Admin Safety Guard — Login Security & 2FA Security & Risk Analysis
wordpress.org/plugins/admin-safety-guardAdmin Safety Guard secures WordPress: limit logins, 2FA, reCAPTCHA, IP block, disable XML-RPC, activity logs, custom URLs and branding.
Is Admin Safety Guard — Login Security & 2FA Safe to Use in 2026?
Mostly Safe
Score 78/100Admin Safety Guard — Login Security & 2FA is generally safe to use. 1 past CVE were resolved.
The plugin 'admin-safety-guard' v1.2.7 exhibits a generally good security posture with several strengths, including 100% prepared SQL statements and 95% properly escaped output. All identified entry points (REST API routes and cron events) have corresponding permission or nonce checks, indicating a conscious effort to secure these vectors. The absence of dangerous functions and file operations is also positive.
However, two taint flows with unsanitized paths and a history of a medium severity vulnerability raise concerns. While the static analysis didn't flag critical or high severity taint flows, the presence of 'unsanitized paths' suggests potential issues where user-supplied data could be used in a way that leads to unintended file system access or manipulation. The past medium vulnerability, although not explicitly detailed, implies that authorization issues have been a problem in the past, which warrants careful monitoring.
Overall, the plugin demonstrates strong adherence to secure coding practices in many areas. The primary risks lie in the subtle taint flow issues and the historical vulnerability pattern. Addressing the two unsanitized path flows is crucial to mitigate potential security weaknesses. The plugin's active development and regular security checks, evidenced by the recent vulnerability in 2026, are positive signs, but vigilance remains necessary, especially considering the past authorization issues.
Key Concerns
- Unsanitized path taint flows (2)
- Known unpatched CVE (1 medium)
Admin Safety Guard — Login Security & 2FA Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Admin Safety Guard — Login Security & 2FA <= 1.2.6 - Missing Authorization
Admin Safety Guard — Login Security & 2FA Release Timeline
Admin Safety Guard — Login Security & 2FA Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Admin Safety Guard — Login Security & 2FA Attack Surface
REST API Routes 6
WordPress Hooks 11
Scheduled Events 1
Maintenance & Trust
Admin Safety Guard — Login Security & 2FA Maintenance & Trust
Maintenance Signals
Community Trust
Admin Safety Guard — Login Security & 2FA Alternatives
DoLogin Security
dologin
Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.
Wordfence Login Security
wordfence-login-security
Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.
Melapress Login Security
melapress-login-security
Enforce WordPress login and password security policies to protect user accounts and prevent unauthorized logins.
Cartpauj Register Captcha
cartpauj-register-captcha
Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.
Power Captcha reCAPTCHA
power-captcha-recaptcha
Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.
Admin Safety Guard — Login Security & 2FA Developer Profile
2 plugins · 20 total installs
How We Detect Admin Safety Guard — Login Security & 2FA
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/admin-safety-guard/assets/admin/css/settings.css/wp-content/plugins/admin-safety-guard/assets/admin/css/fields.css/wp-content/plugins/admin-safety-guard/assets/admin/css/deactivate.css/wp-content/plugins/admin-safety-guard/assets/admin/js/admin.js/wp-content/plugins/admin-safety-guard/assets/admin/build/loginLogActivity.bundle.js/wp-content/plugins/admin-safety-guard/assets/admin/build/analytics.bundle.js/wp-content/plugins/admin-safety-guard/assets/admin/build/securityCore.bundle.js/wp-content/plugins/admin-safety-guard/assets/admin/build/firewallMalware.bundle.js+3 moreadmin-safety-guard/assets/admin/css/settings.css?ver=admin-safety-guard/assets/admin/css/fields.css?ver=admin-safety-guard/assets/admin/css/deactivate.css?ver=admin-safety-guard/assets/admin/js/admin.js?ver=admin-safety-guard/assets/admin/build/loginLogActivity.bundle.js?ver=admin-safety-guard/assets/admin/build/analytics.bundle.js?ver=admin-safety-guard/assets/admin/build/securityCore.bundle.js?ver=admin-safety-guard/assets/admin/build/firewallMalware.bundle.js?ver=admin-safety-guard/assets/admin/build/twoFAUsingMobileApp.bundle.js?ver=admin-safety-guard/assets/admin/build/privacyHardening.bundle.js?ver=admin-safety-guard/assets/admin/build/loginTemplate.bundle.js?ver=HTML / DOM Fingerprints
tpsa-settingstpsa-fieldstpsa-deactivatetpsa-admindata-tpsa-idTPSA_ASSETS_URLTPSA_PLUGIN_VERSIONTPSA_DEVS/wp-json/tpsa/v1/feedback