WP-Safety

Admin Custom Login Security & Risk Analysis

wordpress.org/plugins/admin-custom-login

Customize Your WordPress Login Screen Amazingly - Add Own Logo, Add Social Profiles, Login Form Positions, Background Image Slide Show

20K active installs v3.6.4 PHP + WP + Updated Feb 23, 2026
admin-login-pagecustom-admin-logincustom-logincustom-login-pagecustomize-wordpress-login-page
98
A · Safe
CVEs total2
Unpatched0
Last CVEJul 26, 2021
Plugin page Download
Safety Verdict

Is Admin Custom Login Safe to Use in 2026?

Generally Safe

Score 98/100

Admin Custom Login has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 26, 2021Updated 1mo ago
Risk Assessment

The static analysis of "admin-custom-login" v3.6.4 indicates a generally strong security posture with a very low attack surface and predominantly proper output escaping and SQL statement preparation. The absence of unprotected entry points and the presence of nonce and capability checks are positive signs. However, the significant number of 'dangerous functions,' specifically 66 instances of 'unserialize,' presents a notable concern. While taint analysis found no critical or high severity unsanitized flows, the heavy reliance on unserialization without explicit details on how the data is sourced and validated leaves room for potential risks if untrusted data is ever passed to these functions.

The plugin's vulnerability history reveals two high-severity CVEs, both related to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The fact that these vulnerabilities were patched and there are currently no unpatched CVEs is a positive indicator of the development team's responsiveness. However, the presence of high-severity issues in the past, particularly those involving input manipulation (XSS) and authentication bypass (CSRF), warrants caution. The last recorded vulnerability was in July 2021, suggesting a period of stability, but past high-severity issues should not be overlooked.

In conclusion, "admin-custom-login" v3.6.4 demonstrates good security practices in several key areas, such as limiting its attack surface and employing prepared statements. The primary weakness lies in the extensive use of 'unserialize,' which, while not showing immediate taint issues in this analysis, is a known risk vector. The historical high-severity vulnerabilities, though patched, highlight that the plugin has been susceptible to serious attacks. A balanced view suggests the plugin is reasonably secure but users should remain vigilant regarding the 'unserialize' function and ensure they are running the latest patched version, though this version itself is not indicated as vulnerable in the provided history.

Key Concerns

  • Numerous dangerous functions ('unserialize')
  • Two high severity CVEs historically
Vulnerabilities
2

Admin Custom Login Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2021-34628high · 8.8Cross-Site Request Forgery (CSRF)

Admin Custom Login <= 3.2.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

Jul 26, 2021 Patched in 3.2.8 (911d)
WF-5f2f34e1-3b08-4e23-a29b-21e61e6a6063-admin-custom-loginhigh · 8.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admin Custom Login <= 2.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Mar 1, 2017 Patched in 2.4.8 (2519d)
Code Analysis
Analyzed Mar 16, 2026

Admin Custom Login Code Analysis

Dangerous Functions
66
Raw SQL Queries
0
0 prepared
Unescaped Output
5
753 escaped
Nonce Checks
11
Capability Checks
3
File Operations
1
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );acl-gcaptcha.php:5
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );acl-gcaptcha.php:23
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );acl-gcaptcha.php:48
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );acl-gcaptcha.php:80
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );acl-gcaptcha.php:96
unserialize$top_page = unserialize(get_option('Admin_custome_login_top'));css\slider-style1.php:2
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));css\slider-style1.php:4
unserialize$top_page = unserialize(get_option('Admin_custome_login_top'));css\slider-style2.php:2
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));css\slider-style2.php:4
unserialize$top_page = unserialize(get_option('Admin_custome_login_top'));css\slider-style3.php:2
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));css\slider-style3.php:4
unserialize$top_page = unserialize(get_option('Admin_custome_login_top'));css\slider-style4.php:2
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));css\slider-style4.php:4
unserialize$Social_page = unserialize(get_option('Admin_custome_login_Social'));css\socialcss.php:2
unserialize$login_page = unserialize(get_option('Admin_custome_login_login'));css\socialcss.php:19
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));includes\design\background.php:238
unserialize$dashboard_page = unserialize(get_option('Admin_custome_login_dashboard'));includes\get_value.php:6
unserialize$top_page = unserialize(get_option('Admin_custome_login_top'));includes\get_value.php:10
unserialize$login_page = unserialize(get_option('Admin_custome_login_login'));includes\get_value.php:25
unserialize$text_and_color_page = unserialize(get_option('Admin_custome_login_text'));includes\get_value.php:96
unserialize$logo_page = unserialize(get_option('Admin_custome_login_logo'));includes\get_value.php:125
unserialize$g_page = unserialize(get_option('Admin_custome_login_gcaptcha'));includes\get_value.php:134
unserialize$Slidshow_image = unserialize(get_option('Admin_custome_login_Slidshow'));includes\get_value.php:150
unserialize$Social_page = unserialize(get_option('Admin_custome_login_Social'));includes\get_value.php:165
unserialize$Social_page = unserialize(get_option('Admin_custome_login_Social'));includes\social\social.php:157
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:7
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:19
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );init.php:28
unserialize$dashboard_page = unserialize( get_option( 'Admin_custome_login_dashboard' ) );init.php:29
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:51
unserialize$dashboard_page = unserialize( get_option( 'Admin_custome_login_dashboard' ) );init.php:165
unserialize$top_page = unserialize( get_option( 'Admin_custome_login_top' ) );init.php:166
unserialize$label_login_button = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:197
unserialize$text_and_color_page = unserialize( get_option( 'Admin_custome_login_text' ) );init.php:219
unserialize$top_page = unserialize( get_option( 'Admin_custome_login_top' ) );init.php:226
unserialize$Social_page = unserialize( get_option( 'Admin_custome_login_Social' ) );init.php:227
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:229
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );init.php:299
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:432
unserialize$dashboard_page = unserialize( get_option( 'Admin_custome_login_dashboard' ) );init.php:449
unserialize$top_page = unserialize( get_option( 'Admin_custome_login_top' ) );init.php:460
unserialize$text_and_color_page = unserialize( get_option( 'Admin_custome_login_text' ) );init.php:484
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:509
unserialize$text_and_color_page = unserialize( get_option( 'Admin_custome_login_text' ) );init.php:510
unserialize$Social_page = unserialize( get_option( 'Admin_custome_login_Social' ) );init.php:511
unserialize$logo_page = unserialize( get_option( 'Admin_custome_login_logo' ) );init.php:553
unserialize$dashboard_page = unserialize( get_option( 'Admin_custome_login_dashboard' ) );init.php:582
unserialize$top_page = unserialize( get_option( 'Admin_custome_login_top' ) );init.php:586
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );init.php:599
unserialize$text_and_color_page = unserialize( get_option( 'Admin_custome_login_text' ) );init.php:637
unserialize$logo_page = unserialize( get_option( 'Admin_custome_login_logo' ) );init.php:661
unserialize$Slidshow_image = unserialize( get_option( 'Admin_custome_login_Slidshow' ) );init.php:670
unserialize$Social_page = unserialize( get_option( 'Admin_custome_login_Social' ) );init.php:683
unserialize$g_page = unserialize( get_option( 'Admin_custome_login_gcaptcha' ) );init.php:704
unserialize$ACL_Settings = @unserialize( $settings );init.php:879
unserialize$login_Version = unserialize( get_option( 'Admin_custome_login_Version' ) );installation.php:7
unserialize$top_page = unserialize( get_option( 'Admin_custome_login_top' ) );login-form-screen.php:10
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );login-form-screen.php:11
unserialize$text_and_color_page = unserialize( get_option( 'Admin_custome_login_text' ) );login-form-screen.php:12
unserialize$logo_page = unserialize( get_option( 'Admin_custome_login_logo' ) );login-form-screen.php:13
unserialize$Social_page = unserialize( get_option( 'Admin_custome_login_Social' ) );login-form-screen.php:14
unserialize$logo_page = unserialize( get_option( 'Admin_custome_login_logo' ) );login-form-screen.php:133
unserialize$logo_page = unserialize( get_option( 'Admin_custome_login_logo' ) );login-form-screen.php:145
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );login-form-screen.php:159
unserialize$login_page = unserialize( get_option( 'Admin_custome_login_login' ) );login-form-screen.php:172
unserialize$dashboard_page = unserialize( get_option( 'Admin_custome_login_dashboard' ) );login-form-screen.php:185

Output Escaping

99% escaped758 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
acl_import_settings (init.php:846)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admin Custom Login Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 29
actionlogin_formacl-gcaptcha.php:12
actionlogin_enqueue_scriptsacl-gcaptcha.php:13
actionwp_authenticate_useracl-gcaptcha.php:14
actionlogin_formacl-gcaptcha.php:16
actionlogin_enqueue_scriptsacl-gcaptcha.php:17
actionwp_authenticate_useracl-gcaptcha.php:18
actionadmin_enqueue_scriptsincludes\dashboard\dashboard.php:108
actionwp_enqueue_scriptsincludes\googlecaptcha-settings\gcaptcha-settings.php:430
actiontemplate_redirectinit.php:14
filterlogin_redirectinit.php:69
actionplugins_loadedinit.php:71
actionadmin_menuinit.php:77
actionadmin_print_scriptsinit.php:127
actionlogin_enqueue_scriptsinit.php:179
actionlogin_forminit.php:183
filtergettextinit.php:185
actionlogin_headinit.php:451
actionadmin_enqueue_scriptsinit.php:480
actionadmin_enqueue_scriptsinit.php:505
actionadmin_enqueue_scriptsinit.php:548
actionadmin_enqueue_scriptsinit.php:549
actionadmin_initinit.php:843
actionadmin_initinit.php:1244
actionadmin_print_scriptslogin-form-screen.php:93
filterlogin_headerurllogin-form-screen.php:141
filterlogin_headertextlogin-form-screen.php:153
filterlogin_messagelogin-form-screen.php:167
filterlogin_messagelogin-form-screen.php:170
actionlogin_enqueue_scriptslogin-form-screen.php:188
Maintenance & Trust

Admin Custom Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version
Downloads2.3M

Community Trust

Rating92/100
Number of ratings389
Active installs20K
Alternatives

Admin Custom Login Alternatives

Custom Login Page | WebHunt Infotech

Custom Login Page | WebHunt Infotech

wp-login-page-customizer

A
85

Plugin allows you to easily customize Login Screen. You can design beautiful and eye catching login page in few minutes.

80 No CVEs
WP Custom Admin Login Lite – Free WordPress plugin to make a customized admin login page

WP Custom Admin Login Lite – Free WordPress plugin to make a customized admin login page

wp-custom-admin-login-lite

A
85

WP Custom Admin Login - WordPress Plugin to make a Customized Admin Login Page allow you to beautify your wp-login page with quick easy templates.

40 No CVEs
Encouragement Login Page

Encouragement Login Page

encouragement-login-page

A
85

This plugin will show you a character on the login page to give you encouraging words.

0 No CVEs
Custom Login Page Customizer

Custom Login Page Customizer

colorlib-login-customizer

A
100

Customize your WordPress login page with live preview. Change logo, background, colors, and form styling without coding.

50K No CVEs
Branda – White Label & Branding, Free Login Page Customizer

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

A
89

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs
Developer Profile

Admin Custom Login Developer Profile

Weblizar - WordPress Themes & Plugin

26 plugins · 56K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
952 days
View full developer profile
Detection Fingerprints

How We Detect Admin Custom Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-custom-login/css/slider-style1.php/wp-content/plugins/admin-custom-login/acl-gcaptcha.php
Script Paths
https://www.google.com/recaptcha/api.jshttps://www.google.com/recaptcha/api.js?render=

HTML / DOM Fingerprints

CSS Classes
g-recaptcha
Data Attributes
data-sitekeydata-theme
JS Globals
grecaptcha
FAQ

Frequently Asked Questions about Admin Custom Login