WP-Safety

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Security & Risk Analysis

wordpress.org/plugins/login-links

Create secure self-expiring login links for temporary access and guest users, and enable passwordless login for registered ones.

40 active installs v2.1.0 PHP 7.0+ WP 5.5+ Updated Jul 2, 2025
custom-login-formlogin-without-passwordpasswordless-loginsecure-logintemporary-access
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Safe to Use in 2026?

Generally Safe

Score 100/100

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "login-links" v2.1.0 plugin exhibits a generally good security posture, with several positive indicators. The absence of dangerous functions, the use of prepared statements for all SQL queries, and a high percentage of properly escaped output are commendable practices. Furthermore, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of stable and secure development.

However, there is a specific area of concern related to the REST API. One out of seven REST API routes lacks permission callbacks, creating a potential entry point that is not properly secured. While the static analysis and taint analysis did not reveal any critical or high-severity issues, this single unprotected REST API route represents a tangible risk that could be exploited if not addressed. The presence of nonce and capability checks is positive, but their limited number (two each) might indicate that not all sensitive operations are adequately protected.

In conclusion, "login-links" v2.1.0 is largely secure, benefiting from good coding practices in most areas. The primary weakness lies in the unprotected REST API route, which should be prioritized for remediation. The lack of historical vulnerabilities is a strong positive, but it does not negate the need to address the identified security gap in the current version.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
28 prepared
Unescaped Output
3
105 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared28 total queries

Output Escaping

97% escaped108 total outputs
Attack Surface
1 unprotected

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Attack Surface

Entry Points8
Unprotected1

REST API Routes 7

POST/wp-json/ll/v1/createadmin\api.php:24
PUT/wp-json/ll/v1/update/(?P<id>\d+)admin\api.php:34
DELETE/wp-json/ll/v1/delete/(?P<id>\d+)admin\api.php:44
POST/wp-json/ll/v1/sendadmin\api.php:54
PUT/wp-json/ll/v1/reset/(?P<id>\d+)admin\api.php:64
GET/wp-json/ll/v1/admin/dont-show-no-longer-see-links-noticeadmin\api.php:74
POST/wp-json/ll/v1/requestpasswordless-login\common\api.php:20

Shortcodes 1

[lgnl_passwordless_form] passwordless-login\form\form.php:72
WordPress Hooks 26
actionadmin_menuadmin\admin-page.php:43
actionadmin_enqueue_scriptsadmin\admin-page.php:120
actionpre_user_queryadmin\admin-page.php:340
actionrest_api_initadmin\api.php:84
actionadmin_enqueue_scriptscommon\admin\admin-page.php:30
actionadmin_enqueue_scriptscommon\modal\modal.php:44
actionadmin_menupasswordless-login\admin\admin.php:25
actionadmin_enqueue_scriptspasswordless-login\admin\admin.php:226
actionrest_api_initpasswordless-login\common\api.php:30
actionwp_enqueue_scriptspasswordless-login\form\form.php:93
actionwp_enqueue_scriptspasswordless-login\form\form.php:95
filterauthenticatepasswordless-login\wp-login-form\wp-login-form.php:49
actioninitpasswordless-login\wp-login-form\wp-login-form.php:90
filterlost_password_html_linkpasswordless-login\wp-login-form\wp-login-form.php:127
actionlogin_formpasswordless-login\wp-login-form\wp-login-form.php:153
actionlogin_enqueue_scriptspasswordless-login\wp-login-form\wp-login-form.php:200
actionadmin_initservices\LGNLCustomLoginPageGenerator.php:34
actionafter_delete_postservices\LGNLCustomLoginPageGenerator.php:35
filterdisplay_post_statesservices\LGNLCustomLoginPageGenerator.php:36
actionlgnl_do_after_passwordless_settingsservices\LGNLCustomLoginPageGenerator.php:37
actioninitservices\LGNLLoginLinkAuthHandler.php:53
filterauthenticateservices\LGNLLoginLinkAuthHandler.php:174
actionuser_registerservices\LGNLUserTransientCleaner.php:27
actiondelete_userservices\LGNLUserTransientCleaner.php:28
actioninitservices\LGNLV1LinksMigrator.php:29
actioninitversion-update\version-update.php:34
Maintenance & Trust

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 2, 2025
PHP min version7.0
Downloads977

Community Trust

Rating80/100
Number of ratings4
Active installs40
Alternatives

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Alternatives

Temporary Login Without Password

Temporary Login Without Password

temporary-login-without-password

A
100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE
SafeTemp Login – Temporary Access with Approval

SafeTemp Login – Temporary Access with Approval

safetemplogin-tawa

A
100

Create temporary users with any role. When a temporary user is an administrator, sensitive actions require approval from a real administrator.

0 No CVEs
Temporary Login

Temporary Login

temporary-login

A
92

Create a secure, temporary URL for easy access to your WP admin.

40K No CVEs
Passwordless Login

Passwordless Login

passwordless-login

A
100

Passwordless login form via a simple to use shortcode: [passwordless-login]

1K 1 CVE
Bifröst – Instant Passwordless Temporary Login Links

Bifröst – Instant Passwordless Temporary Login Links

create-temporary-login

A
97

🔗️ Create passwordless temporary login links. Instantly ⚡️

50 1 CVE
Developer Profile

Login Links – Passwordless Login, Temporary Access Links & Custom Login Form Developer Profile

Denis Alemán

2 plugins · 1K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Login Links – Passwordless Login, Temporary Access Links & Custom Login Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Login Links – Passwordless Login, Temporary Access Links & Custom Login Form