[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fubFTqIJVkHAH4i9cyVIWTc4M-4BEfR0Bw940gdiZi5o":3,"$fT5_Ii9fZkzSKcdQvPZ1GDbNLchr4wvJIYg2hpKp5vYs":237,"$f6oTEd0vcQQL0tfNZ0MOr3Lgn2Ox08CVx-1PqKVKecC4":242},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":35,"analysis":141,"fingerprints":217},"wp-recaptcha-login","WP reCaptcha Login","1.0","WP Academic","https:\u002F\u002Fprofiles.wordpress.org\u002Feastsidecode\u002F","\u003Cp>Brute-force attacks are common on your WordPress login page if not dealt with properly. Googles reCaptcha is a great candidate for handling this issue.\u003C\u002Fp>\n\u003Cp>Major features in WP reCaptcha Login include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Utilizes reCaptcha V3 (no checking on boxes to prove you’re not a robot).\u003C\u002Fli>\n\u003Cli>Quick Setup. Just add your reCaptcha Site Key and Secret key by going to Settings > Recaptcha Settings. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note:\u003Cbr \u002F>\nYou’re reCaptcha keys can be obtained from https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003C\u002Fp>\n","License: GPLv2 or later This plugin uses reCaptcha V3 to add an extra layer of security at your login screen, preventing brute-force attacks.",0,901,"2019-09-16T13:18:00.000Z","5.2.24","4.3","",[18,19,20],"login","recaptcha","security","https:\u002F\u002Fwww.eastsidecode.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-recaptcha-login.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"eastsidecode",20,1450,30,84,"2026-05-20T08:05:05.965Z",[36,59,79,101,122],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":54,"download_link":55,"security_score":23,"vuln_count":56,"unpatched_count":11,"last_vuln_date":57,"fetched_at":58},"login-recaptcha","Login No Captcha reCAPTCHA","1.7.3","Robert Peake","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertpeake\u002F","\u003Cp>Adds a Google No Captcha ReCaptcha checkbox to your WordPress and Woocommerce login, forgot password, and user registration pages. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”\u003C\u002Fp>\n","Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.",60000,1371626,90,63,"2024-02-27T10:43:00.000Z","6.4.8","4.6",[52,18,53,19,20],"google","nocaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-recaptcha.1.7.3.zip",1,"2022-08-16 00:00:00","2026-04-16T10:56:18.058Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":30,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":71,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":58},"login-security-recaptcha","Login Security Captcha","1.8.7","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,301909,98,"2026-04-13T10:51:00.000Z","7.0","5.0",[74,75,18,19,20],"captcha","cloudflare","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.7.zip",100,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":67,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":11,"last_vuln_date":100,"fetched_at":58},"wp-recaptcha-integration","ReCaptcha Integration for WordPress","1.2.8","weDevs","https:\u002F\u002Fprofiles.wordpress.org\u002Fwedevs\u002F","\u003Cp>Integrate reCaptcha in your blog. Supports no Captcha as well as old style recaptcha.\u003Cbr \u002F>\nProvides of the box integration for signup, login, comment formsand Ninja Forms as well\u003Cbr \u002F>\nas a plugin API for your own integrations.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Secures login, signup und comments with a recaptcha.\u003C\u002Fli>\n\u003Cli>Supports old as well as new reCaptcha.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Works together with\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Multisite\u003C\u002Fli>\n\u003Cli>bbPress\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>AwesomeSupport (thanks to \u003Ca href=\"http:\u002F\u002Fjulienliabeuf.com\u002F\" rel=\"nofollow ugc\">Julien Liabeuf\u003C\u002Fa> )\u003C\u002Fli>\n\u003Cli>WooCommerce (Only checkout, registration and login form. Not password reset)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fninjaforms.com\u002F\" rel=\"nofollow ugc\">Ninja Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>cformsII\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For integration in your self-coded forms see this \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u002Fwiki\u002FCustom-Themes-and-Forms\" rel=\"nofollow ugc\">wiki article\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Localizations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Brazilian Portuguese (thanks to \u003Ca href=\"http:\u002F\u002Fwww.viniciusferraz.com\" rel=\"nofollow ugc\">Vinícius Ferraz\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Spanish (thanks to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fyivi\" rel=\"nofollow ugc\">Ivan Yivoff\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Italian (thanks to \u003Ca href=\"http:\u002F\u002Fblog.salaros.com\u002F\" rel=\"nofollow ugc\">Salaros\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest Files on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>On a \u003Cstrong>WP Multisite\u003C\u002Fstrong> you can either activate the plugin network wide or on a single site.\u003C\u002Fp>\n\u003Cp>Activated on a single site everything works as usual.\u003C\u002Fp>\n\u003Cp>With network activation entering the API key and setting up where a captcha is required\u003Cbr \u002F>\nis up to the network admin. A blog admin can override the API key e.g. when his blog is\u003Cbr \u002F>\nrunning under his\u002Fher own domain name.\u003C\u002Fp>\n\u003Ch4>Known Limitations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>You can’t have more than one old style reCaptcha on a page. This is a limitiation of\u003Cbr \u002F>\nreCaptcha itself. If that’s an issue for you, you should use the no Captcha Form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>A No Captcha definitely requires client side JavaScript enabled. That’s how it does its\u003Cbr \u002F>\nsophisticated bot detection magic. There is no fallback. If your visitor does not have\u003Cbr \u002F>\nJS enabled the captcha test will not let him through.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On a \u003Cstrong>Contact Form 7\u003C\u002Fstrong> when the reCaptcha is disabled (e.g. for logged in users) the field\u003Cbr \u002F>\nlabel will be still visible. This is due to CF7 Shortcode architecture, and can’t be fixed.\u003C\u002Fp>\n\u003Cp>To handle this there is a filter \u003Ccode>recaptcha_disabled_html\u003C\u002Fcode>. You can return a message for your logged-in\u003Cbr \u002F>\nusers here. Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>As of version 4.3 CF7 comes with its own recaptcha. Both are supposed to work together.\u003Cbr \u002F>\nI you want to keep the WP ReCaptcha functionality, e.g. if you want to hide the captcha\u003Cbr \u002F>\nfrom known users, leave the integration in the CF7 settings unconfigured.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Old style reCaptcha does not work together with \u003Cstrong>WooCommerce\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In \u003Cstrong>WooCommerce\u003C\u002Fstrong> the reset password form can not be protected by a captcha. Woocommerce does\u003Cbr \u002F>\nnot fire any action in the lost password form, so there is no way for the plugin to hook in.\u003Cbr \u002F>\nTake a look at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fcaptcha-not-showing-on-lost-password-page?replies=7\" rel=\"ugc\">this thread\u003C\u002Fa> for a workaround.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Due to a lack of filters there is no (and as far as one can see, there will never be)\u003Cbr \u002F>\nsupport for the \u003Cstrong>MailPoet\u003C\u002Fstrong> subscription form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin API\u003C\u002Fh3>\n\u003Cp>The plugin offers some filters to allow themes and other plugins to hook in.\u003C\u002Fp>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftareq1988\u002Fwp-recaptcha-integration\" rel=\"nofollow ugc\">GitHub-Repo\u003C\u002Fa> for details.\u003C\u002Fp>\n","reCaptcha for login, signup, comment forms, Ninja Forms and woocommerce.",295671,88,94,"2025-10-29T05:41:00.000Z","6.8.5","3.8","5.4",[74,18,95,19,20],"no-captcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-recaptcha-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-recaptcha-integration.1.2.8.zip",99,2,"2024-11-01 00:00:00",{"slug":102,"name":103,"version":15,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":46,"num_ratings":110,"last_updated":111,"tested_up_to":91,"requires_at_least":112,"requires_php":16,"tags":113,"homepage":16,"download_link":119,"security_score":69,"vuln_count":120,"unpatched_count":11,"last_vuln_date":121,"fetched_at":58},"dologin","DoLogin Security","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.\u003C\u002Fp>\n\u003Cp>Limit the number of login attempts through both the login and the auth cookies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Two-factor Authentication login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Text SMS message passcode for 2nd step verification support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cloudflare Turnstile (better than Google reCAPTCHA).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GeoLocation (Continent\u002FCountry\u002FCity) or IP range to limit login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Passwordless login link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Whitelist and Blacklist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Login supported.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>XMLRPC gateway protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : '';\u003C\u002Fcode> to generate one passwordless login link for the current user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note\u002Ftip for this generation', $user_id ) : '';\u003C\u002Fcode> to generate a passwordless login link for the user which ID is \u003Ccode>$user_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The generated one-time used link will be expired after 7 days.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define const \u003Ccode>SILENCE_INSTALL\u003C\u002Fcode> to avoid redirecting to setting page after installtion.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CLI\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>List all passwordless links: \u003Ccode>wp dologin list\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate a passwordless link for one username (for the login name \u003Ccode>root\u003C\u002Fcode>): \u003Ccode>wp dologin gen root\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete a passwordless link w\u002F the ID in list (for the record w\u002F ID 5): \u003Ccode>wp dologin del 5\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How GeoLocation works\u003C\u002Fh4>\n\u003Cp>When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist\u002Fblacklist to decide if allow login attempts.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The online IP lookup service is provided by https:\u002F\u002Fwww.doapi.us. The provider’s privacy policy is https:\u002F\u002Fwww.doapi.us\u002Fprivacy.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.\u003C\u002Fp>\n","Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent\u002FCountry\u002FCity)\u002FIP range to limit login attempts.",7000,164314,13,"2025-06-11T14:21:00.000Z","4.0",[114,115,116,117,118],"2fa-login","cloudflare-turnstile-recaptcha","easy-login","geolocation-login-limit","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdologin.4.3.zip",4,"2023-10-24 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":112,"requires_php":93,"tags":136,"homepage":139,"download_link":140,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":58},"no-captcha-recaptcha","No CAPTCHA reCAPTCHA","1.3.4","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>A simple plugin for adding the new No CAPTCHA reCAPTCHA by Google to WordPress login, registration and comment system as well as BuddyPress registration form to protect against spam.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option to activate CAPTCHA in login, registration, comment and BuddyPress registration forms.\u003C\u002Fli>\n\u003Cli>Choose a theme for the CAPTCHA.\u003C\u002Fli>\n\u003Cli>Auto-detects the user’s language.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugins you will like\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-captcha-recaptcha-for-woocommerce\u002F\" rel=\"ugc\">No CAPTCHA reCAPTCHA for WooCommerce\u003C\u002Fa>\u003C\u002Fstrong>: Protect WooCommerce login, registration and password reset form against spam using Google’s No CAPTCHA reCAPTCHA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fppress\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A shortcode based WordPress form builder that makes building custom login, registration and password reset forms stupidly simple. \u003Ca href=\"http:\u002F\u002Fprofilepress.net\" rel=\"nofollow ugc\">More info here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmailoptin\u002F\" rel=\"ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.",5000,151337,86,69,"2020-04-15T16:05:00.000Z","5.4.19",[137,18,19,138,20],"comment-form","registration-form","http:\u002F\u002Fw3guy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-captcha-recaptcha.1.3.4.zip",{"attackSurface":142,"codeSignals":170,"taintFlows":180,"riskAssessment":207,"analyzedAt":216},{"hooks":143,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":11,"unprotectedCount":11},[144,150,153,156,160],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","closure","index.php",18,{"type":145,"name":151,"callback":147,"file":148,"line":152},"admin_init",27,{"type":145,"name":154,"callback":155,"file":148,"line":98},"login_enqueue_scripts","escode_recaotcha_login_recaptcha_script",{"type":145,"name":157,"callback":158,"file":148,"line":159},"login_form","escode_display_recaptcha_on_login",111,{"type":161,"name":162,"callback":163,"priority":164,"file":148,"line":165},"filter","wp_authenticate_user","escode_verify_recaptcha_on_login",10,178,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":11,"externalRequests":56,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":179},[],{"prepared":11,"raw":11,"locations":173},[],{"escaped":164,"rawEcho":56,"locations":175},[176],{"file":148,"line":177,"context":178},154,"raw output",[],[181,199],{"entryPoint":182,"graph":183,"unsanitizedCount":56,"severity":198},"escode_verify_recaptcha_on_login (index.php:182)",{"nodes":184,"edges":195},[185,190],{"id":186,"type":187,"label":188,"file":148,"line":189},"n0","source","$_POST['g-recaptcha-response']",229,{"id":191,"type":192,"label":193,"file":148,"line":189,"wp_function":194},"n1","sink","wp_remote_get() [SSRF]","wp_remote_get",[196],{"from":186,"to":191,"sanitized":197},false,"medium",{"entryPoint":200,"graph":201,"unsanitizedCount":56,"severity":198},"\u003Cindex> (index.php:0)",{"nodes":202,"edges":205},[203,204],{"id":186,"type":187,"label":188,"file":148,"line":189},{"id":191,"type":192,"label":193,"file":148,"line":189,"wp_function":194},[206],{"from":186,"to":191,"sanitized":197},{"summary":208,"deductions":209},"The 'wp-recaptcha-login' v1.0 plugin exhibits a generally good security posture based on the static analysis. The absence of known CVEs and the plugin's development history without recorded vulnerabilities are positive indicators. The code signals show a strong adherence to secure coding practices, with a high percentage of properly escaped outputs and the exclusive use of prepared statements for SQL queries. The attack surface is commendably small, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, further limiting potential entry points for attackers.\n\nHowever, there are a few areas that warrant attention. The presence of two taint flows with unsanitized paths, while not reaching critical or high severity in this analysis, suggests a potential for subtle vulnerabilities. Additionally, the plugin makes one external HTTP request. While not explicitly flagged as a risk, such requests can be a vector for server-side request forgery (SSRF) or man-in-the-middle attacks if not handled with extreme care and proper validation. The lack of nonce checks and capability checks on any identified entry points (though there are none) would be a significant concern if an attack surface were present.\n\nIn conclusion, 'wp-recaptcha-login' v1.0 appears to be a securely developed plugin, particularly regarding SQL and output handling. The primary weaknesses lie in the two identified unsanitized taint flows and the single external HTTP request, which, although not critically severe in this analysis, represent potential areas for future exploitation. The plugin's clean vulnerability history is a significant strength.",[210,213],{"reason":211,"points":212},"Taint flows with unsanitized paths",8,{"reason":214,"points":215},"External HTTP request present",3,"2026-04-16T13:02:40.972Z",{"wat":218,"direct":224},{"assetPaths":219,"generatorPatterns":220,"scriptPaths":221,"versionParams":223},[],[],[222],"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fapi.js",[],{"cssClasses":225,"htmlComments":227,"htmlAttributes":229,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[226],"g-recaptcha",[228],"Aint nobody got time fo dat",[230,231,232],"data-sitekey","data-callback","data-size",[],[235],"onSubmit",[],{"error":238,"url":239,"statusCode":240,"statusMessage":241,"message":241},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-recaptcha-login\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":243},[]]