Does IP Login have any unpatched vulnerabilities?

No. All known vulnerabilities in IP Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IP Login compatible with WordPress 4.3.34?

According to WordPress.org data, IP Login 1.0.3 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is IP Login updated?

IP Login was last updated on Jan 2, 2016. Frequent updates are generally a positive security signal.

What is IP Login's security score?

IP Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IP Login Security & Risk Analysis

wordpress.org/plugins/ip-login

Enables you to login from trusted IP without entering password by specifying ?bypass_login=username parameter on site.

10 active installs v1.0.3 PHP + WP 3.0+ Updated Jan 2, 2016

adminautologinlogin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is IP Login Safe to Use in 2026?

Generally Safe

Score 85/100

IP Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

Based on the static analysis and vulnerability history, the 'ip-login' plugin v1.0.3 appears to have a very strong security posture. The static analysis reveals a complete absence of identified attack surface points, dangerous functions, direct SQL queries, unescaped output, file operations, external HTTP requests, nonce checks, and capability checks. This indicates that the code was likely written with security best practices in mind, or that the functionality is extremely limited. The taint analysis also shows no detected flows with unsanitized paths, further reinforcing the impression of secure coding.

The vulnerability history is equally clean, with zero recorded CVEs of any severity. This suggests a history of either very robust security or an absence of public disclosure, which for a plugin with no apparent entry points is plausible. The plugin's strengths lie in its apparent lack of exploitable entry points and its adherence to secure coding practices as indicated by the static analysis. A weakness could be the complete lack of identifiable entry points, which, while secure, might imply limited functionality or that the analysis might have missed subtle ways to interact with the plugin if its purpose is not fully understood.

Overall, 'ip-login' v1.0.3 presents as a highly secure plugin based on the provided data. The absence of any identified vulnerabilities or insecure coding patterns is a significant strength. The complete lack of attack surface and taint flows suggests that there are no obvious pathways for malicious actors to exploit. The plugin's history of no known vulnerabilities further reinforces this positive assessment. The only potential concern, if one can call it that, is the complete lack of any security-related code signals (like nonce checks or capability checks), which can sometimes indicate very minimal functionality rather than exhaustive security implementation. However, given the other positive indicators, this is more of an observation about its design than a security risk.

Vulnerabilities

None known

IP Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

IP Login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

IP Login Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_enqueue_scriptsip_login.php:15

actionadmin_enqueue_scriptsip_login.php:16

filterquery_varsip_login.php:25

actioninitip_login.php:31

Maintenance & Trust

IP Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedJan 2, 2016

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

IP Login Alternatives

Automatic Login

automatic-login

100

Skip the login screen during local development. Log in automatically on your locally hosted WordPress install.

0 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs

Developer Profile

IP Login Developer Profile

Luka Petrovic

2 plugins · 210 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IP Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ip-login/style.css

Version Parameters

ip-login/style.css?ver=

HTML / DOM Fingerprints

Shortcode Output

<p style="text-align: center;line-height: 30px;padding: 5px;background: rgb(175, 0, 0);color: white;">Your IP can't be determined. You will not use this plugin, sorry...</p>

<p style="text-align: center;line-height: 30px;padding: 5px;background: rgb(175, 0, 0);color: white;">Your IP: { <strong>

</strong> } is not authorised for access without password.</p>

FAQ