Does WP Custom Login have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Custom Login compatible with WordPress 6.9.4?

According to WordPress.org data, WP Custom Login 3.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Custom Login compatible with PHP 7.4+?

WP Custom Login requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Custom Login updated?

WP Custom Login was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is WP Custom Login's security score?

WP Custom Login has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Custom Login Security & Risk Analysis

wordpress.org/plugins/bm-custom-login

Customize the WordPress login screen with your own colors, logo, backgrounds, and form styles.

10K active installs v3.0.0 PHP 7.4+ WP 6.6+ Updated Mar 3, 2026

brandingcustom-loginlogin-customizerlogin-logologin-page

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Custom Login Safe to Use in 2026?

Generally Safe

Score 100/100

WP Custom Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "bm-custom-login" plugin version 3.0.0 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates good practices by utilizing prepared statements for nearly all SQL queries and ensuring almost all output is properly escaped. The absence of file operations, external HTTP requests, and taint analysis findings of unsanitized paths or critical/high severity flows further strengthens this positive assessment. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs, indicating a commitment to security or simply a lack of past issues being publicly disclosed.

Key Concerns

No capability checks found
Only 1 nonce check found

Vulnerabilities

None known

WP Custom Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Custom Login Release Timeline

v3.0.0Current

v2.4.0

Code Analysis

Analyzed Mar 16, 2026

WP Custom Login Code Analysis

Dangerous Functions

Raw SQL Queries

48 prepared

Unescaped Output

71 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

98% prepared49 total queries

Output Escaping

99% escaped72 total outputs

Attack Surface

WP Custom Login Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 34

actionplugins_loadedbm-custom-login.php:35

actionrest_api_initdeps\php\universal-modules\class-module-endpoint-settings.php:39

actioninitdeps\php\universal-modules\class-module-settings-page.php:69

actionnetwork_admin_menudeps\php\universal-modules\class-module-settings-page.php:72

actionadmin_menudeps\php\universal-modules\class-module-settings-page.php:73

actionadmin_initdeps\php\universal-modules\class-module-settings-page.php:76

actionadmin_enqueue_scriptsdeps\php\universal-modules\class-module-settings-page.php:79

filteradmin_body_classdeps\php\universal-modules\class-module-settings-page.php:82

actioninitdeps\php\universal-modules\class-module-translations.php:28

actionadmin_initdeps\php\utils\class-container.php:270

actiongranted_super_admindeps\php\utils\class-container.php:275

actionrevoked_super_admindeps\php\utils\class-container.php:278

actionlogin_footersrc\modules\adjustments\adjusters\class-adjuster-footer.php:38

actionlogin_footersrc\modules\adjustments\adjusters\class-adjuster-login-form-container.php:38

actionlogin_footersrc\modules\adjustments\adjusters\class-adjuster-social-media-links.php:39

filterlogin_link_separatorsrc\modules\adjustments\adjusters\class-adjuster-under-form-links.php:39

actionlogin_headsrc\modules\adjustments\class-module-adjustments.php:78

actionlogin_initsrc\modules\adjustments\class-module-adjustments.php:81

filtercustom_login__markup_adjustmentssrc\modules\adjustments\class-module-adjustments.php:91

actionrest_api_initsrc\modules\class-module-endpoint-preview.php:38

filtercustom_login__settings_loadedsrc\modules\class-module-endpoint-preview.php:100

filterdetermine_current_usersrc\modules\class-module-endpoint-preview.php:113

filtersend_auth_cookiessrc\modules\class-module-endpoint-preview.php:134

filterwp_redirectsrc\modules\class-module-endpoint-preview.php:142

actionlogin_headsrc\modules\class-module-endpoint-preview.php:148

actionlogin_initsrc\modules\class-module-markup-adjustments.php:29

actionlogin_footersrc\modules\class-module-markup-adjustments.php:38

actionlogin_initsrc\modules\class-module-miscellaneous.php:40

filtercustom_login__markup_adjustmentssrc\modules\class-module-miscellaneous.php:43

filterenable_login_autofocussrc\modules\class-module-miscellaneous.php:86

filtershake_error_codessrc\modules\class-module-miscellaneous.php:93

filtercustom_login__settings_loadedsrc\modules\class-module-settings-adopter.php:28

filtercustom_login__settings_page_script_inline_datasrc\modules\settings-page\class-module-settings-page.php:31

actioncustom_login__enqueue_settings_page_scriptssrc\modules\settings-page\class-module-settings-page.php:34

Maintenance & Trust

WP Custom Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads514K

Community Trust

Rating96/100

Number of ratings14

Active installs10K

Alternatives

WP Custom Login Alternatives

Gray Login Customizer

gray-login-customizer

100

Easily customize your WordPress login page with logo, background, styles, and more — no coding needed.

0 No CVEs

Custom Login Logo and URL

custom-login-logo-and-url

Effortlessly customize your WordPress login page with a custom logo and branded URL to enhance user experience and security.

0 No CVEs

Custom Login Page Customizer

colorlib-login-customizer

100

Customize your WordPress login page with live preview. Change logo, background, colors, and form styling without coding.

50K No CVEs

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs

Login Page Styler – Custom WordPress Login Page Customizer & Security

Customize and secure your WordPress login page with logo, backgrounds, templates, custom login URL, reCAPTCHA protection, and login activity logs — no …

3K 3 CVEs

Developer Profile

WP Custom Login Developer Profile

Teydea Studio

5 plugins · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Custom Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bm-custom-login/build/admin/index.asset.php/wp-content/plugins/bm-custom-login/build/login/index.asset.php/wp-content/plugins/bm-custom-login/build/admin/index.js/wp-content/plugins/bm-custom-login/build/admin/index.css/wp-content/plugins/bm-custom-login/build/login/index.js/wp-content/plugins/bm-custom-login/build/login/index.css

Version Parameters

bm-custom-login/build/admin/index.asset.phpbm-custom-login/build/login/index.asset.php

HTML / DOM Fingerprints

CSS Classes

bcl-adminbcl-login

Data Attributes

data-slug="bm-custom-login"data-type="plugin"data-data-prefix="bcl-custom-login-"data-is-pro="false"

JS Globals

window.teydeaStudiowindow.teydeaStudio.bclCustomLoginwindow.teydeaStudio.bclCustomLogin.environmentwindow.teydeaStudio.bclCustomLogin.plugin

FAQ