WP-Safety

Authentication by LoginRadius Security & Risk Analysis

wordpress.org/plugins/loginradius-for-wordpress

The Authentication by LoginRadius WordPress plugin allow you to replace the default WordPress Authentication feature with diverse authentication metho …

100 active installs v7.3.0 PHP + WP 3.5+ Updated Oct 1, 2020
authenticationciamcloud-authenticationhosted-registrationuser-registration
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Authentication by LoginRadius Safe to Use in 2026?

Generally Safe

Score 85/100

Authentication by LoginRadius has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The 'loginradius-for-wordpress' plugin version 7.3.0 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) and the plugin shows good practice in limiting its attack surface, with no unprotected AJAX handlers or REST API routes. However, the code analysis reveals significant concerns, particularly regarding the handling of SQL queries. All three SQL queries are executed without prepared statements, which presents a substantial risk of SQL injection vulnerabilities. Additionally, a notable portion of output is not properly escaped (62%), increasing the potential for cross-site scripting (XSS) attacks. The presence of a taint flow with an unsanitized path, while not classified as critical or high, still indicates a potential for data leakage or manipulation if exploited.

Key Concerns

  • All SQL queries use prepared statements
  • Significant portion of output not properly escaped
  • Taint flow with unsanitized path
Vulnerabilities
None known

Authentication by LoginRadius Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Authentication by LoginRadius Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
32
20 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

38% escaped52 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<helper> (authentication\front\helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Authentication by LoginRadius Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[ciam_login_form] authentication\front\pages\login.php:33
[ciam_forgot_form] authentication\front\pages\passwordhandler.php:24
[ciam_password_form] authentication\front\pages\passwordhandler.php:26
[ciam_registration_form] authentication\front\pages\registration.php:26
[ciam_wp_default_login] authentication\front\wp-default-login.php:21
WordPress Hooks 57
actionactivate_pluginactivation\activation.php:44
actioninitactivation\activation.php:45
actionciam_debugactivation\activation.php:102
actionadmin_menuactivation\activation.php:104
actioninitactivation\admin\class-activation.php:22
actionadmin_initactivation\admin\class-activation.php:44
actionadmin_enqueue_scriptsactivation\admin\class-activation.php:45
actionadmin_initauthentication\admin\class-authentication.php:20
actioninitauthentication\admin\class-authentication.php:21
actiondelete_userauthentication\admin\class-authentication.php:28
actionwpmu_new_userauthentication\admin\class-authentication.php:31
actionwpmu_delete_userauthentication\admin\class-authentication.php:32
actionpersonal_options_updateauthentication\admin\class-authentication.php:36
actionedit_user_profile_updateauthentication\admin\class-authentication.php:37
actionuser_registerauthentication\admin\class-authentication.php:40
filteruser_profile_update_errorsauthentication\admin\class-authentication.php:43
actionadmin_enqueue_scriptsauthentication\admin\class-authentication.php:203
actionciam_admin_menuauthentication\authentication.php:55
filterget_avatarauthentication\front\helper.php:16
actiontemplate_redirectauthentication\front\login.php:17
actionwp_logoutauthentication\front\login.php:18
actionwp_footerauthentication\front\login.php:144
actionwp_footerauthentication\front\login.php:165
actionwp_footerauthentication\front\login.php:174
actionwp_footerauthentication\front\login.php:181
actioninitauthentication\front\pages\backupcode.php:17
actionshow_user_profileauthentication\front\pages\backupcode.php:25
actioninitauthentication\front\pages\common.php:21
actionwp_headauthentication\front\pages\common.php:30
actionwp_headauthentication\front\pages\common.php:31
actionadmin_headauthentication\front\pages\common.php:32
actionwp_headauthentication\front\pages\common.php:33
actioninitauthentication\front\pages\header.php:16
actioninitauthentication\front\pages\login.php:18
actioninitauthentication\front\pages\login.php:20
filterlogin_urlauthentication\front\pages\login.php:32
actionwp_headauthentication\front\pages\login.php:34
filterregister_urlauthentication\front\pages\login.php:36
actionwp_footerauthentication\front\pages\login.php:187
actioninitauthentication\front\pages\passwordhandler.php:15
actionwp_headauthentication\front\pages\passwordhandler.php:25
filterlostpassword_urlauthentication\front\pages\passwordhandler.php:27
actionadmin_initauthentication\front\pages\passwordhandler.php:92
actioninitauthentication\front\pages\profile.php:16
actionshow_user_profileauthentication\front\pages\profile.php:30
actionedit_user_profileauthentication\front\pages\profile.php:31
actionadmin_headauthentication\front\pages\profile.php:32
actionadmin_headauthentication\front\pages\profile.php:33
actionadmin_noticesauthentication\front\pages\profile.php:104
actionadmin_noticesauthentication\front\pages\profile.php:108
actioninitauthentication\front\pages\registration.php:17
filterregister_urlauthentication\front\pages\registration.php:30
actionwp_headauthentication\front\pages\registration.php:31
actionwp_footerauthentication\front\pages\registration.php:60
actioninitauthentication\front\social-login.php:22
actionwp_authenticateauthentication\front\wp-default-login.php:23
actionafter_setup_themeauthentication\front\wp-default-login.php:27
Maintenance & Trust

Authentication by LoginRadius Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedOct 1, 2020
PHP min version
Downloads367K

Community Trust

Rating22/100
Number of ratings36
Active installs100
Alternatives

Authentication by LoginRadius Alternatives

LoginRadius CIAM

LoginRadius CIAM

loginradius-customer-identity-and-access-management

A
85

Features of this Plugin A clean, user friendly WP admin U/I. Users can login via hosted page. Log generation functionality.

0 No CVEs
JSON API User

JSON API User

json-api-user

A
97

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

A
93

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs
Limit Login Attempts

Limit Login Attempts

limit-login-attempts

B
82

Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

300K 3 CVEs
Developer Profile

Authentication by LoginRadius Developer Profile

loginradius

2 plugins · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Authentication by LoginRadius

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loginradius-for-wordpress/js/social-login.js/wp-content/plugins/loginradius-for-wordpress/assets/css/lr-style.css/wp-content/plugins/loginradius-for-wordpress/assets/css/lr-admin-style.css/wp-content/plugins/loginradius-for-wordpress/js/lr-login-validation.js/wp-content/plugins/loginradius-for-wordpress/js/lr-login-validation.js?ver=7.3.0/wp-content/plugins/loginradius-for-wordpress/js/social-login.js?ver=7.3.0/wp-content/plugins/loginradius-for-wordpress/assets/css/lr-style.css?ver=7.3.0/wp-content/plugins/loginradius-for-wordpress/assets/css/lr-admin-style.css?ver=7.3.0
Script Paths
/wp-content/plugins/loginradius-for-wordpress/js/social-login.js/wp-content/plugins/loginradius-for-wordpress/js/lr-login-validation.js
Version Parameters
loginradius-for-wordpress/js/social-login.js?ver=loginradius-for-wordpress/assets/css/lr-style.css?ver=loginradius-for-wordpress/assets/css/lr-admin-style.css?ver=loginradius-for-wordpress/js/lr-login-validation.js?ver=

HTML / DOM Fingerprints

CSS Classes
lr-login-fieldlr-social-login-wraplr-form-btnlr-login-widget-titlelr-icon-loginlr-login-error-messageloginradius-login-socialloginradius-widget+2 more
HTML Comments
<!-- Plugin Name: Authentication by LoginRadius --><!-- LoginRadius Customer Identity and Access Management --><!-- Created by LoginRadius Development Team on 26/05/2017 --><!-- Copyright: 2017 LoginRadius Inc. All rights reserved -->+13 more
Data Attributes
data-loginradius-appiddata-loginradius-customizerdata-loginradius-domaindata-loginradius-languagedata-loginradius-widget-typedata-loginradius-registration-widget-type+4 more
JS Globals
lr_login_objlr_registration_objlr_social_login_objlr_login_widget_objlr_registration_widget_objlr_social_login_widget_obj
Shortcode Output
[loginradius_login][loginradius_registration][loginradius_social_login][loginradius_login_widget]
FAQ

Frequently Asked Questions about Authentication by LoginRadius