[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYKubgWXeHaCl3PO1bkKV6EJpqjsjx_yhC222Kubv-J8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":143,"fingerprints":194},"your-id-please","Simple Content Restriction","0.1","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>This plugin will add a new meta box to your posts and pages allowing you to mark posts that require users to login. Visitors trying to view the post, will be asked to login.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fi.imgur.com\u002FghvTt.png\" rel=\"nofollow ugc\">See a screenshot\u003C\u002Fa>\u003C\u002Fp>\n","Ask your visitors to login if the post is marked as visible only to registered users.",10,3028,0,"2011-01-25T15:48:00.000Z","3.0.5","2.9","",[19,20,21,22,23],"content","login","required","restrict","users","https:\u002F\u002Fgithub.com\u002Fstas\u002Fyour-id-please","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyour-id-please.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sushkov",8,490,30,84,"2026-04-04T14:13:41.032Z",[38,59,81,102,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":13,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":17,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"crispycohd-gated-content-block-lite","CrispyCohd Gated Content Block","1.0.9","CrispyCohd","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrispycohd\u002F","\u003Cp>CrispyCohd Gated Content Block provides a secure, block-native way to restrict access to content in the WordPress block editor based on whether a visitor is logged in or logged out.\u003C\u002Fp>\n\u003Cp>Unlike plugins that rely on JavaScript or CSS to hide content after it has already loaded, this plugin applies \u003Cstrong>true server-side content gating\u003C\u002Fstrong>, ensuring restricted content is never rendered or exposed to the browser when access conditions are not met.\u003C\u002Fp>\n\u003Cp>The gate block acts as a \u003Cstrong>structural control point\u003C\u002Fstrong> within your content:\u003Cbr \u002F>\n– If the visitor meets the access condition, the gate is hidden and content continues rendering normally.\u003Cbr \u002F>\n– If the visitor does not meet the condition, the gate message is displayed and all content after it is hidden.\u003C\u002Fp>\n\u003Cp>This approach is predictable, secure, and fully compatible with caching, SEO, and modern WordPress themes.\u003C\u002Fp>\n\u003Ch4>Flexible, Block-Based Gated Layouts\u003C\u002Fh4>\n\u003Cp>CrispyCohd Gated Content Block works seamlessly with \u003Cstrong>any core or custom WordPress block\u003C\u002Fstrong>, giving you full freedom to design gated sections that suit your content and audience. Because the gate acts as a structural marker rather than a rigid wrapper, you can combine familiar blocks such as \u003Cstrong>Columns, Groups, Buttons, or even the WordPress Login block\u003C\u002Fstrong> to create clear, styled calls-to-action for restricted content. This makes it easy to build polished, conversion-focused gated layouts using the block editor alone, without shortcodes, custom templates, or additional plugins.\u003C\u002Fp>\n\u003Ch4>Upgrade to Pro\u003C\u002Fh4>\n\u003Cp>The free version is ideal for simple login-based content restrictions.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Pro version\u003C\u002Fstrong> adds advanced gating options, including:\u003Cbr \u002F>\n– User roles (including custom roles)\u003Cbr \u002F>\n– WooCommerce product ownership\u003Cbr \u002F>\n– WooCommerce subscriptions\u003Cbr \u002F>\n– User meta conditions\u003Cbr \u002F>\n– Advanced visual controls and fade effects\u003C\u002Fp>\n\u003Cp>Existing content created with the free version remains fully compatible when upgrading.\u003C\u002Fp>\n\u003Cp>Learn more:\u003Cbr \u002F>\nhttps:\u002F\u002Fcrispycohd.com\u002Fproducts\u002Fcrispycohd-gated-content-block\u003C\u002Fp>\n","Secure, server-side gated content for the WordPress block editor. Control access to content without shortcodes or front-end hacks.",160,"2026-01-29T17:19:00.000Z","6.9.4","6.5","7.4",[52,53,54,55,56],"block-editor","content-restriction","content-gating","login-required","tags-gated-content","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrispycohd-gated-content-block-lite.1.0.9.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":48,"requires_at_least":72,"requires_php":50,"tags":73,"homepage":79,"download_link":80,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"smart-password-protect","Password Protect – Temporary Login Without Password & Password Protect Entire Site","1.2.4","Huzaifa Al Mesbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuzaifaalmesbah\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Fsmart-password-protect\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsmart-password-protect\u002F\" rel=\"ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Password Protect\u003C\u002Fstrong> is the most powerful and versatile security plugin for WordPress. It combines robust \u003Cstrong>site-wide password protection\u003C\u002Fstrong> with a modern \u003Cstrong>temporary login\u003C\u002Fstrong> system, giving you complete control over who accesses your website.\u003C\u002Fp>\n\u003Cp>Whether you are developing a site in a staging environment, putting your site in maintenance mode, or need to grant temporary admin access to a developer, Smart Password Protect has you covered.\u003C\u002Fp>\n\u003Cp>We analyzed the top security plugins in the market and built a better, all-in-one solution. Stop installing multiple plugins for “Maintenance Mode”, “Password Protection”, and “Temporary Logins”. Get it all in one lightweight, high-performance package.\u003C\u002Fp>\n\u003Ch3>🔥 Key Features Overview\u003C\u002Fh3>\n\u003Ch4>1. 🔐 Password Protect Entire Site (Maintenance Mode)\u003C\u002Fh4>\n\u003Cp>Lock your WordPress site instantly with a single password. This is perfect for staging sites, private portfolios, or maintenance mode.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Protection\u003C\u002Fstrong>: Enable or disable protection instantly from the dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brute-Force Protection\u003C\u002Fstrong>: Prevent dictionary attacks with built-in rate limiting that temporarily locks out users after too many incorrect password guesses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelisting\u003C\u002Fstrong>: Allow specific IP addresses (e.g., your office, home, or client) to bypass the password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Role Bypass\u003C\u002Fstrong>: Allow Administrators or logged-in users to access the site without a password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Friendly\u003C\u002Fstrong>: Automatically sends \u003Ccode>noindex\u003C\u002Fcode> headers to prevent Google from indexing your private\u002Fstaging content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Password Form\u003C\u002Fstrong>: A beautiful, responsive login page that looks great on all devices.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remember Me\u003C\u002Fstrong>: Users can choose to stay logged in for up to 7 days (configurable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customization\u003C\u002Fstrong>: Easily customize the look and feel of the password page via CSS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. 🔗 Temporary Login Without Password (Magic Links)\u003C\u002Fh4>\n\u003Cp>Create secure, self-expiring login links to grant temporary admin access without sharing your real credentials.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Secure Developer Access\u003C\u002Fstrong>: Give developers or support agents admin access safely.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Expiration\u003C\u002Fstrong>: Set links to expire after 1 hour, 1 day, 7 days, or a custom date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Credentials Needed\u003C\u002Fstrong>: Users log in simply by clicking the link. No username or password required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Management\u003C\u002Fstrong>: Assign any role (Admin, Editor, Subscriber) to the temporary user.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Options Toggle\u003C\u002Fstrong>: Show\u002Fhide advanced settings (Login Limits, User Role) with a simple click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect After Login\u003C\u002Fstrong>: Automatically redirect users to a specific page (e.g., Settings, Home, or Custom URL).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logs\u003C\u002Fstrong>: Track exactly when a temporary user logs in, their IP address, and browser.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Limits\u003C\u002Fstrong>: Restrict the number of times a link can be used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safe Content Reassignment\u003C\u002Fstrong>: When a temporary user is deleted, any posts, pages, WooCommerce products, or other custom post types they created or modified are automatically reassigned to the admin — never trashed or lost.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Self-Preservation\u003C\u002Fstrong>: Temporary users cannot deactivate or delete the Smart Password Protect plugin itself.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Profile Lockdown\u003C\u002Fstrong>: Temporary users are blocked from editing their profile or creating\u002Fdeleting other users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Status Control\u003C\u002Fstrong>: Manually change Temporary Login status (Active, Inactive, Expired) directly from the dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Logout\u003C\u002Fstrong>: Users are immediately logged out when their token becomes inactive or expired.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugin Deactivation Protection\u003C\u002Fstrong>: All temporary users are automatically logged out when the plugin is deactivated.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security\u003C\u002Fstrong>: Multi-layer authentication validation prevents access with invalid tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full Third-Party Compatibility\u003C\u002Fstrong>: Temporary users with admin role can access WooCommerce (products, orders, setup wizard), Elementor, and all other third-party plugin pages without any access issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3. 🛡️ Advanced Security & Logs\u003C\u002Fh4>\n\u003Cp>Keep a close eye on who is accessing your site and ensure maximum security.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Detailed Audit Trail\u003C\u002Fstrong>: View a history of every temporary login, including time, IP, and browser.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Protection\u003C\u002Fstrong>: Blocks search engine crawlers when protection is active.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capability Controls\u003C\u002Fstrong>: Restrict temporary admins from deleting plugins or themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Validation\u003C\u002Fstrong>: Automatically checks for token expiration and usage limits before allowing access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Authentication Control\u003C\u002Fstrong>: Automatically logs out users when tokens are deactivated, expired, or deleted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Request-Level Validation\u003C\u002Fstrong>: Validates token status on every request to prevent unauthorized access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Cookie-Based Authentication\u003C\u002Fstrong>: Sets secure, httponly cookies that expire automatically after 1 day.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4. 🌍 Multi-Language Support\u003C\u002Fh4>\n\u003Cp>Use the plugin in your native language with complete translation support.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>20+ Languages\u003C\u002Fstrong>: German, French, Spanish, Italian, Portuguese, Russian, Chinese (Simplified & Traditional), Arabic, Hindi, Bengali, Dutch, Polish, Czech, Danish, Bulgarian, Catalan, Croatian, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RTL Support Ready\u003C\u002Fstrong>: Compatible with right-to-left languages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contribute\u003C\u002Fstrong>: Help us translate! Submit translations via \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsmart-password-protect\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚡ Use Cases for Smart Password Protect\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>⚡ Use Case #1: Secure Staging & Development Environments\u003C\u002Fstrong>\u003Cbr \u002F>\nProtect your client’s site while it’s under development. Use the “Password Protection” feature to keep the site hidden from the public and search engines (noindex) while allowing you and your client to view progress. This is the professional way to handle staging sites without complex server configurations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Use Case #2: Grant Safe Temporary Access to Developers\u003C\u002Fstrong>\u003Cbr \u002F>\nNeed a developer to fix a bug? Don’t share your admin credentials. Instead, generate a “Temporary Login Link” with a specific role and expiration time. They get one-click access, and you get peace of mind knowing the access will auto-expire and they can’t delete your plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Use Case #3: Maintenance Mode Made Simple\u003C\u002Fstrong>\u003Cbr \u002F>\nUpdating your site or making design changes? Instantly lock the entire site with a single password. You can whitelist your own IP address to keep working while visitors see a professional password page. It’s faster and easier than installing a dedicated maintenance mode plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Use Case #4: Exclusive Client Portfolios\u003C\u002Fstrong>\u003Cbr \u002F>\nShowcase your work privately. Password protect your portfolio site and share the password only with prospective clients. This ensures your creative work remains exclusive and confidential until you are ready to show it to the world.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Use Case #5: Internal Company Documentation\u003C\u002Fstrong>\u003Cbr \u002F>\nCreate a private hub for your team. Restrict access to internal tools, wikis, or resources. With “User Role Bypass”, your logged-in employees can access content seamlessly without entering a password every time, while outsiders remain blocked.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Use Case #6: Private Family & Personal Blogs\u003C\u002Fstrong>\u003Cbr \u002F>\nShare personal stories and photos with only those you trust. Set a simple site-wide password so family and friends can view your content while keeping it safe from strangers and bots. It’s the perfect solution for keeping personal memories private.\u003C\u002Fp>\n\u003Ch3>🚀 Explore Smart Password Protect Features\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Complete Site Protection — 100% FREE\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Instantly locks your entire WordPress site behind a secure password screen. Only visitors with the correct password can access your content.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Navigate to \u003Cstrong>Smart Password Protect > Password Protection\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Toggle “Enable Password Protection” to \u003Cstrong>On\u003C\u002Fstrong>.\u003Cbr \u002F>\n3.  Enter your desired password in the “Set Password” field.\u003Cbr \u002F>\n4.  (Optional) Adjust “Remember Me” duration to control how long users stay logged in.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Secure Temporary Login Links — No Credentials Needed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Generates a unique “Magic Link” that logs a user in automatically with a specific role and expiration time. Perfect for developers or support agents.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Temporary Login\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Select an expiration time (e.g., 7 Days).\u003Cbr \u002F>\n3.  (Optional) Click “+ Show Advanced Options” to set a specific User Role or Login Limit.\u003Cbr \u002F>\n4.  Click \u003Cstrong>Generate Link\u003C\u002Fstrong> and copy the URL.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Passwordless Admin Access\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Allows administrators to access the site without entering the protection password, saving time and hassle.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Password Protection > Permissions\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Toggle “Allow Administrators” to \u003Cstrong>On\u003C\u002Fstrong>.\u003Cbr \u002F>\n3.  Now, if you are logged into WordPress as an admin, you will bypass the password screen automatically.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Allow RSS Feeds\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Ensures your RSS feeds remain accessible even when the site is password protected.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Password Protection > Permissions\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Toggle “Allow RSS Feeds” to \u003Cstrong>On\u003C\u002Fstrong>.\u003Cbr \u002F>\n3.  Your RSS feeds (e.g., \u002Ffeed) will now be publicly accessible without a password.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Allow REST API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Allows external applications and mobile apps to access your site’s data via the WordPress REST API by bypassing the protection.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Password Protection > Permissions\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Toggle “Allow REST API” to \u003Cstrong>On\u003C\u002Fstrong>.\u003Cbr \u002F>\n3.  Your site’s REST API endpoints (e.g., \u002Fwp-json) will now be accessible.\u003Cbr \u002F>\n    *   \u003Cstrong>Note:\u003C\u002Fstrong> When disabled, API requests will return a \u003Ccode>401 Unauthorized\u003C\u002Fcode> error with the message “Password protection is enabled”.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Smart IP Whitelisting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Grants instant access to specific IP addresses (like your home or office) so you don’t have to enter a password.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Password Protection > IP Settings\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Click \u003Cstrong>Auto Fill Input\u003C\u002Fstrong> to detect your current IP address.\u003Cbr \u002F>\n3.  Click \u003Cstrong>Add IP\u003C\u002Fstrong> to whitelist it. You can add as many IPs as you need.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Temporary Login Log\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> View history of temporary login usage and user actions.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Temporary Login\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Click on the \u003Cstrong>Logs\u003C\u002Fstrong> tab.\u003Cbr \u002F>\n3.  View the list of all recent login attempts to ensure no unauthorized access has occurred.\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Auto-Cleanup : Expired Links and Temporary Login Log\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it does:\u003C\u002Fstrong> Automatically deletes expired temporary login links and users from your database to keep your site clean and secure.\u003Cbr \u002F>\n\u003Cstrong>How to use:\u003C\u002Fstrong>\u003Cbr \u002F>\n1.  Go to \u003Cstrong>Smart Password Protect > Temporary Login > Settings\u003C\u002Fstrong>.\u003Cbr \u002F>\n2.  Find the \u003Cstrong>Expired Links Auto-cleanup\u003C\u002Fstrong> setting.\u003Cbr \u002F>\n3.  Set the number of days (e.g., 30 days) after which expired logs and users will be permanently deleted.\u003C\u002Fp>\n\u003Ch3>⚡ Reasons Why You Should Opt for Smart Password Protect\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>⚡ Reason #1: Uncompromising Security & Control\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade your site’s defense mechanisms with ease. Smart Password Protect allows you to lock your entire website instantly with a single password, while offering granular controls like IP Whitelisting and User Role Bypass. Built with advanced encryption and “Self-Preservation” logic, it ensures that temporary users cannot disable the plugin or hijack your site, giving you total peace of mind.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #2: Eliminate the Risk of Sharing Credentials\u003C\u002Fstrong>\u003Cbr \u002F>\nNever share your admin username and password again. With our \u003Cstrong>Temporary Login (Magic Links)\u003C\u002Fstrong> feature, you can generate secure, self-expiring access links for developers or support agents. These links use cryptographically secure tokens and allow one-click access without requiring any credentials. Once the work is done, the access is automatically revoked, keeping your main admin account completely secure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #3: Automated & Hands-Free Management\u003C\u002Fstrong>\u003Cbr \u002F>\nSay goodbye to manual user cleanup. Set your temporary login links to expire automatically after 1 hour, 1 day, or 7 days. Our intelligent “Auto-Cleanup” system runs in the background to permanently remove expired links and temporary user accounts from your database. This “set it and forget it” approach keeps your site clean and reduces administrative overhead.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #4: Gain Valuable Insights with Activity Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nKnowledge is power. Stay informed with our detailed \u003Cstrong>Activity Logs\u003C\u002Fstrong> that tracks every single temporary login event. Monitor exactly who accessed your site, when they logged in, their IP address, and even their browser information. This audit trail is essential for security monitoring and ensures you always have oversight of external access.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #5: Optimized for Speed & SEO\u003C\u002Fstrong>\u003Cbr \u002F>\nDon’t let security slow you down. Smart Password Protect is engineered to be lightweight and bloat-free, ensuring zero impact on your site’s loading speed. It also automatically handles SEO best practices by sending \u003Ccode>noindex\u003C\u002Fcode> headers for protected content, preventing Google from indexing staging sites or private pages. Plus, it works seamlessly with major caching plugins like WP Rocket and W3 Total Cache.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #6: The Ultimate All-in-One Toolkit\u003C\u002Fstrong>\u003Cbr \u002F>\nStop cluttering your site with multiple plugins. Smart Password Protect combines robust \u003Cstrong>Maintenance Mode\u003C\u002Fstrong>, \u003Cstrong>Site-Wide Password Protection\u003C\u002Fstrong>, and \u003Cstrong>Temporary Login\u003C\u002Fstrong> functionality into a single, cohesive package. By consolidating these features, you reduce plugin conflicts, save server resources, and simplify your workflow.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #7: Intuitive & Modern User Experience\u003C\u002Fstrong>\u003Cbr \u002F>\nWe believe security shouldn’t be complicated. Our plugin features a modern, React-powered dashboard that is intuitive and easy to navigate. From generating links to toggling protection, every action is just a click away. The frontend password form is also fully responsive and customizable, ensuring a professional experience for your visitors on any device.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Reason #8: Built for Developers\u003C\u002Fstrong>\u003Cbr \u002F>\nNeed more control? We’ve got you covered. Smart Password Protect is packed with hooks and filters, allowing developers to customize functionality to fit specific needs. Whether you need to modify bypass rules, control REST API access, or integrate with other tools, our codebase is clean, documented, and developer-friendly.\u003C\u002Fp>\n\u003Ch3>Check out our other Plugins\u003C\u002Fh3>\n\u003Cp>Enhance your WordPress site with our other powerful plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faccess-defender\u002F\" rel=\"ugc\">Access Defender\u003C\u002Fa>\u003C\u002Fstrong> – Advanced security plugin to protect your WordPress site from unauthorized access and malicious attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontributors-gallery\u002F\" rel=\"ugc\">Contributors Gallery\u003C\u002Fa>\u003C\u002Fstrong> – Showcase your WordPress contributors in a beautiful and customizable gallery layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-spotlight-badge\u002F\" rel=\"ugc\">Product Spotlight Badge\u003C\u002Fa>\u003C\u002Fstrong> – Highlight your WooCommerce products with eye-catching badges to boost sales.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fredirect-after-logout\u002F\" rel=\"ugc\">Redirect After Logout\u003C\u002Fa>\u003C\u002Fstrong> – Redirect users to a custom page after logging out for enhanced user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-optimizer\u002F\" rel=\"ugc\">Smart Optimizer\u003C\u002Fa>\u003C\u002Fstrong> – Instantly Boost Page Speed with One-Click Optimization\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-quote\u002F\" rel=\"ugc\">Random Quote\u003C\u002Fa>\u003C\u002Fstrong> – Daily Inspirational Quotes for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n","Password Protect entire site & create Temporary Login Without Password links. Simple & secure access for developers or maintenance.",70,1695,74,3,"2026-03-12T17:15:00.000Z","5.6",[74,75,76,77,78],"maintenance-mode","password-protect","passwordless-login","restrict-content","temporary-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-password-protect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-password-protect.1.2.4.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":89,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":100,"download_link":101,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"buddyforms-custom-login-page","BuddyForms Custom Login","1.1.14","Themekraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemekraft\u002F","\u003Cp>Create a fully customized login and registration experience for your WordPress website. Seamlessly integrates with BuddyPress. Ritch Features to enhance your user login and registration processes.\u003C\u002Fp>\n\u003Cp>Restrict content on your website. With this plugin, you can turn your website into a private network, accessible only to registered members. Customize the login and registration forms to match your site’s branding. You have full control over the login url, the login redirect and the registartion form.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Login Form\u003C\u002Fstrong>: Create a personalized login form that matches your website’s design and branding.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restrict Content\u003C\u002Fstrong>: Choose which pages, posts, or custom post types should be accessible to the public and make the rest members only.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private Network\u003C\u002Fstrong>: Transform your WordPress site into a private network by restricting access to non-registered users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Members Only\u003C\u002Fstrong>: Ensure that your content is exclusive to registered members, providing them with a unique user experience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Seamless integration with BuddyPress\u003C\u002Fh3>\n\u003Cp>Seamless integration with BuddyPress Use this plugin to create a custom BuddyPress Login\u003C\u002Fp>\n\u003Ch3>Create a Intranet with BuddyPress and Buddyforms\u003C\u002Fh3>\n\u003Ch3>Restrict the site access and create a private community\u003C\u002Fh3>\n\u003Cp>Restrict your site and network and enable acces to individuell pages or complete post types.\u003C\u002Fp>\n\u003Cp>Redirect logged off users to a login and create a private site or network\u003C\u002Fp>\n\u003Cp>Select public Accessible Pages\u003C\u002Fp>\n\u003Cp>Select public Accessible Post Types\u003C\u002Fp>\n\u003Ch3>Overwrite the default WordPress Login\u003C\u002Fh3>\n\u003Cp>Select the page you want to use for the global Login and define how to display the Login\u003Cbr \u002F>\n a) overwrite the page content\u003Cbr \u002F>\n b) Above the content\u003Cbr \u002F>\n c) Under the content\u003C\u002Fp>\n\u003Cp>Use the Login Block\u003C\u002Fp>\n\u003Cp>Its Gutenberg ready and can be used in any Gutenberg Editor as Login Block. Create Custom Logins with a Block\u003C\u002Fp>\n\u003Cp>Use the Shortcodes everywhere\u003C\u002Fp>\n\u003Cp>[bf_login_form]\u003C\u002Fp>\n\u003Ch3>Options:\u003C\u002Fh3>\n\u003Cp>redirect_url  –> is optional\u003Cbr \u002F>\nAfter successful login, redirect to the given URL\u003C\u002Fp>\n\u003Ch3>Label options\u003C\u002Fh3>\n\u003Cp>title –> is optional | default values: Login\u003Cbr \u002F>\nlabel_username –> is optional | default values: Username or Email Address\u003Cbr \u002F>\nlabel_password –> is optional | default values: Password\u003Cbr \u002F>\nlabel_remember –> is optional | default values: Remember Me\u003Cbr \u002F>\nlabel_log_in –> is optional | default values: Log In\u003Cbr \u002F>\nExamples\u003C\u002Fp>\n\u003Cp>[bf_login_form redirect_url=”\u002Ftest-shortcodes”]\u003C\u002Fp>\n\u003Ch3>Display Registration Link?\u003C\u002Fh3>\n\u003Cp>Select a registration page to rewrite the registration Link\u003C\u002Fp>\n\u003Ch3>Redirect after Login\u003C\u002Fh3>\n\u003Cp>Select a page you like to use for the redirect.\u003Cbr \u002F>\nredirect to the user profile or any custom URL\u003C\u002Fp>\n\u003Ch3>Documentation & Support\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Ch4>Extensive Documentation and Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All code is neat, clean and well documented (inline as well as in the documentation).\u003C\u002Fli>\n\u003Cli>The BuddyForms Documentation with many how-to’s will help you on your way.\u003C\u002Fli>\n\u003Cli>Find our Getting Started, How-to and Developer Docs on \u003Ca href=\"http:\u002F\u002Fdocs.buddyforms.com\u002F\" rel=\"nofollow ugc\">docs.buddyforms.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>or watch one of our \u003Ca href=\"https:\u002F\u002Fthemekraft.com\u002Fbuddyforms-videos\u002F\" rel=\"nofollow ugc\">Video Tutorials\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you still get stuck somewhere, our support gets you back on the right track. You can find all help buttons in your BuddyForms Settings Panel in your WP Dashboard and the Help Center!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n","Custom Login, Custom Login Redirect, Custom Registartion Link, Registation Forms",60,8799,2,"2023-12-27T04:29:00.000Z","6.4.8","3.9",[96,97,98,99,77],"custom-login","login-form","members-only","private-network","https:\u002F\u002Fthemekraft.com\u002Fproducts\u002Fcustom-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddyforms-custom-login-page.1.1.14.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":58,"num_ratings":91,"last_updated":17,"tested_up_to":112,"requires_at_least":113,"requires_php":17,"tags":114,"homepage":118,"download_link":119,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":120},"super-simple-post-page-restricor","Super Simple Post \u002F Page Restrictor","1.2.1","arippberger","https:\u002F\u002Fprofiles.wordpress.org\u002Farippberger\u002F","\u003Cp>SSPPR provides a \u003Cstrong>super simple\u003C\u002Fstrong> way to restrict specific post\u002Fpages\u002Fcustom post types. The plugin adds a checkbox to the post type you’d like restricted. If the checkbox is checked, \u003Cstrong>POW\u003C\u002Fstrong>, that post is restricted –accessible only to logged-in users.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Page unavailable text\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Here you can customize the text that will be displayed to users who do not have access to a post \u002F page.\u003C\u002Fli>\n\u003Cli>If left blank, this defaults to “This content is currently unavailable to you”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Apply to which post types?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The post restriction metabox\u002Fcheckbox will only appear on the backend of the post types selected here.\u003C\u002Fli>\n\u003Cli>Additionally, if post types not selected here will not be restricted. If you’ve restricted certain pages and then deselect pages from this list, those pages will become accessible to all users (even though you previously restricted them).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Prevent restriction for which user types?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User roles selected here will never be able to view restricted content\u003C\u002Fli>\n\u003Cli>User roles selected here will \u003Cstrong>never\u003C\u002Fstrong> be able to see restricted content, regardless of whether they are logged in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Default restriction?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If this option is checked, posts \u002F pages that are auto-generated should be restricted in most cases.\u003C\u002Fli>\n\u003Cli>If this option is checked, newly created posts \u002F pages should have their ‘restrict content’ checkboxes checked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Future Development\u003C\u002Fh3>\n\u003Cp>I’d like to add the following features to the plugin. If you have suggestions for added features please email me at arippberger@gmail.com.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add shortcode to restrict content – content placed between start\u002Fend shortcodes would be restricted\u003C\u002Fli>\n\u003Cli>Resctrict content in RSS feeds\u003C\u002Fli>\n\u003C\u002Ful>\n","Restict content on a post-by-post or page-by-page basis. Minimal configuration required.",50,4004,"4.5.33","3.0.1",[20,77,115,116,117],"restrictor","super-simple","user-login","https:\u002F\u002Fgithub.com\u002Farippberger\u002Fsuper-simple-post-page-restrictor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsuper-simple-post-page-restricor.zip","2026-03-15T10:48:56.248Z",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":58,"num_ratings":91,"last_updated":17,"tested_up_to":131,"requires_at_least":132,"requires_php":50,"tags":133,"homepage":138,"download_link":139,"security_score":140,"vuln_count":141,"unpatched_count":13,"last_vuln_date":142,"fetched_at":120},"client-power-tools","Client Power Tools Portal","1.11.6","Sam Glover","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamglover\u002F","\u003Cp>Client Power Tools is built for designers, developers, consultants, lawyers, and other independent contractors and professionals. Give your clients a dashboard where they can check on the status of their project, access information and resources in your clients-only knowledge base, view other clients-only pages, and communicate with you—right on your own website!\u003C\u002Fp>\n\u003Ch3>Front-End Onboarding & Login\u003C\u002Fh3>\n\u003Cp>All client interactions happen on the front end of your website, with clean modal forms for logging in—without a password! Client Power Tools will simply blend in with most themes.\u003C\u002Fp>\n\u003Ch3>The Client Dashboard\u003C\u002Fh3>\n\u003Cp>Clients can log in to their dashboard on your website at any time.\u003C\u002Fp>\n\u003Cp>The dashboard uses regular WordPress pages, so you can add your client dashboard to your menus just like any other page. Or you can include a link to it anywhere you need to, like your blog posts, email newsletters, etc. The only difference is that the client dashboard is only visible to logged-in clients.\u003C\u002Fp>\n\u003Cp>You can change the name or permalink of the default dashboard page, or select a different page entirely.\u003C\u002Fp>\n\u003Ch3>Modules\u003C\u002Fh3>\n\u003Cp>Each module can be enabled or disabled independently of the rest.\u003C\u002Fp>\n\u003Ch4>Projects & Stages Module\u003C\u002Fh4>\n\u003Cp>Now you can assign multiple projects to each client, create multiple project types with stages to keep track of your project progress with your clients.\u003C\u002Fp>\n\u003Cp>You can change the project label to whatever you prefer (files, matters, dossiers, schemes, capers, etc.) and it will be reflected throughout. The new progress bar provides you and your clients with a visual indicator of each project’s progress.\u003C\u002Fp>\n\u003Ch4>Knowledge Base Module\u003C\u002Fh4>\n\u003Cp>The knowledge base is a clients-only page—or a collection of pages—that you can use to share information and resources with your clients.\u003C\u002Fp>\n\u003Cp>Just like the client dashboard, the knowledge base is a regular WordPress page with some special features. You can add as many child pages as you like—the knowledge base tab will use a drop-down index and breadcrumb navigation to help your clients find their way around.\u003C\u002Fp>\n\u003Ch4>Status Update Request Button Module\u003C\u002Fh4>\n\u003Cp>Your clients want to know how things are going!\u003C\u002Fp>\n\u003Cp>The status update request button on the client dashboard makes it easy for clients to prompt you for a status update. Once a client clicks the button, they won’t see it again for 30 days—or you can change that number to an interval that works for you.\u003C\u002Fp>\n\u003Cp>You can designate an additional email address to receive all status update requests so you can respond efficiently.\u003C\u002Fp>\n\u003Ch4>Messages Module\u003C\u002Fh4>\n\u003Cp>Using Client Power Tools to communicate with your clients keeps all your messages in one place so nothing gets lost.\u003C\u002Fp>\n\u003Cp>When you send a message to your client, they will receive an email notification with a link to their client dashboard so they can read it and reply. Or you can send them the full message—by default or on a message-by-message basis.\u003C\u002Fp>\n\u003Ch3>Customization\u003C\u002Fh3>\n\u003Cp>Client Power Tools is built to be customizable where you need it to be. Here are some of the things you can change to suit your needs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enable\u002Fdisable all non-core modules.\u003C\u002Fstrong> (As of 1.4, the non-core modules are the Status Update Request Button, Messaging, and Knowledge Base.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize project labels.\u003C\u002Fstrong> Some people have projects, others have files, matters, dossiers, schemes, capers, etc. You can use whatever label you prefer, and it will be reflected throughout Client Power Tools.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Project types & stages.\u003C\u002Fstrong> Add project types, and for each type specify the stages you want your client to be able to see on their progress bar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional pages.\u003C\u002Fstrong> Restrict any page on your website to logged-in clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New-client email.\u003C\u002Fstrong> You can customize the email sent to newly added clients so that it reflects the name, email address, subject line, and messaging you prefer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client IDs.\u003C\u002Fstrong> When adding or updating a client, you can add a custom client ID.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client statuses.\u003C\u002Fstrong> You can customize the default statuses (potential, active, inactive).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client managers.\u003C\u002Fstrong> You can set a default client manager and assign a different client manager to each client.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show\u002Fhide the status update request button.\u003C\u002Fstrong> The status update request button is a great way to empower your clients, but if you don’t want to use it you can turn it off.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status update request frequency.\u003C\u002Fstrong> Change how often the status update request button is available to your clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status update request recipient.\u003C\u002Fstrong> Designate one person to get notified of all status update requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email notifications.\u003C\u002Fstrong> By default, Client Power Tools sends a notification, not the content of your message. But you can change the default behavior or override it for individual messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Design.\u003C\u002Fstrong> The front-end design of Client Power Tools is as minimal as possible so that Client Power Tools blends into your existing theme. But you can override the Client Power Tools styles as long as you know a little CSS. (See the \u003Ca href=\"https:\u002F\u002Fclientpowertools.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> for more details.)\u003C\u002Fli>\n\u003C\u002Ful>\n","A free, easy-to-use client portal built for designers, developers, consultants, lawyers, and other independent contractors and professionals.",40,6568,"6.7.5","5.5",[134,135,136,137,77],"client-management","frontend-login","portal","project-management","https:\u002F\u002Fclientpowertools.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclient-power-tools.zip",99,1,"2024-10-21 00:00:00",{"attackSurface":144,"codeSignals":168,"taintFlows":187,"riskAssessment":188,"analyzedAt":193},{"hooks":145,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":13,"unprotectedCount":13},[146,152,157,161],{"type":147,"name":148,"callback":149,"file":150,"line":151},"filter","the_content","yidp_content","please-login.php",139,{"type":153,"name":154,"callback":155,"file":150,"line":156},"action","admin_init","yidp_settings",140,{"type":153,"name":158,"callback":159,"file":150,"line":160},"save_post","yidp_setting_save",141,{"type":153,"name":154,"callback":162,"file":150,"line":163},"yidp_textdomain",142,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":141,"capabilityChecks":91,"bundledLibraries":186},[],{"prepared":13,"raw":13,"locations":171},[],{"escaped":141,"rawEcho":173,"locations":174},5,[175,178,180,182,184],{"file":150,"line":176,"context":177},91,"raw output",{"file":150,"line":179,"context":177},92,{"file":150,"line":181,"context":177},95,{"file":150,"line":183,"context":177},96,{"file":150,"line":185,"context":177},97,[],[],{"summary":189,"deductions":190},"The 'your-id-please' plugin version 0.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with zero identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the plugin demonstrates good practices by using prepared statements for all SQL queries, indicating a low risk of traditional SQL injection vulnerabilities. It also includes nonces and capability checks, which are crucial for securing operations.\n\nHowever, a significant concern arises from the output escaping. With only 17% of outputs properly escaped, there is a high likelihood of cross-site scripting (XSS) vulnerabilities. This means that user-supplied data, if not handled carefully by the limited escaped outputs, could be rendered in the browser in an unsafe manner, potentially allowing attackers to execute arbitrary JavaScript in the context of a user's session. The lack of any taint analysis results could imply a very limited scope of analysis or, more optimistically, that no critical flows were detected within the analyzed code.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This is a strong indicator of past security diligence or, possibly, a lack of past scrutiny due to its small attack surface or limited adoption. Despite the clean history, the identified output escaping weakness is a concrete risk that needs immediate attention. In conclusion, while 'your-id-please' v0.1 boasts a minimal attack surface and secure SQL practices, the prevalent lack of output escaping presents a substantial security risk, specifically for XSS, which significantly outweighs its current strengths.",[191],{"reason":192,"points":32},"Insufficient output escaping","2026-03-17T01:18:47.754Z",{"wat":195,"direct":200},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[],[],[],[],{"cssClasses":201,"htmlComments":203,"htmlAttributes":204,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[202],"yidp_toggle",[],[205,206,207,208,209,210],"name=\"your-id-please\"","id=\"yidp_enabled\"","name=\"yidp_enabled\"","id=\"yidp_message\"","name=\"yidp_message\"","id=\"your-id-please\"",[],[],[]]