Loginpetze Security & Risk Analysis
wordpress.org/plugins/loginpetzeNotifies the admin by email as soon as a user has successfully logged in. The mails are customizable, the plugin is completely translatable.
Is Loginpetze Safe to Use in 2026?
Generally Safe
Score 100/100Loginpetze has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin 'loginpetze' v1.4 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs and the clean static analysis report, which shows no dangerous functions, unsanitized taint flows, or raw SQL queries, are significant strengths. Furthermore, the plugin demonstrates good practices by properly escaping the vast majority of its outputs and implementing capability checks. The lack of any identified attack surface points, such as unprotected AJAX handlers, REST API routes, or shortcodes, indicates a well-contained plugin with limited direct interaction points for attackers. However, the complete absence of nonce checks across all entry points is a notable concern. While the plugin may currently have no exploitable vulnerabilities, a lack of nonce checks can make it susceptible to Cross-Site Request Forgery (CSRF) attacks if any new functionalities are introduced or if existing ones, even those with capability checks, are not robustly protected against unexpected requests. The plugin's vulnerability history is excellent, but this does not negate the potential for future issues arising from the identified lack of nonce protection. In conclusion, 'loginpetze' v1.4 is generally secure, but the omission of nonce checks represents a potential weakness that should be addressed.
Key Concerns
- Missing nonce checks on entry points
Loginpetze Security Vulnerabilities
Loginpetze Release Timeline
Loginpetze Code Analysis
SQL Query Safety
Output Escaping
Loginpetze Attack Surface
WordPress Hooks 5
Maintenance & Trust
Loginpetze Maintenance & Trust
Maintenance Signals
Community Trust
Loginpetze Alternatives
TW Login Alert & Tracker
tw-login-alert-tracker
Track who logs in and when — and receive instant email alerts for every login event.
Login Telegram Notifier
login-telegram-notifier
This plugin sends real-time Telegram alerts when someone logs into the WordPress admin panel. Includes IP, location, user agent and more.
AdSignalPro
adsignalpro
Google AdWords Click Fraud, Attack Notifications: Real-time data, sharp analysis.
DynamicIP Watchdog
dynamicip-watchdog
DynamicIP Watchdog keeps you informed about changes in your website's outbound IP address.
Nacionvirtual – Alerts & Chat for Telegram
nacionvirtual-alerts-for-telegram
Real-time WordPress site alerts and daily activity reports delivered to Telegram.
Loginpetze Developer Profile
2 plugins · 4K total installs
How We Detect Loginpetze
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/loginpetze/stylesheet.cssHTML / DOM Fingerprints
<!-- Loginpetze is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 of the License, or
* any later version. --><!-- Loginpetze is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. --><!-- You should have received a copy of the GNU General Public License
* along with Loginpetze. If not, see http://www.gnu.org/licenses/gpl-2.0.txt. --><!--
* If this file is called directly, abort.
-->+15 more