WP-Safety

Admintosh – WordPress admin customization and security tools Security & Risk Analysis

wordpress.org/plugins/admintosh

login attempts, Firewall, reCAPTCHA, country restriction, Login History, change wp-login.php to anything make sure your site security.

50 active installs v1.1.6 PHP 7.4+ WP 6.5+ Updated Feb 10, 2026
authenticationbrute-forcecaptchaloginsecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admintosh – WordPress admin customization and security tools Safe to Use in 2026?

Generally Safe

Score 100/100

Admintosh – WordPress admin customization and security tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The admintosh v1.1.6 plugin demonstrates a generally good security posture based on the provided static analysis. The absence of any known CVEs or recorded vulnerabilities in its history is a significant strength, indicating a mature and well-maintained codebase regarding known security flaws. Furthermore, the plugin exhibits strong adherence to security best practices with a high percentage of properly escaped output and a good number of nonce and capability checks. The use of prepared statements for a notable portion of its SQL queries also suggests an effort to mitigate common SQL injection risks.

However, there are areas for improvement. The taint analysis revealed two flows with unsanitized paths, and while these are not classified as critical or high severity, they represent potential avenues for unexpected behavior or exploits if they interact with sensitive data or functions. The presence of external HTTP requests, while not inherently a vulnerability, always warrants scrutiny for potential supply chain attacks or data leakage. Finally, the plugin bundles DataTables and Select2, which, if not kept up-to-date by the plugin developer, could introduce vulnerabilities if the bundled versions are outdated and have known exploits. Overall, admintosh v1.1.6 appears to be a secure plugin with few readily apparent vulnerabilities, but the taint analysis and bundled libraries warrant further investigation for potential risks.

Key Concerns

  • Flows with unsanitized paths
  • External HTTP requests
  • Bundled libraries (potential outdated)
Vulnerabilities
None known

Admintosh – WordPress admin customization and security tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admintosh – WordPress admin customization and security tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
50
330 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
5
Bundled Libraries
2

Bundled Libraries

DataTablesSelect2

SQL Query Safety

50% prepared4 total queries

Output Escaping

87% escaped380 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
is_validate_captch (inc\Recaptcha.php:153)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admintosh – WordPress admin customization and security tools Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 62
actionadmin_menuadmin\Admin.php:33
actionadmin_initadmin\Admin.php:34
actionadmin_enqueue_scriptsadmin\Admin_Hooks.php:16
actionswitch_themeadmin\Admin_Hooks.php:17
actionactivated_pluginadmin\Admin_Hooks.php:18
actionuser_registeradmin\Admin_Hooks.php:19
actioninitadmintosh.php:58
actionplugins_loadedadmintosh.php:60
actionswitch_themeappsero\src\Insights.php:140
actionswitch_themeappsero\src\Insights.php:141
actionadmin_footerappsero\src\Insights.php:158
actionadmin_noticesappsero\src\Insights.php:175
actionadmin_initappsero\src\Insights.php:178
filtercron_schedulesappsero\src\Insights.php:184
actionadmin_menuappsero\src\License.php:219
actionafter_switch_themeappsero\src\License.php:781
actionswitch_themeappsero\src\License.php:782
actionwp_insert_postinc\Admin_Activity_Logs.php:19
actionwp_trash_postinc\Admin_Activity_Logs.php:20
actionbefore_delete_postinc\Admin_Activity_Logs.php:21
actionset_user_roleinc\Admin_Activity_Logs.php:22
actionactivated_plugininc\Admin_Activity_Logs.php:24
actiondeactivated_plugininc\Admin_Activity_Logs.php:26
actionswitch_themeinc\Admin_Activity_Logs.php:28
actionadmin_menuinc\Admin_Activity_Logs.php:30
actioninitinc\Country_Block.php:25
actionwp_before_admin_bar_renderinc\Dashboard.php:21
filterscript_loader_srcinc\General_Settings.php:23
filterstyle_loader_srcinc\General_Settings.php:24
filterlogin_errorsinc\General_Settings.php:34
filterxmlrpc_methodsinc\General_Settings.php:40
actionwp_headinc\General_Settings.php:44
actionwp_footerinc\General_Settings.php:45
filterthe_generatorinc\General_Settings.php:52
filterxmlrpc_enabledinc\General_Settings.php:62
actionplugins_loadedinc\Hide_Login.php:29
actionwp_loadedinc\Hide_Login.php:30
filtersite_urlinc\Hide_Login.php:31
filterauthenticateinc\Limit_Login_Attempts.php:28
actionwp_login_failedinc\Limit_Login_Attempts.php:29
actionlogin_errorsinc\Limit_Login_Attempts.php:30
actionadmin_menuinc\Login_History.php:16
actionwp_logininc\Login_History.php:17
actionwp_logoutinc\Login_History.php:18
actionlogin_enqueue_scriptsinc\Login_Page_Customize.php:22
filterlogin_headertextinc\Login_Page_Customize.php:23
filterlogo_headerurlinc\Login_Page_Customize.php:24
actioninitinc\Recaptcha.php:27
actioninitinc\Recaptcha.php:28
actionlogin_forminc\Recaptcha.php:36
actionwoocommerce_login_forminc\Recaptcha.php:40
actionedd_login_fields_afterinc\Recaptcha.php:45
actionedd_user_logininc\Recaptcha.php:46
filterwp_authenticate_userinc\Recaptcha.php:49
actionregister_forminc\Recaptcha.php:57
filterregistration_errorsinc\Recaptcha.php:58
actionedd_register_form_fields_before_submitinc\Recaptcha.php:62
actionedd_process_register_forminc\Recaptcha.php:63
actionwoocommerce_register_forminc\Recaptcha.php:68
actionwoocommerce_register_postinc\Recaptcha.php:69
actioncomment_form_submit_fieldinc\Recaptcha.php:76
filterpreprocess_commentinc\Recaptcha.php:77
Maintenance & Trust

Admintosh – WordPress admin customization and security tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 10, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

Admintosh – WordPress admin customization and security tools Alternatives

Greyfu Login Captcha

Greyfu Login Captcha

greyfu-login-captcha

A
100

A lightweight captcha that protects your WordPress login page from automated bot attacks using a simple math challenge.

0 No CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Titan Anti-spam & Security

Titan Anti-spam & Security

anti-spam

A
98

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs
Kaya Login Captcha

Kaya Login Captcha

kaya-login-captcha

A
100

Adds a simple captcha on login form, register form and lost-password form.

200 No CVEs
Web-Art Login Shield with reCAPTCHA

Web-Art Login Shield with reCAPTCHA

webart-login-shield-recaptcha

A
100

Protect WordPress logins and Elementor Login/Forms using Google reCAPTCHA v2 and optional IP-based lockouts.

60 No CVEs
Developer Profile

Admintosh – WordPress admin customization and security tools Developer Profile

wpmobo

4 plugins · 60 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admintosh – WordPress admin customization and security tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admintosh/admin/assets/css/jquery-ui.css/wp-content/plugins/admintosh/admin/assets/css/dataTables.dataTables.css/wp-content/plugins/admintosh/admin/assets/css/select2.min.css/wp-content/plugins/admintosh/admin/assets/css/admintosh-admin.css/wp-content/plugins/admintosh/admin/assets/js/dataTables.js/wp-content/plugins/admintosh/admin/assets/js/select2.min.js/wp-content/plugins/admintosh/admin/assets/js/wp-color-picker-alpha.js/wp-content/plugins/admintosh/admin/assets/js/admintosh-admin.js
Script Paths
/wp-content/plugins/admintosh/admin/assets/js/dataTables.js/wp-content/plugins/admintosh/admin/assets/js/select2.min.js/wp-content/plugins/admintosh/admin/assets/js/wp-color-picker-alpha.js/wp-content/plugins/admintosh/admin/assets/js/admintosh-admin.js
Version Parameters
jquery-ui?ver=dataTables.dataTables?ver=select2.min?ver=admintosh-admin?ver=dataTables?ver=select2.min?ver=wp-color-picker-alpha?ver=admintosh-admin?ver=

HTML / DOM Fingerprints

JS Globals
admintosh_adminobj
FAQ

Frequently Asked Questions about Admintosh – WordPress admin customization and security tools