WP-Safety

FIDO-certified Passwordless biometric login Security & Risk Analysis

wordpress.org/plugins/loginid-directweb

FIDO-certified strong authentication in 5 clicks. Go passwordless and eliminate account takeovers and fraud.

20 active installs v1.1.0 PHP 7.1+ WP 5.4+ Updated Jun 7, 2022
authenticationfidomultifactor-authenticationoauth-2-0security
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FIDO-certified Passwordless biometric login Safe to Use in 2026?

Generally Safe

Score 85/100

FIDO-certified Passwordless biometric login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The plugin "loginid-directweb" v1.1.0 demonstrates several good security practices. The code analysis shows a high percentage of properly escaped output and 100% of SQL queries using prepared statements, which are crucial for preventing common web vulnerabilities. The absence of dangerous functions, file operations, and any recorded vulnerabilities in its history are positive indicators of a generally secure codebase. However, there are notable concerns regarding its attack surface. Three out of four AJAX handlers lack authentication checks, presenting a significant risk of unauthorized access or manipulation. While taint analysis and known CVEs are clean, this lack of authorization on critical entry points could be exploited by attackers to perform actions they shouldn't be able to. The presence of external HTTP requests, though only one, also warrants attention as it could potentially be a vector for further compromise if not handled securely.

Key Concerns

  • AJAX handlers without authorization
  • External HTTP requests
Vulnerabilities
None known

FIDO-certified Passwordless biometric login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

FIDO-certified Passwordless biometric login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
113 escaped
Nonce Checks
6
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

96% escaped118 total outputs
Attack Surface
3 unprotected

FIDO-certified Passwordless biometric login Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_loginid_save_to_profileadmin\admin-ui-setup.php:274
authwp_ajax_loginid_remove_from_profileadmin\admin-ui-setup.php:296
authwp_ajax_loginid_wizard_callbackadmin\admin-ui-setup.php:367
noprivwp_ajax_loginid_wizard_callbackadmin\admin-ui-setup.php:386
WordPress Hooks 16
actionshow_user_profileadmin\admin-ui-render.php:325
actionedit_user_profileadmin\admin-ui-render.php:326
actionadmin_menuadmin\admin-ui-setup.php:32
actionadmin_initadmin\admin-ui-setup.php:87
actionadmin_enqueue_scriptsadmin\admin-ui-setup.php:155
actionadmin_post_loginid_dw_generate_pageadmin\admin-ui-setup.php:189
filtermanage_users_columnsadmin\admin-ui-setup.php:212
filtermanage_users_custom_columnadmin\admin-ui-setup.php:234
filteradmin_footer_textadmin\basic-setup.php:97
filterupdate_footeradmin\basic-setup.php:115
actioninitfunctions\directweb.php:122
actiontemplate_redirectfunctions\directweb.php:123
actionwp_body_openfunctions\directweb.php:124
filterwoocommerce_locate_templatefunctions\directweb.php:184
actionwp_enqueue_scriptsfunctions\do.php:27
filterplugin_row_metaloginid-directweb.php:102
Maintenance & Trust

FIDO-certified Passwordless biometric login Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedJun 7, 2022
PHP min version7.1
Downloads70K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

FIDO-certified Passwordless biometric login Alternatives

All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

A
93

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs
Limit Login Attempts

Limit Login Attempts

limit-login-attempts

B
82

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs
Two Factor

Two Factor

two-factor

A
100

Enable Two-Factor Authentication (2FA) using time-based one-time passwords (TOTP), Universal 2nd Factor (U2F), email, and backup verification codes.

100K No CVEs
WPS Limit Login

WPS Limit Login

wps-limit-login

A
96

WPS Limit login limit connection attempts by IP address

100K 3 CVEs
Developer Profile

FIDO-certified Passwordless biometric login Developer Profile

loginidauth

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FIDO-certified Passwordless biometric login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loginid-directweb/dist/js/loginid-directweb.js/wp-content/plugins/loginid-directweb/dist/css/loginid-directweb.css
Script Paths
/wp-content/plugins/loginid-directweb/dist/js/loginid-directweb.js
Version Parameters
loginid-directweb/dist/js/loginid-directweb.js?ver=loginid-directweb/dist/css/loginid-directweb.css?ver=

HTML / DOM Fingerprints

JS Globals
window.loginid_dw_datavar loginid_dw_data
FAQ

Frequently Asked Questions about FIDO-certified Passwordless biometric login