[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZFt7bbvGyqIxssueBCzZLTiSPhbnPHvnkPShNzYorJg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":119,"fingerprints":153},"wp-login-alerts","WP Login Alerts by DigiP","2013-05-30.10","DigiP","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigip\u002F","\u003Cp>This is a Security focused plug-in, which will send an email to the Administrator of the WordPress site each time login page is reached.\u003C\u002Fp>\n\u003Cp>If someone attempts to login, it will also send the user name they tried logging in with, as well as their IP address, User-Agent, Timestamp, and the Referral URL.\u003C\u002Fp>\n\u003Cp>If you see multiple attempts to login at times you are not logged on to the site, this means someone is attempting to brute force their way into your site, and you should ban the offending IP address from your site. Especially if they are trying multiple names, or sending them rapidly, one after another.\u003C\u002Fp>\n\u003Ch3>Thank you for using my plug-in!\u003C\u002Fh3>\n\u003Cp>We offer a variety of other products and security solutions for WordPress and web site security. We’re in the process of releasing our WordPress Attack Scanner, as well as a Firewall based version of the same scanner for paid subscribers.\u003C\u002Fp>\n\u003Cp>For more info on these tools and products, please visit and bookmark Attack-Scanner.com, and if you like this Login Alerts Plug-in, please donate to this project.\u003C\u002Fp>\n\u003Cp>I look forward to feedback from my users, as well as feature requests. All and any feedback welcome!\u003C\u002Fp>\n","E-mails the site owner if anyone reaches or attempts to login to the site. Also shows the user names they attempt to login with.",10,5116,80,3,"2014-04-16T19:26:00.000Z","3.9.40","2.0.2","",[20,21,22,23,24],"alerts","digip","email","login","security","http:\u002F\u002Fwww.ticktockcomputers.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-login-alerts.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":21,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-05T09:47:42.408Z",[38,55,75,91,106],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":47,"num_ratings":33,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":53,"download_link":54,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"email-login-attempts","Email Login Attempts","1.1.1","tildemark","https:\u002F\u002Fprofiles.wordpress.org\u002Ftildemark\u002F","\u003Cp>This plugin will send an email whenever a someone tries to login via the WordPress login page.\u003C\u002Fp>\n\u003Ch4>Todos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add admin page\u003C\u002Fli>\n\u003Cli>Specify recipient email addresses\u003C\u002Fli>\n\u003Cli>determine if failed or success login attempt\u003C\u002Fli>\n\u003Cli>Limit login attempts before sending email\u003C\u002Fli>\n\u003Cli>Do not send email on Whitelisted ip addresses\u003C\u002Fli>\n\u003Cli>Ability provide or change the default sender address\u003C\u002Fli>\n\u003Cli>Ability to block IP addresses\u003C\u002Fli>\n\u003Cli>Determine the location where the IP is coming from\u003C\u002Fli>\n\u003Cli>open to suggestions\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will send an email whenever a someone tries to login via the WordPress login page.",2070,100,"2015-05-19T01:28:00.000Z","4.2.39","3.0.1",[20,52,22,23,24],"brute-force","http:\u002F\u002Fcazimiweb.com\u002Fplugin\u002Femail-login-attempts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-login-attempts.1.1.1.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":47,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":18,"download_link":74,"security_score":47,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"email-otp-login-with-default-login-form","Email OTP Login with default login form","1.0.3","Lalit Yadav","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebnotics\u002F","\u003Cp>This plugin enhances the default WordPress login security by adding a One-Time Password (OTP) verification step via email:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users log in with their regular email\u002Fusername and password.\u003C\u002Fli>\n\u003Cli>If credentials are valid, an OTP is generated and emailed to the user.\u003C\u002Fli>\n\u003Cli>A popup is shown on the same login page (\u003Ccode>wp-login.php\u003C\u002Fcode>) to enter the OTP.\u003C\u002Fli>\n\u003Cli>Once the correct OTP is entered, the user is logged in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To help you get started, there’s a comprehensive video tutorial available that guides you through the process of setting.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FAZ6w1lkltOI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Secure login via OTP sent to user’s email.\u003C\u002Fli>\n\u003Cli>Role-based OTP enforcement.\u003C\u002Fli>\n\u003Cli>Uses native wp-login.php form — no custom forms required.\u003C\u002Fli>\n\u003Cli>Session-based OTP handling for security.\u003C\u002Fli>\n\u003Cli>Expiring OTP (default: 40 seconds).\u003C\u002Fli>\n\u003Cli>No third-party dependencies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>If you find this plugin useful and want to support its development, you can make a donation via the following link:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdonate.stripe.com\u002F3cI5kE7sv6ex30s5LB5kk2x\" rel=\"nofollow ugc\">Donate Here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Your donation helps to ensure that this plugin remains free and receives regular updates!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The plugin development was supported by [webnotics], [sumitkamboj53]. Contributions and feedback are always welcome.\u003C\u002Fp>\n\u003Ch3>Documentation and Support\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwebnotics.org\u002Femail-otp-login-with-default-login-form\u002F\" title=\"documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\nFor detailed documentation, visit https:\u002F\u002Fwebnotics.org\u002Femail-otp-login-with-default-login-form\u002F\u003Cbr \u002F>\nFor support, please contact us at \u003Ca href=\"mailto:support@webnotics.solutions\" rel=\"nofollow ugc\">support@webnotics.solutions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Adds email OTP (One-Time Password) verification after valid login credentials on the default wp-login.php form for added security.",40,683,6,"2025-08-05T04:08:00.000Z","6.8.5","5.0","7.2",[71,23,72,24,73],"email-verification","otp","two-factor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-otp-login-with-default-login-form.1.0.3.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":34,"downloaded":83,"rating":84,"num_ratings":33,"last_updated":85,"tested_up_to":67,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":18,"download_link":90,"security_score":47,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"email-otp-login","Email OTP Login","1.0.0","Tushar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fricheal\u002F","\u003Cp>Email OTP Login adds an additional layer of security to your WordPress site by requiring users to verify an OTP sent to their email after entering their username and password. This ensures that only users with access to the registered email can log in.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email OTP verification during \u003Cstrong>login\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>OTP expires in 5 minutes (configurable).\u003C\u002Fli>\n\u003Cli>OTP stored securely using WordPress password hashing.\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login form.\u003C\u002Fli>\n\u003Cli>Uses WordPress built-in \u003Ccode>wp_mail()\u003C\u002Fcode> function (works with SMTP plugins).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin does \u003Cstrong>not modify WordPress core files\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 or later.\u003C\u002Fp>\n\u003Cp>This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Adds OTP (One-Time Password) verification after login for enhanced security in WordPress. OTP is sent to the user's email.",403,60,"2025-08-29T18:30:00.000Z","6.3","7.4",[71,23,72,24,89],"two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-otp-login.1.0.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":28,"num_ratings":28,"last_updated":100,"tested_up_to":101,"requires_at_least":50,"requires_php":18,"tags":102,"homepage":104,"download_link":105,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"second-factor","Second Factor","1.0","apokalyptik","https:\u002F\u002Fprofiles.wordpress.org\u002Fapokalyptik\u002F","\u003Cp>This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication.  The process goes like this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>A user logs into your blog.\n\u003Cul>\n\u003Cli>Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The user gets the email with the code.\u003C\u002Fli>\n\u003Cli>The user then enters the code at the page which is now presented to them when they are trying to access your blog\n\u003Cul>\n\u003Cli>Behind the scenes the token is checked for validity, and a cookie is added to the users session.  They are now allowed access to your blog.  If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Require secondary authentication for registered user access",1996,"2010-11-18T22:29:00.000Z","3.1.4",[103],"authentication-security-email-login-notification-factor","http:\u002F\u002Fwordpress.org\u002F#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecond-factor.1.0.zip",{"slug":107,"name":108,"version":58,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":28,"downloaded":113,"rating":28,"num_ratings":28,"last_updated":114,"tested_up_to":67,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":117,"download_link":118,"security_score":47,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"email-tfa","Email TFA","Justin Norton","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignerbydesign\u002F","\u003Cp>The Email Two-Factor Authentication Plugin enhances the security of your WordPress site by adding an extra level of protection. In addition to your standard username and password, this plugin generates a unique, time-sensitive code delivered via email to give you two-factor authentication.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Upon enabling the plugin, when users attempt to sign in to your WordPress site, they will be prompted to enter a verification code that gets send to their associated email inbox.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For more information and support with your WordPress installation then please visit my \u003Ca href=\"https:\u002F\u002Fwww.jnorton.co.uk\" rel=\"nofollow ugc\">website\u003C\u002Fa>.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.jnorton.co.uk\u002Fwordpress-email-two-factor-authentication\" rel=\"nofollow ugc\">Full documentation\u003C\u002Fa> is also available that explains in detail the various configuration option available in Email TFA.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of Email Two-Factor Authentication.\u003Cbr \u002F>\nEmail Two-Factor Authentication is licensed under GPL v3.0 or later.\u003C\u002Fp>\n","Add an extra layer of security via two-factor authentication with email for WordPress logins.",406,"2025-05-27T14:30:00.000Z","6.0.0",[22,23,24,89],"https:\u002F\u002Fjnorton.co.uk\u002Fwordpress-email-two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-tfa.1.0.3.zip",{"attackSurface":120,"codeSignals":141,"taintFlows":148,"riskAssessment":149,"analyzedAt":152},{"hooks":121,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":140,"entryPointCount":28,"unprotectedCount":28},[122,128,133],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","login_enqueue_scripts","my_login_alerts","login-alerts.php",52,{"type":129,"name":130,"callback":131,"file":126,"line":132},"filter","login_headerurl","my_login_alerts_url",58,{"type":129,"name":134,"callback":135,"file":126,"line":136},"login_headertitle","my_login_alerts_url_title",63,[],[],[],[],{"dangerousFunctions":142,"sqlUsage":143,"outputEscaping":145,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":147},[],{"prepared":28,"raw":28,"locations":144},[],{"escaped":28,"rawEcho":28,"locations":146},[],[],[],{"summary":150,"deductions":151},"Based on the static analysis, the \"wp-login-alerts\" plugin v2013-05-30.10 exhibits an excellent security posture. The code analysis reveals no identifiable attack surface, meaning there are no AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. Furthermore, the plugin demonstrates strong coding practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and properly escaping all output. File operations and external HTTP requests are also absent, further reducing the potential for vulnerabilities. The lack of taint analysis findings reinforces this, indicating no identified flows with unsanitized paths.\n\nThe plugin's vulnerability history is equally impressive, with zero recorded CVEs. This suggests a history of robust security and a lack of common or persistent vulnerabilities. The absence of any past vulnerabilities, regardless of severity, is a strong indicator of a well-developed and secure plugin.\n\nIn conclusion, the \"wp-login-alerts\" plugin v2013-05-30.10 appears to be highly secure based on the provided data. Its lack of attack surface, adherence to secure coding principles, and spotless vulnerability history make it a trustworthy option. There are no apparent security concerns or areas for deduction based on the evidence presented.",[],"2026-03-16T23:53:00.088Z",{"wat":154,"direct":159},{"assetPaths":155,"generatorPatterns":156,"scriptPaths":157,"versionParams":158},[],[],[],[],{"cssClasses":160,"htmlComments":161,"htmlAttributes":162,"restEndpoints":163,"jsGlobals":164,"shortcodeOutput":165},[],[],[],[],[],[]]