":179},"filter","authenticate","tiny_2fa_validate_login",40,{"type":176,"name":177,"callback":181,"priority":182,"file":152,"line":183},"tiny_2fa_check_brute_force",20,42,{"type":149,"name":185,"callback":186,"priority":11,"file":152,"line":187},"wp_login","tiny_2fa_clear_login_attempts",43,{"type":176,"name":189,"callback":190,"file":152,"line":191},"wp_redirect","closure",303,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":200,"fileOperations":203,"externalRequests":13,"nonceChecks":204,"capabilityChecks":205,"bundledLibraries":206},[],{"prepared":13,"raw":13,"locations":199},[],{"escaped":201,"rawEcho":13,"locations":202},23,[],1,2,5,[],[],{"summary":209,"deductions":210},"The \"tiny-2fa\" plugin v0.3 exhibits a strong security posture based on the provided static analysis.  The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a very limited attack surface.  Furthermore, the code demonstrates good development practices with 100% of SQL queries using prepared statements and all output properly escaped. The presence of nonce and capability checks also suggests an effort to secure the plugin's functionality. The plugin also has no recorded vulnerabilities, which is a positive indicator of its historical stability.\n\nDespite the positive findings, there are a few minor points to consider. The presence of a single file operation, while not explicitly flagged as dangerous, could potentially represent a minor risk if not handled with extreme care, especially in regards to path traversal or unintended file modifications.  However, without further details on this file operation or taint analysis results, it's difficult to assess the actual risk.  The complete absence of taint flows analyzed might also suggest that the analysis depth was limited, or that the plugin's structure naturally avoids such complex data flows.  Overall, \"tiny-2fa\" v0.3 appears to be a secure plugin with a minimal attack surface and good coding practices, with no immediate critical vulnerabilities identified.",[211],{"reason":212,"points":204},"File operations detected","2026-03-16T23:49:31.954Z",{"wat":215,"direct":224},{"assetPaths":216,"generatorPatterns":219,"scriptPaths":220,"versionParams":221},[217,218],"\u002Fwp-content\u002Fplugins\u002Ftiny-2fa\u002Fcss\u002Ftiny-2fa.css","\u002Fwp-content\u002Fplugins\u002Ftiny-2fa\u002Fjs\u002Ftiny-2fa.js",[],[218],[222,223],"tiny-2fa\u002Fcss\u002Ftiny-2fa.css?ver=","tiny-2fa\u002Fjs\u002Ftiny-2fa.js?ver=",{"cssClasses":225,"htmlComments":228,"htmlAttributes":235,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":240},[226,227],"tiny-2fa-qr-code","tiny-2fa-login-field-wrapper",[229,230,231,232,233,234],"\u003C!-- Tiny 2FA Encryption Key Backup -->","\u003C!-- Do not edit or delete this file -->","\u003C!-- Tiny 2FA Admin -->","\u003C!-- Tiny 2FA User Profile -->","\u003C!-- Tiny 2FA Login -->","\u003C!-- Tiny 2FA -->",[236],"data-tiny-2fa-secret",[],[239],"tiny_2fa_ajax_object",[]]