[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT-CgegVYOm4OXSNwE3dztgDTniRta_bV3ox0sRuKgco":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":126,"fingerprints":165},"va-simple-basic-auth","VA Simple Basic Auth","1.1.0","kuck1u","https:\u002F\u002Fprofiles.wordpress.org\u002Fkuck1u\u002F","\u003Cp>This plugin the very simple.\u003Cbr \u002F>\nSimply by enabling the plugin can set up a basic auth to dashboard and login page.\u003Cbr \u002F>\nAuth information of Basic Auth is your WordPress user name and password.\u003C\u002Fp>\n\u003Ch4>Requires\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.3 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.4 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute!\u003C\u002Fh4>\n\u003Cp>You can fork the plugin from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvisualive\u002Fva-simple-basic-auth\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Simply by enabling the plugin can set up a basic auth to dashboard and login page.",70,9328,100,1,"2016-09-25T07:53:00.000Z","4.6.30","4.3","",[20,21,22,23,24],"auth","basic-auth","basicauth","security","wp-admin","https:\u002F\u002Fgithub.com\u002FVisuAlive\u002Fva-simple-basic-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fva-simple-basic-auth.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},7,2300,30,84,"2026-04-04T11:51:20.207Z",[39,56,74,92,109],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":28,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":55},"basic-auth-for-wp-admin","Basic Auth for WP-Admin","1.0","Walid Sadfi","https:\u002F\u002Fprofiles.wordpress.org\u002Fevolurise\u002F","\u003Cp>This plugin adds an additional layer of security to your WordPress website by adding a basic authentication HTTP to the wp-admin and wp-login pages. This means that before accessing these pages, users will be prompted to enter a username and password. This can help to prevent unauthorized access to your website’s backend.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was developed by Evolurise (https:\u002F\u002Fwww.evolurise.com\u002F)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.",2481,"6.1.10","3.0","5.6.20",[21,23,52,24],"wp-login","https:\u002F\u002Fwww.evolurise.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-auth-for-wp-admin.zip","2026-03-15T10:48:56.248Z",{"slug":57,"name":58,"version":6,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":14,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"http-basic-auth","HTTP Basic Auth","Grzegorz Rola","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrola\u002F","\u003Cp>With this plugin you can protect your WordPress installation with Basic Auth. Basic Auth can use custom password or WordPress users login data.\u003C\u002Fp>\n\u003Cp>This plugin protects all dynamically generated content: posts, pages, archives, etc. Basic auth does not protect static content like images, scripts and CSS files.\u003C\u002Fp>\n\u003Cp>You can protect: admin area (wp-admin), login page and frontend area.\u003C\u002Fp>\n","Basic Auth for Wordpress.",200,9749,20,"2022-02-27T13:30:00.000Z","5.9.13","4.5","7.0",[20,21,71,57,23],"http-auth","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhttp-basic-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-basic-auth.1.1.0.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":65,"downloaded":82,"rating":28,"num_ratings":28,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":90,"download_link":91,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-similar-basic-auth","WP Similar Basic Auth","0.1.1","256hax","https:\u002F\u002Fprofiles.wordpress.org\u002F256hax\u002F","\u003Cp>Attackers trying to breakthrough WordPress admin page. Basic Authentication helps to prevent attacks.\u003Cbr \u002F>\nBut some case it can’t modify .htaccess or ssl.conf.\u003C\u002Fp>\n\u003Cp>This plugin is useful for servers where prohibition modify Apache conf(.htaccess) or Nginx conf(ssl.conf).\u003Cbr \u002F>\nProtect WordPress admin page on similar Basic Auth. It doesn’t need .htaccess or ssl.conf.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Auth log in with User Name and Password.\u003C\u002Fli>\n\u003Cli>Customization title and message in Login page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin doesn’t replace Basic Authentication. If you can modify .htaccess or ssl.conf, I recommend using that. See differences running layer.\u003C\u002Fp>\n\u003Ch4>Running Layer\u003C\u002Fh4>\n\u003Cp>Fronts-end (ex: CSS, Javascript)\u003Cbr \u002F>\nApplication Plugin \u003Cstrong>\u003C- This plugin\u003C\u002Fstrong>\u003Cbr \u002F>\nApplication (ex: WordPress)\u003Cbr \u002F>\nProgramming language (ex: PHP)\u003Cbr \u002F>\nMiddleware Web (ex: Apache, Nginx) \u003Cstrong>\u003C- .htaccess Basic Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\nMiddleware DB \u002F OS\u003C\u002Fp>\n","Protect WordPress admin page on similar Basic Auth without .htaccess.",2256,"2021-05-29T04:02:00.000Z","5.7.15","5.0","5.6",[20,21,88,89,23],"login","password","https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-similar-basic-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-similar-basic-auth.zip",{"slug":93,"name":94,"version":95,"author":7,"author_profile":8,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":107,"download_link":108,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"va-simple-enhanced-security","VA Simple Enhanced Security","0.4.6","\u003Cp>This plugin will enhance the security of your WordPress.\u003Cbr \u002F>\nThis plugin the very simple.\u003C\u002Fp>\n\u003Ch4>Can do this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Can protect the management screen and login screen in Basic authentication or Digest authentication.\u003C\u002Fli>\n\u003Cli>Change the author base.\u003C\u002Fli>\n\u003Cli>Change to email login from username login.\u003C\u002Fli>\n\u003Cli>Author information is deleted by body_class().\u003C\u002Fli>\n\u003Cli>etc.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will enhance the security of your WordPress.",10,1883,2,"2016-04-05T14:50:00.000Z","4.4.34","4.4",[20,21,22,105,106],"digest-auth","digestauth","https:\u002F\u002Fgithub.com\u002FVisuAlive\u002Fva-simple-enhanced-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fva-simple-enhanced-security.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":28,"downloaded":117,"rating":28,"num_ratings":28,"last_updated":118,"tested_up_to":119,"requires_at_least":18,"requires_php":18,"tags":120,"homepage":124,"download_link":125,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"secure-login-authorization","Secure Login Authorization","1.0.0","ideasToCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fideastocode\u002F","\u003Cp>The Secure Login Authorization plugin provides an added layer of protection to your WordPress login page. By integrating with an external application on your mobile, the plugin ensures that users can only access the login page after being authorized with a unique secret key generated from the WordPress dashboard. This plugin ensures that unauthorized users cannot log in, adding an extra layer of security by requiring both the secret key and time-based validation for successful access.\u003C\u002Fp>\n\u003Ch3>How to use the Plugin?\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FNNghBYGHvmc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Once the plugin is installed on your website, you can find a unique secret key on the plugin’s Settings page. This key is essential for pairing your website with the Secure Login Authorization app, which can be downloaded from the app store.\u003C\u002Fp>\n\u003Cp>After the app is set up, anyone attempting to access your WordPress login page (wp-admin) will require authorization through the app, even if they know the correct username and password. The app gives you full control over login access, allowing you to specify how long user(s) can log in. Additionally, it includes the ability to forcefully log out user(s) from the website at any time.\u003C\u002Fp>\n\u003Cp>By combining the plugin and the app, you add an extra layer of security to your WordPress website. Only authorized users can access the login page, and their access is limited to specific time periods, regardless of whether they know the username and password. This makes Secure Login Authorization an effective solution for protecting your site against unauthorized access.\u003C\u002Fp>\n\u003Ch3>Download the APP\u003C\u002Fh3>\n\u003Cp>To use this plugin you must first download the Android app from the Google Play Store. The app allows you to securely manage login authorizations, grant access to specific users or devices, and define time-based permissions for enhanced control over your site’s security.\u003C\u002Fp>\n\u003Cp>Download Android App: \u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.ideasToCode.SecureLoginAuthorization\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you want to learn more about the plugin – please check our\u003Ca href=\"https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fwp-secure-login-authorization\u002F\" rel=\"nofollow ugc\"> website – ideastocode.com.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin generates QR codes for secret keys, enabling easy use on mobile phones. The QR codes are generated using the Endroid\u002FQR-Code library. By using this feature, you consent to the use of this service.\u003C\u002Fp>\n\u003Cp>License Information: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fendroid\u002Fqr-code?tab=readme-ov-file#license\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>\u003C\u002Fp>\n","This plugin prevents unauthorized logins and sets time limits for users by using app authentication.",501,"2025-12-04T21:14:00.000Z","6.9.4",[121,88,122,123,24],"authorization","protect-login-page","security-plugin","https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fwp-secure-login-authorization\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login-authorization.1.0.0.zip",{"attackSurface":127,"codeSignals":148,"taintFlows":156,"riskAssessment":157,"analyzedAt":164},{"hooks":128,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":28,"unprotectedCount":28},[129,135,140],{"type":130,"name":131,"callback":132,"file":133,"line":134},"action","admin_notices","closure","incs\\back-compat.php",32,{"type":130,"name":136,"callback":137,"priority":28,"file":138,"line":139},"login_init","basic_auth","incs\\class-module-basic-auth.php",50,{"type":130,"name":141,"callback":132,"file":142,"line":143},"plugins_loaded","va-simple-basic-auth.php",53,[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":152,"fileOperations":154,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":155},[],{"prepared":28,"raw":28,"locations":151},[],{"escaped":100,"rawEcho":28,"locations":153},[],3,[],[],{"summary":158,"deductions":159},"Based on the static analysis and vulnerability history, the \"va-simple-basic-auth\" plugin v1.1.0 presents a strong security posture. The code analysis reveals no identified vulnerabilities related to dangerous functions, SQL injection, or unsanitized output. The absence of known CVEs further reinforces this positive outlook.  A particularly strong point is the complete reliance on prepared statements for any potential SQL queries, demonstrating good practice in preventing SQL injection risks.\n\nHowever, a significant concern arises from the complete lack of capability checks and nonce checks across all identified entry points. While the current analysis shows zero entry points, this absence of fundamental WordPress security mechanisms suggests a potential weakness if new entry points are introduced or if the plugin's functionality evolves without incorporating these essential checks. The file operations, though not explicitly flagged as risky, also warrant attention as they can become vectors for vulnerabilities if not handled with utmost care and proper sanitization.\n\nIn conclusion, the plugin's current version appears secure due to the absence of known vulnerabilities and good coding practices in areas like SQL handling. The primary weakness lies in the lack of implemented security checks like capability and nonce verifications, which, if not addressed, could pose a risk in future updates or expansions of the plugin's functionality.",[160,162],{"reason":161,"points":98},"No capability checks found",{"reason":163,"points":98},"No nonce checks found","2026-03-16T21:35:36.380Z",{"wat":166,"direct":171},{"assetPaths":167,"generatorPatterns":168,"scriptPaths":169,"versionParams":170},[],[],[],[],{"cssClasses":172,"htmlComments":173,"htmlAttributes":174,"restEndpoints":175,"jsGlobals":176,"shortcodeOutput":177},[],[],[],[],[],[]]