Does IP Based Login have any unpatched vulnerabilities?

No. All known vulnerabilities in IP Based Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IP Based Login compatible with WordPress 6.8.5?

According to WordPress.org data, IP Based Login 2.4.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is IP Based Login compatible with PHP 5.6+?

IP Based Login requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is IP Based Login updated?

IP Based Login was last updated on Sep 11, 2025. Frequent updates are generally a positive security signal.

What is IP Based Login's security score?

IP Based Login has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IP Based Login Security & Risk Analysis

wordpress.org/plugins/ip-based-login

IP Based Login allows you to directly login from an authorized IP without password.

400 active installs v2.4.4 PHP 5.6+ WP 3.0+ Updated Sep 11, 2025

authenticationautobasediplogin

A · Safe

CVEs total4

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is IP Based Login Safe to Use in 2026?

Generally Safe

Score 96/100

IP Based Login has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 22, 2025Updated 6mo ago

Risk Assessment

The "ip-based-login" plugin v2.4.4 presents a mixed security posture. While it exhibits good practices such as having a limited attack surface, no unprotected entry points, and a decent number of capability checks, several concerning areas emerge from the static analysis. A significant portion of SQL queries (67%) are not using prepared statements, increasing the risk of SQL injection. Furthermore, a worrying 68% of output operations are not properly escaped, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. The taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities, although these are not classified as critical or high severity. The vulnerability history is concerning, with four documented medium-severity CVEs, specifically related to XSS and CSRF. Although there are no currently unpatched vulnerabilities, the pattern of past issues suggests recurring weaknesses in input validation and output sanitization. The last known vulnerability was in the future, suggesting this data may be illustrative or contain an error. Overall, while the plugin has some strengths, the prevalence of unescaped output, raw SQL queries, and a history of XSS/CSRF vulnerabilities indicate a moderate to high risk that requires careful attention and remediation.

Key Concerns

SQL queries not using prepared statements
Improperly escaped output
Flows with unsanitized paths
Medium severity CVEs in history
Common vulnerability types (XSS, CSRF)

Vulnerabilities

IP Based Login Security Vulnerabilities

CVEs by Year

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-58960medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

IP Based Login <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 2.4.4 (5d)

CVE-2025-50016medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

IP Based Login <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 2.4.3 (33d)

CVE-2024-12800medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

IP Based Login <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 6, 2025 Patched in 2.4.1 (8d)

CVE-2024-13118medium · 4.3Cross-Site Request Forgery (CSRF)

IP Based Login <= 2.4.0 - Cross-Site Request forgery to Log Deletion

Mar 6, 2025 Patched in 2.4.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

IP Based Login Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared12 total queries

Output Escaping

32% escaped146 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

triger_login (init.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

IP Based Login Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ipbl_dismiss_sale_noticeinit.php:1826

WordPress Hooks 11

actionplugins_loadedinit.php:100

filterwsal_load_on_frontendinit.php:346

filterattach_session_informationinit.php:396

actionwp_before_admin_bar_renderinit.php:447

filteripbl_supported_ipinit.php:558

filteripbl_is_supported_ipinit.php:559

actioninitinit.php:560

actionadmin_initinit.php:561

actionadmin_menuinit.php:586

actionadmin_noticesinit.php:1824

actionplugins_loadedip-based-login.php:44

Maintenance & Trust

IP Based Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 11, 2025

PHP min version5.6

Downloads44K

Community Trust

Rating98/100

Number of ratings23

Active installs400

Alternatives

IP Based Login Alternatives

URL Based Login

url-based-login

URL Based Login allows you to directly login from an allowed Login URL.

10 No CVEs

Login By IP Authentication

100

The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associ …

0 No CVEs

WP-Members Membership Plugin

wp-members

The original WordPress membership plugin with content restriction, user login, custom registration fields, user profiles, and more.

50K 18 CVEs

ClickShip

clickship

100

ClickShip offers real-time shipping rates at checkout. Sign up, integrate your WooCommerce store, and start shipping effortlessly.

1K No CVEs

IP & Country Blocker Lite

ip-blocker-lite

100

Advanced WordPress security plugin with IP/country blocking and two-factor authentication for comprehensive website protection.

300 No CVEs

Developer Profile

IP Based Login Developer Profile

brijeshk89

5 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

25 days

View full developer profile

Detection Fingerprints

How We Detect IP Based Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ip-based-login/css/ip-based-login.css/wp-content/plugins/ip-based-login/js/ip-based-login.js

Script Paths

/wp-content/plugins/ip-based-login/js/ip-based-login.js

Version Parameters

ip-based-login/css/ip-based-login.css?ver=ip-based-login/js/ip-based-login.js?ver=

HTML / DOM Fingerprints

HTML Comments

<!--
	Copyright (C) 2013  Brijesh Kothari (email : admin@wp-inspired.com)
	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.
-->

<!--
	Table structure for table `wp_ip_based_login`
-->

FAQ