[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-FPlofedrL8Txzr0zwpl1FSLXTEZw9piTSFcc9YGmm0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":127,"fingerprints":215},"wp-similar-basic-auth","WP Similar Basic Auth","0.1.1","256hax","https:\u002F\u002Fprofiles.wordpress.org\u002F256hax\u002F","\u003Cp>Attackers trying to breakthrough WordPress admin page. Basic Authentication helps to prevent attacks.\u003Cbr \u002F>\nBut some case it can’t modify .htaccess or ssl.conf.\u003C\u002Fp>\n\u003Cp>This plugin is useful for servers where prohibition modify Apache conf(.htaccess) or Nginx conf(ssl.conf).\u003Cbr \u002F>\nProtect WordPress admin page on similar Basic Auth. It doesn’t need .htaccess or ssl.conf.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Auth log in with User Name and Password.\u003C\u002Fli>\n\u003Cli>Customization title and message in Login page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cp>This plugin doesn’t replace Basic Authentication. If you can modify .htaccess or ssl.conf, I recommend using that. See differences running layer.\u003C\u002Fp>\n\u003Ch4>Running Layer\u003C\u002Fh4>\n\u003Cp>Fronts-end (ex: CSS, Javascript)\u003Cbr \u002F>\nApplication Plugin \u003Cstrong>\u003C- This plugin\u003C\u002Fstrong>\u003Cbr \u002F>\nApplication (ex: WordPress)\u003Cbr \u002F>\nProgramming language (ex: PHP)\u003Cbr \u002F>\nMiddleware Web (ex: Apache, Nginx) \u003Cstrong>\u003C- .htaccess Basic Authentication\u003C\u002Fstrong>\u003Cbr \u002F>\nMiddleware DB \u002F OS\u003C\u002Fp>\n","Protect WordPress admin page on similar Basic Auth without .htaccess.",20,2256,0,"2021-05-29T04:02:00.000Z","5.7.15","5.0","5.6",[19,20,21,22,23],"auth","basic-auth","login","password","security","https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-similar-basic-auth","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-similar-basic-auth.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T15:07:28.443Z",[36,58,76,95,109],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":26,"vuln_count":31,"unpatched_count":13,"last_vuln_date":57,"fetched_at":28},"google-authenticator","Google Authenticator","0.54","Ivan","https:\u002F\u002Fprofiles.wordpress.org\u002Fivankk\u002F","\u003Cp>The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android\u002FiPhone\u002FBlackberry.\u003C\u002Fp>\n\u003Cp>If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail\u002FDropbox\u002FLastpass\u002FAmazon etc.\u003C\u002Fp>\n\u003Cp>The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.\u003C\u002Fp>\n\u003Cp>If You need to maintain your blog using an Android\u002FiPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,\u003Cbr \u002F>\nbut please note that enabling the App password feature will make your blog less secure.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fevinak\u002F\" rel=\"nofollow ugc\">Oleksiy\u003C\u002Fa> for a bugfix in multisite.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpancek\" rel=\"nofollow ugc\">Paweł Nowacki\u003C\u002Fa> for the Polish translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FFabioZumbi12\" rel=\"nofollow ugc\">Fabio Zumbi\u003C\u002Fa> for the Portuguese translation\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.guidoschalkx.com\u002F\" rel=\"nofollow ugc\">Guido Schalkx\u003C\u002Fa> for the Dutch translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=henrik%40schack%2edk&lc=US&item_name=Google%20Authenticator&item_number=Google%20Authenticator&no_shipping=0&no_note=1&tax=0&bn=PP%2dDonationsBF&charset=UTF%2d8\" rel=\"nofollow ugc\">Henrik.Schack\u003C\u002Fa> for writing\u002Fmaintaining versions 0.20 through 0.48\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftobias.baethge.com\u002F\" rel=\"nofollow ugc\">Tobias Bäthge\u003C\u002Fa> for his code rewrite and German translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.pcode.nl\u002F\" rel=\"nofollow ugc\">Pascal de Bruijn\u003C\u002Fa> for his “relaxed mode” idea.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftechnobabbl.es\u002F\" rel=\"nofollow ugc\">Daniel Werl\u003C\u002Fa> for his usability tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdd32.id.au\u002F\" rel=\"nofollow ugc\">Dion Hulse\u003C\u002Fa> for his bugfixes.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Faldolat\u002F\" rel=\"nofollow ugc\">Aldo Latino\u003C\u002Fa> for his Italian translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.kaijia.me\u002F\" rel=\"nofollow ugc\">Kaijia Feng\u003C\u002Fa> for his Simplified Chinese translation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.buayacorp.com\u002F\" rel=\"nofollow ugc\">Alex Concha\u003C\u002Fa> for his security tips.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fjetienne.com\u002F\" rel=\"nofollow ugc\">Jerome Etienne\u003C\u002Fa> for his jquery-qrcode plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Forizhial.com\u002F\" rel=\"nofollow ugc\">Sébastien Prunier\u003C\u002Fa> for his Spanish and French translation.\u003C\u002Fp>\n","Google Authenticator for your WordPress blog.",20000,687508,86,134,"2022-07-04T04:55:00.000Z","6.0.11","4.5","",[53,21,54,22,23],"authentication","otp","https:\u002F\u002Fgithub.com\u002Fivankruchkoff\u002Fgoogle-authenticator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-authenticator.0.54.zip","2016-04-28 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":51,"requires_at_least":71,"requires_php":51,"tags":72,"homepage":74,"download_link":75,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"woo-yubikey","yubikey-plugin","2.3","apb360","https:\u002F\u002Fprofiles.wordpress.org\u002Fapb360\u002F","\u003Cp>This is a plugin for WordPress that provides multifactor authentication with one-time passwords using the \u003Ca href=\"http:\u002F\u002Fwww.yubico.com\u002F\" rel=\"nofollow ugc\">Yubikey USB token\u003C\u002Fa>.\u003Cbr \u002F>\nThe plugin uses the Yubico Web service API in the authentication process.\u003Cbr \u002F>\nThe one-time password requirement can be enabled on a per user basis.\u003C\u002Fp>\n","Enhanced Login Security for Your Wordpress blog.",400,6252,76,9,"2019-02-04T18:57:00.000Z","3.8",[53,21,22,23,73],"yubikey","https:\u002F\u002Fapb360.com\u002Fyubikey-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-yubikey.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":85,"num_ratings":31,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":93,"download_link":94,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"magiclabs","Login by Magic","1.0.4","Magic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmagiclabs\u002F","\u003Cp>This plugin replaces the standard WordPress login form with one powered by \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">Magic\u003C\u002Fa> that enables passwordless email magic link login.\u003C\u002Fp>\n\u003Cp>Magic offers passwordless authentication and cryptographically secured user identity to your applications. With just a few lines of code, your application’s security is instantaneously upgraded, and your end users can enjoy a future-proof and blockchain-enabled login solution.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmagic.link\" rel=\"nofollow ugc\">https:\u002F\u002Fmagic.link\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.",2392,100,"2022-08-29T22:06:00.000Z","5.8.13","5.5.1","7.3",[53,21,91,92,23],"magiclink","passwordless","https:\u002F\u002Fgithub.com\u002Fmagiclabs\u002Fwp-magic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmagiclabs.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":11,"downloaded":103,"rating":85,"num_ratings":31,"last_updated":104,"tested_up_to":105,"requires_at_least":71,"requires_php":51,"tags":106,"homepage":107,"download_link":108,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"token2-hardware-tokens","Token2 Hardware Tokens","0.1","token2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoken2\u002F","\u003Cp>The Token2 Hardware Tokens plugin for WordPress gives you two-factor authentication using the Token2 Hardware Tokens .\u003C\u002Fp>\n\u003Cp>The two-factor authentication requirement can be enabled on a per-user basis by administrators.\u003C\u002Fp>\n","Token2 Hardware Tokens for your WordPress blog.",1545,"2018-03-22T09:51:00.000Z","4.9.29",[53,21,54,22,23],"https:\u002F\u002Ftoken2.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoken2-hardware-tokens.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":13,"downloaded":117,"rating":13,"num_ratings":13,"last_updated":51,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":85,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":126},"basic-auth-for-wp-admin","Basic Auth for WP-Admin","1.0","Walid Sadfi","https:\u002F\u002Fprofiles.wordpress.org\u002Fevolurise\u002F","\u003Cp>This plugin adds an additional layer of security to your WordPress website by adding a basic authentication HTTP to the wp-admin and wp-login pages. This means that before accessing these pages, users will be prompted to enter a username and password. This can help to prevent unauthorized access to your website’s backend.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was developed by Evolurise (https:\u002F\u002Fwww.evolurise.com\u002F)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\u003C\u002Fp>\n","Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.",2481,"6.1.10","3.0","5.6.20",[20,23,122,123],"wp-login","wp-admin","https:\u002F\u002Fwww.evolurise.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasic-auth-for-wp-admin.zip","2026-03-15T10:48:56.248Z",{"attackSurface":128,"codeSignals":166,"taintFlows":207,"riskAssessment":208,"analyzedAt":214},{"hooks":129,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[130,136,140,144,149,154,157],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","add_admin_menu","includes\\admin\\admin-options-page.php",17,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_init","register_settings",49,{"type":131,"name":141,"callback":142,"file":143,"line":135},"activated_plugin","action_activated_plugin","includes\\admin\\admin-plugins-page.php",{"type":131,"name":145,"callback":146,"file":147,"line":148},"wp_logout","logout","includes\\class-cookie.php",28,{"type":131,"name":150,"callback":151,"file":152,"line":153},"login_init","admin_scripts","includes\\public\\login-page.php",14,{"type":131,"name":150,"callback":155,"file":152,"line":156},"html",15,{"type":131,"name":158,"callback":159,"file":160,"line":161},"plugins_loaded","load_plugin_textdomain","wp-similar-basic-auth.php",42,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":31,"capabilityChecks":13,"bundledLibraries":206},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":171,"rawEcho":11,"locations":172},11,[173,177,178,179,181,182,183,185,186,188,189,191,193,195,197,199,200,202,203,204],{"file":174,"line":175,"context":176},"includes\\admin\\views\\html-admin-options-page.php",21,"raw output",{"file":174,"line":175,"context":176},{"file":174,"line":175,"context":176},{"file":174,"line":180,"context":176},25,{"file":174,"line":180,"context":176},{"file":174,"line":180,"context":176},{"file":174,"line":184,"context":176},29,{"file":174,"line":184,"context":176},{"file":174,"line":187,"context":176},41,{"file":174,"line":187,"context":176},{"file":190,"line":148,"context":176},"includes\\public\\views\\html-login-page.php",{"file":190,"line":192,"context":176},33,{"file":190,"line":194,"context":176},38,{"file":190,"line":196,"context":176},44,{"file":190,"line":198,"context":176},45,{"file":190,"line":198,"context":176},{"file":190,"line":201,"context":176},48,{"file":190,"line":139,"context":176},{"file":190,"line":139,"context":176},{"file":190,"line":205,"context":176},55,[],[],{"summary":209,"deductions":210},"The \"wp-similar-basic-auth\" plugin version 0.1.1 exhibits a generally good security posture based on the provided static analysis. There are no identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) that are exposed without authentication or permission checks, which is a significant strength. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests, along with the exclusive use of prepared statements for SQL queries, demonstrates adherence to secure coding practices. The presence of a nonce check is also a positive indicator. However, a notable concern is the low percentage of properly escaped output (35%). This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without adequate sanitization. The plugin's vulnerability history is clean, with no known CVEs, which is excellent, but this also means there's no historical data to infer patterns of past vulnerabilities and their remediation. In conclusion, while the plugin has a strong foundation in preventing common attack vectors, the insufficient output escaping warrants attention to mitigate potential XSS risks.",[211],{"reason":212,"points":213},"Low percentage of properly escaped output",6,"2026-03-16T23:00:53.187Z",{"wat":216,"direct":224},{"assetPaths":217,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[218,219,220],"\u002Fwp-content\u002Fplugins\u002Fwp-similar-basic-auth\u002Fassets\u002Fjs\u002Fform-handling.js","\u002Fwp-content\u002Fplugins\u002Fwp-similar-basic-auth\u002Fassets\u002Fjs\u002Ffadein.js","\u002Fwp-content\u002Fplugins\u002Fwp-similar-basic-auth\u002Fassets\u002Fcss\u002Flogin-page.css",[],[218,219],[],{"cssClasses":225,"htmlComments":226,"htmlAttributes":237,"restEndpoints":238,"jsGlobals":239,"shortcodeOutput":241},[],[227,228,229,230,231,232,233,234,235,236],"\u003C!-- Call No.3 -->","\u003C!-- Call No.4 -->","\u003C!-- Call No.5 -->","\u003C!-- Call No.6 -->","\u003C!-- Call No.7 -->","\u003C!-- Call No.8 -->","\u003C!-- Call No.9 -->","\u003C!-- Call from View -->","\u003C!-- Call No.2 -->","\u003C!-- Call No.1 -->",[],[],[240],"var hax_wsba_config",[]]