[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8bcrXlA4gS9cUCb5pu-eX4Kla8TTmMGyQVaKyTuNr0Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":144,"fingerprints":195},"wp-session-manager","WP Session Manager","4.2.0","Eric Mann","https:\u002F\u002Fprofiles.wordpress.org\u002Fericmann\u002F","\u003Cp>Adds \u003Ccode>$_SESSION\u003C\u002Fcode> functionality to WordPress, leveraging the database where needed to power multi-server installations.\u003C\u002Fp>\n\u003Cp>Every visitor, logged in or not, will be issued a session. Session data will be stored in the WordPress database by default\u003Cbr \u002F>\nto deal with load balancing issues if multiple application servers are being used. In addition, the session collection will\u003Cbr \u002F>\nalso be stored \u003Cem>in memory\u003C\u002Fem> for rapid use within WordPress.\u003C\u002Fp>\n\u003Cp>Session data stored in the database can be encrypted at rest for better security.\u003C\u002Fp>\n","Session management for WordPress.",2000,73842,94,24,"2019-03-31T03:37:00.000Z","5.1.22","4.7","7.1",[20],"session","https:\u002F\u002Fpaypal.me\u002Feam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-session-manager.4.2.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":32,"computed_at":34},"ericmann",6,2480,81,30,"2026-04-04T11:21:11.707Z",[36,58,81,100,124],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":57,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"wp-native-php-sessions","Native PHP Sessions","1.4.5","Pantheon Systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fgetpantheon\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Fpantheon-systems\u002Fwp-native-php-sessions\" rel=\"nofollow ugc\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fcircleci.com\u002Fgh\u002Fpantheon-systems\u002Fwp-native-php-sessions\u002Ftree\u002Fmaster\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>WordPress core does not use PHP sessions, but sometimes they are required by your use-case, a plugin or theme.\u003C\u002Fp>\n\u003Cp>This plugin implements PHP’s native session handlers, backed by the WordPress database. This allows plugins, themes, and custom code to safely use PHP \u003Ccode>$_SESSION\u003C\u002Fcode>s in a distributed environment where PHP’s default tempfile storage just won’t work.\u003C\u002Fp>\n\u003Cp>Note that primary development is on GitHub if you would like to contribute:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fpantheon-systems\u002Fwp-native-php-sessions\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>By default the session lifetime is set to 0, which is until the browser is closed.\u003C\u002Fp>\n\u003Cp>To override this use the \u003Ccode>pantheon_session_expiration\u003C\u002Fcode> filter before the Native PHP Sessions plugin is loaded. For example a small Must-use plugin (a.k.a. mu-plugin) could contain:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nfunction my_session_expiration_override() {\n    return 60*60*4; \u002F\u002F 4 hours\n}\nadd_filter( 'pantheon_session_expiration', 'my_session_expiration_override' );\u003Ch3>CLI Commands\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>wp pantheon session add-index\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Added in 1.4.0. This command should be run if your installation of the plugin occurred before the addition of the primary ID key to the session table in version 1.2.2. You will be automatically notified when you visit any admin page if this is the case. If there’s no message, your version is good to go. Note that this command is non-destructive, a new table will be created and the existing one preserved in a backup state until you have verified that the upgrade is functioning as expected.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>wp pantheon session primary-key-finalize\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Added in 1.4.0. If you have run the \u003Ccode>add-index\u003C\u002Fcode> command and have verified that the new table is functioning correctly, running the \u003Ccode>primary-key-finalize\u003C\u002Fcode> command will perform a database cleanup and remove the backup table.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>wp pantheon session primary-key-revert\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Added in 1.4.0. If you have run the \u003Ccode>add-index\u003C\u002Fcode> command and something unexpected has occurred, just run the \u003Ccode>primary-key-revert\u003C\u002Fcode> command and the backup table will immediately be returned to being the active table.\u003C\u002Fp>\n\u003Ch4>WordPress Multisite\u003C\u002Fh4>\n\u003Cp>As of 1.4.2 the \u003Ccode>add-index\u003C\u002Fcode>, \u003Ccode>primary-key-add\u003C\u002Fcode> and \u003Ccode>primary-key-revert\u003C\u002Fcode> commands are fully multisite compatible.\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpantheon-systems\u002Fwp-native-php-sessions\u002Fblob\u002Fmain\u002FCONTRIBUTING.md\" rel=\"nofollow ugc\">CONTRIBUTING.md\u003C\u002Fa> for information on contributing.\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cp>If you see an error like “Fatal error: session_start(): Failed to initialize storage module:” or “Warning: ini_set(): A session is active.”, then you likely have a plugin that is starting a session before WP Native PHP Sessions is loading.\u003C\u002Fp>\n\u003Cp>To fix, create a new file at \u003Ccode>wp-content\u002Fmu-plugins\u002F000-loader.php\u003C\u002Fcode> and include the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nif (file_exists(WP_PLUGIN_DIR . '\u002Fwp-native-php-sessions\u002Fpantheon-sessions.php')) {\n    require_once WP_PLUGIN_DIR . '\u002Fwp-native-php-sessions\u002Fpantheon-sessions.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This mu-plugin will load WP Native PHP Sessions before all other plugins, while letting you still use the WordPress plugin updater to keep the plugin up-to-date.\u003C\u002Fp>\n","Use native PHP sessions and stay horizontally scalable. Better living through superior technology.",10000,1319188,98,16,"2025-12-04T16:13:00.000Z","6.9.4","5.3","7.4",[53,54],"comments","sessions","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-native-php-sessions\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-native-php-sessions.1.4.5.zip",100,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":46,"num_ratings":68,"last_updated":69,"tested_up_to":49,"requires_at_least":70,"requires_php":51,"tags":71,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":24,"last_vuln_date":80,"fetched_at":26},"loggedin","Loggedin – Limit Concurrent Sessions","2.0.4","Joel James","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoelcj91\u002F","\u003Cp>Loggedin is a lightweight WordPress plugin that lets you easily limit the number of simultaneous active sessions a user can have. This is a crucial feature for membership sites, online courses, and other platforms where you need to prevent users from sharing their accounts.\u003C\u002Fp>\n\u003Ch3>🎁 Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set Global Limits\u003C\u002Fstrong>: Define a maximum number of concurrent logins for all users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Login Behavior\u003C\u002Fstrong>: Choose to either block new logins when the limit is reached or automatically log out the oldest session to allow a new one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent Account Sharing\u003C\u002Fstrong>: By limiting sessions, you can effectively stop users from sharing their login credentials with others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control\u003C\u002Fstrong>: Easily force log out a user from the admin dashboard, giving you full control over active sessions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Friendly\u003C\u002Fstrong>: The plugin is built with a hook-based architecture, making it highly customizable and extensible for developers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📦 Addons\u003C\u002Fh3>\n\u003Cp>Enhance LoggedIn’s functionality with these simple yet powerful \u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddons\u002Floggedin\u002F\" rel=\"nofollow ugc\">add-ons\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddon\u002Flimit-per-user\u002F\" rel=\"nofollow ugc\">Limit Per User\u003C\u002Fa>\u003C\u002Fstrong>: For more granular control, the Limit Per User addon allows you to set specific login limits for individual users, overriding the global settings. This is perfect for offering different tiers of access or special privileges.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduckdev.com\u002Faddon\u002Freal-time-logout\u002F\" rel=\"nofollow ugc\">Real-time Logout\u003C\u002Fa>\u003C\u002Fstrong>: This add-on ensures a truly seamless experience by checking for logouts in real time. When a user’s session is terminated in the background due to a login limit, the add-on will automatically refresh their page, instantly restricting access.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🐛 Bug Reports\u003C\u002Fh3>\n\u003Cp>Found a bug? We welcome your bug reports! Please report any issues directly on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJoel-James\u002Floggedin\u002Fissues\" rel=\"nofollow ugc\">Loggedin GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Please note: GitHub is for bug reports and development-related issues only. For support, please use the WordPress.org support forums.\u003C\u002Fem>\u003C\u002Fp>\n","Lightweight plugin that limits an account to a specific number of concurrent logins.",8000,115897,110,"2026-01-02T06:30:00.000Z","5.0",[72,73,74,54,75],"limit","login","logout","user-login","https:\u002F\u002Fduckdev.com\u002Fproducts\u002Floggedin-limit-active-logins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floggedin.2.0.4.zip",99,1,"2024-09-30 19:43:37",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":49,"requires_at_least":70,"requires_php":51,"tags":94,"homepage":98,"download_link":99,"security_score":57,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"wp-persistent-login","Persistent Login","3.0.3","lukeseager","https:\u002F\u002Fprofiles.wordpress.org\u002Flukeseager\u002F","\u003Cp>Persistent Login keeps users logged into your website, limits the number of active logins allowed at one time and alerts users of new devices logging into their account.\u003C\u002Fp>\n\u003Ch3>Persistent Login: Keep wordpress users logged in forever\u003C\u002Fh3>\n\u003Cp>Persistent Login keeps users logged into your website unless they explicitly choose to log-out. It allows you to limit the number of active logins each user can have, and it alerts users of logins from new devices.\u003C\u002Fp>\n\u003Cp>Persistent Login requires little set-up, just install and save your users time by keeping them logged into your website securely, avoiding the annoyance of forgetting usernames & passwords.\u003C\u002Fp>\n\u003Cp>For added security, users can visit their Profile page in the WP Admin area to see how many sessions they have, what device was used and when they were last active. The user can choose to end any session with the click of a button.\u003C\u002Fp>\n\u003Ch3>Persistent Login\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Selects the ‘Remember Me’ box by default.\n\u003Cul>\n\u003Cli>If left checked, users will be kept logged in for 1 year\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Each time a user revisits your website, their login is extended to 1 year again\u003C\u002Fli>\n\u003Cli>Dashboard stats show you how many users are being kept logged in\u003C\u002Fli>\n\u003Cli>Force log-out all users with the click of a button\u003C\u002Fli>\n\u003Cli>Users can manage their active sessions from the Profile page in the admin area\u003C\u002Fli>\n\u003Cli>Support for common plugins out of the box\u003C\u002Fli>\n\u003Cli>Secure, fast and simple to use!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Active Logins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Option to limit the number of active logins to 1 per user\u003C\u002Fli>\n\u003Cli>New logins can be blocked, or the users oldest login ended automatically\u003C\u002Fli>\n\u003Cli>Manage your own active logins from your Profile page in WP Admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Login History\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Notify users of logins from new devices for improved security\u003C\u002Fli>\n\u003Cli>Set your own email notification message that is sent to users\u003C\u002Fli>\n\u003Cli>Allow users to see their login history from their Profile page in WP Admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Top Tip\u003C\u002Fh3>\n\u003Cp>Once the plugin is installed, click the \u003Cstrong>End all Sessions\u003C\u002Fstrong> button from the Persistent Login settings page to encourage users to login again and be kept logged in forever!\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>This plugin honours the ‘Remember Me’ checkbox. It is checked by default, but if it is unchecked the user won’t be remembered.\u003C\u002Fp>\n\u003Ch3>Premium Version\u003C\u002Fh3>\n\u003Cp>There is a premium version of the plugin for those who want more control. Visit \u003Ca href=\"https:\u002F\u002Fpersistentlogin.com\" rel=\"nofollow ugc\">persistentlogin.com\u003C\u002Fa> to learn more.\u003C\u002Fp>\n\u003Cp>The premium plan offers the following features:\u003C\u002Fp>\n\u003Cp>Premium Persistent Login Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide the ‘Remember Me’ checkbox, so that users are always remembered\u003C\u002Fli>\n\u003Cli>Manage which user roles have persistent login\u003C\u002Fli>\n\u003Cli>Set how long users are kept logged in for (up to 400 days)\u003C\u002Fli>\n\u003Cli>Session management for users: Users can see all logins with Block Editor and Shortcode support\u003C\u002Fli>\n\u003Cli>Session management for admins: End any users session from the admin area quickly and easily\u003C\u002Fli>\n\u003Cli>Priority Support direct from within WP admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Premium Active Login Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Control which roles have active login limits applied\u003C\u002Fli>\n\u003Cli>Select exactly how many active logins users are allowed\u003C\u002Fli>\n\u003Cli>When the limit is reached: Auto-logout oldest login, let the user decide which session to end, or block the login.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Login History Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow users to see their login history on the front-end with Block and Shortcode support.\u003C\u002Fli>\n\u003Cli>Account inavctivity emails: Notify users after a period of time without logging in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Stop users being logged out of WordPress\u003C\u002Fh3>\n\u003Cp>Stop users being logged out of WordPress with Persistent Login plugin. Ensure extended login sessions, reduce frustration for administrators and visitors. By keeping users active, Persistent Login improves user experience, lowers bounce rates, and prevents disruptions.\u003C\u002Fp>\n\u003Cp>This plugin integrates seamlessly with WordPress to optimise session management without compromising security. Configure your preferences and let the plugin handle everything. You can customise durations for persistent logins and minimise repeated authentication prompts.\u003C\u002Fp>\n\u003Cp>Ultimately, this tool streamlines WordPress operations, ensures convenience, and provides peace of mind. Stop users being logged out of WordPress by installing  today and gain uninterrupted access to your website.\u003C\u002Fp>\n","Persistent Login keeps users logged into your website, limits the number of active logins allowed at one time and alerts users of new devices logging  &hellip;",7000,118900,78,25,"2026-02-08T07:41:00.000Z",[95,96,73,97,54],"active-logins","concurrent-logins","session-management","https:\u002F\u002Fpersistentlogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-persistent-login.3.0.3.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":122,"vuln_count":79,"unpatched_count":24,"last_vuln_date":123,"fetched_at":26},"remember-me-controls","Remember Me Controls","2.1","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Take control of the “Remember Me” login feature for WordPress by having it enabled by default, customize how long users are remembered, or disable this built-in feature by default.\u003C\u002Fp>\n\u003Cp>For those unfamiliar, “Remember Me” is a checkbox present when logging into WordPress. If checked, WordPress will remember the login session for 14 days. If unchecked, the login session will be remembered for only 2 days. Once a login session expires, WordPress will require you to log in again if you wish to continue using the admin section of the site.\u003C\u002Fp>\n\u003Cp>This plugin provides three primary controls over the behavior of the “Remember Me” feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically check “Remember Me” : The ability to have the “Remember Me” checkbox automatically checked when the login form is loaded (it isn’t checked by default).\u003C\u002Fli>\n\u003Cli>Customize the duration of the “Remember Me” : The ability to customize how long WordPress will remember a login session when “Remember Me” is checked, either forever or a customizable number of hours.\u003C\u002Fli>\n\u003Cli>Disable “Remember Me” : The ability to completely disable the feature, preventing the checkbox from appearing and restricting all login sessions to 2 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE: WordPress remembers who you are based on cookies stored in your web browser. If you use a different web browser, clear your cookies, use a browser on a different machine, or uninstall\u002Freinstall (and possibly even just restarting) your browser then you will have to log in again since WordPress will not be able to locate the cookies needed to identify you.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>Other than the plugins listed below, compatibility has not been tested or attempted for any other third-party plugins that provide their own login widgets or login handling.\u003C\u002Fp>\n\u003Cp>Special handling has been added to provide compatibility with the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">BuddyPress\u003C\u002Fa> (in particular, its “Log in” widget)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsidebar-login\u002F\" rel=\"ugc\">Sidebar Login\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogin-sidebar-widget\u002F\" rel=\"ugc\">Login Widget With Shortcode\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fremember-me-controls\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremember-me-controls\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fremember-me-controls\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Have \"Remember Me\" checked by default on the login page and configure how long a login is remembered. Or disable the feature altogether.",4000,51395,86,7,"2024-09-04T19:20:00.000Z","6.6.5","5.5","",[117,73,118,119,20],"cookie","remember","remember-me","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fremember-me-controls\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremember-me-controls.2.1.zip",91,"2024-09-05 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":11,"downloaded":132,"rating":110,"num_ratings":14,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":115,"tags":136,"homepage":142,"download_link":143,"security_score":57,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"lucky-orange","Lucky Orange","2.1.1","luckyorange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrickeys\u002F","\u003Cp>Less time crunching numbers, more time growing your business.\u003C\u002Fp>\n\u003Ch3>Understand your visitors. Improve your website. Increase your sales.\u003C\u002Fh3>\n\u003Cp>If your WordPress site is getting traffic but not conversions, Lucky Orange shows you why. With one-click install and a free plan to get started, you can uncover where visitors struggle, what’s stopping them from buying, and how to turn browsers into customers.\u003Cbr \u002F>\nFrom session recordings to heatmaps, live chat to Page Insights, Lucky Orange helps you optimize every part of your customer journey with clear, visual data.\u003C\u002Fp>\n\u003Ch3>Dynamic Heatmaps\u003C\u002Fh3>\n\u003Cp>Discover where people click, scroll, and hover—including dynamic content like popups, dropdowns, and forms. Works seamlessly with SPAs and AJAX-loaded pages.\u003C\u002Fp>\n\u003Ch3>Session Recordings\u003C\u002Fh3>\n\u003Cp>Replay real visitor sessions to see how people navigate your site, where they abandon, and what’s preventing conversions.\u003C\u002Fp>\n\u003Ch3>Conversion Funnels\u003C\u002Fh3>\n\u003Cp>Visualize each step of your funnel to find out which pages drive success—and where people are dropping off.\u003C\u002Fp>\n\u003Ch3>Visitor Profiles\u003C\u002Fh3>\n\u003Cp>See each visitor’s journey in a single view, including traffic source, cart value, and all sessions tied to that individual.\u003C\u002Fp>\n\u003Ch3>Live Chat\u003C\u002Fh3>\n\u003Cp>Engage visitors in real time based on behavior triggers. Answer questions and recover abandoned conversions before they’re lost.\u003C\u002Fp>\n\u003Ch3>Live View\u003C\u002Fh3>\n\u003Cp>See what your visitors are doing right now on your site—every movement, scroll, and click in real time.\u003C\u002Fp>\n\u003Ch3>Page Insights\u003C\u002Fh3>\n\u003Cp>Instantly surface key performance stats: top-clicked elements, frustration signals, engagement trends, and activity snapshots—all tied to specific pages.\u003C\u002Fp>\n\u003Ch3>Surveys\u003C\u002Fh3>\n\u003Cp>Ask the right questions at the right time—like what visitors are looking for, what’s missing, or why they didn’t convert.\u003C\u002Fp>\n\u003Ch3>Announcements\u003C\u002Fh3>\n\u003Cp>Target visitors with personalized messages, discount offers, or key updates based on device, behavior, or source.\u003C\u002Fp>\n\u003Ch3>Discovery\u003C\u002Fh3>\n\u003Cp>Uncover Optimization Opportunities based on specific parts of the customer journey. Know where to focus, and what changes can move the needle.\u003C\u002Fp>\n","Less time crunching numbers, more time growing your business.",70312,"2025-04-14T15:38:00.000Z","6.8.0","2.0.3",[137,138,139,140,141],"analytics","conversion-rate-optimization","heatmaps","session-recordings","surveys","https:\u002F\u002Fwww.luckyorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucky-orange.2.2.11.zip",{"attackSurface":145,"codeSignals":173,"taintFlows":185,"riskAssessment":186,"analyzedAt":194},{"hooks":146,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":24,"unprotectedCount":24},[147,153,156,159,163],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","wp_session_database_gc","directClean","wp-session-manager.php",71,{"type":148,"name":154,"callback":155,"file":151,"line":122},"admin_notices","wp_session_manager_multiple_sessions_notice",{"type":148,"name":154,"callback":157,"file":151,"line":158},"wp_session_manager_deactivated_notice",145,{"type":148,"name":160,"callback":161,"priority":79,"file":151,"line":162},"plugins_loaded","wp_session_manager_initialize",149,{"type":148,"name":160,"callback":164,"priority":165,"file":151,"line":166},"wp_session_manager_start_session",10,153,[],[],[],[171],{"hook":149,"callback":149,"file":151,"line":172},68,{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":181,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":184},[],{"prepared":30,"raw":79,"locations":176},[177],{"file":178,"line":179,"context":180},"includes\\OptionsHandler.php",187,"$wpdb->query() with variable interpolation",{"escaped":182,"rawEcho":24,"locations":183},11,[],[],[],{"summary":187,"deductions":188},"The \"wp-session-manager\" plugin v4.2.0 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of critical or high-severity taint flows, dangerous functions, and unescaped output suggests good coding practices in handling user input and data.  The high percentage of SQL queries utilizing prepared statements is also a positive indicator, mitigating risks of SQL injection vulnerabilities. Furthermore, the plugin has no recorded vulnerabilities, including CVEs, which points to a history of responsible development and maintenance.\n\nHowever, a notable concern arises from the lack of explicit capability checks and nonce checks, especially considering the presence of a cron event. While the static analysis indicates zero unprotected entry points, the absence of these fundamental WordPress security mechanisms means that the plugin relies heavily on implicit security, potentially leaving it vulnerable if its internal logic is bypassed or if it's integrated into a context where these checks are not inherently enforced. This could be a point of weakness that might be exploited in more complex attack scenarios, despite the current clean bill of health.\n\nIn conclusion, \"wp-session-manager\" v4.2.0 appears to be a secure plugin in its current state, with excellent sanitization and protection against common vulnerabilities. The primary area for improvement lies in reinforcing its security by implementing explicit capability and nonce checks for its cron event, providing an additional layer of defense and adhering to WordPress's best practices for plugin security.",[189,192],{"reason":190,"points":191},"Missing capability checks",5,{"reason":193,"points":191},"Missing nonce checks","2026-03-16T18:30:55.875Z",{"wat":196,"direct":207},{"assetPaths":197,"generatorPatterns":204,"scriptPaths":205,"versionParams":206},[198,199,200,201,202,203],"\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fsrc\u002FEAMann\u002FSessionz\u002FHandlers\u002FMemoryHandler.php","\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fsrc\u002FEAMann\u002FSessionz\u002FHandlers\u002FEncryptionHandler.php","\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fsrc\u002FEAMann\u002FWPSession\u002FCacheHandler.php","\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fsrc\u002FEAMann\u002FWPSession\u002FOptionsHandler.php","\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fsrc\u002FEAMann\u002FWPSession\u002FDatabaseHandler.php","\u002Fwp-content\u002Fplugins\u002Fwp-session-manager\u002Fvendor\u002Fautoload.php",[],[],[],{"cssClasses":208,"htmlComments":209,"htmlAttributes":210,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":214},[],[],[],[],[213],"wp_session_messages",[]]