[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsuXF62mFIwUs4Rx_LSmoxVWcqDzsFtwKnUwyeFY47fc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":142,"fingerprints":345},"wpdirauth","wpDirAuth","1.10.7","Paul Gilzow","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilzow\u002F","\u003Cp>Please see the Changelog (Development tab above) for recent updates\u002Fchanges.\u003C\u002Fp>\n\u003Cp>wpDirAuth shifts authentication from the local WordPress instance to a central directory (LDAP) server(s).\u003C\u002Fp>\n\u003Cp>wpDirAuth allows users of central directory (LDAP) servers to login to authorized WordPress instances without having to register. The plugin creates a new account for each directory user on first login so that they have full access to preferences and functions, as any WP user would. Activating the plugin will not restrict you to using directory authentication and you will still be able to both create new WP-only users as well as turn on public registration in WordPress. You can also assign any privilege levels to your directory users, and the those users will be referred to their institutional password policy whenever they would normally able to update their WP passwords (on the profile screen, in user edit, etc).\u003C\u002Fp>\n\u003Ch4>LDAP\u002FLDAPS\u003C\u002Fh4>\n\u003Cp>Authentication should work with most LDAP enabled directory services, such as OpenLDAP, Apache Directory, Microsoft Active Directory, Novell eDirectory, Sun Java System Directory Server, and more. wpDirAuth supports LDAP and LDAPS (SSL) connectivity and can force SSL for WordPress authentication if it is available on the Web server. It also supports server connection pools, for pseudo load balancing and fault tolerance, or multiple source directory authentication. Because the key used to locate a user’s profile in the LDAP server is not always the same, depending on your LDAP server type and institutional choices, you can define your own through the wpDirAuth administration tool. When logging in as a directory user, the WP “remember me” feature is downgraded from 6 months for regular WP users to only 1 hour, so that institutional passwords are not overly endangered when accessing WP from public terminals.\u003C\u002Fp>\n\u003Ch4>Branding & Notifications\u003C\u002Fh4>\n\u003Cp>You can define notifications addressed to your directory users in key WordPress areas, such as the login screen and the profile edit screen. Since these admin-editable values support HTML (admin, coders, beware of xss!), you can point your directory users to central support information related to functions such as changing their institutional password, a WordPress usage related policy, etc. There is also a simple and optional terms of services concept, only implemented for directory users, which will simply record a one-time acceptance date when agreed upon. Note that agreeing to the TOS has no effect on the user’s level of access in the system, fact which could change in future version if there is a demand for it, or through direct code contribution to that effect.\u003C\u002Fp>\n\u003Ch3>Using wpDirAuth\u003C\u002Fh3>\n\u003Cp>Once installed and activated, you will be able to administer your directory settings through the dedicated plugin configuration tool found under the \u003Ccode>wpDirAuth\u003C\u002Fcode> menu found in the WordPress \u003Ccode>Settings\u003C\u002Fcode> admin section. Directory Authenticated users can now be pre-added to your wordpress system and granted roles by going to the \u003Ccode>Add Dir Auth User\u003C\u002Fcode> menu found in the WordPress \u003Ccode>Users\u003C\u002Fcode> admin section. Contextual help for this section is available for this section within WordPress’ built-in help menu. See the inline help found in the tool for more information on the settings. There is a secondary activation toggle, so you can install and activate the plugin, check out the options panel, but not immediately accept directory authentication, or even simply turn the feature on or off at any time.\u003C\u002Fp>\n\u003Ch3>Help and Support\u003C\u002Fh3>\n\u003Cp>Please post questions, request for help to the WordPress plugins forum or email \u003Ca href=\"mailto:wpdirauth@gilzow.com\" rel=\"nofollow ugc\">wpdirauth@gilzow.com\u003C\u002Fa>. Please be sure to include ‘wpdirauth’ in the subject line.\u003C\u002Fp>\n\u003Ch3>TO-DO’s\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Internationalization\u003C\u002Fli>\n\u003Cli>Refactor to a class\u003C\u002Fli>\n\u003Cli>More action\u002Ffilter hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Source and Development\u003C\u002Fh3>\n\u003Cp>wpDirAuth welcomes friendly contributors wanting to lend a hand, be it in the form of code through SVN patches, user support, platform portability testing, security consulting, localization help, etc. The [current] goal is to keep the plugin self-contained (ie: no 3rd-party lib) for easier security maintenance, while keeping the code clean and extensible. Focus is on security, features, security, and let’s not forget, security. Unit tests will hopefully be developed and constant security audit performed. Recurring quality patch contributions will lead to commit privileges to the project source repository. Please post questions\u002Frequests for help to the wordpress forums and\u002For email \u003Ca href=\"mailto:wpdirauth@gilzow.com\" rel=\"nofollow ugc\">wpdirauth@gilzow.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.html\" rel=\"nofollow ugc\">General Public License\u003C\u002Fa>\u003Cbr \u002F>\nCopyrights are listed in chronological order, by contributions.\u003Cbr \u002F>\nwpDirAuth: WordPress Directory Authentication, original author\u003Cbr \u002F>\nCopyright (c) 2007 Stephane Daury – http:\u002F\u002Fstephane.daury.org\u002F\u003Cbr \u002F>\nwpDirAuth and wpLDAP Patch Contributions\u003Cbr \u002F>\nCopyright (c) 2007 PKR Internet, LLC – http:\u002F\u002Fwww.pkrinternet.com\u002F\u003C\u002Fp>\n\u003Cp>wpDirAuth Patch Contributions\u003Cbr \u002F>\nCopyright (c) 2007 Todd Beverly\u003Cbr \u002F>\nwpLDAP: WordPress LDAP Authentication\u003Cbr \u002F>\nCopyright (c) 2007 Ashay Suresh Manjure – http:\u002F\u002Fashay.org\u002F\u003Cbr \u002F>\nwpDirAuth Patch Contribution and current maintainer\u003Cbr \u002F>\nCopyright (c) 2010-2017 Paul Gilzow – http:\u002F\u002Fgilzow.com\u002F\u003Cbr \u002F>\nwpDirAuth is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation.\u003Cbr \u002F>\nwpDirAuth is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003Cbr \u002F>\nYou should have received a copy of the GNU General Public License along with this program. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Project History\u003C\u002Fh3>\n\u003Cp>Originally started from a patched version of wpLDAP (1.02+patch), wpDirAuth has\u003Cbr \u002F>\nsince then been heavily overhauled and features have been modified and added.\u003Cbr \u002F>\nIn other words, a classic case of \u003Ccode>pimp my lib'\u003C\u002Fcode> (hopefully for the better).\u003Cbr \u002F>\n* Current: wpDirAuth: \u003Ca href=\"http:\u002F\u002Fwpdirauth.gilzow.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwpdirauth.gilzow.com\u002F\u003C\u002Fa>\u003Cbr \u002F>\n* Original: wpLDAP: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpldap\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpldap\u002F\u003C\u002Fa>\u003Cbr \u002F>\n* wpLDAP Patch: \u003Ca href=\"https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20100731020249\u002Fhttp:\u002F\u002Fwww.pkrinternet.com\u002F~rbulling\u002Fprivate\u002FwpLDAP-1.02-ssl.patch\" rel=\"nofollow ugc\">https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20100731020249\u002Fhttp:\u002F\u002Fwww.pkrinternet.com\u002F~rbulling\u002Fprivate\u002FwpLDAP-1.02-ssl.patch\u003C\u002Fa>\u003C\u002Fp>\n","WordPress directory authentication plugin through LDAP and LDAPS (SSL).",600,47307,94,12,"2023-08-18T20:10:00.000Z","6.3.8","2.2","",[20,21,22,23,24],"authentication","directory","ldap","ldaps","login","http:\u002F\u002Fwpdirauth.gilzow.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpdirauth.1.10.7.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"gilzow",1,30,84,"2026-04-04T11:17:39.771Z",[39,61,78,101,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":57,"download_link":58,"security_score":59,"vuln_count":34,"unpatched_count":28,"last_vuln_date":60,"fetched_at":30},"simple-ldap-login","Simple LDAP Login","1.6.1","Clifton Griffin","https:\u002F\u002Fprofiles.wordpress.org\u002Fclifgriffin\u002F","\u003Cp>Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributing\u003C\u002Fstrong>\u003Cbr \u002F>\nThis is a community project now. Most development is done by users like you who find bugs and fix them, or find new ways to make the plugin more powerful for everyone.\u003C\u002Fp>\n\u003Cp>The easiest way to contribute to this plugin is to submit a GitHub pull request. Here’s the repo:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fclifgriffin\u002Fsimple-ldap-login\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need support, file an issue here:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fclifgriffin\u002Fsimple-ldap-login\u002Fissues\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special Requests\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail: clifgriffin[at]gmail.com\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)\u003C\u002Fli>\n\u003Cli>Supports TLS\u003C\u002Fli>\n\u003Cli>Uses up-to-date methods for WordPress authentication routines.\u003C\u002Fli>\n\u003Cli>Authenticates existing WordPress usernames against LDAP.\u003C\u002Fli>\n\u003Cli>Can be configured to automatically create WordPress users for valid LDAP logins.\u003C\u002Fli>\n\u003Cli>You can restrict logins based on one or more LDAP groups.\u003C\u002Fli>\n\u003Cli>Intuitive control panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Architecture\u003C\u002Fh4>\n\u003Cp>Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Can the provided credentials be authenticated against LDAP?\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>If so, is the LDAP user a member of the required LDAP groups (if any)?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>Does a matching WordPress user exist?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>If so, log the user in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>If not, is user creation enabled?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>\n\u003Cul>\n\u003Cli>Create the user and log them in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won’t.)\u003C\u002Fp>\n","Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.",1000,110171,86,18,"2024-09-26T15:41:00.000Z","6.6.5","3.4",[55,56,20,22,24],"active-directory","adldap","https:\u002F\u002Fobjectiv.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-ldap-login.1.6.1.zip",91,"2024-09-27 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":34,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":76,"download_link":77,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"active-directory-authentication-integration","Active Directory Authentication Integration","0.6","Curtiss Grymala","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgrymala\u002F","\u003Cp>This plugin allows WordPress to authenticate, authorize, create and update against an Active Directory domain. This plugin is based heavily on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-integration\u002F\" rel=\"ugc\">Active Directory Integration\u003C\u002Fa> plugin, but has been modified to work with Multi Site and even Multi Network installations of WordPress.\u003C\u002Fp>\n\u003Cp>Some of the features included in this plugin are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>authenticate against more than one AD Server (for balanced load)\u003C\u002Fli>\n\u003Cli>authorize users by Active Directory group memberships\u003C\u002Fli>\n\u003Cli>auto create and update users that can authenticate against AD\u003Cbr \u002F>\nmapping of AD groups to WordPress roles\u003C\u002Fli>\n\u003Cli>use TLS (or LDAPS) for secure communication to AD Servers (recommended)\u003C\u002Fli>\n\u003Cli>use non standard port for communication to AD Servers\u003C\u002Fli>\n\u003Cli>protection against brute force attacks\u003C\u002Fli>\n\u003Cli>user and\u002For admin e-mail notification on failed login attempts\u003C\u002Fli>\n\u003Cli>determine WP display name from AD attributes (sAMAccountName, displayName, description, SN, CN, givenName or mail)\u003C\u002Fli>\n\u003Cli>enable\u002Fdisable password changes for local (non AD) WP users\u003C\u002Fli>\n\u003Cli>WordPress 3.0\u002F3.1 compatibility, including Multi Site and Multi Network\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-integration\u002F\" rel=\"ugc\">glatze’s Active Directory Integration\u003C\u002Fa> plugin, which is based upon \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Factive-directory-authentication\u002F\" rel=\"ugc\">Jonathan Marc Bearak’s Active Directory Authentication\u003C\u002Fa> plugin and \u003Ca href=\"http:\u002F\u002Fadldap.sourceforge.net\u002F\" rel=\"nofollow ugc\">Scott Barnett’s adLDAP\u003C\u002Fa>, a very useful PHP class.\u003C\u002Fp>\n\u003Cp>Aside from the changes to make this plugin work more effectively with WordPress Multi Site, this version of the plugin also encrypts the password used to connect to the AD server when it is stored in the database.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fcgrymala\" rel=\"ugc\">Curtiss Grymala\u003C\u002Fa> for the \u003Ca href=\"http:\u002F\u002Fumw.edu\u002F\" rel=\"nofollow ugc\">University of Mary Washington\u003C\u002Fa>. It is licensed under the GPL2, which basically means you can take it, break it and change it any way you want, as long as the original credit and license information remains somewhere in the package.\u003C\u002Fp>\n\u003Ch3>Important Notice\u003C\u002Fh3>\n\u003Cp>Since I don’t currently have access to multiple AD servers, this plugin has only been tested on a single installation of WordPress with a single AD server. Therefore, it is entirely possible that there are major bugs.\u003C\u002Fp>\n\u003Cp>At this time, I am seeking people to test the plugin, so please report any issues you encounter.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>This plugin requires WordPress. It might work with versions older than 3.0, but it has not been tested with those.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin also requires PHP5. Some attempt has been made to make it compatible with PHP4, but it has not been tested in that environment.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin requires LDAP support to be compiled into PHP. If the \u003Ccode>ldap_connect()\u003C\u002Fcode> function is not available, this plugin will output an error message and will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>To Do\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add ability to validate against multiple AD servers (check one, then the other – rather than just load-balancing as the plugin currently does)\u003C\u002Fli>\n\u003Cli>DONE as of 0.4a – Update admin interface to utilize native meta box interface rather than custom layout\u003C\u002Fli>\n\u003Cli>DONE as of 0.3a – Separate the profile information from the role equivalent groups in the “auto update user” setting\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows WordPress to authenticate, authorize, create and update users through Active Directory",10,9961,100,"2011-08-30T16:36:00.000Z","3.2.1","3.0",[55,20,22,24],"http:\u002F\u002Fplugins.ten-321.com\u002Fcategory\u002Factive-directory-authentication-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factive-directory-authentication-integration.0.6.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":71,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":28,"last_vuln_date":100,"fetched_at":30},"authldap","authLdap","3.1.3","heiglandreas","https:\u002F\u002Fprofiles.wordpress.org\u002Fheiglandreas\u002F","\u003Cp>Use your existing LDAP as authentication-backend for your wordpress!\u003C\u002Fp>\n\u003Cp>So what are the differences to other WordPress-LDAP-Authentication-Plugins?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can freely decide how to do the authentication of your users. It simply depends on your filters\u003C\u002Fli>\n\u003Cli>Independent: As soon as a user logs in, it is added\u002Fupdated to the WordPress’ user-database to allow wordpress to always use the correct data. You only have to administer your users once.\u003C\u002Fli>\n\u003Cli>Failsafe: Due to the users being created in WordPress’ User-database they can also log in when the LDAP-backend currently is gone.\u003C\u002Fli>\n\u003Cli>Role-Aware: You can map WordPress’ roles to values of an existing LDAP-attribute.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more Information on the configuration have a look at https:\u002F\u002Fgithub.com\u002Fheiglandreas\u002FauthLdap\u003C\u002Fp>\n","Use your existing LDAP flexible as authentication backend for WordPress",5000,135169,19,"2025-04-16T05:47:00.000Z","6.8.5","2.5.0","7.4",[55,94,20,22,95],"auth","openldap","https:\u002F\u002Fgithub.com\u002Fheiglandreas\u002FauthLdap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthldap.3.1.3.zip",99,2,"2023-09-01 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":86,"downloaded":109,"rating":71,"num_ratings":88,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":92,"tags":113,"homepage":116,"download_link":117,"security_score":98,"vuln_count":34,"unpatched_count":28,"last_vuln_date":118,"fetched_at":30},"authorizer","Authorizer","3.13.4","Paul Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Ffigureone\u002F","\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> restricts access to a WordPress site to specific users, typically students enrolled in a university course. It maintains a list of approved users that you can edit to determine who has access. It also replaces the default WordPress login\u002Fauthorization system with one relying on an external server, such as Google, CAS, LDAP, or an OAuth2 provider. Finally, \u003Cem>Authorizer\u003C\u002Fem> lets you limit invalid login attempts to prevent bots from compromising your users’ accounts.\u003C\u002Fp>\n\u003Cp>View or contribute to the plugin source on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> requires the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>CAS server\u003C\u002Fstrong> (2.x, 3.x, 4.x, 5.x, 6.x, or 7.x) or \u003Cstrong>LDAP server\u003C\u002Fstrong> (plugin needs the URL)\u003C\u002Fli>\n\u003Cli>PHP extensions: php-ldap, php-curl, php-dom\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> provides the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: WordPress accounts; Google accounts; CAS accounts; LDAP accounts; OAuth2 accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Access\u003C\u002Fstrong>: All authenticated users (all local and all external can log in); Only specific users (all local and approved external users can log in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View Access\u003C\u002Fstrong>: Everyone (open access); Only logged in users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: Progressively increase the amount of time required between invalid login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode\u003C\u002Fstrong>: Use the \u003Ccode>[authorizer_login_form]\u003C\u002Fcode> shortcode to embed a wp_login_form() outside of wp-login.php.\u003C\u002Fli>\n\u003C\u002Ful>\n","Authorizer limits login attempts, restricts access to specific users, and authenticates against external sources (OAuth2, Google, LDAP, or CAS).",181710,"2025-12-19T20:52:00.000Z","6.9.4","5.5",[20,114,22,24,115],"cas","oauth","https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthorizer.3.13.4.zip","2022-11-01 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":111,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":28,"last_vuln_date":141,"fetched_at":30},"ldap-login-for-intranet-sites","Active Directory Integration \u002F LDAP Integration","5.4.0","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration#Features\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-ldap-login-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Setup Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-setup-guides?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration#Add-Ons\" rel=\"nofollow ugc\">Integrations\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fcontact?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Active Directory Integration \u002F LDAP Integration Login for Intranet Sites plugin\u003C\u002Fa>   lets users sign in to WordPress using their LDAP or Active Directory credentials. It maps LDAP and Active Directory attributes to WordPress user fields, syncs profiles on login, and assigns roles based on directory groups or OUs.\u003C\u002Fp>\n\u003Cp>This plugin supports:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Microsoft Active Directory\u003C\u002Fli>\n\u003Cli>Azure Active Directory\u003C\u002Fli>\n\u003Cli>Sun Active Directory\u003C\u002Fli>\n\u003Cli>OpenLDAP Directory\u003C\u002Fli>\n\u003Cli>JumpCloud\u003C\u002Fli>\n\u003Cli>FreeIPA Directory\u003C\u002Fli>\n\u003Cli>Synology\u003C\u002Fli>\n\u003Cli>\n\u003Cp>OpenDS and other LDAP directories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can fetch LDAP OUs, map LDAP attributes, test LDAP and Active Directory authentication, and review LDAP authentication reports for failed login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>This plugin brings centralized LDAP and Active Directory-based authentication, improves access control, and keeps your WordPress user information consistent with your directory source.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How the Plugin Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When a user enters their details on the WordPress login page, the plugin sends an LDAP or Active Directory authentication request to your directory server. If the LDAP or AD credentials match, the user is logged in, and a WordPress account is created or updated.\u003C\u002Fp>\n\u003Cp>During LDAP or Active Directory login, the plugin can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Read LDAP and AD attributes\u003C\u002Fli>\n\u003Cli>Map LDAP attributes to WordPress profile fields\u003C\u002Fli>\n\u003Cli>Assign WordPress roles based on LDAP or Active Directory groups and OUs\u003C\u002Fli>\n\u003Cli>Sync LDAP or AD user data on every login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can enable LDAP secure connection (LDAPS) or Kerberos \u002F NTLM for passwordless AD login on domain-joined machines. LDAP filters, multiple LDAP search bases, and backup LDAP servers can be configured when needed. LDAP authentication failures are logged for security review.\u003C\u002Fp>\n\u003Cp>This ensures WordPress uses your LDAP or Active Directory server as the main source of truth for identity and login.\u003C\u002Fp>\n\u003Cp>Plugin\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-ldap-login-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory Login for Intranet Sites Plugin\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-miniorange-ldap-login-premium-plugin-for-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory login for Intranet Sites Premium Plugin\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-multisite-ldap-ad-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory login for Intranet Sites Premium Plugin for Multisite\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-ldap-login-cloud?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory login for Cloud\u002FShared Hosting Plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Add Ons\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-kerberos-single-sign-sso?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Kerberos Single Sign On (SSO)\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-miniorange-directory-sync-add-on-for-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Sync User LDAP Directory\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-miniorange-profile-picture-map-add-on-for-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Profile Picture Sync for WordPress and BuddyPress\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-active-directory-ldap-users-search-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Search Staff\u002FEmployee from LDAP Active Directory\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-password-sync-with-ldap-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Password Sync with LDAP Server\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Minimum Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Compatible with WordPress version 5.0 or higher\u003C\u002Fli>\n\u003Cli>Compatible with PHP version 5.6.0 or higher\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffaq.miniorange.com\u002Fknowledgebase\u002Fhow-to-enable-php-ldap-extension\u002F?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">PHP LDAP extension Enabled\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get a quick overview of our product\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FVdAIDLCN-cQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features of the AD Integration\u002F LDAP Integration Login for Intranet Sites Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The LDAP\u002FActive Directory Login for Intranet sites plugin includes user management features as well, such as adding users from Active Directory or another LDAP Directory who are not registered in WordPress, WordPress role mapping, LDAP\u002FActive Directory to WordPress attribute mapping, and more. We also provide additional add-ons that enhance the functionality of the basic plugin such as enabling \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fkerberos-authentication-support?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Kerberos\u002FNTLM SSO Authentication\u003C\u002Fa>, importing users from Active Directory\u002FLDAP Server to WordPress, creating users in Active Directory\u002FLDAP server when created\u002Fregistered in the WordPress site, sync users between the Active Directory\u002FLDAP server and WordPress site, sync LDAP\u002FActive Directory Profile Picture thumbnail attribute to WordPress user profile picture, AD integration with third-party plugins and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is Kerberos\u002FNTLM Single Sign On (SSO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Effortlessly enable Single Sign-On (SSO) within your Active Directory-secured intranet using \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fntlm-kerberos-authentication-mechanism\" rel=\"nofollow ugc\">Kerberos\u002FNTLM authentication\u003C\u002Fa>. Enjoy passwordless login for domain-joined machines and enhanced security through restricted external access. With cross-platform compatibility, \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsteps-setup-kerberos-windows-authentication\" rel=\"nofollow ugc\">Kerberos authentication across Windows\u003C\u002Fa> is also ensured. \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsteps-to-setup-kerberos-on-ubuntu-rhel-centos\" rel=\"nofollow ugc\">Kerberos authentication can also be done access Ubuntu, CentOS, and RHEL\u003C\u002Fa>, protecting against unauthorized access and impersonation threats. You can also configure \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsteps-to-setup-ntlm-sso-with-apache-on-windows\" rel=\"nofollow ugc\">Kerberos\u002FNTLM SSO with Apache on Windows\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Benefits of Kerberos Authentication Protocol\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Secure Authentication\u003C\u002Fstrong>: Strong cryptography ensures safe access to systems and resources.\u003Cbr \u002F>\n\u003Cstrong>Mutual Authentication\u003C\u002Fstrong>: Verifies both client and server identities to prevent impersonation.\u003Cbr \u002F>\n\u003Cstrong>Cross-Platform Compatibility\u003C\u002Fstrong>: Supports diverse operating systems and applications for broad SSO adoption.\u003C\u002Fp>\n\u003Ch4>Free Version Features:-\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>LDAP \u002F Active Directory Login:\u003C\u002Fstrong> Authenticate users by verifying their LDAP or Active Directory credentials instead of storing separate credentials in WordPress. This gives your intranet a centralized login system.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP User Auto Creation:\u003C\u002Fstrong> When a directory user logs in for the first time, the plugin creates a matching WordPress account automatically. No manual user creation required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP Profile Sync:\u003C\u002Fstrong> Update a user’s WordPress profile on every login by pulling details such as name, email, and username from your directory server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default Role Mapping:\u003C\u002Fstrong> Assign a default WordPress role to all authenticated directory users to maintain consistent permissions across your intranet.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP Attribute Mapping:\u003C\u002Fstrong> Map directory attributes like mail, sAMAccountName, UID, or CN to WordPress user fields. This keeps user information aligned between systems.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fguide-to-setup-ldaps-on-windows-server?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAPS Support\u003C\u002Fa>:\u003C\u002Fstrong> Encrypt all authentication traffic between WordPress and your directory server using LDAPS. This protects credentials from being intercepted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP Authentication Reports:\u003C\u002Fstrong> Record all failed LDAP or Active Directory login attempts. Admins can export these logs to review potential security issues or misconfigurations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add WordPress Users to LDAP:\u003C\u002Fstrong> When a new user registers on WordPress, the plugin can automatically create or update the corresponding account in your directory (when supported).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP OU Fetching:\u003C\u002Fstrong> Automatically pull Organization Units (OUs) from your directory to help you set up the correct search base during configuration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP Connection Test:\u003C\u002Fstrong> Test your directory hostname, port, bind details, and search base before enabling login to ensure everything works as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Demo LDAP Server:\u003C\u002Fstrong> Use the built-in demo directory to try the plugin without connecting your production LDAP or Active Directory environment.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hybrid LDAP Support:\u003C\u002Fstrong> Support configurations where part of your environment runs on-prem Active Directory and part uses cloud directory services.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Compatibility:\u003C\u002Fstrong> Fully compatible with the latest WordPress and PHP versions. Includes documentation, setup videos, and easy configuration screens.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You can find out how to configure the (AD Integration) Active Directory Integration \u002F LDAP Integration plugin through the video below\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5DUGgP-Hf-k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This LDAP\u002FActive Directory Login (AD Login) plugin is free to use under the Expat license. If you wish to use enhanced features, you may purchase our \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>. We also provide additional \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration#Add-Ons\" rel=\"nofollow ugc\">add-ons\u003C\u002Fa> that enhance the functionality of the basic WordPress LDAP\u002FAD Login plugin. This will help support further development of our LDAP plugin, and in turn, serve our customers better.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Premium Version Features\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Our premium plugin includes additional features, as well as the aforementioned free plugin features. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login with Any LDAP Attribute:\u003C\u002Fstrong> Authenticate users using attributes like sAMAccountName, UPN, mail, UID, or any custom field defined in your directory schema.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced LDAP \u002F AD Role Mapping:\u003C\u002Fstrong> Assign roles dynamically based on a user’s group membership or OU. You can create multiple mapping rules for different user segments.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LDAP Group Fetching:\u003C\u002Fstrong> Automatically fetch directory security groups to simplify role-mapping setup inside WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extended LDAP Attribute Mapping:\u003C\u002Fstrong> Map extended directory attributes such as givenName, sn, telephoneNumber, and custom schema fields to WordPress user meta.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom LDAP Attribute Support:\u003C\u002Fstrong> Create custom WordPress profile fields and link them to any attribute available in your directory server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom LDAP \u002F AD Search Filters:\u003C\u002Fstrong> Restrict login using rules based on group membership, userAccountControl flags, or any advanced LDAP filter.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple LDAP Search Bases:\u003C\u002Fstrong> Authenticate users across multiple OUs or directory paths without duplicating configuration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Directory Login:\u003C\u002Fstrong> Connect WordPress to multiple LDAP or Active Directory domains. The plugin can try each directory in sequence or route users based on domain rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress to Directory Sync:\u003C\u002Fstrong> Push WordPress profile updates back to your directory server to maintain consistency in both directions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dual Authentication Mode:\u003C\u002Fstrong> Allow both directory users and native WordPress users to log in. Useful for mixed environments or admin-only local access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Login Redirects:\u003C\u002Fstrong> Send users to a custom URL, homepage, or profile page after successful login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed LDAP Authentication Logs:\u003C\u002Fstrong> Collect detailed logs for each failed authentication attempt, including reason codes, timestamps, and directory responses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import \u002F Export Plugin Configuration:\u003C\u002Fstrong> Export your plugin setup from staging and import it into production to avoid repetitive configuration work.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-multisite-ldap-ad-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Multisite LDAP \u002F AD Support\u003C\u002Fa>:\u003C\u002Fstrong> Configure your directory connection at the network level and apply it to selected subsites in a WordPress multisite network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Login Restrictions:\u003C\u002Fstrong> Restrict login based on assigned WordPress roles when running mixed login environments.\u003C\u002Fli>\n\u003Cli>Provides seamless AD integration with \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration#Add-Ons\" rel=\"nofollow ugc\">third-party plugins\u003C\u002Fa> such as BuddyBoss, BuddyPress, Ultimate Member, Gravity Forms, Groups, and eMember.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You can find out Active Directory Integration \u002F LDAP Integration Premium Version Features through the video below\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fr0pnB2d0QP8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-intranet-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration#Add-Ons\" rel=\"nofollow ugc\">Add-ons List\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-kerberos-single-sign-sso?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Active Directory Single Sign-On (SSO) using Kerberos\u002FNTLM\u003C\u002Fa>:\u003C\u002Fstrong> Enable passwordless SSO for domain-joined machines using Kerberos or NTLM. Works with Apache, IIS, Windows with Apache, and GSSAPI-based authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-configure-miniorange-directory-sync-add-on-for-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Sync Users LDAP Directory\u003C\u002Fa>:\u003C\u002Fstrong> Import directory users into WordPress and schedule ongoing synchronizations. Supports bidirectional sync when enabled.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-miniorange-ldap-buddypress-integration-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Sync BuddyPress Extended Profiles\u003C\u002Fa>:\u003C\u002Fstrong> Pull directory attributes into BuddyPress extended profile fields during login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-password-sync-with-ldap-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Password Sync with Active Directory\u002FLDAP Directory\u003C\u002Fa>:\u003C\u002Fstrong> Sync password changes made in WordPress back to your directory server, keeping credentials aligned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-miniorange-profile-picture-map-add-on-for-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Profile Picture Sync for WordPress and BuddyPress\u003C\u002Fa>:\u003C\u002Fstrong> Sync thumbnail photos from your directory into WordPress or BuddyPress profile pictures.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-ultimate-member-login-integration-with-ldap-credentials?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Ultimate Member Login and Profile Integration\u003C\u002Fa>:\u003C\u002Fstrong> Enable directory login in Ultimate Member forms and map directory fields to Ultimate Member profile fields.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page\u002FPost Restriction:\u003C\u002Fstrong> Control access to specific pages or posts using LDAP groups or WordPress roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-miniorange-ldap-search-widget-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Search Staff From Active Directory\u002Fother LDAP Directory\u003C\u002Fa>:\u003C\u002Fstrong> Display directory users on a WordPress page using a searchable shortcode or widget.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-third-party-user-profile-integration-with-ldap-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Third-Party Plugin User Profile Integration\u003C\u002Fa>:\u003C\u002Fstrong> Sync directory attributes to user profiles created by other plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> Populate form fields with directory data and verify user identity during form submission.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-miniorange-ldap-buddypress-integration-add-on?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Sync BuddyPress Groups\u003C\u002Fa>:\u003C\u002Fstrong> Assign BuddyPress groups to users based on their directory group membership.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress Plugin Integration:\u003C\u002Fstrong> Allow access to MemberPress-protected content using LDAP or Active Directory accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>eMember Plugin Integration:\u003C\u002Fstrong> Enable directory login for eMember accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Groups Plugin Integration:\u003C\u002Fstrong> Map directory groups to the Groups plugin user groups for permission-based workflows.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsso-multiple-ldap-ad-using-kerberos-ntlm-protocol?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Enable SSO for Multiple Active Directory Users on Domain-Joined Machines with Kerberos\u002FNTLM\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enable seamless login for employees who use domain-joined computers. When a user is already signed into their workstation with their LDAP or Active Directory account, the plugin (with the Kerberos \u002F NTLM addon) can authenticate them automatically on WordPress without asking for a password. This gives your intranet a smooth, secure, and passwordless login flow.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fkerberos-ntlm-sso-for-wordpress-sites?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Enable MFA for External Access After LDAP Kerberos SSO\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Inside the intranet, users can rely on SSO through LDAP or Active Directory. But when someone logs in from outside the network or over VPN, you can require Multi-Factor Authentication (MFA). This protects sensitive content by verifying identity through both directory credentials and a second factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fldap-active-directory-group-based-authorization-in-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Map LDAP\u002FAD Groups and Attributes to WordPress User Profiles\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use directory groups and user attributes to assign WordPress roles automatically. For example, members of an “HR” group can be mapped to an editor role, while others receive subscriber or custom roles. This reduces manual user management and ensures permissions stay aligned with your organizational structure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fuser-directory-sync-between-active-directory-and-wordpress?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Automate LDAP\u002FActive Directory Sync with WordPress for Seamless User Management\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Keep WordPress user accounts up to date by syncing them with LDAP or Active Directory schedules. This includes importing new users, updating profile details, syncing profile photos, and optionally enabling self-service password updates. This is useful for large teams where user details change often.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-user-authentication-from-ldap-active-directory?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Enable Multiple LDAP Directories Support for WordPress Authentication and Synchronization\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If your setup includes multiple directory domains or different LDAP servers, the plugin can authenticate users across all of them. It can try servers in sequence or route users based on their domain. This helps organizations with multi-forest, multi-tenant, or hybrid identity environments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fguide-to-setup-multisite-ldap-ad-plugin?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory Integration for WordPress Multisite Environments\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Manage LDAP or Active Directory authentication across an entire WordPress multisite network. Configure the directory connection once at the network level and apply it to selected subsites. Each site can inherit settings or define its own role mappings.\u003C\u002Fp>\n\u003Ch4>Other Use-Cases we support:-\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-login-cloud?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">miniOrange Active Directory\u002FLDAP Integration for Cloud & Shared Hosting Platforms Plugin\u003C\u002Fa>\u003C\u002Fstrong> supports login to WordPress sites hosted on a shared hosting platform using credentials stored in active directory and LDAP Directory systems in case you are not able to enable \u003Cstrong>\u003Ca href=\"https:\u002F\u002Ffaq.miniorange.com\u002Fknowledgebase\u002Fhow-to-enable-php-ldap-extension\u002F?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP Extension\u003C\u002Fa>\u003C\u002Fstrong> on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong> \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-ldap-directory-search?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Search Staff\u002FEmployee present in your Active Directory\u003C\u002Fa>\u003C\u002Fstrong>: Display employee information pulled directly from LDAP or Active Directory on your WordPress site. Users can search staff by name, email, department, or other attributes. This is useful for intranets, company portals, employee dashboards, and internal contact lists.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Integration with Different CMSs\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-ldap-ad-integration-for-expressionengine?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory Integration for ExpressionEngine\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fldap-authentication-for-opencart?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory Integration for OpenCart\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-ldap-ad-integration-for-craft-cms?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">LDAP\u002FActive Directory Integration for Craft CMS\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Need support?\u003C\u002Fh4>\n\u003Cp>For support or troubleshooting help, please email us at info@xecurify.com or \u003Ca href=\"https:\u002F\u002Fwww.miniorange.com\u002Fcontact?utm_source=wordpress%20readme&utm_medium=marketplace&utm_campaign=Active%20Directory%20Integration%20\u002F%20LDAP%20Integration\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>.\u003C\u002Fp>\n","Active Directory Integration\u002FLDAP Integration enables login & sync in WordPress with Active Directory\u002FLDAP Directory credentials, 24\u002F7 ACTIVE SUPPORT",4000,322455,98,205,"2026-01-27T07:18:00.000Z","5.0","5.6.0",[55,135,20,22,136],"active-directory-integration","ldap-authentication","https:\u002F\u002Fminiorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fldap-login-for-intranet-sites.5.4.0.zip",97,7,"2023-09-25 00:00:00",{"attackSurface":143,"codeSignals":211,"taintFlows":268,"riskAssessment":327,"analyzedAt":344},{"hooks":144,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":210,"entryPointCount":28,"unprotectedCount":28},[145,151,156,160,164,168,171,174,177,181,185,189,192,196,200,204],{"type":146,"name":147,"callback":148,"priority":69,"file":149,"line":150},"filter","authenticate","wpDirAuth_authenticate","wpDirAuth.php",156,{"type":152,"name":153,"callback":154,"file":149,"line":155},"action","admin_menu","wpDirAuth_safeAddMenu",255,{"type":146,"name":147,"callback":157,"priority":158,"file":149,"line":159},"wp_authenticate_username_password",20,1411,{"type":152,"name":161,"callback":162,"file":149,"line":163},"network_admin_menu","wpDirAuth_addNetworkMenu",2172,{"type":152,"name":165,"callback":166,"file":149,"line":167},"show_network_site_users_add_new_form","wpDirAuth_add_user_panel",2173,{"type":152,"name":161,"callback":169,"file":149,"line":170},"wpDirAuth_network_adduser",2175,{"type":152,"name":153,"callback":172,"file":149,"line":173},"wpDirAuth_addMenu",2177,{"type":152,"name":153,"callback":175,"file":149,"line":176},"wpDirAuth_add_users_page",2183,{"type":152,"name":178,"callback":179,"file":149,"line":180},"login_form","wpDirAuth_loginFormExtra",2185,{"type":152,"name":182,"callback":183,"file":149,"line":184},"profile_update","wpDirAuth_profileUpdate",2186,{"type":152,"name":186,"callback":187,"file":149,"line":188},"lostpassword_form","anonymous",2196,{"type":152,"name":186,"callback":190,"file":149,"line":191},"closure",2198,{"type":146,"name":193,"callback":194,"file":149,"line":195},"show_password_fields","wpDirAuth_hidePassFields",2213,{"type":146,"name":197,"callback":198,"priority":69,"file":149,"line":199},"allow_password_reset","wpDirAuth_allowPasswordReset",2214,{"type":146,"name":201,"callback":202,"priority":69,"file":149,"line":203},"auth_cookie_expiration","wpDirAuth_cookieExpire",2215,{"type":146,"name":205,"callback":190,"file":149,"line":206},"login_message",2252,[],[],[],[],{"dangerousFunctions":212,"sqlUsage":226,"outputEscaping":233,"fileOperations":28,"externalRequests":28,"nonceChecks":34,"capabilityChecks":28,"bundledLibraries":267},[213,217,220,223],{"fn":214,"file":149,"line":215,"context":216},"unserialize",1643,"$aryLdapKeys = apply_filters('wpdirauth_ldap_user_keys',unserialize(WPDIRAUTH_LDAP_RETURN_KEYS));",{"fn":218,"file":149,"line":188,"context":219},"create_function","add_action('lostpassword_form',create_function('','echo get_site_option(\"dirAuthChangePassMsg\");'));",{"fn":214,"file":149,"line":221,"context":222},2349,"$aryReturnKeys = array_values(unserialize(WPDIRAUTH_LDAP_RETURN_KEYS));",{"fn":214,"file":149,"line":224,"context":225},2376,"foreach(unserialize(WPDIRAUTH_OPTIONS) as $strOption){",{"prepared":28,"raw":99,"locations":227},[228,231],{"file":149,"line":229,"context":230},2290,"$wpdb->get_results() with variable interpolation",{"file":149,"line":232,"context":230},2300,{"escaped":234,"rawEcho":235,"locations":236},23,15,[237,240,242,244,246,248,250,252,254,255,257,259,261,263,265],{"file":149,"line":238,"context":239},219,"raw output",{"file":149,"line":241,"context":239},643,{"file":149,"line":243,"context":239},895,{"file":149,"line":245,"context":239},1151,{"file":149,"line":247,"context":239},1156,{"file":149,"line":249,"context":239},1173,{"file":149,"line":251,"context":239},1234,{"file":149,"line":253,"context":239},1582,{"file":149,"line":253,"context":239},{"file":149,"line":256,"context":239},1798,{"file":149,"line":258,"context":239},2054,{"file":149,"line":260,"context":239},2062,{"file":149,"line":262,"context":239},2111,{"file":149,"line":264,"context":239},2117,{"file":149,"line":266,"context":239},2200,[],[269,297,309],{"entryPoint":270,"graph":271,"unsanitizedCount":295,"severity":296},"wpDirAuth_loginFormExtra (wpDirAuth.php:1104)",{"nodes":272,"edges":291},[273,278,283,286],{"id":274,"type":275,"label":276,"file":149,"line":277},"n0","source","$_SERVER (x2)",1140,{"id":279,"type":280,"label":281,"file":149,"line":245,"wp_function":282},"n1","sink","echo() [XSS]","echo",{"id":284,"type":275,"label":285,"file":149,"line":277},"n2","$_SERVER",{"id":287,"type":280,"label":288,"file":149,"line":289,"wp_function":290},"n3","header() [Header Injection]",1155,"header",[292,294],{"from":274,"to":279,"sanitized":293},false,{"from":284,"to":287,"sanitized":293},3,"medium",{"entryPoint":298,"graph":299,"unsanitizedCount":28,"severity":308},"wpDirAuth_add_user_panel (wpDirAuth.php:1886)",{"nodes":300,"edges":305},[301,304],{"id":274,"type":275,"label":302,"file":149,"line":303},"$_POST (x2)",1931,{"id":279,"type":280,"label":281,"file":149,"line":258,"wp_function":282},[306],{"from":274,"to":279,"sanitized":307},true,"low",{"entryPoint":310,"graph":311,"unsanitizedCount":28,"severity":308},"\u003CwpDirAuth> (wpDirAuth.php:0)",{"nodes":312,"edges":323},[313,314,315,316,317,321],{"id":274,"type":275,"label":276,"file":149,"line":277},{"id":279,"type":280,"label":281,"file":149,"line":245,"wp_function":282},{"id":284,"type":275,"label":285,"file":149,"line":277},{"id":287,"type":280,"label":288,"file":149,"line":289,"wp_function":290},{"id":318,"type":275,"label":319,"file":149,"line":320},"n4","$_POST (x3)",686,{"id":322,"type":280,"label":281,"file":149,"line":249,"wp_function":282},"n5",[324,325,326],{"from":274,"to":279,"sanitized":307},{"from":284,"to":287,"sanitized":307},{"from":318,"to":322,"sanitized":307},{"summary":328,"deductions":329},"The \"wpdirauth\" v1.10.7 plugin exhibits a mixed security posture.  On the positive side, the plugin has a remarkably small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there is no vulnerability history, suggesting a potentially stable and well-maintained codebase.  However, the code analysis reveals significant concerns, including the use of dangerous functions like `unserialize` and `create_function`, and the absence of prepared statements for all SQL queries. The taint analysis shows one flow with unsanitized paths, which, while not classified as critical or high, still represents a potential risk. The lack of capability checks for any entry points, though the attack surface is zero, indicates a potential weakness if any new entry points are introduced in the future without proper authorization checks.  The plugin has some strengths in its limited attack surface and clean vulnerability history, but the presence of dangerous functions and un-prepared SQL queries, along with the unsanitized taint flow, warrants caution.",[330,332,334,336,339,342],{"reason":331,"points":69},"Use of dangerous function: unserialize",{"reason":333,"points":69},"Use of dangerous function: create_function",{"reason":335,"points":69},"SQL queries not using prepared statements",{"reason":337,"points":338},"Taint flow with unsanitized paths",8,{"reason":340,"points":341},"No capability checks for entry points",5,{"reason":343,"points":341},"Output escaping not fully implemented","2026-03-16T19:29:34.757Z",{"wat":346,"direct":357},{"assetPaths":347,"generatorPatterns":351,"scriptPaths":352,"versionParams":353},[348,349,350],"\u002Fwp-content\u002Fplugins\u002Fwpdirauth\u002Fcss\u002Fwpdirauth-settings.css","\u002Fwp-content\u002Fplugins\u002Fwpdirauth\u002Fcss\u002Fwpdirauth.css","\u002Fwp-content\u002Fplugins\u002Fwpdirauth\u002Fjs\u002Fwpdirauth.js",[],[350],[354,355,356],"wpdirauth\u002Fcss\u002Fwpdirauth-settings.css?ver=","wpdirauth\u002Fcss\u002Fwpdirauth.css?ver=","wpdirauth\u002Fjs\u002Fwpdirauth.js?ver=",{"cssClasses":358,"htmlComments":360,"htmlAttributes":363,"restEndpoints":365,"jsGlobals":366,"shortcodeOutput":368},[359],"wpdirauth-settings",[361,362],"SAFE MODE","SAFE MODE: wpDirAuth plugin configuration panel.",[364],"data-wpdirauth-ajax-url",[],[367],"wpdirauth_ajax_object",[]]