Lana Single Sign On Security & Risk Analysis
wordpress.org/plugins/lana-ssoCreates the ability to login using Single Sign On via OAuth 2.0
Is Lana Single Sign On Safe to Use in 2026?
Generally Safe
Score 100/100Lana Single Sign On has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
Based on the static analysis, "lana-sso" v1.2.0 appears to have a very strong security posture. The complete absence of unprotected entry points across AJAX, REST API, shortcodes, and cron events is commendable, indicating that the plugin is designed with security in mind, likely requiring authentication for all interactions. The code signals also reinforce this, showing a clean slate with no dangerous functions, proper SQL statement preparation, and 100% output escaping. The presence of nonce and capability checks further solidifies the security of the implemented functionalities. However, the plugin does make two external HTTP requests, which, while not inherently a vulnerability, represent a potential attack vector if the target endpoints are compromised or if the requests are not handled securely. The vulnerability history being completely clear is a very positive sign, suggesting a history of secure development and maintenance. Overall, the plugin demonstrates excellent security practices, with the external HTTP requests being the only minor point of consideration.
Key Concerns
- External HTTP requests present
Lana Single Sign On Security Vulnerabilities
Lana Single Sign On Code Analysis
Output Escaping
Lana Single Sign On Attack Surface
WordPress Hooks 11
Maintenance & Trust
Lana Single Sign On Maintenance & Trust
Maintenance Signals
Community Trust
Lana Single Sign On Alternatives
OAuth Single Sign On – SSO (OAuth Client)
miniorange-login-with-eve-online-google-facebook
WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].
Tim's Nextcloud SSO OAuth2
tims-nextcloud-sso-oauth2
Enables you to login to your WordPress site with your Nextcloud account with OAuth2
Snapplify Single Sign On
snapplify-single-sign-on
WordPress User Single Sign On authentication with a Snapplify User Account.
SAML Single Sign On – SSO Login
miniorange-saml-20-single-sign-on
SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]
SAML IDP (Identity Provider) – Login with Website Users
miniorange-wp-as-saml-idp
Single sign on (SSO) login with WordPress Users into any Service Provider like Tableau, Thinkific, Zoom, Moodle LMS, Canvas LMS, Absorb LMS, TalentLMS
Lana Single Sign On Developer Profile
13 plugins · 4K total installs
How We Detect Lana Single Sign On
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lana-sso/assets/css/lana-sso-login.css/wp-content/plugins/lana-sso/assets/css/lana-sso-admin.css/wp-content/plugins/lana-sso/assets/libs/toastr/css/toastr.min.css/wp-content/plugins/lana-sso/assets/js/lana-sso-admin.js/wp-content/plugins/lana-sso/assets/libs/toastr/js/toastr.min.js/wp-content/plugins/lana-sso/assets/js/lana-sso-admin.jslana-sso/assets/css/lana-sso-login.css?ver=lana-sso/assets/css/lana-sso-admin.css?ver=lana-sso/assets/js/lana-sso-admin.js?ver=HTML / DOM Fingerprints
lana-sso-admincopy-to-clipboardbutton-with-iconhide-if-no-jsconstant-client-idconstant-client-secretbutton-separatordata-targetlana_sso_l10n