[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6d0OIZUgnDC5gEF2373oQfzVwim3ZRNCMDLGNWrbYPM":3,"$fmuv7Knht8rR11hePqPEUn8RnALaaJYvzlQARjM-jnP0":196},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":122,"fingerprints":175},"wp-otp","WP-OTP","0.6.1","noplanman","https:\u002F\u002Fprofiles.wordpress.org\u002Fnoplanman\u002F","\u003Cp>With WP-OTP you can easily set up 2 Factor Authentication with One Time Passwords for your WordPress login.\u003Cbr \u002F>\nThis extra layer makes your WordPress site a lot more secure.\u003C\u002Fp>\n\u003Cp>The new stealth mode allows for invisible OTP code entry, making your login screen look like any other, no extra OTP code input field.\u003C\u002Fp>\n\u003Ch4>Getting started\u003C\u002Fh4>\n\u003Cp>After installing and activating the plugin, every user can enable WP-OTP on their profile page.\u003C\u002Fp>\n\u003Cp>It’s as easy as scanning the provided QR Code or entering the OTP secret to any OTP generator app.\u003Cbr \u002F>\nThen just activate it by entering the generated OTP and voilà, all set up.\u003Cbr \u002F>\nNow, the login requires an OTP code to succeed.\u003C\u002Fp>\n\u003Cp>Each user gets their own secret key to authenticate with, giving them control over their login security.\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>This plugin is completely open source and a work of passion.\u003Cbr \u002F>\nIf you would like to be part of it and join in, make your way over to the \u003Ca href=\"https:\u002F\u002Fgit.feneas.org\u002Fnoplanman\u002Fwp-otp\" rel=\"nofollow ugc\">project page\u003C\u002Fa> now.\u003Cbr \u002F>\nAlso, if you have an idea you would like to see in this plugin or if you’ve found a bug, please \u003Ca href=\"https:\u002F\u002Fgit.feneas.org\u002Fnoplanman\u002Fwp-otp\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">let me know\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>WP_OTP_STEALTH\u003C\u002Fcode>: Set this to \u003Ccode>true\u003C\u002Fcode> to enable stealth OTP mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a multitude of filters to be adjusted.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_otp_qr_code_provisioning_uri\u003C\u002Fcode>: URI for online QR Code rendering (must contain \u003Ccode>{PROVISIONING_URI}\u003C\u002Fcode> placeholder for QR Code data).\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_login_form_text\u003C\u002Fcode>: Text for input field on the login screen.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_login_form_text_sub\u003C\u002Fcode>: Subtext for the input field on the login screen.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_login_form_invalid_code_text\u003C\u002Fcode>: Error text for an invalid code input on the login screen.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_code_expiration_window\u003C\u002Fcode>: Set the window of code verification expiration.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_recovery_codes_count\u003C\u002Fcode>: Number of recovery codes to generate.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_recovery_codes_length\u003C\u002Fcode>: Length of the recovery codes.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_otp_secret_length\u003C\u002Fcode>: Length of the secret key.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Minimum requirements\u003C\u002Fh4>\n\u003Cp>WordPress 4.6, PHP 7.4.\u003C\u002Fp>\n\u003Ch4>Donate \u002F Support\u003C\u002Fh4>\n\u003Cp>All \u003Ca href=\"https:\u002F\u002Fnoplanman.ch\u002Fdonate\" rel=\"nofollow ugc\">donations\u003C\u002Fa> are much appreciated, thank you 🙏\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftidelift.com\u002Fsubscription\u002Fpkg\u002Fwordpress-wp-otp?utm_source=wordpress-wp-otp&utm_medium=referral&utm_campaign=readme\" rel=\"nofollow ugc\">Get professional support for this plugin with a Tidelift subscription\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cem>Tidelift helps make open source sustainable for maintainers while giving companies assurances about security, maintenance, and licensing for their dependencies.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>To report a security vulnerability, please use the \u003Ca href=\"https:\u002F\u002Ftidelift.com\u002Fsecurity\" rel=\"nofollow ugc\">Tidelift security contact\u003C\u002Fa>. Tidelift will coordinate the fix and disclosure.\u003C\u002Fp>\n","Make your WordPress login extra secure with One Time Passwords.",100,11041,80,9,"2021-02-18T21:23:00.000Z","5.6.17","4.6","7.4",[20,21,22,23,24],"2fa","login","otp","totp","two-factor","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-otp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.6.1.zip",85,0,null,"2026-04-06T09:54:40.288Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},5,140,30,84,"2026-04-06T16:11:07.455Z",[39,57,72,90,104],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":28,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"flavor-2fa","Flavor 2FA","1.0.0","kuckovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fkuckovic\u002F","\u003Cp>\u003Cstrong>Flavor 2FA\u003C\u002Fstrong> adds powerful two-factor authentication to your WordPress site without the complexity. No bloat, no confusing settings – just solid security that protects your site from unauthorized access.\u003C\u002Fp>\n\u003Ch4>Why Flavor 2FA?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero configuration needed\u003C\u002Fstrong> – Works out of the box\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Native WordPress styling\u003C\u002Fstrong> – Feels like part of WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Two verification methods\u003C\u002Fstrong> – Authenticator apps (Google Authenticator, Authy, 1Password) or email codes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-friendly setup\u003C\u002Fstrong> – Guided 3-step process with QR code scanning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete admin control\u003C\u002Fstrong> – Force 2FA, reset users, manage lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>For Users:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Choose between authenticator app or email verification\u003Cbr \u002F>\n* 10 recovery codes for emergency access\u003Cbr \u002F>\n* “Trust this device” option to skip 2FA on personal devices\u003Cbr \u002F>\n* Simple, clean verification screens\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Admins:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Require 2FA for specific user roles\u003Cbr \u002F>\n* Grace period for new users\u003Cbr \u002F>\n* Force immediate 2FA setup on next login\u003Cbr \u002F>\n* Lockout protection against brute force attacks\u003Cbr \u002F>\n* Reset 2FA or unlock accounts with one click\u003Cbr \u002F>\n* See 2FA status for all users at a glance\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Agencies managing client sites\u003C\u002Fli>\n\u003Cli>WooCommerce stores handling sensitive data\u003C\u002Fli>\n\u003Cli>Membership sites with user accounts\u003C\u002Fli>\n\u003Cli>Any WordPress site that needs extra security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin uses a third-party service to generate QR codes during the TOTP authenticator app setup process.\u003C\u002Fp>\n\u003Ch4>QR Server API\u003C\u002Fh4>\n\u003Cp>When a user chooses the “Authenticator App” method during 2FA setup, the plugin generates a QR code image via the QR Server API. This QR code contains the TOTP secret URI (which includes the site name, user email, and secret key) so the user can scan it with their authenticator app.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What data is sent:\u003C\u002Fstrong> A TOTP provisioning URI containing the site name, user email address, and a generated secret key.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When it is sent:\u003C\u002Fstrong> Only once, when a user sets up TOTP-based two-factor authentication. No data is sent during normal login verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> goQR.me \u002F QR Server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service URL:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fapi\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fapi\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fapi\u002Fdoc\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fapi\u002Fdoc\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fgoqr.me\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgoqr.me\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Lightweight two-factor authentication that just works. Protect your WordPress site with authenticator apps or email codes in under 2 minutes.",154,"2026-02-17T08:46:00.000Z","6.9.4","5.0","8.0",[20,21,53,23,54],"security","two-factor-authentication","https:\u002F\u002Fbranchout.dk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflavor-2fa.1.0.0.zip",{"slug":58,"name":59,"version":42,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":28,"downloaded":64,"rating":28,"num_ratings":28,"last_updated":65,"tested_up_to":66,"requires_at_least":50,"requires_php":67,"tags":68,"homepage":67,"download_link":71,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"secureauth-authenticator-2fa","SecureAuth Authenticator 2FA","Helmi","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelmimubarak\u002F","\u003Cp>\u003Cstrong>SecureAuth Authenticator 2FA\u003C\u002Fstrong> enhances your WordPress login security by requiring a time-based one-time password (TOTP) in addition to the regular username and password. The TOTP code is generated by an authenticator app on your mobile device, adding an extra layer of protection even if your password is compromised.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, secure, and easy to use. It integrates directly into the user profile page to allow users to set up and manage their two-factor authentication with ease.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a TOTP (Time-Based One-Time Password) field to the login form.\u003C\u002Fli>\n\u003Cli>User-friendly 2FA setup available on each user’s profile page.\u003C\u002Fli>\n\u003Cli>Generates secret keys and displays QR codes for scanning with mobile apps.\u003C\u002Fli>\n\u003Cli>Compatible with apps like Google Authenticator, Microsoft Authenticator, and Authy.\u003C\u002Fli>\n\u003Cli>Secure handling with nonce verification and input sanitization.\u003C\u002Fli>\n\u003Cli>No external libraries required (except Google Chart API for QR code).\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds TOTP-based two-factor authentication (2FA) via SecureAuth Authenticator to your WordPress login page.",287,"2025-07-09T00:00:00.000Z","6.8.5","",[20,69,23,54,70],"login-security","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecureauth-authenticator-2fa.1.0.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":87,"download_link":88,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":89},"passclip-auth-for-wordpress","PassClip Auth for WordPress","1.0.5","Passlogy","https:\u002F\u002Fprofiles.wordpress.org\u002Fpasslogy\u002F","\u003Cp>You need strong password to protect your site. However, how do you remember it or is it really strong?\u003Cbr \u002F>\n“PassClip Auth” provides really strong password that is also easy to remember.\u003Cbr \u002F>\nOnce you make your “pattern”, you can get your password using “PassClip”. And the password will change every 30 seconds(at the shortest).\u003C\u002Fp>\n\u003Ch4>Get and sign up for PassClip\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fwww.passclip.com\u002F\" rel=\"nofollow ugc\">the page about PassClip\u003C\u002Fa> and install PassClip on your smart phone.\u003C\u002Fli>\n\u003Cli>Activate your PassClip by registering your “pattern” and email address.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Sign up for PassClip Auth(PCA)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Input PassClip Code “paauth” in your PassClip. That makes a new slot in your PassClip.\u003C\u002Fli>\n\u003Cli>Go to \u003Ca href=\"https:\u002F\u002Fmember.passclip.com\u002Fmember\u002Fui\u002F\" rel=\"nofollow ugc\">PassClip Auth member’s page\u003C\u002Fa> and log in with your email address and password which the slot shows you.\u003C\u002Fli>\n\u003Cli>Make your “PassClip Code”. And then you get your “PassClip Auth app service id(PCA app service id)”. You need both “code” and “id” to use this plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to apply PassClip Auth to your site\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin to your WordPress.\u003C\u002Fli>\n\u003Cli>Go to PassClip Auth Options Setting from the menu.\u003C\u002Fli>\n\u003Cli>Input the PassClip Auth app service id(PCA app service id), PassClip Code and other items in the setting page and click the “Save Change” button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>How to log in to WordPress site with PassClip Auth\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Users register PassClip Code of your site in their PassClip. That makes a new slot to get password to log in to your site.\u003C\u002Fli>\n\u003Cli>Show the password in PassClip (tap the new slot).\u003C\u002Fli>\n\u003Cli>In login form of your site, users enter email address and password in the slot. (\u003Cstrong>Users do not need general WordPress password.\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003Cli>Click the “Log in” button.\u003C\u002Fli>\n\u003C\u002Fol>\n","\"PassClip Auth\" provides strong and easy authentication. \"PassClip Auth for WordPress\" is the plugin to launch PassClip Auth to Wo &hellip;",10,2199,"2019-12-27T07:42:00.000Z","5.3.21","4.5","5.3.3",[20,21,22,53,54],"https:\u002F\u002Fwww.passclip.com\u002Fja\u002Fpca\u002Fpca_for_wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassclip-auth-for-wordpress.1.0.6.zip","2026-03-15T15:16:48.613Z",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":28,"downloaded":98,"rating":28,"num_ratings":28,"last_updated":67,"tested_up_to":66,"requires_at_least":99,"requires_php":51,"tags":100,"homepage":101,"download_link":102,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":103},"4login-for-secure-and-smart-access","4Login for Secure And Smart Access","0.1.0","4login","https:\u002F\u002Fprofiles.wordpress.org\u002F4login\u002F","\u003Cp>Secure your site with a strong password — without the hassle of remembering it.\u003Cbr \u002F>\nWith 4Login, you get simple yet powerful authentication that connects to an external server.\u003Cbr \u002F>\nSimply create your own pattern to generate a dynamic password that updates every 60 minutes.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002F\" rel=\"nofollow ugc\">operation Instructions \u003C\u002Fa> for instructions on how to use 4Login.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external API to enable 4Login authentication.\u003Cbr \u002F>\nWhen logging in with 4Login, the plugin sends the 4Login App Service ID, the user’s email address, and a dynamic password .\u003Cbr \u002F>\nThese credentials are entered directly within the WordPress login interface.\u003C\u002Fp>\n\u003Cp>This authentication service is provided by Passlogy.\u003Cbr \u002F>\nFor more information, please review our\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fen\u002Fauto_terms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.4login.jp\u002Fprivacy-policy\u002F?en=app\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n","4Login will give you an easy and powerful authentication (connect to an external server for authentication).",431,"6.7",[20,21,22,53,54],"https:\u002F\u002Fwww.4login.jp\u002F4login-for-secure-and-smart-access\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F4login-for-secure-and-smart-access.0.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":28,"downloaded":112,"rating":11,"num_ratings":113,"last_updated":67,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":120,"download_link":121,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":103},"notakey-two-factor-extension","Notakey Provider for Two-Factor","1.0.17","notakey","https:\u002F\u002Fprofiles.wordpress.org\u002Fnotakey\u002F","\u003Cp>Users with enabled Notakey authentication provider will be sent authentication request to registered mobile device (phone, tablet) after entering a valid username and password.\u003C\u002Fp>\n\u003Cp>This plugin requires WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor\u002F\" rel=\"ugc\">Two-Factor\u003C\u002Fa> plugin, that provides base authentication framework. After installing and configuring both plugins, an additional authentication provider will be added to provider list. To register a mobile device for Notakey authentication, use the “Two-Factor Options” section under “Users” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Your Profile”. Install “Notakey Authenticator” and scan provided QR code with Notakey app and enter required details for device registeration.\u003C\u002Fp>\n\u003Cp>Notakey authentication can be combined with other second factor authentication means: TOTP, email, backup codes and others.\u003C\u002Fp>\n\u003Cp>This plugin adds also some basic security policy options for WordPress site admins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable 2FA provider override list – allows users to select only specified authentication providers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enable Notakey 2FA provider for all users – enables Notakey authentication for all users (in case your users have devices already registered on other services).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow users to provide onboarding details – lets users enter their mobile number, if SMS code verification onboarding is used.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Reject user login without 2FA verification – blocks user login without any second factor authentication.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Other configuration options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Various options to customize authentication request.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Configuration for Notakey Authentication Server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To adjust policy or configure this plugin, navigate to “Settings” \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> “Notakey MFA”.\u003C\u002Fp>\n\u003Cp>Plugin requires a hosted or on-premise version of Notakey Authentication Server (yes, there is a free version) with configured service, onboarding requirements and API client credentials.\u003C\u002Fp>\n\u003Cp>See our \u003Ca href=\"https:\u002F\u002Fdocumentation.notakey.com\u002F\" rel=\"nofollow ugc\">documentation site\u003C\u002Fa> for detailed instructions how to set up Notakey Authentication Server.\u003C\u002Fp>\n\u003Ch3>Get Involved\u003C\u002Fh3>\n\u003Cp>Development happens \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnotakey\u002Fwordpress-two-factor\u002F\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here is how to get started:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>git clone https:\u002F\u002Fgithub.com\u002Fnotakey\u002Fwordpress-two-factor.git\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Start development by starting a \u003Ca href=\"https:\u002F\u002Fcode.visualstudio.com\u002Fdocs\u002Fremote\u002Fcontainers\" rel=\"nofollow ugc\">devcontainer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Then open \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Fcreating-a-pull-request-from-a-fork\u002F\" rel=\"nofollow ugc\">a pull request\u003C\u002Fa> with the suggested changes.\u003C\u002Fp>\n","Reduce friction and improve security of Two-Factor Authentication using push-based Notakey Authenticator mobile application.",6792,1,"6.0.11","4.3","5.6",[118,21,23,24,119],"authentication","two-step","https:\u002F\u002Fgithub.com\u002Fnotakey\u002Fwordpress-two-factor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotakey-two-factor-extension.1.0.17.zip",{"attackSurface":123,"codeSignals":157,"taintFlows":170,"riskAssessment":171,"analyzedAt":174},{"hooks":124,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":28,"unprotectedCount":28},[125,131,133,136,138,141,144,147,150],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","admin_enqueue_scripts","anonymous","includes\\class-wp-otp.php",96,{"type":126,"name":127,"callback":128,"file":129,"line":132},97,{"type":126,"name":134,"callback":128,"file":129,"line":135},"admin_init",99,{"type":126,"name":137,"callback":128,"file":129,"line":11},"admin_notices",{"type":126,"name":139,"callback":128,"file":129,"line":140},"profile_personal_options",102,{"type":126,"name":142,"callback":128,"file":129,"line":143},"personal_options_update",103,{"type":126,"name":145,"callback":128,"file":129,"line":146},"wp_authenticate",116,{"type":126,"name":148,"callback":128,"file":129,"line":149},"login_form",120,{"type":126,"name":151,"callback":128,"file":129,"line":152},"authenticate",121,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":28,"externalRequests":28,"nonceChecks":168,"capabilityChecks":168,"bundledLibraries":169},[],{"prepared":28,"raw":28,"locations":160},[],{"escaped":162,"rawEcho":113,"locations":163},35,[164],{"file":165,"line":166,"context":167},"admin\\class-wp-otp-admin.php",374,"raw output",4,[],[],{"summary":172,"deductions":173},"The \"wp-otp\" plugin version 0.6.1 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. This significantly reduces the potential attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and 97% of outputs being properly escaped. The presence of nonce and capability checks on all identified code paths further bolsters its security.",[],"2026-03-16T21:08:21.147Z",{"wat":176,"direct":186},{"assetPaths":177,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[178,179],"\u002Fwp-content\u002Fplugins\u002Fwp-otp\u002Fadmin\u002Fcss\u002Fwp-otp-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-otp\u002Fadmin\u002Fjs\u002Fwp-otp-admin.js",[],[179],[183,184,185],"wp-otp\u002Fstyle.css?ver=","wp-otp-admin.css?ver=","wp-otp-admin.js?ver=",{"cssClasses":187,"htmlComments":188,"htmlAttributes":189,"restEndpoints":192,"jsGlobals":193,"shortcodeOutput":195},[],[],[190,191],"data-wp-otp-code","data-wp-otp-recovery-codes",[],[194],"wp_otp",[],{"slug":4,"current_version":6,"total_versions":197,"versions":198},13,[199,206,213,220,227,234,241,248,255,262,269,276,283],{"version":6,"download_url":26,"svn_tag_url":200,"released_at":29,"has_diff":201,"diff_files_changed":202,"diff_lines":29,"trac_diff_url":203,"vulnerabilities":204,"is_current":205},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.6.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.6.0&new_path=%2Fwp-otp%2Ftags%2F0.6.1",[],true,{"version":207,"download_url":208,"svn_tag_url":209,"released_at":29,"has_diff":201,"diff_files_changed":210,"diff_lines":29,"trac_diff_url":211,"vulnerabilities":212,"is_current":201},"0.6.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.6.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.6.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.5.1&new_path=%2Fwp-otp%2Ftags%2F0.6.0",[],{"version":214,"download_url":215,"svn_tag_url":216,"released_at":29,"has_diff":201,"diff_files_changed":217,"diff_lines":29,"trac_diff_url":218,"vulnerabilities":219,"is_current":201},"0.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.5.0&new_path=%2Fwp-otp%2Ftags%2F0.5.1",[],{"version":221,"download_url":222,"svn_tag_url":223,"released_at":29,"has_diff":201,"diff_files_changed":224,"diff_lines":29,"trac_diff_url":225,"vulnerabilities":226,"is_current":201},"0.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.4.1&new_path=%2Fwp-otp%2Ftags%2F0.5.0",[],{"version":228,"download_url":229,"svn_tag_url":230,"released_at":29,"has_diff":201,"diff_files_changed":231,"diff_lines":29,"trac_diff_url":232,"vulnerabilities":233,"is_current":201},"0.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.4.0&new_path=%2Fwp-otp%2Ftags%2F0.4.1",[],{"version":235,"download_url":236,"svn_tag_url":237,"released_at":29,"has_diff":201,"diff_files_changed":238,"diff_lines":29,"trac_diff_url":239,"vulnerabilities":240,"is_current":201},"0.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.3.0&new_path=%2Fwp-otp%2Ftags%2F0.4.0",[],{"version":242,"download_url":243,"svn_tag_url":244,"released_at":29,"has_diff":201,"diff_files_changed":245,"diff_lines":29,"trac_diff_url":246,"vulnerabilities":247,"is_current":201},"0.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.2.1&new_path=%2Fwp-otp%2Ftags%2F0.3.0",[],{"version":249,"download_url":250,"svn_tag_url":251,"released_at":29,"has_diff":201,"diff_files_changed":252,"diff_lines":29,"trac_diff_url":253,"vulnerabilities":254,"is_current":201},"0.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.2.0&new_path=%2Fwp-otp%2Ftags%2F0.2.1",[],{"version":256,"download_url":257,"svn_tag_url":258,"released_at":29,"has_diff":201,"diff_files_changed":259,"diff_lines":29,"trac_diff_url":260,"vulnerabilities":261,"is_current":201},"0.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.1.4&new_path=%2Fwp-otp%2Ftags%2F0.2.0",[],{"version":263,"download_url":264,"svn_tag_url":265,"released_at":29,"has_diff":201,"diff_files_changed":266,"diff_lines":29,"trac_diff_url":267,"vulnerabilities":268,"is_current":201},"0.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.1.3&new_path=%2Fwp-otp%2Ftags%2F0.1.4",[],{"version":270,"download_url":271,"svn_tag_url":272,"released_at":29,"has_diff":201,"diff_files_changed":273,"diff_lines":29,"trac_diff_url":274,"vulnerabilities":275,"is_current":201},"0.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.1.2&new_path=%2Fwp-otp%2Ftags%2F0.1.3",[],{"version":277,"download_url":278,"svn_tag_url":279,"released_at":29,"has_diff":201,"diff_files_changed":280,"diff_lines":29,"trac_diff_url":281,"vulnerabilities":282,"is_current":201},"0.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-otp%2Ftags%2F0.1.1&new_path=%2Fwp-otp%2Ftags%2F0.1.2",[],{"version":284,"download_url":285,"svn_tag_url":286,"released_at":29,"has_diff":201,"diff_files_changed":287,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":288,"is_current":201},"0.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-otp.0.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-otp\u002Ftags\u002F0.1.1\u002F",[],[]]