[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fj0lMH0LCtEo2rrdoNUfQTAcYvqbaRJEYeFQh9ygGt9g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":75,"fingerprints":186},"unoapp-protects-wp-admin","Unoapp Protect WP Admin","1.1","Kartik Busa","https:\u002F\u002Fprofiles.wordpress.org\u002Funoapp\u002F","\u003Cp>Many time sites hacked by admin access because it’s common URL for all wp-admin, this unoapp protect wp admin gives advanced security against hackers.\u003C\u002Fp>\n\u003Cp>Are you seeing a lot of attacks on your WordPress admin area? Protecting the admin area from unauthorized access allows you to block many common security threats\u003Cbr \u002F>\nunoapp protect wp admin helps solve this problem by allowing webmasters to customize their admin panel URL and access allows only selected ips.\u003C\u002Fp>\n\u003Cp>After installed and configured unoapp protect wp admin plugin, administrator able to change the “sitename.com\u002Fwp-admin” link into “sitename.com\u002Fcustom-admin”.\u003C\u002Fp>\n\u003Cp>The plugin also restrict admin access by multiple ips based\u003C\u002Fp>\n\u003Cp>** NOTE: You should keed backup your database before activating this plugin.**\u003Cbr \u002F>\nfor some reason, you find it necessary to restore your database from these backups.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Option to change custom wp-admin into both sides after logged in and before login URL(i.e http:\u002F\u002Fyourdomain.com\u002Fcustom-admin)\u003C\u002Fli>\n\u003Cli>Automatically change “Register” page URL\u003C\u002Fli>\n\u003Cli>Automatically change “Lost Password” page URL\u003C\u002Fli>\n\u003Cli>Restrict applied for registered non-admin users from wp-admin\u003C\u002Fli>\n\u003Cli>Allow admin access by defining comma separated multiple ips\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cp>1) Save the slug.\u003C\u002Fp>\n\u003Cp>2) Please put below two lines code in your wp-config.php file above of Absolute path (ABSPATH).\u003C\u002Fp>\n\u003Cp>define(‘WP_ADMIN_DIR’, ‘office-admin’);\u003C\u002Fp>\n\u003Cp>define(‘ADMIN_COOKIE_PATH’, SITECOOKIEPATH . WP_ADMIN_DIR);\u003C\u002Fp>\n\u003Cp>3)\u003Cbr \u002F>\nSometimes it’s issuing while permalink settings not updated.\u003Cbr \u002F>\nSome time .htaccess not updated due to permission issue, permalink issue or some other security plugins, in that case, you can update .htaccess manually.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># BEGIN WordPress\n\u003CIfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase \u002F\nRewriteRule ^index\\.php$ - [L]\nRewriteRule ^custom-admin\u002F(.*) wp-admin\u002F$1?%{QUERY_STRING} [L]\nRewriteRule ^custom-admin\u002F?$ wp-login.php [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . \u002Findex.php [L]\n\u003C\u002FIfModule>\n# END WordPress\n\u003C\u002Fcode>\u003C\u002Fpre>\n","unoapp protect wp admin allows access for you only by URL change and access on IP based.",0,1301,"2022-05-19T09:50:00.000Z","5.9.13","4.0","5.2.4",[18,19,20,21,22],"change-wp-admin-slug","ip-based-login","protect-wordpress-admin","secure-wordpress-admin","unoapp-protect-wp-admin","http:\u002F\u002Fwww.unoapp.com\u002Fwp-plugins\u002Funoapp-protects-wp-admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funoapp-protects-wp-admin.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"unoapp",1,30,84,"2026-04-04T07:06:13.161Z",[36,59],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":57,"vuln_count":31,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"echbay-admin-security","EchBay Admin Security","1.3.1","Dao Quoc Dai","https:\u002F\u002Fprofiles.wordpress.org\u002Fitvn9online\u002F","\u003Cp>If you run a WordPress website, you should absolutely use echbay-admin-security to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin helps solve this problem by allowing webmasters to setup PIN number or password for login page.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fitvn9online\u002F5\" rel=\"nofollow ugc\"> Thanks for donate \u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect Your Website Admin Against Hackers & Modify Login Page Design ( Nhiệm vụ: chặn mọi truy cập trực tiếp vào trang quản trị wordpress dưới dạ …",100,11190,"2025-11-28T02:58:00.000Z","6.9.4","4.8","",[51,52,20,53,54],"change-admin-url","change-wp-admin-url","rename-admin-url","secure-admin","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwordpresseb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechbay-admin-security.zip",99,"2025-11-20 19:30:13",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":11,"num_ratings":11,"last_updated":49,"tested_up_to":68,"requires_at_least":69,"requires_php":49,"tags":70,"homepage":49,"download_link":73,"security_score":44,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":74},"login-by-ip-authentication","Login By IP Authentication","0.1","DotsquaresLtd","https:\u002F\u002Fprofiles.wordpress.org\u002Fdswpsupport\u002F","\u003Cp>The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associate multiple IPs separated with comma(,) character.\u003C\u002Fp>\n\u003Ch4>General Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP Restricted login.\u003C\u002Fli>\n\u003Cli>You can set multiple IPs for a user to allow login from multiple IPs.\u003C\u002Fli>\n\u003Cli>Lightweight.\u003C\u002Fli>\n\u003C\u002Ful>\n","The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associ …",1031,"4.9.29","3.0",[71,19,72],"ip-authentication","login-with-ip-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-by-ip-authentication.zip","2026-03-15T10:48:56.248Z",{"attackSurface":76,"codeSignals":145,"taintFlows":173,"riskAssessment":174,"analyzedAt":185},{"hooks":77,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":11,"unprotectedCount":11},[78,84,88,92,96,99,106,110,114,117,121,124,127,131,136,139],{"type":79,"name":80,"callback":81,"file":82,"line":83},"action","admin_menu","init_unopwa_admin_menu","unoapp-protects-wp-admin.php",22,{"type":79,"name":85,"callback":86,"file":82,"line":87},"admin_init","init_unopwa_options_fields",34,{"type":79,"name":89,"callback":90,"priority":31,"file":82,"line":91},"wp_logout","unopwa_auto_redirect_external_after_logout",46,{"type":79,"name":93,"callback":94,"file":82,"line":95},"admin_notices","permalink_structure_admin_notice",178,{"type":79,"name":85,"callback":97,"file":82,"line":98},"unopwa_flush_rewrite_rules",253,{"type":100,"name":101,"callback":102,"priority":103,"file":104,"line":105},"filter","lostpassword_url","unopwa_lostpassword_url",10,"unopwa-class.php",31,{"type":100,"name":107,"callback":108,"priority":103,"file":104,"line":109},"login_url","unopwa_login_url",32,{"type":100,"name":111,"callback":112,"priority":103,"file":104,"line":113},"register_url","unopwa_register_page",33,{"type":79,"name":115,"callback":116,"file":104,"line":87},"login_enqueue_scripts","unopwa_load_jquery",{"type":79,"name":118,"callback":119,"file":104,"line":120},"init","init_unopwa_admin_rewrite_rules",35,{"type":79,"name":118,"callback":122,"file":104,"line":123},"unopwa_admin_url_redirect_conditions",36,{"type":79,"name":118,"callback":125,"priority":31,"file":104,"line":126},"unopwa_front_secure_admin",37,{"type":100,"name":128,"callback":129,"priority":103,"file":104,"line":130},"site_url","unopwa_wpadmin_filter",38,{"type":79,"name":132,"callback":133,"priority":134,"file":104,"line":135},"login_footer","unopwa_custom_script",5,39,{"type":79,"name":85,"callback":137,"priority":31,"file":104,"line":138},"unopwa_back_secure_admin",215,{"type":79,"name":85,"callback":137,"priority":31,"file":104,"line":140},225,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":152,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":31,"bundledLibraries":172},[],{"prepared":11,"raw":31,"locations":148},[149],{"file":104,"line":150,"context":151},18,"$wpdb->get_results() with variable interpolation",{"escaped":153,"rawEcho":153,"locations":154},8,[155,158,160,162,164,166,168,170],{"file":82,"line":156,"context":157},90,"raw output",{"file":82,"line":159,"context":157},104,{"file":82,"line":161,"context":157},118,{"file":82,"line":163,"context":157},125,{"file":82,"line":165,"context":157},132,{"file":82,"line":167,"context":157},140,{"file":104,"line":169,"context":157},72,{"file":104,"line":171,"context":157},91,[],[],{"summary":175,"deductions":176},"The plugin 'unoapp-protects-wp-admin' v1.1 exhibits a generally strong security posture based on the static analysis provided. The absence of identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant positive.  Furthermore, the lack of dangerous functions, file operations, external HTTP requests, and taint analysis issues further reinforces this good security practice.  However, a notable concern arises from the single SQL query not utilizing prepared statements, which presents a potential SQL injection vulnerability.  The low percentage of properly escaped output (50%) also indicates a risk of cross-site scripting (XSS) vulnerabilities. The vulnerability history being entirely clear is a positive indicator, suggesting that the developers may be actively maintaining the plugin or that it hasn't been a target of significant past exploits. Despite the clear vulnerability history, the presence of unescaped output and raw SQL queries points to areas where improvements are needed to achieve a robust security profile.",[177,180,183],{"reason":178,"points":179},"SQL query not using prepared statements",7,{"reason":181,"points":182},"Low percentage of properly escaped output",6,{"reason":184,"points":134},"Missing nonce checks","2026-03-17T06:30:10.537Z",{"wat":187,"direct":196},{"assetPaths":188,"generatorPatterns":191,"scriptPaths":192,"versionParams":193},[189,190],"\u002Fwp-content\u002Fplugins\u002Funoapp-protects-wp-admin\u002Fcss\u002Funopwa-style.css","\u002Fwp-content\u002Fplugins\u002Funoapp-protects-wp-admin\u002Fjs\u002Funopwa-script.js",[],[190],[194,195],"unoapp-protects-wp-admin\u002Fcss\u002Funopwa-style.css?ver=","unoapp-protects-wp-admin\u002Fjs\u002Funopwa-script.js?ver=",{"cssClasses":197,"htmlComments":200,"htmlAttributes":203,"restEndpoints":210,"jsGlobals":211,"shortcodeOutput":216},[198,199],"unopwa-setting","unopwa-tab",[201,202],"\u003C!-- Start Options Form -->","\u003C!-- General Setting -->",[204,205,206,207,208,209],"id=\"unopwa-settings-form-admin\"","id=\"div-unopwa-general\"","id=\"check_permalink\"","id=\"unopwa_active\"","id=\"unopwa_rewrite_text\"","id=\"unopwa_ips\"",[],[212,213,214,215],"window.unopwa_preview","window.unopwa_rewrite_text","var unopwa_preview","var unopwa_rewrite_text",[]]