[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQAssDVD4A5nZ9Z2zF7Qf7YjbnACTUYjk7suQSTgONQ0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":157,"fingerprints":430},"wp-login-attempts","WP Login Attempts","5.5","Galaxy Weblinks","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxyweblinks\u002F","\u003Cp>WP login attempts is a security plugin which can add Google reCAPTCHA to the WordPress login page, and protect the site from brute force attacks. Brute Force Attack tries usernames and passwords over and over again, until it gets in. WP Login Attempts limit rate of login attempts and blocks IP temporarily. It detects bots by captcha verification.\u003C\u002Fp>\n\u003Cp>This plugin supports Google reCAPTCHA Version 2 and Version 3. Also, you can monitor failed login attempts and error logs.\u003C\u002Fp>\n\u003Cp>WP login attempts plugin gives you the ability to change the URL of the login page to anything you want. This plugin restricts access to the wp-admin and wp-login.php page, so you can bookmark or remember the URL for future. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>WP login attempts is a very lightweight plugin that lets you customize your WordPress admin login page easily and safely. This plugin allows you to change the background colour, background image, custom logo, logo Link, hide your password on the form and many more features through custom CSS.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cp>Allows the maximum number of attempts to the login page\u003Cbr \u002F>\nNotify the user about remaining retries or lockout time on the login page\u003Cbr \u002F>\nMonitor error Logs and email notifications\u003Cbr \u002F>\nDisable the limit login feature without disabling the plugin\u003Cbr \u002F>\nGoogle reCAPTCHA v2\u003Cbr \u002F>\nGoogle reCAPTCHA v3\u003Cbr \u002F>\nHides wp-login.php, wp-admin directory and blocks access\u003Cbr \u002F>\nAllows you to rename login URL\u003Cbr \u002F>\nCustom Logo in the login form\u003Cbr \u002F>\nBackground Color and Background image on the login form page\u003C\u002Fp>\n\u003Cp>Here’s a link to the documentation for the plugin. This will help you learn more about its features and how to use it.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fwp-plugins\u002Fwp-login-attempts\u002Fdoc\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\nFor any feedback or queries regarding this plugin, please contact our \u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Support team\u003C\u002Fa>.\u003C\u002Fp>\n","WP login attempts is a very lightweight plugin that lets you customize your WordPress admin login page easily and safely.",300,5124,80,4,"2025-04-30T07:49:00.000Z","6.8.5","4.5","7.4",[20,21,22,23,24],"login-attempts","login-authentication","login-limit","login-link","login-recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-attempts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-login-attempts.5.5.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"galaxyweblinks",40,24800,97,310,77,"2026-04-04T10:46:05.958Z",[41,67,90,112,135],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":56,"tags":57,"homepage":62,"download_link":63,"security_score":64,"vuln_count":65,"unpatched_count":28,"last_vuln_date":66,"fetched_at":30},"advanced-google-recaptcha","Advanced Google reCAPTCHA","1.31","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwpcaptcha.com\u002F\" rel=\"nofollow ugc\">Advanced Google reCAPTCHA\u003C\u002Fa> protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.\u003C\u002Fp>\n\u003Cp>Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.\u003C\u002Fp>\n\u003Cp>reCaptcha works for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Login Form\u003C\u002Fli>\n\u003Cli>Registration Form\u003C\u002Fli>\n\u003Cli>Reset Password Form\u003C\u002Fli>\n\u003Cli>Comment Form\u003C\u002Fli>\n\u003Cli>BuddyPress Form\u003C\u002Fli>\n\u003Cli>WooCommerce Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Login Form\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads (EDD) Registration Form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Captcha uses these 3rd party libs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chart.js, 2017 Nick Downie, MIT\u003C\u002Fli>\n\u003Cli>DataTables, 2008-2017 SpryMedia Ltd, MIT\u003C\u002Fli>\n\u003Cli>moment.js, Tim Wood, Iskren Chernev, MIT\u003C\u002Fli>\n\u003Cli>SweetAlert 2, github.com\u002FSweetalert2\u002FSweetalert2, MIT\u003C\u002Fli>\n\u003Cli>tooltipster, www.heteroclito.fr\u002Fmodules\u002Ftooltipster\u002F, MIT\u003C\u002Fli>\n\u003C\u002Ful>\n","Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.",200000,2435450,96,428,"2025-12-02T20:29:00.000Z","6.9.4","4.9","5.2",[58,59,60,24,61],"captcha","comment-recaptcha","google-recaptcha","recaptcha","https:\u002F\u002Fgetwpcaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-google-recaptcha.1.31.zip",98,3,"2025-03-27 19:32:14",{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":54,"requires_at_least":80,"requires_php":18,"tags":81,"homepage":87,"download_link":88,"security_score":64,"vuln_count":65,"unpatched_count":28,"last_vuln_date":89,"fetched_at":30},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,90,368,"2026-03-11T17:54:00.000Z","5.6",[82,83,84,85,86],"antispam","brute-force-protection","limit-login-attempts","security","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip","2024-07-11 00:00:00",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":54,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":109,"download_link":110,"security_score":51,"vuln_count":65,"unpatched_count":28,"last_vuln_date":111,"fetched_at":30},"inactive-logout","Inactive Logout","3.6.1","Deepen Bajracharya","https:\u002F\u002Fprofiles.wordpress.org\u002Fj_3rk\u002F","\u003Cp>Protect your WordPress users’ sessions from prying eyes and snoopers!\u003C\u002Fp>\n\u003Cp>The Inactive Logout plugin automatically terminates idle user sessions, safeguarding your site if users leave their sessions unattended.\u003C\u002Fp>\n\u003Cp>A simple plugin which is easy to configure and use. After installing and activating it, just set the idle timeout from the plugin settings. From then on, any unattended idle WordPress sessions will be automatically terminated. You can also display a custom message to users, warning them that their session is about to end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it out ==> \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Finactive-logout\u002F\" title=\"Demo Link\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES:\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change idle timeout time.\u003C\u002Fli>\n\u003Cli>Count down of 10 seconds before actual logout. You can remove this feature if you dont want it.\u003C\u002Fli>\n\u003Cli>Add only \u003Cstrong>Wake Up!\u003C\u002Fstrong> message where user will not logout but instead a wakeup message will be shown upon inactive.\u003C\u002Fli>\n\u003Cli>Custom Popup Message.\u003C\u002Fli>\n\u003Cli>Show idle message for non authenticated users or redirect them.\u003C\u002Fli>\n\u003Cli>Concurrent user logouts.\u003C\u002Fli>\n\u003Cli>Toast notification on Logout.\u003C\u002Fli>\n\u003Cli>Redirect to a Different Page instead of Popup box. Create a page such as timeout page and add your content there by creating a blank template or style it as you wish according to your theme.\u003C\u002Fli>\n\u003Cli>Multiple User Role Configurations for individual timeout and session logout redirects.\u003C\u002Fli>\n\u003Cli>Logout to custom page or existing page.\u003C\u002Fli>\n\u003Cli>Clean UI\u003C\u002Fli>\n\u003Cli>WooCommerce Supported.\u003C\u002Fli>\n\u003Cli>Multisite Support: Override all sites with one setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>EXTEND OTHER FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Few of the key features to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002Fpricing\u002F\" title=\"Inactive Logout Pro\" rel=\"nofollow ugc\">Inactive Logout Pro\u003C\u002Fa>\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto browser close logout after defined duration.\u003C\u002Fli>\n\u003Cli>Fully functional multi-tab support.\u003C\u002Fli>\n\u003Cli>User Based Logout\u003C\u002Fli>\n\u003Cli>Track Visitors based on \u003Cstrong>(Login time, logout time, browser, online status, session duration, role, os, IP)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Force Logout All Users\u003C\u002Fli>\n\u003Cli>Logout Specific User(s)\u003C\u002Fli>\n\u003Cli>Bulk Logout Users\u003C\u002Fli>\n\u003Cli>Concurrent Login Limits.\u003C\u002Fli>\n\u003Cli>Last Login Activity\u003C\u002Fli>\n\u003Cli>Override Multiple Login priority\u003C\u002Fli>\n\u003Cli>User Lock whenever certain limit login has been reached.\u003C\u002Fli>\n\u003Cli>Track user login sessions.\u003C\u002Fli>\n\u003Cli>Logout redirects.\u003C\u002Fli>\n\u003Cli>Login redirects.\u003C\u002Fli>\n\u003Cli>Email notification and email template overrides for Locked concurrent session.\u003C\u002Fli>\n\u003Cli>Disable inactive logout for specified pages according to your need. Check this \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftechies23\u002F6d2852eedd6ae56c486056e021e4ee48\" title=\"documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong> for additional post type support.\u003C\u002Fli>\n\u003Cli>Disable native wordpress login popup after logout\u003C\u002Fli>\n\u003Cli>Modal Customizer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>**See the \u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002F\" title=\"Inactive Logout\" rel=\"nofollow ugc\">Inactive Logout\u003C\u002Fa> homepage for further information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please consider giving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finactive-logout\u002Freviews\u002F#new-post\" title=\"5 star thumbs up\" rel=\"ugc\">5 star thumbs up\u003C\u002Fa> if you found this useful.\u003C\u002Fstrong>\u003C\u002Fp>\n","Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.",20000,656143,94,106,"2025-12-09T05:09:00.000Z","6.6",[105,106,107,85,108],"concurrent-login-limit","idle-logout","logout","user-redirection","https:\u002F\u002Finactive-logout.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finactive-logout.3.6.1.zip","2025-10-31 13:27:51",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":13,"num_ratings":122,"last_updated":123,"tested_up_to":54,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":131,"download_link":132,"security_score":64,"vuln_count":133,"unpatched_count":28,"last_vuln_date":134,"fetched_at":30},"fluent-security","FluentAuth – The Ultimate Authorization & Security Plugin for WordPress","2.1.1","Shahjahan Jewel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftechjewel\u002F","\u003Cp>Boost Your Website’s Security with Login\u002FSignup Security, Two-Factor Email Authentication, Login\u002FLogout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the lightest and blazing fast security plugin for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlighted Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two-Factor Authentication for Login\u003C\u002Fli>\n\u003Cli>Magic Login via Email\u003C\u002Fli>\n\u003Cli>Social Login \u002F Register\u003C\u002Fli>\n\u003Cli>Limit Login Attempts\u003C\u002Fli>\n\u003Cli>Dynamic Login Redirects\u003C\u002Fli>\n\u003Cli>Detailed Audit Logs\u003C\u002Fli>\n\u003Cli>Core Security Enhancement\u003C\u002Fli>\n\u003Cli>Security Email Notifications\u003C\u002Fli>\n\u003Cli>Super Fast Solution\u003C\u002Fli>\n\u003Cli>Restrict \u002Fwp-admin for low level user roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What’s new in version 2.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FP_vREW7s2B4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5t_8rvtrkk4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>🚀 Two-Factor Authentication for Login\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator \u002F Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Magic Login via Email\u003C\u002Fstrong>\u003Cbr \u002F>\nSimplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Social Login \u002F Register\u003C\u002Fstrong>\u003Cbr \u002F>\nAllow users to log in to your site with their GitHub, Facebook or Google accounts. This feature is lightweight and easy to enable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Limit Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Dynamic Login Redirects\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Detailed Audit Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Core Security Enhancement\u003C\u002Fstrong>\u003Cbr \u002F>\nXML-RPC is a common target for WordPress attacks, but most sites don’t actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Security Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nAs a business owner, it’s important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Super Fast Solution\u003C\u002Fstrong>\u003Cbr \u002F>\nWe’ve built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don’t interfere with your default WordPress database tables.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Restrict \u002Fwp-admin for low level user roles\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you want to restrict \u002Fwp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict \u002Fwp-admin access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Customize WordPress Signup Emails\u003C\u002Fstrong>\u003Cbr \u002F>\nCustomize the WordPress default signup emails with your own branding and content. This feature allows you to create a more personalized experience for your users, enhancing their engagement with your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Custom Login\u002FSignup Shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate custom login and signup forms using shortcodes. This feature allows you to easily integrate login and signup forms into your pages or posts, providing a seamless user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Disable Admin Email Notifications on User Signup\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable the default WordPress admin email notifications that are sent when a new user signs up. This feature helps you manage your email notifications more effectively, reducing clutter in your inbox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Scan WordPress Core File Changes\u003C\u002Fstrong>\u003Cbr \u002F>\nFluentAuth includes a feature to scan WordPress core files for changes, helping you identify any unauthorized modifications. This is crucial for maintaining the integrity of your WordPress installation and ensuring that your site remains secure.\u003C\u002Fp>\n\u003Ch3>Why FluentAuth?\u003C\u002Fh3>\n\u003Cp>To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.\u003C\u002Fp>\n\u003Cp>Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.\u003C\u002Fp>\n\u003Cp>To Solve these issues, we decided to build FluentAuth and made it free.\u003C\u002Fp>\n\u003Ch3>Replace Multiple Plugins with FluentAuth\u003C\u002Fh3>\n\u003Cp>FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then you don’t need the following plugins\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Login Limit and ban brute force attacks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded\u003C\u002Fli>\n\u003Cli>WPS Limit Login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Login & Logout Redirections\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LoginWP (Formerly Peter’s Login Redirect)\u003C\u002Fli>\n\u003Cli>Sky Login Redirect\u003C\u002Fli>\n\u003Cli>WP Login and Logout Redirect\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>For Hide Admin Bar and Access Restriction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar Based on User Roles\u003C\u002Fli>\n\u003Cli>Auto Hide Admin Bar\u003C\u002Fli>\n\u003Cli>Hide Admin Bar from Non-Admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User Guides\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Getting Started with FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Flogin-redirects\u002F\" rel=\"nofollow ugc\">Login \u002F Logout Redirects\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fshortcodes\u002F\" rel=\"nofollow ugc\">Register\u002FLogin Shortcodes in FluentAuth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgithub-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffluentauth.com\u002Fdocs\u002Fgoogle-auth-connection\u002F\" rel=\"nofollow ugc\">Configure Login with Google\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins By The Same Team\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-cart\u002F\" rel=\"ugc\">FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-crm\u002F\" rel=\"ugc\">FluentCRM – Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentform\u002F\" rel=\"ugc\">Fluent Forms – Fastest WordPress Form Builder Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-tables\u002F\" rel=\"ugc\">Ninja Tables – Best WP DataTables Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-charts\u002F\" rel=\"ugc\">Ninja Charts – Best WP Charts Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-payment-form\u002F\" rel=\"ugc\">WPPayForm – Stripe Payments Plugin for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmautic-for-fluent-forms\u002F\" rel=\"ugc\">Mautic Integration For Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluentforms-pdf\u002F\" rel=\"ugc\">Fluent Forms PDF – PDF Entries for Fluent Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffluent-smtp\u002F\" rel=\"ugc\">FluentSMTP – WordPress Mail SMTP, SES, SendGrid, MailGun Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>CONTRIBUTE\u003C\u002Fh3>\n\u003Cp>If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPManageNinja\u002Ffluent-security\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enhance the Security and User Experience of Your Site with Login\u002FSignup Security, Two-Factor Email Authentication, Social Logins and more...",10000,92766,28,"2025-12-03T12:25:00.000Z","5.0","7.3",[22,127,128,129,130],"login-logs","login-redirects","social-logins","xml-rpc","https:\u002F\u002Ffluentauth.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffluent-security.2.1.1.zip",2,"2025-12-15 02:19:04",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":77,"num_ratings":145,"last_updated":146,"tested_up_to":16,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":148,"download_link":155,"security_score":64,"vuln_count":14,"unpatched_count":28,"last_vuln_date":156,"fetched_at":30},"dologin","DoLogin Security","4.3","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.\u003C\u002Fp>\n\u003Cp>Limit the number of login attempts through both the login and the auth cookies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Two-factor Authentication login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Text SMS message passcode for 2nd step verification support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cloudflare Turnstile (better than Google reCAPTCHA).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GeoLocation (Continent\u002FCountry\u002FCity) or IP range to limit login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Passwordless login link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Whitelist and Blacklist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Login supported.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>XMLRPC gateway protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : '';\u003C\u002Fcode> to generate one passwordless login link for the current user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note\u002Ftip for this generation', $user_id ) : '';\u003C\u002Fcode> to generate a passwordless login link for the user which ID is \u003Ccode>$user_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The generated one-time used link will be expired after 7 days.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define const \u003Ccode>SILENCE_INSTALL\u003C\u002Fcode> to avoid redirecting to setting page after installtion.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CLI\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>List all passwordless links: \u003Ccode>wp dologin list\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate a passwordless link for one username (for the login name \u003Ccode>root\u003C\u002Fcode>): \u003Ccode>wp dologin gen root\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete a passwordless link w\u002F the ID in list (for the record w\u002F ID 5): \u003Ccode>wp dologin del 5\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How GeoLocation works\u003C\u002Fh4>\n\u003Cp>When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist\u002Fblacklist to decide if allow login attempts.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The online IP lookup service is provided by https:\u002F\u002Fwww.doapi.us. The provider’s privacy policy is https:\u002F\u002Fwww.doapi.us\u002Fprivacy.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.\u003C\u002Fp>\n","Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent\u002FCountry\u002FCity)\u002FIP range to limit login attempts.",7000,162727,13,"2025-06-11T14:21:00.000Z","4.0","",[150,151,152,153,154],"2fa-login","cloudflare-turnstile-recaptcha","easy-login","geolocation-login-limit","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdologin.4.3.zip","2023-10-24 00:00:00",{"attackSurface":158,"codeSignals":280,"taintFlows":393,"riskAssessment":420,"analyzedAt":429},{"hooks":159,"ajaxHandlers":276,"restRoutes":277,"shortcodes":278,"cronEvents":279,"entryPointCount":28,"unprotectedCount":28},[160,166,172,175,177,179,184,188,192,196,200,204,209,213,217,221,225,227,230,233,237,240,244,248,251,255,259,263,267,272],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","login_form","wla_add_login_fields","wla-google-recaptcha-form.php",12,{"type":167,"name":168,"callback":169,"priority":170,"file":164,"line":171},"filter","wp_authenticate_user","wla_verify_recaptcha_on_login_page",10,69,{"type":167,"name":173,"callback":174,"file":164,"line":100},"login_errors","closure",{"type":167,"name":173,"callback":174,"file":164,"line":176},102,{"type":167,"name":173,"callback":174,"file":164,"line":178},113,{"type":161,"name":180,"callback":181,"file":182,"line":183},"activated_plugin","wla_register_activation_hook_after_activate","wp-login-attempts.php",39,{"type":161,"name":185,"callback":186,"file":182,"line":187},"login_enqueue_scripts","wla_lim_login_recaptcha_script",56,{"type":161,"name":189,"callback":190,"file":182,"line":191},"admin_enqueue_scripts","wla_lim_enqueue_script_style",68,{"type":161,"name":193,"callback":194,"file":182,"line":195},"login_head","wla_lim_logo_file_callback_fun",89,{"type":167,"name":197,"callback":198,"file":182,"line":199},"login_headerurl","wla_lim_logo_link_url",108,{"type":167,"name":201,"callback":202,"file":182,"line":203},"gettext","wla_remove_lostpassword_text",128,{"type":161,"name":205,"callback":206,"priority":207,"file":182,"line":208},"plugins_loaded","wla_wp_login_att_setup",99999,132,{"type":161,"name":210,"callback":211,"file":182,"line":212},"wp_login_failed","wla_login_attempt_failed",143,{"type":161,"name":214,"callback":215,"file":182,"line":216},"auth_cookie_bad_username","wla_login_attempt_failed_cookie",146,{"type":161,"name":218,"callback":219,"file":182,"line":220},"auth_cookie_bad_hash","wla_login_attempt_failed_cookie_hash",151,{"type":161,"name":222,"callback":223,"priority":170,"file":182,"line":224},"auth_cookie_valid","wla_lim_valid_cookie",152,{"type":161,"name":218,"callback":215,"file":182,"line":226},154,{"type":161,"name":193,"callback":228,"file":182,"line":229},"wla_login_attempt_add_err_mesgs",157,{"type":167,"name":168,"callback":231,"priority":207,"file":182,"line":232},"wla_login_attempt_authenticate_user",160,{"type":167,"name":234,"callback":235,"file":182,"line":236},"shake_error_codes","wla_login_attempt_failure_shake",161,{"type":161,"name":173,"callback":238,"file":182,"line":239},"wla_login_attempt_fixup_err_mesgs",162,{"type":161,"name":241,"callback":242,"file":182,"line":243},"admin_menu","wla_login_attempt_adminmenu",163,{"type":161,"name":245,"callback":246,"priority":170,"file":182,"line":247},"wp_authenticate","wla_login_attempt_track_user_credentials",164,{"type":161,"name":205,"callback":249,"file":182,"line":250},"wla_lim_load_plugin_hide_page",1105,{"type":161,"name":252,"callback":253,"file":182,"line":254},"wp_loaded","wla_lim_loaded_fun",1106,{"type":167,"name":256,"callback":257,"priority":170,"file":182,"line":258},"site_url","wla_lim_site_url",1107,{"type":167,"name":260,"callback":261,"priority":170,"file":182,"line":262},"wp_redirect","wla_lim_redirect",1108,{"type":161,"name":264,"callback":265,"file":182,"line":266},"template_redirect","wla_login_attempt_redirect_expdata",1110,{"type":161,"name":268,"callback":269,"priority":270,"file":182,"line":271},"setup_theme","wla_login_attempt_setuptheme",1,1111,{"type":167,"name":273,"callback":274,"priority":170,"file":182,"line":275},"plugin_row_meta","wla_add_custom_plugin_links",1318,[],[],[],[],{"dangerousFunctions":281,"sqlUsage":282,"outputEscaping":284,"fileOperations":28,"externalRequests":133,"nonceChecks":270,"capabilityChecks":270,"bundledLibraries":392},[],{"prepared":28,"raw":28,"locations":283},[],{"escaped":285,"rawEcho":286,"locations":287},36,62,[288,291,293,295,297,298,300,302,304,306,308,309,310,311,312,313,314,315,317,318,320,321,322,324,326,327,328,330,332,333,334,335,337,339,340,342,343,344,345,347,349,351,353,355,357,359,361,363,365,367,369,370,372,374,376,378,380,382,384,386,388,390],{"file":164,"line":289,"context":290},27,"raw output",{"file":164,"line":292,"context":290},30,{"file":164,"line":294,"context":290},42,{"file":296,"line":289,"context":290},"wla-settings-options.php",{"file":296,"line":122,"context":290},{"file":296,"line":299,"context":290},58,{"file":296,"line":301,"context":290},67,{"file":296,"line":303,"context":290},81,{"file":296,"line":305,"context":290},86,{"file":296,"line":307,"context":290},88,{"file":296,"line":307,"context":290},{"file":296,"line":195,"context":290},{"file":296,"line":195,"context":290},{"file":296,"line":77,"context":290},{"file":296,"line":77,"context":290},{"file":296,"line":77,"context":290},{"file":296,"line":77,"context":290},{"file":296,"line":316,"context":290},91,{"file":296,"line":316,"context":290},{"file":296,"line":319,"context":290},95,{"file":296,"line":36,"context":290},{"file":296,"line":27,"context":290},{"file":296,"line":323,"context":290},101,{"file":296,"line":325,"context":290},105,{"file":296,"line":101,"context":290},{"file":296,"line":199,"context":290},{"file":296,"line":329,"context":290},112,{"file":296,"line":331,"context":290},114,{"file":296,"line":331,"context":290},{"file":296,"line":331,"context":290},{"file":296,"line":331,"context":290},{"file":296,"line":336,"context":290},118,{"file":296,"line":338,"context":290},120,{"file":296,"line":338,"context":290},{"file":296,"line":341,"context":290},121,{"file":296,"line":341,"context":290},{"file":296,"line":341,"context":290},{"file":296,"line":341,"context":290},{"file":296,"line":346,"context":290},125,{"file":296,"line":348,"context":290},134,{"file":296,"line":350,"context":290},221,{"file":296,"line":352,"context":290},232,{"file":296,"line":354,"context":290},237,{"file":296,"line":356,"context":290},270,{"file":296,"line":358,"context":290},272,{"file":296,"line":360,"context":290},284,{"file":296,"line":362,"context":290},287,{"file":296,"line":364,"context":290},288,{"file":296,"line":366,"context":290},291,{"file":296,"line":368,"context":290},298,{"file":296,"line":11,"context":290},{"file":296,"line":371,"context":290},301,{"file":296,"line":373,"context":290},349,{"file":296,"line":375,"context":290},400,{"file":296,"line":377,"context":290},403,{"file":296,"line":379,"context":290},417,{"file":296,"line":381,"context":290},420,{"file":182,"line":383,"context":290},868,{"file":182,"line":385,"context":290},870,{"file":182,"line":387,"context":290},875,{"file":182,"line":389,"context":290},877,{"file":182,"line":391,"context":290},922,[],[394,412],{"entryPoint":395,"graph":396,"unsanitizedCount":133,"severity":411},"wla_verify_recaptcha_on_login_page (wla-google-recaptcha-form.php:71)",{"nodes":397,"edges":408},[398,403],{"id":399,"type":400,"label":401,"file":164,"line":402},"n0","source","$_POST['g-recaptcha-response'] (x2)",76,{"id":404,"type":405,"label":406,"file":164,"line":402,"wp_function":407},"n1","sink","wp_remote_get() [SSRF]","wp_remote_get",[409],{"from":399,"to":404,"sanitized":410},false,"medium",{"entryPoint":413,"graph":414,"unsanitizedCount":133,"severity":411},"\u003Cwla-google-recaptcha-form> (wla-google-recaptcha-form.php:0)",{"nodes":415,"edges":418},[416,417],{"id":399,"type":400,"label":401,"file":164,"line":402},{"id":404,"type":405,"label":406,"file":164,"line":402,"wp_function":407},[419],{"from":399,"to":404,"sanitized":410},{"summary":421,"deductions":422},"The 'wp-login-attempts' v5.5 plugin presents a generally strong security posture based on the provided static analysis.  It demonstrates good practices by having a zero attack surface with unprotected entry points and exclusively utilizing prepared statements for its SQL queries.  The absence of known vulnerabilities and CVEs further reinforces this positive outlook.\n\nHowever, a key area of concern lies in its output escaping. With 98 total outputs and only 37% properly escaped, there is a significant risk of cross-site scripting (XSS) vulnerabilities. While the taint analysis did not reveal critical or high severity flows, the presence of two flows with unsanitized paths indicates potential avenues for exploitation if a malicious input is not handled correctly, especially in conjunction with the poor output escaping.\n\nIn conclusion, while the plugin excels in preventing direct unauthorized access and database manipulation, the substantial number of unescaped outputs represents a notable weakness. The lack of vulnerability history is a positive sign, suggesting a history of secure development, but the output escaping issue demands attention to mitigate potential XSS risks.",[423,426],{"reason":424,"points":425},"Low percentage of properly escaped output",15,{"reason":427,"points":428},"Taint flows with unsanitized paths found",5,"2026-03-16T19:58:54.617Z",{"wat":431,"direct":442},{"assetPaths":432,"generatorPatterns":438,"scriptPaths":439,"versionParams":441},[433,434,435,436,437],"\u002Fwp-content\u002Fplugins\u002Fwp-login-attempts\u002Fincludes\u002Fjs\u002Fwla-custom-script.js","\u002Fwp-content\u002Fplugins\u002Fwp-login-attempts\u002Fincludes\u002Fjs\u002Fwla-setting-opt-tab.js","\u002Fwp-content\u002Fplugins\u002Fwp-login-attempts\u002Fincludes\u002Fjs\u002Fmedia-upload.js","\u002Fwp-content\u002Fplugins\u002Fwp-login-attempts\u002Fincludes\u002Fjs\u002Fcolor-picker.js","\u002Fwp-content\u002Fplugins\u002Fwp-login-attempts\u002Fincludes\u002Fcss\u002Fwla-settings-opts.css",[],[440],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[],{"cssClasses":443,"htmlComments":444,"htmlAttributes":445,"restEndpoints":446,"jsGlobals":447,"shortcodeOutput":448},[],[],[],[],[],[]]