WP-Safety

LoginShield for WordPress Security & Risk Analysis

wordpress.org/plugins/loginshield

LoginShield for WordPress is the secure and convenient way to login to your WordPress site. It's easy to use and protects users against password …

10 active installs v1.0.16 PHP 5.2+ WP 4.4+ Updated Feb 7, 2022
2-factor2faauthenticationloginphishing
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is LoginShield for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

LoginShield for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The LoginShield plugin, version 1.0.16, presents a generally good security posture with several positive indicators. The absence of known vulnerabilities and CVEs is a strong point, suggesting a history of stable and secure development. The code analysis also reveals good practices such as 100% of SQL queries using prepared statements, a high percentage of properly escaped output, and no dangerous functions or file operations detected. Furthermore, the attack surface appears limited and protected, with no unprotected AJAX handlers or REST API routes, and existing entry points seem to be secured by capability checks. However, there are areas for concern. The presence of 4 taint flows with unsanitized paths, even without critical or high severity, warrants investigation. While no specific vulnerabilities are indicated by these flows, they represent potential pathways for unintended data manipulation or exposure if not carefully managed. The lack of nonce checks on the sole shortcode is also a notable omission, potentially leaving it susceptible to CSRF attacks if it performs any sensitive actions. The plugin also makes a significant number of external HTTP requests (11), which, while not inherently insecure, increases the attack surface and reliance on external services, which could have their own security implications.

Key Concerns

  • Taint flows with unsanitized paths
  • Shortcode without nonce checks
  • Significant external HTTP requests
Vulnerabilities
None known

LoginShield for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

LoginShield for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
4
33 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
11
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

89% escaped37 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
redirect_to_custom_login (includes\class-loginshield.php:290)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

LoginShield for WordPress Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[loginshield_login_page] admin\class-loginshield-admin.php:87
WordPress Hooks 16
actionadmin_initadmin\class-loginshield-admin.php:76
filterplugin_action_links_loginshield/loginshield.phpadmin\class-loginshield-admin.php:79
filtertheme_page_templatesadmin\class-loginshield-admin.php:82
filterwp_insert_post_dataadmin\class-loginshield-admin.php:83
filtertemplate_includeadmin\class-loginshield-admin.php:84
actionrest_api_initincludes\class-loginshield-restapi.php:155
actionplugins_loadedincludes\class-loginshield.php:159
actionadmin_enqueue_scriptsincludes\class-loginshield.php:174
actionadmin_enqueue_scriptsincludes\class-loginshield.php:175
actionadmin_menuincludes\class-loginshield.php:180
actionshow_user_profileincludes\class-loginshield.php:185
actionedit_user_profileincludes\class-loginshield.php:186
actionwp_enqueue_scriptsincludes\class-loginshield.php:200
actionwp_enqueue_scriptsincludes\class-loginshield.php:201
actionrest_api_initincludes\class-loginshield.php:208
actionlogin_form_loginpublic\class-loginshield-public.php:65
Maintenance & Trust

LoginShield for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 7, 2022
PHP min version5.2
Downloads8K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

LoginShield for WordPress Alternatives

EMLG TFA

EMLG TFA

emlg-tfa

A
85

Two-factor authentication via out of band email

0 No CVEs
Secured WP

Secured WP

secured-wp

A
100

Add two-factor authentication (2FA) for all your users with this easy to use plugin. Harden your website login page. Add whole new layer of security.

0 No CVEs
WP 2FA – Two-factor authentication for WordPress

WP 2FA – Two-factor authentication for WordPress

wp-2fa

A
95

Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.

100K 9 CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)

miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)

miniorange-2-factor-authentication

A
90

miniOrange WP 2FA plugin adds an extra layer of security to your WordPress website by protecting user logins from unauthorized access, brute-force att …

10K 10 CVEs
Developer Profile

LoginShield for WordPress Developer Profile

Cryptium

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect LoginShield for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loginshield/admin/css/snackbar.css/wp-content/plugins/loginshield/admin/css/loginshield-admin.css/wp-content/plugins/loginshield/admin/js/snackbar.js/wp-content/plugins/loginshield/admin/js/realm-client-browser.js/wp-content/plugins/loginshield/admin/js/loginshield-admin.js/wp-content/plugins/loginshield/includes/util.php
Script Paths
/wp-content/plugins/loginshield/admin/js/snackbar.js/wp-content/plugins/loginshield/admin/js/realm-client-browser.js/wp-content/plugins/loginshield/admin/js/loginshield-admin.js
Version Parameters
loginshield/admin/css/snackbar.css?ver=loginshield/admin/css/loginshield-admin.css?ver=loginshield/admin/js/snackbar.js?ver=loginshield/admin/js/realm-client-browser.js?ver=loginshield/admin/js/loginshield-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
loginshield-formloginshield-btnloginshield-labelloginshield-inputloginshield-titleloginshield-textloginshield-setting-wraploginshield-setting-row+12 more
HTML Comments
<!-- START: LoginShield Login Form --><!-- END: LoginShield Login Form --><!-- START: LoginShield User Registration Form --><!-- END: LoginShield User Registration Form -->+5 more
Data Attributes
data-loginshield-actiondata-loginshield-noncedata-loginshield-redirectdata-loginshield-fielddata-loginshield-typedata-loginshield-token+3 more
JS Globals
loginShieldSettingAjaxloginshieldSettingAjax
REST Endpoints
/wp-json/loginshield/v1/auth/wp-json/loginshield/v1/register/wp-json/loginshield/v1/reset-password/wp-json/loginshield/v1/2fa/wp-json/loginshield/v1/settings
Shortcode Output
[loginshield_login_page]
FAQ

Frequently Asked Questions about LoginShield for WordPress