WP-Safety

Login Security Solution Security & Risk Analysis

wordpress.org/plugins/login-security-solution

Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.

4K active installs v0.56.0 PHP + WP 3.3+ Updated Nov 28, 2017
loginpasswordpasswordsstrengthstrong
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Login Security Solution Safe to Use in 2026?

Generally Safe

Score 85/100

Login Security Solution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The plugin "login-security-solution" v0.56.0 exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. This significantly limits the potential entry points for attackers. Furthermore, the absence of known CVEs and a clean vulnerability history is a strong indicator of a well-maintained plugin, at least in terms of publicly disclosed vulnerabilities.

However, there are notable areas of concern within the code itself. The most significant red flag is the complete lack of output escaping for all 37 identified outputs. This means that any data processed by the plugin and displayed back to users could be vulnerable to cross-site scripting (XSS) attacks. Additionally, while 56% of SQL queries use prepared statements, the remaining 44% do not, posing a risk of SQL injection vulnerabilities. The absence of nonce checks on the limited entry points, though seemingly less critical given their protected nature, is still a missed security best practice.

In conclusion, the plugin's limited attack surface and lack of historical vulnerabilities are commendable strengths. However, the critical security flaws in output escaping and the presence of raw SQL queries necessitate urgent attention. These issues, if exploited, could lead to significant security breaches, outweighing the benefits of the small attack surface.

Key Concerns

  • All outputs lack proper escaping
  • SQL queries not using prepared statements
  • Missing nonce checks
Vulnerabilities
None known

Login Security Solution Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Login Security Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
5 prepared
Unescaped Output
37
0 escaped
Nonce Checks
0
Capability Checks
6
File Operations
7
External Requests
0
Bundled Libraries
0

SQL Query Safety

56% prepared9 total queries

Output Escaping

0% escaped37 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<login-security-solution> (login-security-solution.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Login Security Solution Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 25
actionauth_cookie_bad_usernamelogin-security-solution.php:247
actionauth_cookie_bad_hashlogin-security-solution.php:248
actionauth_cookie_validlogin-security-solution.php:249
actionpassword_resetlogin-security-solution.php:250
actionuser_profile_update_errorslogin-security-solution.php:251
actionlogin_form_resetpasslogin-security-solution.php:255
actionvalidate_password_resetlogin-security-solution.php:256
actionpersonal_optionslogin-security-solution.php:257
actionuser_new_form_taglogin-security-solution.php:258
filterpassword_hintlogin-security-solution.php:260
filterxmlrpc_enabledlogin-security-solution.php:263
filterauthenticatelogin-security-solution.php:264
actionwp_login_failedlogin-security-solution.php:265
actionwp_loginlogin-security-solution.php:266
filterlogin_errorslogin-security-solution.php:267
filterlogin_messagelogin-security-solution.php:268
filterwp_redirectlogin-security-solution.php:271
filtercomments_openlogin-security-solution.php:275
actionwp_logoutlogin-security-solution.php:279
actionauth_cookie_expiredlogin-security-solution.php:280
actionadmin_initlogin-security-solution.php:300
actionadmin_noticeslogin-security-solution.php:304
actionadmin_headlogin-security-solution.php:314
actionadmin_initlogin-security-solution.php:318
filtergettextlogin-security-solution.php:816
Maintenance & Trust

Login Security Solution Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedNov 28, 2017
PHP min version
Downloads290K

Community Trust

Rating88/100
Number of ratings54
Active installs4K
Alternatives

Login Security Solution Alternatives

WP Password Policy

WP Password Policy

password-requirements

A
100

Define and enforce password policies for your WordPress site with length, complexity, and expiration rules.

100 No CVEs
Password Policy Manager | Password Manager

Password Policy Manager | Password Manager

password-policy-manager

A
96

Enforce strong passwords with expiry, reset, score checks, inactive user lock, and user password management using Password Policy Manager.

6K 2 CVEs
Expire User Passwords

Expire User Passwords

expire-user-passwords

A
100

Require certain users to change their passwords on a regular basis.

3K No CVEs
Expire Passwords

Expire Passwords

expire-passwords

A
85

Require certain users to change their passwords on a regular basis.

500 No CVEs
Trusona for WordPress

Trusona for WordPress

trusona

B
78

Passwordless 2FA for your WordPress admin account with one-click install. Trusona's FREE passwordless plug-in prevents unauthorized logins, defa &hellip;

500 1 unpatched
Developer Profile

Login Security Solution Developer Profile

Daniel Convissor

1 plugin · 4K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Login Security Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/login-security-solution/lss-common.js/wp-content/plugins/login-security-solution/lss-password-strength.js/wp-content/plugins/login-security-solution/lss-admin-users.js/wp-content/plugins/login-security-solution/lss-admin-settings.js/wp-content/plugins/login-security-solution/lss-admin-login-failures.js/wp-content/plugins/login-security-solution/lss-admin-login-failures-details.js/wp-content/plugins/login-security-solution/lss-admin-settings.css
Script Paths
wp-content/plugins/login-security-solution/lss-common.jswp-content/plugins/login-security-solution/lss-password-strength.jswp-content/plugins/login-security-solution/lss-admin-users.jswp-content/plugins/login-security-solution/lss-admin-settings.jswp-content/plugins/login-security-solution/lss-admin-login-failures.jswp-content/plugins/login-security-solution/lss-admin-login-failures-details.js
Version Parameters
login-security-solution/lss-common.js?ver=login-security-solution/lss-password-strength.js?ver=login-security-solution/lss-admin-users.js?ver=login-security-solution/lss-admin-settings.js?ver=login-security-solution/lss-admin-login-failures.js?ver=login-security-solution/lss-admin-login-failures-details.js?ver=login-security-solution/lss-admin-settings.css?ver=

HTML / DOM Fingerprints

CSS Classes
lss-password-strength-meterlss-password-requirements
HTML Comments
<!-- DO NOT MODIFY THIS FILE DIRECTLY. --><!-- This is a configuration file generated by the Login Security Solution plugin. --><!-- The 'pw_dict_file' option is a full path to a text file. --><!-- For example: /usr/share/dictd/gcide.index -->+17 more
Data Attributes
data-lss-strength-meterdata-lss-password-input
JS Globals
lss_common_params
FAQ

Frequently Asked Questions about Login Security Solution