WP-Safety

HappyAccess Security & Risk Analysis

wordpress.org/plugins/happyaccess

Secure temporary admin access for WordPress support engineers. Generate OTP-based access without sharing passwords.

0 active installs v1.0.6 PHP 7.4+ WP 6.0+ Updated Apr 5, 2026
adminotpsecuritysupporttemporary-access
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is HappyAccess Safe to Use in 2026?

Generally Safe

Score 100/100

HappyAccess has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'happyaccess' v1.0.6 plugin exhibits a generally strong security posture with several positive indicators. The complete absence of raw SQL queries, 100% proper output escaping, and a substantial number of nonce and capability checks suggest diligent development practices regarding core security principles. Furthermore, the plugin has no recorded vulnerability history, which is a very positive sign of its stability and security over time. However, there are some significant concerns. The static analysis reveals one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated users. Additionally, the taint analysis indicates three flows with unsanitized paths, all classified as high severity. These flows, combined with the unprotected AJAX handler, represent the most critical security risks associated with this plugin, potentially allowing for unintended actions or data manipulation.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flows (3)
Vulnerabilities
None known

HappyAccess Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

HappyAccess Release Timeline

v1.0.6Current
v1.0.5
Code Analysis
Analyzed Apr 16, 2026

HappyAccess Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
79 prepared
Unescaped Output
0
480 escaped
Nonce Checks
11
Capability Checks
12
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared79 total queries

Output Escaping

100% escaped480 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
render_audit_logs (admin/class-happyaccess-admin.php:588)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

HappyAccess Attack Surface

Entry Points10
Unprotected1

AJAX Handlers 10

authwp_ajax_happyaccess_generate_tokenadmin/class-happyaccess-admin.php:29
authwp_ajax_happyaccess_revoke_tokenadmin/class-happyaccess-admin.php:30
authwp_ajax_happyaccess_logout_sessionsadmin/class-happyaccess-admin.php:31
authwp_ajax_happyaccess_clear_logsadmin/class-happyaccess-admin.php:32
authwp_ajax_happyaccess_generate_magic_linkadmin/class-happyaccess-admin.php:33
authwp_ajax_happyaccess_generate_share_linkadmin/class-happyaccess-admin.php:34
authwp_ajax_happyaccess_email_magic_linkadmin/class-happyaccess-admin.php:35
authwp_ajax_happyaccess_deactivate_useradmin/class-happyaccess-admin.php:36
authwp_ajax_happyaccess_reactivate_useradmin/class-happyaccess-admin.php:37
authwp_ajax_happyaccess_emergency_lockhappyaccess.php:156
WordPress Hooks 37
actionadmin_menuadmin/class-happyaccess-admin.php:27
actionadmin_enqueue_scriptsadmin/class-happyaccess-admin.php:28
actionadmin_noticesadmin/class-happyaccess-admin.php:38
actionadmin_initadmin/class-happyaccess-admin.php:39
actionbefore_woocommerce_inithappyaccess.php:31
actioninithappyaccess.php:131
actionadmin_inithappyaccess.php:132
actionhappyaccess_cleanup_expiredhappyaccess.php:135
actionhappyaccess_cleanup_attemptshappyaccess.php:136
actionlogin_formhappyaccess.php:139
filterauthenticatehappyaccess.php:140
actionlogin_enqueue_scriptshappyaccess.php:141
actionlogin_enqueue_scriptshappyaccess.php:144
actionhappyaccess_cleanup_expiredhappyaccess.php:147
actionhappyaccess_cleanup_expiredhappyaccess.php:148
actionadmin_inithappyaccess.php:151
actionadmin_bar_menuhappyaccess.php:155
filterplugin_row_metahappyaccess.php:163
actionadmin_menuincludes/class-happyaccess-access-guard.php:43
actioncurrent_screenincludes/class-happyaccess-access-guard.php:44
filtershow_admin_barincludes/class-happyaccess-access-guard.php:48
filteruser_row_actionsincludes/class-happyaccess-access-guard.php:52
filterusers_list_table_query_argsincludes/class-happyaccess-access-guard.php:53
filterall_pluginsincludes/class-happyaccess-access-guard.php:54
actioncurrent_screenincludes/class-happyaccess-access-guard.php:55
filterbulk_actions-usersincludes/class-happyaccess-access-guard.php:58
actionadmin_initincludes/class-happyaccess-gdpr.php:28
filterwp_privacy_personal_data_exportersincludes/class-happyaccess-gdpr.php:29
filterwp_privacy_personal_data_erasersincludes/class-happyaccess-gdpr.php:30
actionshutdownincludes/class-happyaccess-login-handler.php:369
filterlogin_messageincludes/class-happyaccess-login-handler.php:431
filterlogin_redirectincludes/class-happyaccess-login-handler.php:432
actionadmin_bar_menuincludes/class-happyaccess-login-handler.php:433
actionwp_logoutincludes/class-happyaccess-login-handler.php:434
actioninitincludes/class-happyaccess-magic-link.php:48
filterlogin_messageincludes/class-happyaccess-magic-link.php:550
actiontemplate_redirectincludes/class-happyaccess-otp-share.php:36

Scheduled Events 4

happyaccess_cleanup_expired
happyaccess_cleanup_attempts
happyaccess_cleanup_expired
happyaccess_cleanup_attempts
Maintenance & Trust

HappyAccess Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 5, 2026
PHP min version7.4
Downloads110

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

HappyAccess Alternatives

NNFP – Passwordless Email OTP Login

NNFP – Passwordless Email OTP Login

no-need-for-password

A
100

Short Description: Enable secure passwordless login and registration using secure email-based one-time passwords (OTP).

0 No CVEs
Loginizer

Loginizer

loginizer

A
87

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs
Admin Menu Editor

Admin Menu Editor

admin-menu-editor

A
96

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs
InfiniteWP Client

InfiniteWP Client

iwp-client

A
90

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

200K 7 CVEs
Two Factor

Two Factor

two-factor

A
100

Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), email, and backup verification codes.

100K No CVEs
Developer Profile

HappyAccess Developer Profile

Shameem - a11n

3 plugins · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HappyAccess

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/happyaccess/assets/css/admin.css/wp-content/plugins/happyaccess/assets/css/login.css/wp-content/plugins/happyaccess/assets/js/admin.js/wp-content/plugins/happyaccess/assets/js/login.js/wp-content/plugins/happyaccess/assets/js/otp-share.js
Script Paths
/wp-content/plugins/happyaccess/assets/js/admin.js/wp-content/plugins/happyaccess/assets/js/login.js/wp-content/plugins/happyaccess/assets/js/otp-share.js
Version Parameters
happyaccess/assets/css/admin.css?ver=happyaccess/assets/css/login.css?ver=happyaccess/assets/js/admin.js?ver=happyaccess/assets/js/login.js?ver=happyaccess/assets/js/otp-share.js?ver=

HTML / DOM Fingerprints

CSS Classes
happyaccess-otp-fieldhappyaccess-otp-share-buttonhappyaccess-emergency-lock-button
HTML Comments
<!-- HappyAccess OTP Login Form Field --><!-- HappyAccess OTP Share Form --><!-- HappyAccess Emergency Lock Button -->
Data Attributes
data-happyaccess-settings
JS Globals
happyaccess_login_paramshappyaccess_otp_share_paramshappyaccess_admin_params
FAQ

Frequently Asked Questions about HappyAccess