[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fh2qtK9S3yA29e2_qjc0RLkAa-47u-sbEwQypw0n2Ddo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":184},"was-it-you","Was it you? Account login notifications","1.0.1","bogdand","https:\u002F\u002Fprofiles.wordpress.org\u002Fbogdand\u002F","\u003Cp>This plugin solves an increasing problem nowadays: account security.\u003Cbr \u002F>\nThe plugin notifies by email a user whenever there is a new sign-in to their account from a new IP.\u003Cbr \u002F>\nThis helps you and your users get in control of their account access.\u003C\u002Fp>\n","Send an email notification to users each time someone logs in from a new IP. This helps users figure out if someone accessed their accounts without th &hellip;",10,959,0,"2020-05-14T15:52:00.000Z","5.4.19","4.3","7.0",[19,20,21,22,23],"access","account-protect","login","login-notification","security","https:\u002F\u002Felevenplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwas-it-you.1.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,910,30,84,"2026-04-04T13:10:33.726Z",[37,60,81,102,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":28},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","6.9.4","3.0","5.5",[19,54,21,38,23],"admin","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":50,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":79,"download_link":80,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"easy-basic-authentication","Easy Basic Authentication – Add basic auth to site or admin area","3.9.1","Matteo Enna","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteoenna\u002F","\u003Cp>The Easy Basic Authentication plugin provides a simple method to add basic authentication to your WordPress site. You can enable basic authentication for the entire site or only for the admin area by setting a custom username and password. Secure your site by restricting access only to authorized users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it on a free mock site: \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Feasy-basic-authentication\u002F\" rel=\"nofollow ugc\">click here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Simple Configuration:\u003C\u002Fstrong> With Easy Basic Authentication, you can easily set up basic authentication for your entire website or specifically for the admin area. Set a custom username and password to ensure secure access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Area Protection:\u003C\u002Fstrong> If you wish to restrict access to your WordPress admin area, Easy Basic Authentication allows you to do so quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Entire site protection:\u003C\u002Fstrong> If you wish, there is an option to extend the access limitation to the entire site and not just for your WordPress admin area, Easy Basic authentication allows you to do this quickly and effectively. Only users with the correct credentials will be able to access this critical part of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Access Logging:\u003C\u002Fstrong> The plugin keeps track of failed login attempts, helping you identify unauthorized access attempts. This is particularly useful for monitoring your site’s security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Access Log:\u003C\u002Fstrong> If you choose to enable this feature, Easy Basic Authentication allows you to log successful logins, providing a comprehensive overview of login activities on your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong> The plugin’s intuitive interface makes it simple to manage basic authentication settings. You can easily enable or disable basic authentication and adjust credentials to suit your needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Alert Functionality:\u003C\u002Fstrong> Easy Basic Authentication includes an email alert feature to notify you of unauthorized access attempts. You can receive email alerts when someone tries to access your site without proper credentials.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>White List Functionality:\u003C\u002Fstrong> Easy Basic Authentication now includes a White List feature, allowing you to specify trusted IP addresses exempt from basic authentication. Configure this list to grant immediate access to known users or systems without requiring credentials, enhancing convenience while maintaining security.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your WordPress site with basic authentication quickly and reliably. Easy Basic Authentication gives you control to ensure that only authorized users can access your online resources. Maintain your site’s security and prevent unwanted access today with Easy Basic Authentication.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Visit the plugin settings page to configure your desired basic authentication options.\u003C\u002Fli>\n\u003Cli>Choose whether to enable basic authentication for the entire site or just the admin area.\u003C\u002Fli>\n\u003Cli>Set a custom username and password for secure access.\u003C\u002Fli>\n\u003Cli>Monitor failed access attempts and access logs for added security.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting: Resetting Basic Authentication\u003C\u002Fh3>\n\u003Cp>If you’re having trouble logging in due to the basic authentication, you can reset it and regain access by following these steps:\u003C\u002Fp>\n\u003Cp>1 \u003Cstrong>Connect to your website via FTP.\u003C\u002Fstrong>\u003Cbr \u002F>\n2 \u003Cstrong>Navigate to the plugin directory:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>wp-content\u002Fplugins\u002Feasy-basic-authentication\u002Fclass\u002F\u003C\u002Fpre>\n\u003Cp>3 \u003Cstrong>Locate the file:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>easy-basic-authentication-class.php\u003C\u002Fpre>\n\u003Cp>4 \u003Cstrong>Find the following line:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>5 \u003Cstrong>Comment out that line\u003C\u002Fstrong> by adding a \u003Ccode>#\u003C\u002Fcode> at the beginning:\u003C\u002Fp>\n\u003Cpre>#add_action( 'init', array($this,'basic_auth_admin') );\u003C\u002Fpre>\n\u003Cp>6 \u003Cstrong>Save the file\u003C\u002Fstrong> and re-upload it to your server.\u003C\u002Fp>\n\u003Cp>This will disable the basic authentication temporarily, allowing you to log in. Once logged in, you can adjust the plugin settings as needed.\u003C\u002Fp>\n\u003Cp>If you need further assistance, feel free to reach out.\u003C\u002Fp>\n\u003Ch3>GitHub Repository\u003C\u002Fh3>\n\u003Cp>You can find the source code and contribute to the project on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEllusu\u002Feasy-basic-authentication\" rel=\"nofollow ugc\">Easy Basic Authentication on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Secure your WordPress site with easy and effective basic authentication. Restrict access, monitor attempts, and enhance security.",600,11185,100,3,"2025-12-03T06:03:00.000Z","5.0","7.2.5",[76,77,21,23,78],"access-control","authentication","wordpress-security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-basic-authentication.3.9.1.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":70,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":79,"tags":95,"homepage":100,"download_link":101,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"loginrequirepress","Login Require Press","1.4.0","Marat Nepomnyashy","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaratbn\u002F","\u003Cp>Overview:\u003C\u002Fp>\n\u003Cp>At the time of this writing, the latest version of WordPress, version 5.3, has 3 post visibility options, which are ‘public’, ‘password protected’, and ‘private’.\u003C\u002Fp>\n\u003Cp>The ‘password protected’ option allows the site administrator to individually lock certain posts, even from the logged in users, with an additional password \u002F passcode.  However, there is currently no built-in way to just deny access only to the unauthenticated users.\u003C\u002Fp>\n\u003Cp>Login Require Press is a WordPress plugin that allows site administrators to specifically designate arbitrary posts with any public post type as viewable only after user login.  Post authors can also enable or disable login protection for their own posts.\u003C\u002Fp>\n\u003Cp>It is an easy way to require login to view specific pages \u002F posts.\u003C\u002Fp>\n\u003Cp>Unauthenticated site visitors attempting to view any page that includes any such specifically designated post will then be automatically redirected to the site’s default login page, and then back to the original page after they login, thereby limiting access only to logged-in users with subscriber roles and above.\u003C\u002Fp>\n\u003Cp>Plugin will still allow unauthenticated downloading of site’s feeds, but will filter out all login-requiring posts from the feed listings.\u003C\u002Fp>\n\u003Cp>Plugin will protect the titles, contents, and excerpts of login-requiring posts in search result page listings when the user is not logged in.  The titles \u002F contents \u002F excerpts will be replaced by text “[Post title \u002F content \u002F excerpts protected by Login Require Press.  Login to see the title \u002F content \u002F excerpt.]”\u003C\u002Fp>\n\u003Cp>Technical summary:\u003C\u002Fp>\n\u003Cp>Plugin works by hooking-in special logic into the action ‘send_headers’ to redirect unauthenticated client browsers to the site’s login page from any non-feed and non-search-results page upon detecting any login-requiring post, and by hooking-in another special logic into the filter ‘posts_results’ to filter out all login-requiring posts from all feed page listings, and to protect the titles, contents, and excerpts of login-requiring posts in search result page listings.\u003C\u002Fp>\n\u003Cp>Login-requiring posts are marked with a custom field ‘login_require_press’ set to ‘yes’.\u003C\u002Fp>\n\u003Cp>Official project URLs:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fmaratbn\u002FLoginRequirePress\u003Cbr \u002F>\n  https:\u002F\u002Fwordpress.org\u002Fplugins\u002Floginrequirepress\u003Cbr \u002F>\n  http:\u002F\u002Fwww.maratbn.com\u002Fprojects\u002Flogin-require-press\u003C\u002Fp>\n","Easy way to require user login to view specific pages \u002F posts.",12306,90,4,"2019-11-27T02:55:00.000Z","5.3.21","3.8.1",[96,97,98,99,23],"control-access","limit-access","password-protect","require-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Floginrequirepress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginrequirepress.1.4.0.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":70,"num_ratings":31,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":118,"download_link":119,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"attributes-user-access","Attributes User Access","1.2.2","Attributes WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fattributeswp\u002F","\u003Cp>Attributes User Access is a lightweight and flexible authentication solution for WordPress. It empowers site administrators with detailed control over login processes, enhancing user authentication and access experience with a focus on security and performance.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Custom Login Page Creation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate fully integrated login pages with WordPress\u003C\u002Fli>\n\u003Cli>Use shortcode-based forms for easy theme compatibility\u003C\u002Fli>\n\u003Cli>Automatically adapts to WordPress core updates\u003C\u002Fli>\n\u003Cli>Template override system for complete customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Flexible Login Redirection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect native WordPress login requests\u003C\u002Fli>\n\u003Cli>Define role-based and context-aware redirection rules\u003C\u002Fli>\n\u003Cli>Custom redirect URLs per user role\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developer-Focused Architecture\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PSR-4 autoloading and object-oriented design\u003C\u002Fli>\n\u003Cli>Extensible with action and filter hooks\u003C\u002Fli>\n\u003Cli>Modular components for easy customization\u003C\u002Fli>\n\u003Cli>Comprehensive API for extensions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security & Performance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress.org compliant security practices\u003C\u002Fli>\n\u003Cli>Nonce verification on all forms and AJAX requests\u003C\u002Fli>\n\u003Cli>Transient-based error handling (no PHP sessions)\u003C\u002Fli>\n\u003Cli>Optimized asset loading\u003C\u002Fli>\n\u003Cli>Minified CSS and JavaScript for production\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic login form:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [attributes_login_form]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With parameters:\u003C\u002Fstrong>\u003Cbr \u002F>\n    [attributes_login_form redirect=”\u002Fdashboard” remember=”false”]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>redirect\u003C\u002Fcode> – Target URL after login (default: Dashboard)\u003C\u002Fli>\n\u003Cli>\u003Ccode>remember\u003C\u002Fcode> – Show “Remember Me” checkbox (default: true)\u003C\u002Fli>\n\u003Cli>\u003Ccode>form_id\u003C\u002Fcode> – Custom form identifier (default: attributes_login_form)\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_username\u003C\u002Fcode> – Custom username field label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_password\u003C\u002Fcode> – Custom password field label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_remember\u003C\u002Fcode> – Custom remember me label\u003C\u002Fli>\n\u003Cli>\u003Ccode>label_log_in\u003C\u002Fcode> – Custom login button text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Template System\u003C\u002Fh4>\n\u003Ch4>Template System\u003C\u002Fh4>\n\u003Cp>Override templates in your theme for complete customization.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Template location in theme:\u003C\u002Fstrong>\u003Cbr \u002F>\n    your-theme\u002Fattributes\u002Ffront\u002Fforms\u002Flogin-form.php\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Original template location:\u003C\u002Fstrong>\u003Cbr \u002F>\n    wp-content\u002Fplugins\u002Fattributes-user-access\u002Ftemplates\u002Ffront\u002Fforms\u002Flogin-form.php\u003C\u002Fp>\n\u003Cp>Copy the original template to your theme and customize as needed. The plugin automatically uses your theme’s template when available.\u003C\u002Fp>\n\u003Ch4>Developer Hooks\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Actions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>attrua_before_login_form\u003C\u002Fcode> – Fires before rendering the login form wrapper\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_after_login_form\u003C\u002Fcode> – Fires after rendering the login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_form_fields\u003C\u002Fcode> – Hook for adding custom fields to login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_failed\u003C\u002Fcode> – Fires when a login attempt fails\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_successful_login\u003C\u002Fcode> – Fires after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_before_page_creation\u003C\u002Fcode> – Fires before creating authentication pages\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_after_page_creation\u003C\u002Fcode> – Fires after creating authentication pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>attrua_login_redirect_url\u003C\u002Fcode> – Customize login redirection\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_error_message\u003C\u002Fcode> – Modify login error messages\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_login_credentials\u003C\u002Fcode> – Filter login credentials before authentication\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_action_links\u003C\u002Fcode> – Modify plugin action links\u003C\u002Fli>\n\u003Cli>\u003Ccode>attrua_row_meta\u003C\u002Fcode> – Modify plugin row meta links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Attributes User Access does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Send data to external servers\u003C\u002Fli>\n\u003Cli>Use cookies for tracking\u003C\u002Fli>\n\u003Cli>Store sensitive information\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin settings in WordPress options table\u003C\u002Fli>\n\u003Cli>Temporary error messages in WordPress transients (auto-expire)\u003C\u002Fli>\n\u003Cli>Page IDs for custom authentication pages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally in your WordPress database and is completely removed upon plugin uninstallation.\u003C\u002Fp>\n\u003Ch3>Support & Contributing\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fattributeswp.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Fattributeswp.com\u002Fdocs\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Support Forum:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fattributes-user-access\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fattributes-user-access\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>GitHub Repository:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Report Issues:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fattributeswp\u002Fattributes-user-access\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n","Lightweight WordPress authentication with custom login pages, role-based redirections, and secure user access control.",20,529,"2026-02-10T16:59:00.000Z","6.7.5","5.8","7.4",[76,77,117,21,23],"custom-login","https:\u002F\u002Fattributeswp.com\u002F#features","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fattributes-user-access.1.2.2.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":11,"downloaded":128,"rating":13,"num_ratings":13,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":79,"tags":132,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"hetjens-registered-only","Hetjens Registered Only","0.4","S Hetjens","https:\u002F\u002Fprofiles.wordpress.org\u002Fhetjens\u002F","\u003Cp>This plug-in restricts access to blog and feed. All anonymous visitors will be forwarded to the login page of WordPress\u003Cbr \u002F>\nbefore accessing the blog content. If access is restricted, rss and atom feeds will be disabled, too.\u003C\u002Fp>\n\u003Cp>The feed can be activated as a private feed for each user. Every user will have a unique feed url to access it. That\u003Cbr \u002F>\nurl is based on the username and an md5 hash of the hashed password stored in database. This plug-in will modify all\u003Cbr \u002F>\nby wordpress inserted feed urls to the user specific ones. But be carefull. If you content is confidential you should\u003Cbr \u002F>\nnot activate the feed. There is no way to check which services are reading (and maybe publishing) the feed’s content.\u003C\u002Fp>\n","This plug-in restricts the access to blog and feed. Visitors need to login before accessing the blog. It offers a private feed for every user.",2951,"2016-02-25T19:45:00.000Z","2.9.2","2.8.0",[19,21,133,23,134],"restrict","user","http:\u002F\u002Fhetjens.com\u002Fwordpress\u002Fhetjens_registered_only\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhetjens-registered-only.0.4.zip",{"attackSurface":138,"codeSignals":167,"taintFlows":176,"riskAssessment":177,"analyzedAt":183},{"hooks":139,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":13,"unprotectedCount":13},[140,146,150,155,159],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","admin_menu","add_menu_pages","inc\\admin.php",26,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_init","maybe_save_settings",28,{"type":141,"name":151,"callback":152,"priority":11,"file":153,"line":154},"wp_login","maybe_notify_login","inc\\login.php",35,{"type":141,"name":156,"callback":157,"priority":11,"file":153,"line":158},"e11_notify_new_ip","new_ip_email",37,{"type":160,"name":161,"callback":162,"priority":11,"file":153,"line":26},"filter","wp_mail_content_type","email_content_type",[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":13,"externalRequests":13,"nonceChecks":174,"capabilityChecks":13,"bundledLibraries":175},[],{"prepared":13,"raw":13,"locations":170},[],{"escaped":172,"rawEcho":13,"locations":173},5,[],1,[],[],{"summary":178,"deductions":179},"The \"was-it-you\" v1.0.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Crucially, all SQL queries are performed using prepared statements, and all identified output is properly escaped, mitigating common vulnerabilities like SQL injection and cross-site scripting. The presence of a nonce check is also a positive indicator of secure development practices.  The plugin's vulnerability history is completely clean, with zero known CVEs, which suggests either a well-developed codebase or a lack of historical scrutiny.\n\nWhile the static analysis reveals no immediate critical flaws or unsanitized data flows, the absence of any capability checks is a notable concern. This means that any functionality exposed by the plugin, however small, might be accessible to any logged-in user, regardless of their role or permissions. This could be a significant oversight if the plugin were to introduce any features in future versions.  Given the current state, the plugin appears secure for its current functionality, but the lack of permission controls is a potential weakness that could be exploited if functionality expands.\n\nOverall, \"was-it-you\" v1.0.1 demonstrates good development practices regarding data handling and sanitization. The lack of any historical vulnerabilities is a testament to its perceived security. However, the complete absence of capability checks represents a gap in secure access control that should be addressed to ensure a robust security posture, especially if the plugin's feature set evolves.",[180],{"reason":181,"points":182},"No capability checks found",7,"2026-03-17T00:00:35.016Z",{"wat":185,"direct":194},{"assetPaths":186,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[187,188],"\u002Fwp-content\u002Fplugins\u002Fwas-it-you\u002Fassets\u002Fjs\u002Fwasityou.js","\u002Fwp-content\u002Fplugins\u002Fwas-it-you\u002Fassets\u002Fcss\u002Fwasityou.css",[],[187],[192,193],"wasityou.js?ver=","wasityou.css?ver=",{"cssClasses":195,"htmlComments":197,"htmlAttributes":198,"restEndpoints":199,"jsGlobals":200,"shortcodeOutput":202},[196],"e11-wasityou-login-notifier",[],[],[],[201],"e11_wasityou_params",[]]