[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fm3b3ANhMezjOXIBt6VjXTak5UCw5X9tNw_tI0KuJvgU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":139,"fingerprints":193},"wp-login-image-captcha","WP Login Image Captcha","1.2","hookandhook","https:\u002F\u002Fprofiles.wordpress.org\u002Fhookandhook\u002F","\u003Cp>Adds an image captcha and honeypot to wp-login.php.\u003C\u002Fp>\n\u003Ch4>Like what you see?\u003C\u002Fh4>\n\u003Cp>Please take the time to leave a review or check out one of our other plugins \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7-image-captcha\u002F\" rel=\"ugc\">Contact Form 7 Image CAPTCHA\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Go Pro!\u003C\u002Fh4>\n\u003Cp>Want more control?\u003Cbr \u002F>\nCheck out our \u003Ca href=\"http:\u002F\u002Fkccomputing.net\u002Fdownloads\u002Fwp-login-image-captcha-pro\u002F\" rel=\"nofollow ugc\">pro version\u003C\u002Fa> which gives you full control over the look and feel of the image captcha \u003Cstrong>AND\u003C\u002Fstrong> login screen!.\u003C\u002Fp>\n\u003Ch4>CAPTCHA CONTROL\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change the captcha message\u003C\u002Fli>\n\u003Cli>Change the box color and border\u003C\u002Fli>\n\u003Cli>Chnage font and icon color and size independently\u003C\u002Fli>\n\u003Cli>Change the selected icon appearance\u003C\u002Fli>\n\u003Cli>Change where the icons appear\u003C\u002Fli>\n\u003Cli>Change the box from full width to content width\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Screen Control\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change the logo\u003C\u002Fli>\n\u003Cli>Change the background color\u003C\u002Fli>\n\u003Cli>Add a background image\u003C\u002Fli>\n\u003Cli>Add a custom login message\u003C\u002Fli>\n\u003Cli>Change the link color\u003C\u002Fli>\n\u003Cli>Change the background color opacity\u003C\u002Fli>\n\u003Cli>Change the border styles\u003C\u002Fli>\n\u003Cli>Change font colors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fkccomputing.net\u002Fdownloads\u002Fwp-login-image-captcha-pro\u002F\" rel=\"nofollow ugc\">Go Pro!\u003C\u002Fa>\u003C\u002Fp>\n","Adds an image captcha and honeypot to the WordPress login page",300,3656,100,2,"2019-01-07T20:45:00.000Z","5.0.25","3.5","",[20,21,22],"brute-force","captcha","wordpress-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwplic-image-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-login-image-captcha.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},6,121300,94,478,75,"2026-04-04T01:08:17.800Z",[38,58,78,95,111],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":31,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"botblocker-security","BotBlocker Security – Firewall & Bot Protection","1.6.14","Yevhen Leonidov","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobusstudio\u002F","\u003Ch4>WordPress Security Plugin & Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Every day, automated bots and hackers bombard websites with attacks.\u003C\u002Fstrong> Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24\u002F7 threat to your business. If you’re looking for \u003Cstrong>WordPress site protection\u003C\u002Fstrong>, you need a proactive defense that stops these attacks before they reach your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker Security is the all-in-one solution to keep your site safe from automated threats.\u003C\u002Fstrong> This powerful \u003Cstrong>WordPress security plugin and Web Application Firewall (WAF)\u003C\u002Fstrong> acts as a dedicated \u003Cstrong>anti-bot\u003C\u002Fstrong> firewall, blocking malicious traffic at the front gate without slowing down your site.\u003C\u002Fp>\n\u003Cp>BotBlocker’s setup and onboarding experience allows anyone to secure their \u003Cstrong>WordPress site\u003C\u002Fstrong> in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right \u003Cstrong>site protection\u003C\u002Fstrong> settings to protect your website.\u003C\u002Fp>\n\u003Ch4>🔥 WordPress Firewall (WAF)\u003C\u002Fh4>\n\u003Cp>BotBlocker Security includes an endpoint \u003Cstrong>firewall\u002FWAF\u003C\u002Fstrong> that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BotBlocker intercepts bad traffic at the earliest stage\u003C\u002Fstrong> – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Firewall Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time firewall rule updates via the BotBlocker Threat Defense Feed\u003C\u002Fli>\n\u003Cli>Real-time IP Blocklist blocks all requests from the most malicious IPs\u003C\u002Fli>\n\u003Cli>Early-init protection – blocks threats before WordPress loads\u003C\u002Fli>\n\u003Cli>Cloud-based threat intelligence – cross-checks every visitor against global threat databases\u003C\u002Fli>\n\u003Cli>No visitor data collected – only technical request parameters analyzed (GDPR\u002FCCPA-compliant)\u003C\u002Fli>\n\u003Cli>Brute force protection with login attempt limits and multi-layer verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📡 WordPress Security Scanner & Site Protection\u003C\u002Fh4>\n\u003Cp>Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive \u003Cstrong>site protection\u003C\u002Fstrong> across all entry points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>XML-RPC and API Protection\u003C\u002Fstrong> – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Prevention\u003C\u002Fstrong> – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Access Protection\u003C\u002Fstrong> – theme and plugin files securely protected from unauthorized access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Analysis\u003C\u002Fstrong> – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Network & Protocol Control\u003C\u002Fstrong> – block obsolete HTTP\u002F1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Login Security & Bot Protection\u003C\u002Fh4>\n\u003Cp>All login attempts pass through multi-layer filtering and CAPTCHA verification:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-layer CAPTCHA Protection\u003C\u002Fstrong> – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2\u002Fv3\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Anti-bot Challenges\u003C\u002Fstrong> – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Ban System\u003C\u002Fstrong> – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Access Simplification\u003C\u002Fstrong> – special mechanism to ease site administrator login while maintaining security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC Control\u003C\u002Fstrong> – options including complete disabling\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two-Factor Authentication Support\u003C\u002Fstrong> – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🛠️ Security Tools\u003C\u002Fh4>\n\u003Cp>Comprehensive tools to block attackers and monitor your site in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Blocking Rules\u003C\u002Fstrong> – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP-PTR-Host Mismatch Detection\u003C\u002Fstrong> – automatically detect and block fake crawlers (e.g., fake Googlebots)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist & Whitelist Management\u003C\u002Fstrong> – instantly allow or block any IP, ASN, range, or User-Agent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Traffic Monitoring\u003C\u002Fstrong> – see all traffic in real-time: robots, humans, 404 errors, logins\u002Flogouts, file requests, and content consumption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server IP Identification\u003C\u002Fstrong> – prevent lockouts by automatically identifying and protecting server IPs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visual Dashboard\u003C\u002Fstrong> – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs\u002Fcountries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Security Log\u003C\u002Fstrong> – every event logged with IP address, user agent, country, and blocking reason\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Login URL\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⚡ Performance & Integration\u003C\u002Fh4>\n\u003Cp>BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight & Fast\u003C\u002Fstrong> – negligible overhead in normal conditions. Reduces database and server load during attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in Caching\u003C\u002Fstrong> – Redis and Memcached support for high-traffic environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Plugin Compatibility\u003C\u002Fstrong> – automatic \u003Ccode>DONOTCACHEPAGE\u003C\u002Fcode> + \u003Ccode>Cache-Control: no-store\u003C\u002Fcode> on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see \u003Ccode>docs\u002FCACHE-COMPATIBILITY.md\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Protection Compatibility\u003C\u002Fstrong> – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See \u003Ccode>docs\u002FDDOS-COMPATIBILITY.md\u003C\u002Fcode> for advanced configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Compatibility\u003C\u002Fstrong> – works with Cloudflare, CDN services, caching plugins, and optimizers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full IPv6 Support\u003C\u002Fstrong> – all security functions work with both IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Optimization\u003C\u002Fstrong> \u003Cem>(Premium Addon)\u003C\u002Fem> – additional performance enhancements for high-traffic sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>👤 Easy Setup & User-Friendly Interface\u003C\u002Fh4>\n\u003Cp>You don’t have to be a security expert to use BotBlocker:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Quick Installation Wizard\u003C\u002Fstrong> – step-by-step setup guide for configuration in under 1 minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intuitive Admin Panel\u003C\u002Fstrong> – organized settings with clear descriptions and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual\u003C\u002Fstrong> – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – built following WordPress best practices, tested with recent WP versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Adjustable Logging\u003C\u002Fstrong> – configurable retention periods with time zone awareness and daylight saving support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security first – BotBlocker’s on guard!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Detection & Analysis\u003C\u002Fh4>\n\u003Cp>BotBlocker employs advanced multi-layer detection to identify and block threats:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detection Mechanisms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local and cloud signature databases with real-time updates\u003C\u002Fli>\n\u003Cli>IP reputation and blacklist checks with global threat intelligence\u003C\u002Fli>\n\u003Cli>DNS-based and PTR lookups to detect fake crawlers\u003C\u002Fli>\n\u003Cli>Heuristic and behavioral analysis for suspicious patterns\u003C\u002Fli>\n\u003Cli>Browser fingerprint and feature mismatch detection\u003C\u002Fli>\n\u003Cli>Header and protocol validation\u003C\u002Fli>\n\u003Cli>JavaScript challenge and capability verification\u003C\u002Fli>\n\u003Cli>Multi-layered CAPTCHA verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Comprehensive Request Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network & IP:\u003C\u002Fstrong> Full IPv4\u002FIPv6 support, blacklist\u002Fwhitelist, country\u002FGeoIP, ASN, hosting\u002FVPN detection, TOR detection, PTR\u002FDNSBL checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser & Client:\u003C\u002Fstrong> User-Agent validation, browser\u002FOS\u002Fdevice detection, fingerprint analysis, headless browser detection, JavaScript\u002Fcookie support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headers & Protocol:\u003C\u002Fstrong> Accept-Language, Referer validation, HTTP version control, Cloudflare\u002Fproxy detection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Fingerprinting:\u003C\u002Fstrong> Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CAPTCHA Modes\u003C\u002Fh4>\n\u003Cp>Choose from various CAPTCHA types to protect your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Button\u003C\u002Fstrong> – one-click verification for quick validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong> – standard image\u002Fcheckbox challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v3\u003C\u002Fstrong> – invisible background scoring\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Color CAPTCHA\u003C\u002Fstrong> – select colored buttons challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Digits CAPTCHA\u003C\u002Fstrong> – floating math challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Images CAPTCHA\u003C\u002Fstrong> – animal image selection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BotBlocker Shapes CAPTCHA\u003C\u002Fstrong> – floating shapes challenge\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid Mode\u003C\u002Fstrong> – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Capabilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Early-init & MU plugin support\u003C\u002Fli>\n\u003Cli>Real-time cloud threat checks\u003C\u002Fli>\n\u003Cli>Dynamic and graphical anti-bot challenges\u003C\u002Fli>\n\u003Cli>Automatic logging with adjustable retention\u003C\u002Fli>\n\u003Cli>Session tracking and verification\u003C\u002Fli>\n\u003Cli>No visitor data collected — GDPR\u002FCCPA-compliant (see FAQ for admin notification details)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BotBlocker Security does \u003Cstrong>not\u003C\u002Fstrong> collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.\u003C\u002Fp>\n\u003Ch3>Support and Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Product site: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fproducts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Documentation: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contact\u002Fsupport: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcontacts\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Community: \u003Ca href=\"https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbotblocker.top\u002Fcommunity\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.\u003C\u002Fp>\n\u003Ch3>Credits & Authors\u003C\u002Fh3>\n\u003Cp>BotBlocker Security is developed and maintained by GLOBUS.studio.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Concept, architecture & code – Yevhen Leonidov: \u003Ca href=\"https:\u002F\u002Fleonidov.dev\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fleonidov.dev\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Code, code review – Andrii Lukashevych\u003C\u002Fli>\n\u003Cli>Code, translations – Aleksandr Kinakh\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>BotBlocker Security – The first line of defense for your WordPress site.\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.",2000,3799,"2026-03-10T18:22:00.000Z","6.9.4","5.0","7.4",[53,20,21,54,55],"anti-spam","firewall","security","https:\u002F\u002Fbotblocker.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbotblocker-security.1.6.14.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":49,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":18,"download_link":77,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"kaya-login-captcha","Kaya Login Captcha","1.0.2","Kaya Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fkayastudio\u002F","\u003Cp>\u003Cstrong>Why use “Kaya Login Captcha”?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin Adds a simple captcha on login form, register form and lost-password form.\u003C\u002Fp>\n\u003Cp>Easy install and use, captcha settings are fully customizable and you can choose the forms on which to display it. The blocked request HTTP status can be customized and the XML-RPC feature can be disabled.\u003C\u002Fp>\n\u003Cp>Captcha statistics are also available on the settings page, with the count of passed and blocked requests sorted by year and month.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Captcha available on the login form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the lost-password form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Captcha available on the register form (Dashboard and WooCommerce).\u003C\u002Fli>\n\u003Cli>Editable Captcha code length.\u003C\u002Fli>\n\u003Cli>Editable Captcha code format: numeric, alphabetic or alphanumeric.\u003C\u002Fli>\n\u003Cli>Random lines available in the background of the Captcha.\u003C\u002Fli>\n\u003Cli>Editable blocked request HTTP status.\u003C\u002Fli>\n\u003Cli>XML-RPC WordPress API deactivatable.\u003C\u002Fli>\n\u003Cli>Captcha statistics of passed and blocked requests sorted by year and month.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite and WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>“Kaya Login Captcha” is a professional login captcha system with fully customizable settings.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and does not connect to any third-party applications. This plugin only generate a captcha code to verify human action for selected forms on your settings.\u003C\u002Fp>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English.\u003C\u002Fli>\n\u003Cli>French.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>Any suggestions or feedback is welcome, thank you for using or trying one of my plugins. Please take the time to let me know about your experiences and rate this plugin.\u003C\u002Fp>\n","Adds a simple captcha on login form, register form and lost-password form.",200,2708,1,"2025-12-03T10:41:00.000Z","4.6.0","5.3",[73,21,74,75,76],"brute-force-protection","login","login-security","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkaya-login-captcha.1.0.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":88,"last_updated":89,"tested_up_to":49,"requires_at_least":90,"requires_php":51,"tags":91,"homepage":18,"download_link":94,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"webart-login-shield-recaptcha","Web-Art Login Shield with reCAPTCHA","1.1.0","WEB-ART Creative Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebartdesigning\u002F","\u003Cp>Web-Art Login Shield with reCAPTCHA is a focused security plugin that protects WordPress authentication, Elementor Login widgets and Elementor Forms against automated attacks.\u003C\u002Fp>\n\u003Cp>It strengthens wp-login.php, Elementor Login and Elementor Forms by integrating Google reCAPTCHA v2 verification and optional IP-based rate limiting, without replacing or modifying WordPress core authentication logic.\u003C\u002Fp>\n\u003Cp>The plugin is intentionally lightweight and transparent:\u003Cbr \u002F>\n– no ads\u003Cbr \u002F>\n– no telemetry or analytics sent to the author\u003Cbr \u002F>\n– no third-party dashboards provided by the plugin\u003Cbr \u002F>\n– no all-in-one security suite overhead\u003C\u002Fp>\n\u003Cp>All login protection modules (reCAPTCHA, Login Protect, Advanced login URL) are opt-in and disabled by default.\u003C\u002Fp>\n\u003Cp>Additionally, the plugin can apply a small XML-RPC hardening rule-set (disables a few high-risk XML-RPC methods) to reduce common abuse vectors. This does not disable XML-RPC completely. XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled.\u003C\u002Fp>\n\u003Cp>Each module (reCAPTCHA, Login Protect, Advanced login URL) can be enabled independently. Elementor reCAPTCHA options require reCAPTCHA to be configured and verified.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>reCAPTCHA v2 integration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA v2 checkbox for wp-login.php (when enabled and IP is not allowlisted)\u003C\u002Fli>\n\u003Cli>server-side token verification for WordPress login and Elementor Forms validation\u003C\u002Fli>\n\u003Cli>reCAPTCHA must be verified before enabling protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Elementor reCAPTCHA options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>automatic frontend injection for Elementor Login widgets (when enabled)\u003C\u002Fli>\n\u003Cli>optional frontend injection for Elementor Forms (Elementor Pro) (when enabled)\u003C\u002Fli>\n\u003Cli>Custom Alignment: Ability to set Left, Center, or Right alignment for reCAPTCHA in both Elementor Login and Elementor Forms directly from plugin settings.\u003C\u002Fli>\n\u003Cli>Elementor frontend scripts inject reCAPTCHA only when they detect relevant widgets\u002Fforms in the DOM (supports dynamically loaded content, popups, AJAX, etc.)\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA scripts are not loaded for allowlisted IPs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Whitelist IPs (reCAPTCHA)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA IP allowlist (allowlisted IPs bypass reCAPTCHA checks on wp-login.php, Elementor Login and Elementor Forms; Login Protect may still apply)\u003C\u002Fli>\n\u003Cli>reCAPTCHA allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Login Protect (IP-based lockouts)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>failed login attempt counting per IP address\u003C\u002Fli>\n\u003Cli>timed lockouts after a configurable threshold\u003C\u002Fli>\n\u003Cli>blocked IP list (lockouts expire automatically after the configured lockout time)\u003C\u002Fli>\n\u003Cli>recent security event log (stored locally)\u003C\u002Fli>\n\u003Cli>wp-login.php lockout UX: countdown notice and temporary submit blocking during an active lockout\u003C\u002Fli>\n\u003Cli>Login Protect is independent of reCAPTCHA (can be enabled and used without reCAPTCHA enabled)\u003C\u002Fli>\n\u003Cli>three practical protection modes:\n\u003Cul>\n\u003Cli>MODE 1 – reCAPTCHA only\u003C\u002Fli>\n\u003Cli>MODE 2 – reCAPTCHA + Login Protect\u003C\u002Fli>\n\u003Cli>MODE 3 – Login Protect only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Trusted IPs (Login Protect)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>separate allowlists for reCAPTCHA and Login Protect (exact IP match only)\u003C\u002Fli>\n\u003Cli>Login Protect allowlist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API and XML-RPC protection (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optional protection for authentication attempts via XML-RPC and REST API (applies only when the corresponding checkbox is enabled; Login Protect must be enabled)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC hardening (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>optionally disables a small set of high-risk XML-RPC methods commonly abused by attackers:\n\u003Cul>\n\u003Cli>pingback.ping\u003C\u002Fli>\n\u003Cli>pingback.extensions.getPingbacks\u003C\u002Fli>\n\u003Cli>system.multicall\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>XML-RPC hardening is applied only when Login Protect is enabled and “Protect XML-RPC logins” is enabled\u003Cbr \u002F>\nThis reduces abuse without disabling XML-RPC entirely.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced login URL (optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables Advanced login behavior\u003C\u002Fli>\n\u003Cli>custom login endpoint (rewrites requests to the standard WordPress login handler without altering core authentication logic)\u003C\u002Fli>\n\u003Cli>when Advanced is enabled, wp-login.php and wp-admin are protected for non-authenticated visitors\u003C\u002Fli>\n\u003Cli>protection behavior is configured via two required fields:\n\u003Cul>\n\u003Cli>Custom login URL slug (example: “secure-login-1234”)\u003C\u002Fli>\n\u003Cli>Default redirect slug (recommended: “404” to display the active theme’s 404 page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>both fields are required when Advanced is enabled (saving is blocked if any field is empty)\u003C\u002Fli>\n\u003Cli>if fields are empty when enabling Advanced, the plugin auto-generates a secure random login slug and sets the redirect slug to the recommended default\u003C\u002Fli>\n\u003Cli>protection applies only to non-authenticated users (logged-in users can still access wp-admin and wp-login.php)\u003C\u002Fli>\n\u003Cli>safe fallback handling to avoid logout loops (wp-login.php?action=logout remains accessible)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>IP Blocking (Site-wide)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>single toggle enables site-wide IP blocking\u003C\u002Fli>\n\u003Cli>permanently blocks selected IP addresses from accessing the entire site (returns HTTP 403)\u003C\u002Fli>\n\u003Cli>blocklist accepts one entry per line (exact IP match only)\u003C\u002Fli>\n\u003Cli>optional note format supported: IP | reason (reason is ignored for matching)\u003C\u002Fli>\n\u003Cli>recommended use cases: persistent abuse, scraping, hostile bots, repeated attacks not covered by login-only protection\u003C\u002Fli>\n\u003Cli>warning: do not add your own IP address unless you have alternative access (hosting panel \u002F WP-CLI \u002F database access) to remove the entry\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Design Principles\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Fail-closed security model (scoped)\u003Cbr \u002F>\nIf reCAPTCHA verification cannot be completed and reCAPTCHA protection is enabled for the given login or form, the request is rejected to reduce the risk of automated bypass.\u003Cbr \u002F>\nAdministrators can always regain access by disabling the feature in plugin settings or by deactivating the plugin via hosting or FTP.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Non-intrusive defaults\u003Cbr \u002F>\nLogin protection modules remain disabled until explicitly enabled by an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Conflict awareness\u003Cbr \u002F>\nIf another plugin injects reCAPTCHA into login or form flows, it should be disabled to avoid duplicate widgets or verification conflicts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Emergency config kill-switches (wp-config.php)\u003Cbr \u002F>\nFor recovery scenarios (e.g. accidental lockouts), selected modules can be force-disabled via wp-config.php constants. This does not bypass security rules; it disables the module logic before it runs. Remove the constant to restore normal behavior.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with Google reCAPTCHA v2, an external service provided by Google LLC.\u003C\u002Fp>\n\u003Cp>reCAPTCHA features are disabled by default. The plugin does not load reCAPTCHA scripts or send verification requests unless an administrator enables reCAPTCHA protection and\u002For uses the “Verify reCAPTCHA” test in the plugin settings.\u003C\u002Fp>\n\u003Cp>Google’s reCAPTCHA JavaScript (https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js) may be loaded on:\u003Cbr \u002F>\n– wp-login.php (when reCAPTCHA is enabled and the visitor IP is not allowlisted)\u003Cbr \u002F>\n– the frontend (when Elementor Login protection is enabled and a non-allowlisted visitor loads the page; injection occurs only if Elementor Login widgets are detected in the DOM)\u003Cbr \u002F>\n– the frontend (when Elementor Forms protection is enabled and a non-allowlisted visitor loads the page; injection occurs only for Elementor Forms)\u003Cbr \u002F>\n– the plugin settings page only when an administrator runs the “Verify reCAPTCHA” test (if provided in the UI)\u003C\u002Fp>\n\u003Cp>When a visitor (or admin during verification) completes the reCAPTCHA challenge:\u003Cbr \u002F>\n– a verification token (g-recaptcha-response) is generated in the browser\u003Cbr \u002F>\n– during server-side verification on your website, the token and the configured Secret Key are sent to:\u003Cbr \u002F>\n  https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003Cbr \u002F>\n– the visitor’s IP address is sent to Google as the remoteip parameter when it is available on the server\u003C\u002Fp>\n\u003Cp>The plugin sends the g-recaptcha-response token to Google only when the protected form is submitted (login attempt \u002F form submission) or when an administrator runs the “Verify reCAPTCHA” test.\u003Cbr \u002F>\nThe plugin does not send usernames, passwords, email addresses, or any form field contents to Google – only the reCAPTCHA token, the configured Secret Key, and the visitor IP address (remoteip) when available.\u003C\u002Fp>\n\u003Cp>The plugin does not store or process any data returned by Google beyond the verification result, and it does not send any telemetry, analytics, or usage data to the plugin author.\u003C\u002Fp>\n\u003Cp>Note: Google reCAPTCHA may set cookies and collect additional device and usage data in the visitor’s browser, as described in Google’s privacy policy and terms. Site owners are responsible for disclosing this in their site privacy policy and obtaining consent where required by applicable law.\u003C\u002Fp>\n\u003Cp>Google privacy policies apply:\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\n– https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not send telemetry, analytics or usage data to the plugin author or any third party.\u003C\u002Fp>\n\u003Cp>Local data stored by the plugin (for security purposes only):\u003Cbr \u002F>\n– IP addresses related to login attempts \u002F lockouts (Login Protect)\u003Cbr \u002F>\n– timestamps of failed attempts and lockouts\u003Cbr \u002F>\n– last username associated with a locked IP (Login Protect)\u003Cbr \u002F>\n– recent security event log entries (the plugin stores up to the last 30 events; entries rotate automatically)\u003Cbr \u002F>\n– last reCAPTCHA configuration or HTTP error (for admin diagnostics)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries (optional notes stored; notes are not used for matching)\u003C\u002Fp>\n\u003Cp>Data retention:\u003Cbr \u002F>\n– security event log keeps only the most recent entries (up to 30; automatic rotation)\u003Cbr \u002F>\n– Login Protect state is stored locally and is automatically pruned (e.g. stale non-locked entries are removed over time and the list is capped)\u003Cbr \u002F>\n– permanent site-wide IP blocklist entries are retained until removed by an administrator\u003Cbr \u002F>\n– plugin data can be removed during uninstall if the uninstall cleanup option is enabled\u003C\u002Fp>\n\u003Cp>All data is stored locally in the WordPress database and is used solely to enforce security rules and display administrative information.\u003C\u002Fp>\n\u003Ch3>Legal\u003C\u002Fh3>\n\u003Cp>reCAPTCHA is a trademark of Google LLC.\u003Cbr \u002F>\nElementor is a trademark of Elementor Ltd.\u003Cbr \u002F>\nThis plugin is not affiliated with, endorsed by, or sponsored by Google LLC or Elementor Ltd.\u003C\u002Fp>\n","Protect WordPress logins and Elementor Login\u002FForms using Google reCAPTCHA v2 and optional IP-based lockouts.",60,448,4,"2026-02-12T20:41:00.000Z","5.8",[20,92,74,93,55],"elementor","recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebart-login-shield-recaptcha.1.1.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":13,"num_ratings":68,"last_updated":105,"tested_up_to":49,"requires_at_least":106,"requires_php":51,"tags":107,"homepage":109,"download_link":110,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"admintosh","Admintosh – WordPress admin customization and security tools","1.1.6","wpmobo","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmobo\u002F","\u003Ch4>Get many solutions for preventing security threats under one roof.\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Admintosh – WordPress admin customization and security tools\u003C\u002Fstrong> plugin is designed for empowering WordPress administrative operations with different experiences. You will get many essential features under one roof using this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize WP Login Page\u003C\u002Fstrong>: Customize default login page with the Admintosh Login Page Customize options. The plugin offers lots of customization possibilities like background color, background image, text color, link color, logo upload, form style etc. With no coding skill, you can create an outstanding login page in no time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize Dashboard\u003C\u002Fstrong>: Customize the Dashboard and make it like your own brand all customization possibilities are here like background color, menu color, text color, link color, logo upload, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Captcha\u003C\u002Fstrong>: Add captch into login, registration, lost password, comments Form etc. It also supported \u003Cstrong>WooCommerce\u003C\u002Fstrong> & \u003Cstrong>EDD\u003C\u002Fstrong>. The plugin offer 3 types of Captcha Google reCaptcha ( Version 2 ), Random number Captcha and Math Captcha so you could use any one of them’s to protection from remote digital entry by making sure only a human being with the right password can access the account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: After a preset number of attempts has been exceeded, this feature automatically stops any more attempts from a specific Internet Protocol (IP) address and\u002For username. This considerably reduces the potency of brute force attacks on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Hide Login\u003C\u002Fstrong>: To change your login URL to whatever you want. This feature allows you to easily and securely change the URL of the login form page to anything you desire. It does not actually rename or change core files, nor does it add rewrite rules. Instead, it intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible so your website becomes more secure.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Login History\u003C\u002Fstrong>: Monitor your website’s users with detailed login information, including Last login date and time, Environment\u002Fserver IP address Country, city, continent, timezone Latitude and longitude Browser details And much more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Admin Activity Logs\u003C\u002Fstrong>: The Activity Log functions like an airplane’s black box, recording every action in the WordPress admin. It provides a detailed history of user activities, allowing you to monitor exactly what’s happening on your website with full transparency. Track changes, user actions, and plugin\u002Ftheme modifications.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Restriction\u003C\u002Fstrong>: This feature allows you to easily set up rules to block one or more countries from accessing Entire Site, only login page or only front-end. It allows users to block unwanted traffic from accessing the frontend or backend based on country or proxy server detection. It helps reduce spam, unwanted sign-ups, and enhances overall security. This plugin uses the free IP Geolocation API which offers more than 1 billion requests per day absolutely free.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>More coming soon…\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fadmintosh-wordpress-admin-customization-and-security-plugin\u002F\" rel=\"nofollow ugc\">👁️ \u003Cstrong>Visit\u003C\u002Fstrong>\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fdocumentation\u002Fdocs\u002Fadmintosh\u002F\" rel=\"nofollow ugc\">\u003Cstrong>🔗 Documentation\u003C\u002Fstrong>\u003C\u002Fa> \u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmkDHvADBuSY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress Authentication Plugin\u003C\u002Fh3>\n\u003Cp>Secure and customize your WordPress site with Admintosh. This all-in-one plugin enhances authentication by adding login customizations, CAPTCHA options, and limiting login attempts. Features like country restrictions, hidden login URLs, and detailed login history provide advanced security tools to protect your WordPress admin and prevent unauthorized access.\u003C\u002Fp>\n\u003Ch3>Brute Force Protection Plugin\u003C\u002Fh3>\n\u003Cp>Protect your WordPress site from brute force attacks with Admintosh. This powerful plugin limits login attempts, blocks suspicious IPs, and adds CAPTCHA options for enhanced security. Features like hidden login URLs and login monitoring ensure robust protection, safeguarding your site from unauthorized access and keeping it secure against threats.\u003C\u002Fp>\n\u003Ch3>WordPress Security Plugin\u003C\u002Fh3>\n\u003Cp>Fortify your WordPress site with Admintosh, the ultimate security plugin. It offers advanced features like CAPTCHA protection, login attempt limits, hidden login URLs, and country-based access restrictions. With login history monitoring and dashboard customization, Admintosh ensures robust security and empowers you to safeguard your site from threats effectively.\u003C\u002Fp>\n\u003Ch3>Activity Log\u003C\u002Fh3>\n\u003Cp>Track all activity on your WordPress site with detailed user and event logs, giving you clear insights into every action happening in real time.\u003C\u002Fp>\n\u003Cp>✅ Unauthorized Access Attempts – Detect potential hacking attempts.\u003C\u002Fp>\n\u003Cp>✅ Content Changes – Track when a post is published and by whom.\u003C\u002Fp>\n\u003Cp>✅ Plugin & Theme Modifications – See when a plugin\u002Ftheme is activated or deactivated.\u003C\u002Fp>\n\u003Cp>✅ Suspicious Admin Activity – Identify unusual actions for enhanced security.\u003C\u002Fp>\n\u003Cp>Stay informed and keep your website secure! 🚀\u003C\u002Fp>\n\u003Ch4>Free Version Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli> Modular Based (Everything Available On Demand)\u003C\u002Fli>\n\u003Cli> Customize login page style\u003C\u002Fli>\n\u003Cli> Customize admin panel style\u003C\u002Fli>\n\u003Cli> Customize admin menu style\u003C\u002Fli>\n\u003Cli> Customize admin bar style\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## 3 types of Captcha ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Google reCaptcha ( Version 2 )\u003C\u002Fli>\n\u003Cli> Math Captcha\u003C\u002Fli>\n\u003Cli> Random number Captcha\u003C\u002Fli>\n\u003Cli> Login form reCaptcha\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Limit Login Attempts ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Configurable Lockout Timings\u003C\u002Fli>\n\u003Cli> Remaining Tries\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Hide Login ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Block default wp-login.php\u003C\u002Fli>\n\u003Cli> Block default wp-admin\u003C\u002Fli>\n\u003Cli> Use custom login slug instead of wp-admin\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Login History ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Login Date-Time\u003C\u002Fli>\n\u003Cli> Username\u003C\u002Fli>\n\u003Cli> User Role\u003C\u002Fli>\n\u003Cli> IP Address\u003C\u002Fli>\n\u003Cli>\u003Cstrong>## Admin Activity Logs ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Username\u003C\u002Fli>\n\u003Cli>Action\u003C\u002Fli>\n\u003Cli>Object\u002FID\u003C\u002Fli>\n\u003Cli>Message\u003C\u002Fli>\n\u003Cli>Time\u003C\u002Fli>\n\u003Cli>IP Address\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## Country Restriction ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Entire Site Country Restriction\u003C\u002Fli>\n\u003Cli> Front-End Country Restriction\u003C\u002Fli>\n\u003Cli> wp-login page Country Restriction\u003C\u002Fli>\n\u003Cli> Block Template Content Edit Option\u003C\u002Fli>\n\u003Cli> \u003Cstrong>## General Options ##\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Hide WordPress Version\u003C\u002Fli>\n\u003Cli> Disable File Editing\u003C\u002Fli>\n\u003Cli> Disable XML-RPC\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Right Click\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> \u003Cstrong>Disable Content Copy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli> Disable Login Hints Error Messages\u003C\u002Fli>\n\u003Cli> Easy settings options\u003C\u002Fli>\n\u003Cli> Translation ready\u003C\u002Fli>\n\u003Cli> Easy to use it in both Free and Premium WordPress Themes\u003C\u002Fli>\n\u003Cli> Unlimited update\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Compatibility With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to use:-\u003Cbr \u002F>\nvery easy to use,after active plugin  just go to Dashboard -> Admintosh Settings . You will find all settings to use.\u003C\u002Fp>\n\u003Ch3>WHAT’S NEXT\u003C\u002Fh3>\n\u003Cp>Have a look at the other awesome plugins for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fpopx-pupup-builder\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>PopX – Popup Builder\u003C\u002Fstrong>\u003C\u002Fa> – WordPress Gutenberg Popup Builder Plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpmobo.com\u002Fstorenotifier-notifications-plugin-for-woocommerce\u002F\" rel=\"nofollow ugc\">✳️ \u003Cstrong>Store Notifier\u003C\u002Fstrong>\u003C\u002Fa> – WhatsApp & On-Site Notifications plugin for WooCommerce\u003C\u002Fp>\n\u003Cp>Unlock new possibilities with WPMOBO plugins—push your limits and achieve more today!\u003C\u002Fp>\n\u003Ch3>3rd Party Service Used\u003C\u002Fh3>\n\u003Cp>We used google reCAPTCHA v2 API service from google. All relevant link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fabout\u002F\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi\u002Fsiteverify\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Admintosh uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","login attempts, Firewall, reCAPTCHA, country restriction, Login History, change wp-login.php to anything make sure your site security.",50,2416,"2026-02-10T22:15:00.000Z","6.5",[108,20,21,74,55],"authentication","http:\u002F\u002Fwpmobo.com\u002Fadmintosh","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmintosh.1.1.6.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":26,"num_ratings":26,"last_updated":121,"tested_up_to":18,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":136,"download_link":137,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":138},"protect-ai-login","Protect Ai Login","1.0.0","anouny","https:\u002F\u002Fprofiles.wordpress.org\u002Fanouny\u002F","\u003Cp>Protect Ai Login changes default WordPress login URL to the url you define, denied brute force attacks, spam logins, and bot or automatic register. The plugin blocks access to default login url, generates a custom branded login panel, without creating a custom page on your website.\u003C\u002Fp>\n\u003Cp>The plugin offers protection with Google reCAPTCHA v2.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Define new login url easily from settings page.\u003C\u002Fli>\n\u003Cli>Protect against spam login, bot registration or signup, with the integration of Google reCaptcha.\u003C\u002Fli>\n\u003Cli>Secure AXS is compatible with any permalink setup including the default.\u003C\u002Fli>\n\u003Cli>Choose to allow users with the role “Editor” to access plugin settings.\u003C\u002Fli>\n\u003Cli>Fully branded login page with colors and login logo of your choice.\u003C\u002Fli>\n\u003Cli>Plugin doesn’t create new pages on your website for displaying the new login panel.\u003C\u002Fli>\n\u003Cli>Plugin is compatible with other major security & cache plugins.\u003C\u002Fli>\n\u003Cli>Test with wordpress 4.4.2\u003C\u002Fli>\n\u003C\u002Ful>\n","Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.",10,1394,"2016-04-14T06:46:00.000Z","4.0",[124,125,126,127,128,129,21,130,74,131,132,93,133,134,55,135,76],"access","attack","axs","block","brute","brute-force-attack","force","no-captcha","nocaptcha","register","secure","sign","https:\u002F\u002Fwordpress.org\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-ai-login.zip","2026-03-15T14:54:45.397Z",{"attackSurface":140,"codeSignals":164,"taintFlows":180,"riskAssessment":181,"analyzedAt":192},{"hooks":141,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":163,"entryPointCount":68,"unprotectedCount":26},[142,148,151],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","init","wplic_register_style","wp-login-image-captcha.php",15,{"type":143,"name":149,"callback":150,"file":146,"line":13},"login_form","wplic_add_captcha",{"type":152,"name":153,"callback":154,"priority":119,"file":146,"line":155},"filter","authenticate","wplic_authenticate",105,[],[],[159],{"tag":160,"callback":161,"file":146,"line":162},"wplic","wplic_Function",91,[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":179},[],{"prepared":26,"raw":26,"locations":167},[],{"escaped":26,"rawEcho":88,"locations":169},[170,173,175,177],{"file":146,"line":171,"context":172},70,"raw output",{"file":146,"line":174,"context":172},77,{"file":146,"line":176,"context":172},82,{"file":146,"line":178,"context":172},102,[],[],{"summary":182,"deductions":183},"The \"wp-login-image-captcha\" v1.2 plugin exhibits a generally secure posture based on the provided static analysis. It avoids dangerous functions, uses prepared statements for all SQL queries, and has no recorded vulnerabilities or CVEs. This suggests a diligent development approach regarding common security pitfalls.\n\nHowever, a significant concern arises from the output escaping analysis. With 0% of the 4 identified output points being properly escaped, this plugin presents a risk of Cross-Site Scripting (XSS) vulnerabilities. If any user-supplied data or dynamic content is outputted without proper sanitization, an attacker could inject malicious scripts. Additionally, the absence of nonce checks and capability checks, while potentially acceptable given the limited attack surface of 1 shortcode, is a notable deviation from best practices for handling user interactions and access control. While no taint flows were identified, the lack of proper output escaping makes the plugin susceptible if data flows are introduced in future versions or if the current outputs are not strictly static.\n\nIn conclusion, the plugin's lack of critical vulnerabilities and adherence to secure SQL practices are strengths. Nevertheless, the critical deficiency in output escaping and the absence of nonce\u002Fcapability checks introduce a clear risk of XSS and potential privilege escalation or unauthorized actions, respectively. Addressing the output escaping is paramount to improving the plugin's security.",[184,187,190],{"reason":185,"points":186},"All output points are unescaped",8,{"reason":188,"points":189},"No nonce checks implemented",3,{"reason":191,"points":189},"No capability checks implemented","2026-03-16T20:03:32.947Z",{"wat":194,"direct":201},{"assetPaths":195,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[196],"\u002Fwp-content\u002Fplugins\u002Fwp-login-image-captcha\u002Fstyle.css",[],[],[200],"wp-login-image-captcha\u002Fstyle.css?ver=1.1.0",{"cssClasses":202,"htmlComments":204,"htmlAttributes":205,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[203],"captcha-image",[],[206,207,208,209,210,211],"name=\"kc_captcha\"","value=\"kc_human\"","value=\"bot\"","name=\"kc_honeypot\"","name=\"FormType\"","name=\"wplicic_exists\"",[],[],[215,216,217,218,219],"\u003Cdiv class=\"captcha-image\">","\u003Cinput type=\"radio\" name=\"kc_captcha\"","\u003Ci class=\"fa","\u003Cinput type=\"text\" name=\"kc_honeypot\">","\u003Cinput type=\"hidden\" name=\"FormType\""]