Does DH Rename Login URL and Two Factor Authentication have any unpatched vulnerabilities?

No. All known vulnerabilities in DH Rename Login URL and Two Factor Authentication have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DH Rename Login URL and Two Factor Authentication compatible with WordPress 5.4.19?

According to WordPress.org data, DH Rename Login URL and Two Factor Authentication 1.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is DH Rename Login URL and Two Factor Authentication compatible with PHP 5.6+?

DH Rename Login URL and Two Factor Authentication requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is DH Rename Login URL and Two Factor Authentication's security score?

DH Rename Login URL and Two Factor Authentication has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DH Rename Login URL and Two Factor Authentication Security & Risk Analysis

wordpress.org/plugins/dh-rename-login-url

DH Rename Login URL helps you to rename or modify the default WordPress login area /wp-login.php and gives you Google Two Factor Authentication featur …

0 active installs v1.0 PHP 5.6+ WP 4.6+ Updated Unknown

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DH Rename Login URL and Two Factor Authentication Safe to Use in 2026?

Generally Safe

Score 100/100

DH Rename Login URL and Two Factor Authentication has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The dh-rename-login-url v1.0 plugin exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, and utilizes prepared statements for its SQL queries, these strengths are overshadowed by the lack of authentication on all four identified AJAX handlers. This presents a significant attack surface where any authenticated user, regardless of their role, could potentially trigger unintended actions. The absence of nonce and capability checks further exacerbates this risk. The plugin's history is clean, with no known CVEs, which might suggest a lack of past exploitation or a relatively simple codebase. However, the current static analysis reveals significant weaknesses that could be exploited by attackers. The absence of taint analysis findings is positive, but it doesn't negate the immediate risks posed by the unprotected entry points.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without capability checks
AJAX handlers without nonce checks
Unescaped output

Vulnerabilities

None known

DH Rename Login URL and Two Factor Authentication Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

DH Rename Login URL and Two Factor Authentication Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped16 total outputs

Attack Surface

4 unprotected

DH Rename Login URL and Two Factor Authentication Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_activate_dh_tfainc\Services\DRLU_TwoFA.php:14

authwp_ajax_dh_user_login_authinc\Services\DRLU_TwoFA.php:16

noprivwp_ajax_dh_user_login_authinc\Services\DRLU_TwoFA.php:17

authwp_ajax_updateinc\Services\DRLU_TwoFA.php:20

WordPress Hooks 14

actionadmin_menuinc\Api\DRLU_SettingsAPI.php:16

actionplugins_loadedinc\Api\DRLU_SettingsAPI.php:17

actionadmin_initinc\Api\DRLU_SettingsAPI.php:18

actionshow_user_profileinc\Api\DRLU_SettingsAPI.php:27

actionedit_user_profileinc\Api\DRLU_SettingsAPI.php:28

actionadmin_enqueue_scriptsinc\Base\DRLU_Enqueue.php:12

actionlogin_enqueue_scriptsinc\Base\DRLU_Enqueue.php:13

actionplugins_loadedinc\Services\DRLU_Login_Area.php:100

actionwp_loadedinc\Services\DRLU_Login_Area.php:101

actionsite_urlinc\Services\DRLU_Login_Area.php:103

actionwp_redirectinc\Services\DRLU_Login_Area.php:104

filterwp_login_errorsinc\Services\DRLU_TwoFA.php:11

filterlogin_redirectinc\Services\DRLU_TwoFA.php:22

actionwp_loadedinc\Services\DRLU_TwoFA.php:24

Maintenance & Trust

DH Rename Login URL and Two Factor Authentication Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedUnknown

PHP min version5.6

Downloads972

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

DH Rename Login URL and Two Factor Authentication Alternatives

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Rublon Multi-Factor Authentication (MFA)

rublon

100

Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn/U2F Security Keys, and more.

500 No CVEs

Developer Profile

DH Rename Login URL and Two Factor Authentication Developer Profile

Shohidul Islam Apu

3 plugins · 110 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DH Rename Login URL and Two Factor Authentication

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dh-rename-login-url/assets/style.css/wp-content/plugins/dh-rename-login-url/assets/script.js/wp-content/plugins/dh-rename-login-url/assets/login-style.css/wp-content/plugins/dh-rename-login-url/assets/login-script.js

Script Paths

/wp-content/plugins/dh-rename-login-url/assets/script.js/wp-content/plugins/dh-rename-login-url/assets/login-script.js

Version Parameters

dh-rename-login-url/assets/style.css?ver=dh-rename-login-url/assets/script.js?ver=dh-rename-login-url/assets/login-style.css?ver=dh-rename-login-url/assets/login-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

dh-tfa-user-table

HTML Comments

<!--
	This is the DH Settings page template
-->

Data Attributes

dh_activate_logindh_login_url_user_tfa_featuredh_google_tfa_secret

FAQ