Does Lana Security have any unpatched vulnerabilities?

No. All known vulnerabilities in Lana Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lana Security compatible with WordPress 5.9.13?

According to WordPress.org data, Lana Security 1.1.8 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Lana Security updated?

Lana Security was last updated on May 28, 2022. Frequent updates are generally a positive security signal.

What is Lana Security's security score?

Lana Security has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lana Security Security & Risk Analysis

wordpress.org/plugins/lana-security

Security plugin to protect website with login captcha, hide version number and security monitor

100 active installs v1.1.8 PHP + WP 4.0+ Updated May 28, 2022

captchalogin-captchalogin-loglogin-securitysecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Lana Security Safe to Use in 2026?

Generally Safe

Score 85/100

Lana Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The lana-security v1.1.8 plugin demonstrates a generally strong security posture. Static analysis reveals no critical or high-severity issues in taint flows, and a very high percentage of output escaping, indicating good practices in preventing common web vulnerabilities like XSS. The plugin also implements a healthy number of nonce and capability checks, which are crucial for securing actions within WordPress. Furthermore, the absence of any recorded vulnerabilities, CVEs, or known common vulnerability types in its history suggests a history of secure development and maintenance.

However, a few areas warrant attention. The presence of SQL queries, with a significant portion not utilizing prepared statements (71% not prepared), presents a potential risk for SQL injection if these queries are not handled with extreme care or if external input directly influences their construction. While there are no external HTTP requests, the single file operation could be a vector for insecure file handling if not properly sanitized. The plugin's entry points are all protected, which is excellent, but the general reliance on prepared statements for all SQL queries should be a priority for a more robust security profile.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

Lana Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Lana Security Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

29% prepared14 total queries

Output Escaping

98% escaped43 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

lana_security_plugins_page (lana-security.php:448)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lana Security Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 33

actionadmin_initlana-security.php:189

actionadmin_enqueue_scriptslana-security.php:208

actionadmin_enqueue_scriptslana-security.php:227

actionlogin_enqueue_scriptslana-security.php:237

actionadmin_initlana-security.php:270

actionadmin_menulana-security.php:273

filterset-screen-optionlana-security.php:365

filterscript_loader_srclana-security.php:980

filterstyle_loader_srclana-security.php:981

filterthe_generatorlana-security.php:999

filterinitlana-security.php:1020

filtermod_rewrite_ruleslana-security.php:1057

actionupdate_optionlana-security.php:1076

actionlogin_initlana-security.php:1126

actionlogin_formlana-security.php:1151

actionregister_formlana-security.php:1177

actionlostpassword_formlana-security.php:1203

filterauthenticatelana-security.php:1256

actionregister_postlana-security.php:1303

actionlostpassword_postlana-security.php:1348

filterauthenticatelana-security.php:1383

actionprofile_updatelana-security.php:1406

actiondelete_userlana-security.php:1419

actionadded_optionlana-security.php:1558

actionupdated_optionlana-security.php:1559

actionplugins_loadedlana-security.php:1577

actionplugins_loadedlana-security.php:1595

actionplugins_loadedlana-security.php:1613

actionplugins_loadedlana-security.php:1631

actionlana_security_logs_cleanup_by_amountlana-security.php:1696

actionlana_security_logs_cleanup_by_timelana-security.php:1712

actionlana_security_login_logs_cleanup_by_amountlana-security.php:1728

actionlana_security_login_logs_cleanup_by_timelana-security.php:1744

Scheduled Events 4

lana_security_logs_cleanup_by_amount

lana_security_logs_cleanup_by_time

lana_security_login_logs_cleanup_by_amount

lana_security_login_logs_cleanup_by_time

Maintenance & Trust

Lana Security Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMay 28, 2022

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Lana Security Alternatives

Wordfence Login Security

wordfence-login-security

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs

DoLogin Security

dologin

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs

Cartpauj Register Captcha

cartpauj-register-captcha

100

Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.

1K 1 CVE

Power Captcha reCAPTCHA

power-captcha-recaptcha

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs

Kaya Login Captcha

kaya-login-captcha

100

Adds a simple captcha on login form, register form and lost-password form.

200 No CVEs

Developer Profile

Lana Security Developer Profile

Lana Codes

13 plugins · 4K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

400 days

View full developer profile

Detection Fingerprints

How We Detect Lana Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lana-security/assets/js/lana-security-settings-admin.js/wp-content/plugins/lana-security/assets/css/lana-security-settings-admin.css/wp-content/plugins/lana-security/assets/css/lana-security-login.css

Script Paths

/wp-content/plugins/lana-security/assets/js/lana-security-settings-admin.js

Version Parameters

lana-security/assets/js/lana-security-settings-admin.js?ver=lana-security/assets/css/lana-security-settings-admin.css?ver=lana-security/assets/css/lana-security-login.css?ver=

HTML / DOM Fingerprints

FAQ