[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjBMp0kQd1T0FNu1tQGs2xG4DgpgBtgDarE5rmUqmko4":3,"$fNsELsn9ovkgBCU0NMyeBLfgl9I-CtfNm_siQtB5UUjs":257,"$fp55ETFBNoVt8sjikruP5ifUfrd0uv_ulP8eXzrYBHto":261},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":150,"fingerprints":237},"vr-smtp-mailer","VR SMTP Mailer","1.0.10","Vinod Ram","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinodkram\u002F","\u003Cp>VR SMTP Mailer replaces the default WordPress mail transport with SMTP or an OAuth-based mail API, with full support for Microsoft 365 (Office365), Outlook SMTP, and Microsoft Graph API.\u003C\u002Fp>\n\u003Cp>It is designed as a complete email solution for WordPress — combining SMTP delivery, OAuth authentication, and API-based sending in a single plugin, without requiring multiple paid extensions.\u003C\u002Fp>\n\u003Ch3>Why choose this plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works with Microsoft 365 \u002F Office365 and Outlook SMTP\u003C\u002Fli>\n\u003Cli>Supports both SMTP and OAuth (Graph API) in one plugin\u003C\u002Fli>\n\u003Cli>No need to install multiple plugins for authentication and email delivery\u003C\u002Fli>\n\u003Cli>Designed to work as a full wp_mail replacement\u003C\u002Fli>\n\u003Cli>Includes features commonly available only in paid plugins\u003C\u002Fli>\n\u003Cli>No subscriptions or locked features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Send emails using either SMTP or an OAuth-based mail API (Graph-compatible).\u003Cbr \u002F>\nWorks with wp_mail() (for immediate sends):\u003Cbr \u002F>\nWhen WordPress sends emails through this plugin, it keeps the same structure as the default wp_mail() function. This includes support for multiple recipients, subject, message body, headers (From, Cc, Bcc, Reply-To, Content-Type), attachments, and inline images where supported.\u003Cbr \u002F>\nStandard WordPress filters like wp_mail, wp_mail_from, wp_mail_content_type, and phpmailer_init are applied in SMTP mode, so behavior remains consistent with native WordPress email handling.\u003Cbr \u002F>\nGraph API limitations:\u003Cbr \u002F>\nWhen using the Graph API, emails support HTML or plain text content, along with To, Cc, Bcc, and Reply-To fields. Attachments and inline images are supported, but typically limited to around 3 MB per file.\u003Cbr \u002F>\nCustom MIME headers are not fully supported, and only standard fields are mapped to the API. More complex email structures may behave differently compared to traditional PHP mail handling.\u003Cbr \u002F>\nEmail queue (WP-Cron):\u003Cbr \u002F>\nEmails can be queued and processed later using WP-Cron. Queued emails store only basic details such as recipient, subject, and message body. Attachments, headers, and inline images are not included in queued jobs.\u003Cbr \u002F>\nAutomatic OAuth token refresh:\u003Cbr \u002F>\nAccess tokens are refreshed automatically to ensure uninterrupted email delivery.\u003Cbr \u002F>\nSecure OAuth handling:\u003Cbr \u002F>\nToken exchange (authorization code to access\u002Frefresh tokens) is restricted to users with administrator-level permissions (manage_options). You must be logged in as an admin when completing the OAuth connection.\u003Cbr \u002F>\nTesting tools included:\u003Cbr \u002F>\nIncludes a built-in test email feature and an SMTP connection tester to help verify configuration.\u003Cbr \u002F>\nLogging and debugging:\u003Cbr \u002F>\nEmail activity and debug information are stored in custom database tables for troubleshooting and monitoring.\u003C\u002Fp>\n\u003Cp>Security and stored secrets\u003C\u002Fp>\n\u003Cp>This plugin stores SMTP passwords, OAuth client secrets, refresh tokens, and access tokens in the WordPress options table, using the same approach as most WordPress settings. These values are not encrypted at rest.\u003C\u002Fp>\n\u003Cp>Anyone with access to the database, a full site backup, or an administrator account could potentially view this information. It’s recommended to use strong admin credentials, secure hosting, and limit your app permissions to only what is required.\u003C\u002Fp>\n\u003Cp>This plugin is not affiliated with or endorsed by Microsoft. Microsoft, Microsoft 365, Azure, Office, and related names are trademarks of Microsoft Corporation. These names are used only to describe compatibility and technical functionality.\u003C\u002Fp>\n\u003Cp>Do not use Microsoft or related logos, branding, or visual assets in your plugin icon, banner, or screenshots on WordPress.org. Use your own branding and neutral visuals.\u003C\u002Fp>\n\u003Cp>Third-party services\u003C\u002Fp>\n\u003Cp>This plugin connects to external services only when required for email delivery or authentication. It does not send general site traffic or unrelated data to third parties.\u003C\u002Fp>\n\u003Cp>Microsoft identity platform (OAuth2) — login.microsoftonline.com\u003C\u002Fp>\n\u003Cp>What it is\u003Cbr \u002F>\nThis is Microsoft’s OAuth2 authentication service (also known as the Microsoft Identity Platform or Entra ID). It is used when you connect your account using OAuth.\u003C\u002Fp>\n\u003Cp>What it is used for\u003C\u002Fp>\n\u003Cp>Signing in through Microsoft\u003Cbr \u002F>\nExchanging authorization codes for access and refresh tokens\u003Cbr \u002F>\nRefreshing expired access tokens\u003C\u002Fp>\n\u003Cp>What data is sent and when\u003C\u002Fp>\n\u003Cp>During login (via browser): client ID, redirect URI, requested scopes (such as Mail.Send, User.Read), and a state parameter for security\u003Cbr \u002F>\nDuring token exchange (server-side): authorization code, client ID, client secret, redirect URI, grant type, and scopes\u003C\u002Fp>\n\u003Cp>Terms\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.microsoft.com\u002Fservicesagreement\u003C\u002Fp>\n\u003Cp>Privacy\u003Cbr \u002F>\nhttps:\u002F\u002Fprivacy.microsoft.com\u002Fprivacystatement\u003C\u002Fp>\n\u003Cp>Microsoft Graph API — graph.microsoft.com\u003C\u002Fp>\n\u003Cp>What it is\u003Cbr \u002F>\nMicrosoft’s API for accessing Microsoft 365 services, including sending emails.\u003C\u002Fp>\n\u003Cp>What it is used for\u003Cbr \u002F>\nSending emails through the Graph API (\u002Fv1.0\u002Fme\u002FsendMail).\u003C\u002Fp>\n\u003Cp>What data is sent and when\u003Cbr \u002F>\nWhen an email is sent (including test emails), the plugin makes a secure HTTPS request that includes:\u003C\u002Fp>\n\u003Cp>An OAuth access token\u003Cbr \u002F>\nEmail details such as recipients, subject, message body, and optional Cc\u002FBcc\u002FReply-To\u003Cbr \u002F>\nAttachments or inline images (within API limits)\u003C\u002Fp>\n\u003Cp>Terms\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.microsoft.com\u002Fservicesagreement\u003C\u002Fp>\n\u003Cp>Privacy\u003Cbr \u002F>\nhttps:\u002F\u002Fprivacy.microsoft.com\u002Fprivacystatement\u003C\u002Fp>\n\u003Cp>Note: Use of Microsoft APIs is also subject to Microsoft’s developer and product terms. Refer to https:\u002F\u002Fwww.microsoft.com\u002Flegal\u002F\u003Cbr \u002F>\n for details.\u003C\u002Fp>\n\u003Cp>User-configured SMTP server\u003C\u002Fp>\n\u003Cp>What it is\u003Cbr \u002F>\nAn SMTP server that you configure (for example, your hosting provider, Microsoft 365, Google Workspace, or another email service).\u003C\u002Fp>\n\u003Cp>What it is used for\u003Cbr \u002F>\nSending emails using your SMTP credentials.\u003C\u002Fp>\n\u003Cp>What data is sent and when\u003Cbr \u002F>\nWhenever an email is sent (including test emails), the plugin transmits:\u003C\u002Fp>\n\u003Cp>SMTP credentials (if configured)\u003Cbr \u002F>\nEmail content such as recipients, subject, and message body\u003C\u002Fp>\n\u003Cp>This plugin does not control or manage the infrastructure of your SMTP provider.\u003C\u002Fp>\n\u003Cp>Terms and privacy\u003Cbr \u002F>\nYou are responsible for reviewing the terms and privacy policy of your email provider. This plugin does not replace or override those agreements.\u003C\u002Fp>\n","SMTP or Microsoft Graph OAuth mail for WordPress. Full wp_mail replacement with logging, queue, and SMTP\u002Femail test tools.",0,45,"2026-04-11T12:27:00.000Z","6.9.4","6.2","",[18,19,20,21,22],"microsoft-365","oauth","office365","outlook-smtp","wordpress-smtp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvr-smtp-mailer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvr-smtp-mailer.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"vinodkram",2,10,30,94,"2026-05-20T01:28:07.963Z",[38,63,84,105,127],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":11,"last_vuln_date":62,"fetched_at":27},"mail-integration-365","WPO365 | Mail Integration for Office 365 \u002F Outlook","1.9.2","Marco van Wieren","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpo365\u002F","\u003Ch4>Support ending\u003C\u002Fh4>\n\u003Cp>= Support ending =\u003C\u002Fp>\n\u003Cp>Early November 2022, ownership of the \u003Cstrong>Mail Integration for Office 365 \u002F Outlook\u003C\u002Fstrong> plugin transferred to \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002F\" rel=\"nofollow ugc\">WPO365\u003C\u002Fa>. We are committed to provide (best-effort based) support for this plugin until the end of 2023.\u003C\u002Fp>\n\u003Cp>To ensure, however, that we are able to provide you with long time support, we urge you to download and install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpo365-msgraphmailer\u002F\" rel=\"ugc\">WPO365 | MICROSOFT GRAPH MAILER\u003C\u002Fa> plugin for WordPress instead (and de-activate the \u003Cstrong>Mail Integration for Office 365 \u002F Outlook\u003C\u002Fstrong> plugin and remove it from your WordPress website).\u003C\u002Fp>\n\u003Cp>If you have already installed and configured the \u003Cstrong>Mail Integration for Office 365 \u002F Outlook plugin\u003C\u002Fstrong>, then please make sure to check out our easy-to-understand \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F165-migrate-from-mail-integration-for-office-365-outlook-to-wpo365-microsoft-graph-mailer\" rel=\"nofollow ugc\">online migration\u003C\u002Fa> guide.\u003C\u002Fp>\n\u003Cp>Marco van Wieren | Downloads by van Wieren | https:\u002F\u002Fwww.wpo365.com\u002F\u003C\u002Fp>\n\u003Ch4>About this plugin\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Mail Integration for Office 365\u002FOutlook (using OAuth2 and Microsoft’s Graph API rather than SMTP)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin addresses the limitations of current free SMTP plugins, allowing you to send email from WordPress via your Microsoft Account and ensure your email gets delivered reliably, avoiding the spam box! Note, unlike other free SMTP plugins, this one authenticates with the Microsoft Graph API rather than SMTP using OAuth2. This addresses the recent change by Microsoft to disable basic authentication over SMTP (i.e. username and password), preventing other free SMTP plugins from working with Microsoft Accounts. \u003Cstrong>Unfortunately, Microsoft has yet to enable their Graph API to work with the free versions of Outlook, Live, Hotmail etc. The plugin should however work with the paid for personal and business versions of Office 365, Outlook and Microsoft Exchange.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEvNajsDenZM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>WPO365 | Mail Integration for Office 365 \u002F Outlook\u003C\u002Fh3>\n\u003Cp>Contributors: wpo365\u003Cbr \u002F>\nTags: smtp, outlook smtp, 365 smtp, live smtp, oauth\u003Cbr \u002F>\nRequires at least: 5.5.3\u003Cbr \u002F>\nTested up to: 6.1\u003Cbr \u002F>\nStable tag: 1.9.2\u003Cbr \u002F>\nRequires PHP: 7.1.1\u003Cbr \u002F>\nLicense: GPLv2 or later\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>IMPORTANT – Please choose the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpo365-msgraphmailer\u002F\" rel=\"ugc\">WPO365 | MICROSOFT 365 GRAPH MAILER\u003C\u002Fa> plugin instead. This plugin is no longer supported and does not receive updates.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>You will need to follow the steps outlined on the following website to setup this plugin correctly: \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F164-mail-integration-365-wordpress-plugin\" rel=\"nofollow ugc\">https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F164-mail-integration-365-wordpress-plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Cp>You will need to follow the steps outlined on the following website to setup this plugin correctly: \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F164-mail-integration-365-wordpress-plugin\" rel=\"nofollow ugc\">https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F164-mail-integration-365-wordpress-plugin\u003C\u002Fa>\u003C\u002Fp>\n","IMPORTANT - Please choose the WPO365 | MICROSOFT 365 GRAPH MAILER plugin instead. This plugin is no longer supported and does not receive updates.",2000,59329,98,26,"2024-06-20T12:06:00.000Z","6.1.10","5.5.3","7.1.1",[55,56,19,21,57],"365-smtp","live-smtp","smtp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmail-integration-365","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmail-integration-365.1.9.2.zip",92,1,"2023-05-05 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":77,"tags":78,"homepage":82,"download_link":83,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"gosmtp","GoSMTP – SMTP for WordPress","1.2.0","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>GoSMTP allows you to send emails from your WordPress over SMTP or many of the popular email sending services. Many web hosting companies have strict mail sending rules and limitations which restrict email deliverability. With GoSMTP, you will not be using your hosting providers PHP email but rather sending emails over SMTP or using API’s of various email providers.\u003C\u002Fp>\n\u003Cp>GoSMTP supports many of your preferred SMTP provider(s) :\u003Cbr \u002F>\n1) SMTP.com\u003Cbr \u002F>\n2) Sendinblue\u003Cbr \u002F>\n3) Mailgun\u003Cbr \u002F>\n4) Sendgrid\u003Cbr \u002F>\n5) Sparkpost\u003Cbr \u002F>\n6) Sendlayer\u003Cbr \u002F>\n7) Postmark\u003Cbr \u002F>\n8) Maileroo\u003Cbr \u002F>\n9) ElasticEmail (Pro)\u003Cbr \u002F>\n10) SMTP2Go (Pro)\u003Cbr \u002F>\n11) Gmail, Gsuite, Google Workspace (Pro)\u003Cbr \u002F>\n12) Outlook \u002F Office 365 (Pro)\u003Cbr \u002F>\n13) AWS (Pro)\u003Cbr \u002F>\n14) Zoho (Pro)\u003Cbr \u002F>\n15) Resend (Pro)\u003Cbr \u002F>\n16) MailerSend (Pro)\u003Cbr \u002F>\n17) Or any custom SMTP provider\u003C\u002Fp>\n\u003Cp>WordPress uses the PHP mail function to send emails generated by WordPress. The PHP mail function sends emails over the IP of your hosting provider’s servers which can have a bad reputation and be blacklisted by many email providers like Gmail, Yahoo, Office 365, Zoho, etc. causing your WordPress originated emails to land in the SPAM folder of your users. By using GoSMTP you ensure that your emails reach the inbox of your user(s).\u003C\u002Fp>\n\u003Cp>You can find our \u003Ca href=\"https:\u002F\u002Fgosmtp.net\u002Fdocs\" rel=\"nofollow ugc\">official documentation\u003C\u002Fa> on our Website \u003Ca href=\"https:\u002F\u002Fgosmtp.net\u002F\" rel=\"nofollow ugc\">GoSMTP.net\u003C\u002Fa> We are also active in our community support forums on wordpress.org if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Fsoftaculous.deskuss.com\u002Fopen.php?topicId=17\" rel=\"nofollow ugc\">https:\u002F\u002Fsoftaculous.deskuss.com\u002Fopen.php?topicId=17\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgosmtp.net\" title=\"GoSMTP Homepage\" rel=\"nofollow ugc\">Home Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fsoftaculous.deskuss.com\u002Fopen.php?topicId=17\" title=\"GoSMTP Support\" rel=\"nofollow ugc\">Support\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fgosmtp.net\u002Fdocs\" title=\"Documents\" rel=\"nofollow ugc\">Documents\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>GoSMTP PRO\u003C\u002Fh3>\n\u003Cp>GoSMTP Pro has many other powerful features and services. \u003Ca href=\"https:\u002F\u002Fgosmtp.net\u002Fpricing\" title=\"Pricing\" rel=\"nofollow ugc\">Click here to purchase now !\u003C\u002Fa> :\u003C\u002Fp>\n\u003Ch3>Email Logs\u003C\u002Fh3>\n\u003Cp>With Email Logging you view all emails sent from your site. This is necessary to keep email records and for auditing outgoing emails. Its also helpful to debug any outgoing email issues.\u003C\u002Fp>\n\u003Ch3>Resend Emails\u003C\u002Fh3>\n\u003Cp>You can resend any email, from the email log wizard. You can also resend multiple emails in bulk.\u003C\u002Fp>\n\u003Ch3>Notifications\u003C\u002Fh3>\n\u003Cp>You can get notified about failed email delivery on your configured channel, we currently support Mail, Slack and Discord.\u003C\u002Fp>\n\u003Ch3>Smart Routing\u003C\u002Fh3>\n\u003Cp>Smart Routing dynamically selects SMTP providers based on content, isolating transactional alerts from marketing to ensure critical emails bypass filters.\u003C\u002Fp>\n\u003Ch3>Premium Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Forward Emails\u003C\u002Fli>\n\u003Cli>Email Reports\u003C\u002Fli>\n\u003Cli>Notifications\u003C\u002Fli>\n\u003Cli>Resend Email\u003C\u002Fli>\n\u003Cli>Smart Routing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Coming Soon\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Track Email Views\u003C\u002Fli>\n\u003Cli>Track Clicks\u003C\u002Fli>\n\u003Cli>Print Emails\u003C\u002Fli>\n\u003Cli>Multisite Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>GoSMTP’s Mailer API connecters are derived from Fluent SMTP \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to install GoSMTP\u003C\u002Fh3>\n\u003Cp>Go To your WordPress install -> Plugins -> Add New Button -> In Search Box search For GoSMTP -> Click on Install.\u003C\u002Fp>\n","Send emails from your WordPress site using your preferred SMTP provider like Gmail, Outlook, AWS, Zoho, SMTP.com, Brevo (formerly Sendinblue), Mailgun &hellip;",500000,2214142,82,8,"2026-04-13T13:33:00.000Z","7.0","5.5",[79,80,81,57,22],"aws-smtp","gmail-smtp","sendgrid-smtp","https:\u002F\u002Fgosmtp.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgosmtp.1.2.0.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":14,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":16,"download_link":102,"security_score":103,"vuln_count":32,"unpatched_count":11,"last_vuln_date":104,"fetched_at":27},"wp-smtp","Solid Mail – SMTP email and logging made by SolidWP","2.2.3","SolidWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fsolidwp\u002F","\u003Cp>Your WordPress website is sending emails out daily, but are your users and visitors receiving them? When it comes to ensuring email deliverability, lean on a proven equation: SMTP plugin + email service provider = success. Solid Mail is an easy-to-use, set-it-and-forget-it SMTP plugin that will help you stop worrying about email deliverability.\u003C\u002Fp>\n\u003Ch4>❓How does Solid Mail Help You Implement SMTP Email on your website?\u003C\u002Fh4>\n\u003Cp>Solid Mail makes connecting to many popular SMTP services straightforward and clear. Solid Mail currently supports the following Email Service Providers (ESPs):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sendgrid\u003C\u002Fli>\n\u003Cli>MailGun\u003C\u002Fli>\n\u003Cli>Brevo (formally Sendinblue)\u003C\u002Fli>\n\u003Cli>Amazon SES\u003C\u002Fli>\n\u003Cli>Postmark\u003C\u002Fli>\n\u003Cli>Manual connection (connect to any ESP)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Enjoy complete flexibility and reliability in email delivery. Set up multiple connections to send emails via different Email Service Providers according to the From: address, and choose a fallback connection to ensure messages are sent even if a connection fails or the address doesn’t match an existing connection.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsolidwp.com\u002Fblog\u002Falternatives-for-wordpress-transactional-emails\u002F\" rel=\"nofollow ugc\">Learn more about transactional email services for your WordPress website here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>🤔Why Should You Use an SMTP Plugin for Your WordPress Website Instead of the Native PHP Mail?\u003C\u002Fh4>\n\u003Cp>WordPress out the box uses PHP’s built-in mail function to send emails such as password reset requests, WooCommerce order invoices and more. The issue? PHP Mail is only as good as your server and most hosts don’t have dedicated PHP Mail monitoring.\u003C\u002Fp>\n\u003Cp>Even hosts that specialize in hosting WordPress either don’t offer email services or don’t actively monitor for deliverability. That means you can be at the mercy of noisy neighbors sending spam to purchased email subscriber lists, or spammers running the latest scam. Either way it impacts the health of the server in the eyes of ESPs such as Google, Yahoo, Outlook, and others meaning that most of the time your emails don’t even hit the inbox!\u003C\u002Fp>\n\u003Cp>Go from spam-box to inbox with Solid Mail: an SMTP (Simple Mail Transfer Protocol) plugin. Combine with an email service provider such as SendGrid, Brevo, Amazon SES, and others and see your emails start getting delivered.\u003C\u002Fp>\n\u003Cp>An SMTP plugin – like Solid Mail – is essentially a higher-level and more advanced method of sending emails between servers that uses a username and password or other secure method to create the connection to an email service provider (ESP). ESPs (like those listed below) provide robust solutions to deliverability issues by running dedicated servers for sending that are managed ‘round the clock for issues like blacklisting, spam removal, and more. In addition they use authentication protocols like SSL\u002FTLS to secure email transmissions and ensure better deliverability.\u003C\u002Fp>\n\u003Cp>Using an SMTP plugin combined with an email service provider instead of PHP Mail on the server leads to more reliable, secure, and efficient email communication for WordPress websites. \u003Ca href=\"https:\u002F\u002Fsolidwp.com\u002Fblog\u002Fwordpress-not-sending-email\u002F\" rel=\"nofollow ugc\">Find out more about SMTP and WordPress email deliverability here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>📑How does Solid Mail Validate Email Deliverability with Email Logs?\u003C\u002Fh4>\n\u003Cp>Solid Mail gives you an easy-on-the-eyes interface to review and inspect your comprehensive email logs and understand if your email was sent or not. This transparency helps in debugging any email deliverability issues with your website.\u003C\u002Fp>\n\u003Cp>Many email service providers offer advanced features like email tracking and analytics. Solid Mail’s email logs help optimize email strategies by making it easy for you to view and act on patterns and trends.\u003C\u002Fp>\n\u003Ch4>📧 Email Logging is a great way to help troubleshoot WordPress email deliverability issues\u003C\u002Fh4>\n\u003Cp>But how do you know and validate that your emails are actually being sent from your website correctly? The answer is email logs.\u003C\u002Fp>\n\u003Cp>Email logs are crucial for validating that your emails are being delivered as intended, serving as an indispensable tool for troubleshooting and ensuring reliability in communication. These logs provide detailed records of every email transaction, including timestamps, recipient addresses, and errors in the SMTP authentication process.\u003C\u002Fp>\n","Email deliverability made SOLID. Connect to your chosen email provider with an intuitive set-it-and-forget-it SMTP plugin.",70000,1165425,84,52,"2026-02-11T11:56:00.000Z","6.4","7.4",[100,101,57,22],"email","email-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smtp.2.2.3.zip",95,"2025-05-22 23:53:52",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":14,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,906385,88,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[121,122,19,123,124],"json-web-authentication","jwt","rest-api","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":25,"num_ratings":137,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":98,"tags":141,"homepage":147,"download_link":148,"security_score":48,"vuln_count":32,"unpatched_count":11,"last_vuln_date":149,"fetched_at":27},"daggerhart-openid-connect-generic","OpenID Connect Generic Client","3.11.3","Jonathan Daggerhart","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaggerhart\u002F","\u003Cp>This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.\u003Cbr \u002F>\nOnce installed, it can be configured to automatically authenticate users (SSO), or provide a “Login with OpenID Connect”\u003Cbr \u002F>\nbutton on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while\u003Cbr \u002F>\nnew users are created in WordPress database.\u003C\u002Fp>\n\u003Cp>Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.\u003C\u002Fp>\n\u003Cp>Please submit issues to the Github repo: https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic\u003C\u002Fp>\n","A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.",10000,184211,20,"2026-02-13T04:36:00.000Z","6.9.0","5.0",[142,143,144,145,146],"apps","login","oauth2","openidconnect","security","https:\u002F\u002Fgithub.com\u002Foidc-wp\u002Fopenid-connect-generic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaggerhart-openid-connect-generic.3.11.3.zip","2025-12-17 00:00:00",{"attackSurface":151,"codeSignals":193,"taintFlows":205,"riskAssessment":233,"analyzedAt":236},{"hooks":152,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":11,"unprotectedCount":11},[153,159,163,168,172,176,180,185],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","admin_menu","register_admin_pages","includes\u002FPlugin.php",56,{"type":154,"name":160,"callback":161,"file":157,"line":162},"admin_enqueue_scripts","enqueue_admin_assets",57,{"type":164,"name":165,"callback":166,"priority":33,"file":157,"line":167},"filter","pre_wp_mail","short_circuit_wp_mail",58,{"type":154,"name":169,"callback":170,"file":157,"line":171},"vr_smtp_mailer_process_queue","process_queue",59,{"type":154,"name":173,"callback":174,"file":157,"line":175},"template_redirect","handle_frontend_oauth",60,{"type":164,"name":177,"callback":178,"file":157,"line":179},"cron_schedules","closure",62,{"type":154,"name":181,"callback":178,"priority":182,"file":183,"line":184},"plugins_loaded",5,"vr-smtp-mailer.php",44,{"type":154,"name":181,"callback":178,"priority":33,"file":183,"line":95},[],[],[],[190],{"hook":169,"callback":169,"file":191,"line":192},"database\u002FInstall.php",48,{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":198,"fileOperations":61,"externalRequests":201,"nonceChecks":202,"capabilityChecks":203,"bundledLibraries":204},[],{"prepared":196,"raw":11,"locations":197},32,[],{"escaped":199,"rawEcho":11,"locations":200},476,[],3,7,9,[],[206,225],{"entryPoint":207,"graph":208,"unsanitizedCount":11,"severity":224},"render (admin\u002FTestEmailPage.php:58)",{"nodes":209,"edges":221},[210,215],{"id":211,"type":212,"label":213,"file":214,"line":115},"n0","source","$_POST (x6)","admin\u002FTestEmailPage.php",{"id":216,"type":217,"label":218,"file":214,"line":219,"wp_function":220},"n1","sink","echo() [XSS]",221,"echo",[222],{"from":211,"to":216,"sanitized":223},true,"low",{"entryPoint":226,"graph":227,"unsanitizedCount":11,"severity":224},"\u003CTestEmailPage> (admin\u002FTestEmailPage.php:0)",{"nodes":228,"edges":231},[229,230],{"id":211,"type":212,"label":213,"file":214,"line":115},{"id":216,"type":217,"label":218,"file":214,"line":219,"wp_function":220},[232],{"from":211,"to":216,"sanitized":223},{"summary":234,"deductions":235},"Based on the static analysis, \"vr-smtp-mailer\" v1.0.10 exhibits a strong security posture. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and a small attack surface are positive indicators. The code demonstrates good development practices by utilizing prepared statements for all SQL queries and properly escaping all output, mitigating common injection and Cross-Site Scripting (XSS) vulnerabilities.\n\nThe taint analysis also reveals no critical or high-severity flows with unsanitized paths, further reinforcing the lack of immediate, critical code-level risks. The plugin has no recorded vulnerabilities or CVEs, which suggests a history of responsible development or minimal past scrutiny. The presence of nonce and capability checks, along with file operations and external HTTP requests, are common and not inherently problematic given the current analysis.\n\nOverall, this plugin appears to be developed with security in mind. The strengths lie in its clean code practices regarding SQL and output handling, and a minimal attack surface. The main potential weakness, though not currently exploited or evident in the data, would be if any of the file operations or external HTTP requests were to introduce vulnerabilities in the future, or if the limited entry points were to be overlooked in a more comprehensive audit. However, based on the provided data, the current risk is low.",[],"2026-04-16T13:43:34.801Z",{"wat":238,"direct":247},{"assetPaths":239,"generatorPatterns":241,"scriptPaths":242,"versionParams":243},[240],"\u002Fwp-content\u002Fplugins\u002Fvr-smtp-mailer\u002Fassets\u002Fadmin.js",[],[240],[244,245,246],"vr-smtp-mailer\u002Fassets\u002Fadmin.js?ver=","vr-smtp-mailer-admin-inline","vr-smtp-mailer-admin-inline?ver=",{"cssClasses":248,"htmlComments":250,"htmlAttributes":251,"restEndpoints":253,"jsGlobals":254,"shortcodeOutput":256},[249],"vr-smtp-mailer-code-sample",[],[252],"data-nonce=\"vr_smtp_mailer_admin\"",[],[255],"vrSmtpMailer",[],{"error":223,"url":258,"statusCode":259,"statusMessage":260,"message":260},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fvr-smtp-mailer\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":262},[]]