WP-Safety

Better Quick Login Security & Risk Analysis

wordpress.org/plugins/better-quick-login

Passwordless login system for WordPress.

0 active installs v1.2.1 PHP 8.0+ WP 6.0+ Updated Nov 21, 2024
authauthenticationloginpasswordlessquick-login
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Better Quick Login Safe to Use in 2026?

Generally Safe

Score 92/100

Better Quick Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'better-quick-login' v1.2.1 plugin demonstrates a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and file operations, along with a high percentage of properly escaped output, are positive indicators. The presence of nonce checks further strengthens its defense against common web attacks. The plugin also has no known historical vulnerabilities, suggesting a history of secure development. However, a notable area for concern is the complete lack of capability checks. While nonce checks prevent basic tampering, they do not restrict access to functionality based on user roles. This could be a significant weakness if the shortcode or any other entry point exposes sensitive actions that should be permissioned. The attack surface is currently minimal and appears to be protected by nonces, but the lack of role-based access control remains a potential risk.

Key Concerns

  • Missing capability checks
Vulnerabilities
None known

Better Quick Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Better Quick Login Release Timeline

v1.2.1Current
v1.2
Code Analysis
Analyzed Mar 17, 2026

Better Quick Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
22 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped24 total outputs
Attack Surface

Better Quick Login Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[bqlc_quicklogin] better-quick-login.php:40
WordPress Hooks 17
actioninitbetter-quick-login.php:26
actioninitbetter-quick-login.php:27
actioninitbetter-quick-login.php:28
actioninitbetter-quick-login.php:29
actioninitbetter-quick-login.php:30
actionadmin_noticesbetter-quick-login.php:31
actionadmin_headbetter-quick-login.php:32
actionlogin_headerbetter-quick-login.php:33
actionwidgets_initbetter-quick-login.php:34
actionenqueue_block_editor_assetsbetter-quick-login.php:35
actionwp_enqueue_scriptsbetter-quick-login.php:36
actionlogin_enqueue_scriptsbetter-quick-login.php:37
actionadmin_initbetter-quick-login.php:38
actionadmin_menubetter-quick-login.php:39
filterplugin_row_metabetter-quick-login.php:41
filterplugin_action_links_better-quick-login/better-quick-login.phpbetter-quick-login.php:42
filterthe_contentbetter-quick-login.php:43
Maintenance & Trust

Better Quick Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 21, 2024
PHP min version8.0
Downloads981

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Better Quick Login Alternatives

Keyless Auth – Login without Passwords

Keyless Auth – Login without Passwords

keyless-auth

A
100

Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.

30 No CVEs
Fluistr Authentication

Fluistr Authentication

fluistr-authentication

A
100

Zero Password - One touch - Two Factor Authentication. Secure your WordPress site with a passwordless, simple and intuitive 2-factor authentication.

10 No CVEs
Login by Magic

Login by Magic

magiclabs

A
85

Login by Magic plugin replaces the standard WordPress login form with one powered by Magic that enables passwordless email magic link login.

10 No CVEs
OneCode Login

OneCode Login

onecode-login

A
100

Simple and secure passwordless login using email verification codes. No passwords to remember, just enter your email and verify with a 6-digit code.

10 No CVEs
WP Direct Login Link

WP Direct Login Link

wp-direct-login-link

A
92

Create a secure way to login by Link.

10 No CVEs
Developer Profile

Better Quick Login Developer Profile

Chema

5 plugins · 90 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Better Quick Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/better-quick-login/css/styles.css
Script Paths
/wp-content/plugins/better-quick-login/blocks/quick-login-block.js
Version Parameters
better-quick-login/css/styles.css?ver=1.0

HTML / DOM Fingerprints

HTML Comments
<!-- Better Quick Login Form --><!-- /.Better Quick Login Form --><!-- Logged in as --><!-- /.Logged in as -->+8 more
Data Attributes
data-bqlc-noncedata-bqlc-action
JS Globals
quick_login_block
Shortcode Output
[bqlc_quicklogin]
FAQ

Frequently Asked Questions about Better Quick Login