WP-Safety

Login External Redirect Security & Risk Analysis

wordpress.org/plugins/login-external-redirect

This plugin can redirect non users or not signed in users to any external or internal url.

10 active installs v1.0 PHP + WP 3.5+ Updated Apr 7, 2016
loginredirectredirect-non-logged-in-user-to-another-siteuser-logged-in-wp-admin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Login External Redirect Safe to Use in 2026?

Generally Safe

Score 85/100

Login External Redirect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The plugin 'login-external-redirect' v1.0 exhibits a generally good security posture based on the static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, meaning the attack surface is minimal and there are no readily apparent entry points for attackers. The code signals are also promising, with no dangerous functions, all SQL queries using prepared statements, no file operations, and no external HTTP requests. This indicates a careful and secure coding approach in these areas.

However, a significant concern arises from the output escaping. With 100% of its total outputs not being properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed by this plugin without proper sanitization could be exploited by attackers to inject malicious scripts. While the taint analysis showed no unsanitized paths, the lack of output escaping is a critical oversight that could lead to vulnerabilities being introduced later if functionality changes or if the existing outputs contain user-controlled data.

The vulnerability history is also very positive, with no known CVEs recorded. This suggests a history of secure development or a lack of significant past issues. In conclusion, the plugin's strengths lie in its limited attack surface and secure handling of database queries and external requests. The primary weakness, and a significant one, is the pervasive lack of output escaping, which creates a substantial risk of XSS vulnerabilities that needs immediate attention.

Key Concerns

  • Output not properly escaped
Vulnerabilities
None known

Login External Redirect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Login External Redirect Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
external_redirect_settings_page (login-external-redirect.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Login External Redirect Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionplugins_loadedlogin-external-redirect.php:178
actionadmin_menulogin-external-redirect.php:183
Maintenance & Trust

Login External Redirect Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedApr 7, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Login External Redirect Alternatives

LoginWP (Formerly Peter's Login Redirect)

LoginWP (Formerly Peter's Login Redirect)

peters-login-redirect

A
98

Redirect users to different locations after they log in, log out and register based on different conditions.

90K 3 CVEs
Inactive Logout

Inactive Logout

inactive-logout

A
96

Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.

20K 3 CVEs
FluentAuth – The Ultimate Authorization & Security Plugin for WordPress

FluentAuth – The Ultimate Authorization & Security Plugin for WordPress

fluent-security

A
98

Enhance the Security and User Experience of Your Site with Login/Signup Security, Two-Factor Email Authentication, Social Logins and more...

10K 2 CVEs
Simple Membership After Login Redirection

Simple Membership After Login Redirection

simple-membership-after-login-redirection

A
99

An addon for the simple membership plugin to configure after login redirection to a specific page based on the member's level.

10K 1 CVE
WP Login and Logout Redirect

WP Login and Logout Redirect

wp-login-and-logout-redirect

A
99

This plugin enable simple and easy way to redirect user to your chosen page URL after login or logout or both.

6K 1 CVE
Developer Profile

Login External Redirect Developer Profile

Unnikrishnan S

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Login External Redirect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<div class="wrap"><p><h1>Login External Redirect</h1></p></div><form method="POST"> <table class="form-table"> <tbody> <tr> <th scope="row"><label for="blogname">Site Title</label></th> <td> <input name="external_redirect_url" type="text" id="external_redirect_url" value="" class="regular-text code"> </td> </tr> <tr> <th scope="row">Redirection</th> <td> <fieldset><legend class="screen-reader-text"><span>Redirect</span></legend><label for="external_redirect"> <input name="external_redirect" type="checkbox" id="external_redirect" value="1"> Enable Redirection</label> </fieldset> </td> </tr> <tr> <th scope="row">Method</th> <td> <fieldset><legend class="screen-reader-text"><span>Method</span></legend><label for="external_redirect_method"> <input name="external_redirect_method"
FAQ

Frequently Asked Questions about Login External Redirect