WP-Safety

Loginstyle Security & Risk Analysis

wordpress.org/plugins/loginstyle

Brand and customize your login page without any coding knowledge.

200 active installs v1.0.1 PHP + WP 3.8+ Updated Jun 16, 2016
accessadmincustom-loginloginloginstyle
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Loginstyle Safe to Use in 2026?

Generally Safe

Score 85/100

Loginstyle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin 'loginstyle' v1.0.1 presents a generally good security posture, particularly in its limited attack surface and adherence to core WordPress security practices. The absence of any known CVEs and the successful sanitization of identified taint flows are positive indicators. The presence of nonce and capability checks on its single AJAX handler further strengthens its defensive mechanisms.

However, there are areas for improvement. The most significant concern stems from the sole SQL query within the plugin not utilizing prepared statements. This exposes the plugin to potential SQL injection vulnerabilities if user-supplied data is directly incorporated into the query. Additionally, the low percentage of properly escaped output (5%) is a considerable risk, as it suggests a high probability of cross-site scripting (XSS) vulnerabilities in the plugin's presentation layer. While no critical taint flows or dangerous functions were identified, these output escaping deficiencies and the raw SQL query represent tangible security weaknesses.

In conclusion, 'loginstyle' v1.0.1 demonstrates a solid foundation with its restricted attack surface and use of WordPress security features. The lack of historical vulnerabilities is encouraging. Nevertheless, the plugin's security is undermined by the unescaped output and the raw SQL query. Addressing these specific code-level issues would significantly enhance its overall security and reduce the risk of common web application attacks.

Key Concerns

  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Loginstyle Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Loginstyle Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
129
7 escaped
Nonce Checks
1
Capability Checks
2
File Operations
6
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

5% escaped136 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
loginstyle_import_options (admin\loginstyle-admin.php:428)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Loginstyle Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_loginstyle_importadmin\loginstyle-admin.php:469
WordPress Hooks 14
actionadmin_initadmin\loginstyle-admin.php:8
actionadmin_menuadmin\loginstyle-admin.php:385
actionadmin_enqueue_scriptsadmin\loginstyle-admin.php:386
filterplugin_action_links_loginstyle/loginstyle.phpadmin\loginstyle-admin.php:406
filterupload_mimesadmin\loginstyle-admin.php:407
actionadmin_noticesadmin\loginstyle-admin.php:425
actionplugins_loadedloginstyle.php:46
filtergettextpublic\loginstyle-public.php:28
actionlogin_headpublic\loginstyle-public.php:59
actionlogin_enqueue_scriptspublic\loginstyle-public.php:89
filterlogin_redirectpublic\loginstyle-public.php:107
filterlogin_headerurlpublic\loginstyle-public.php:121
filterlogin_headertitlepublic\loginstyle-public.php:135
actionlogin_footerpublic\loginstyle-public.php:277
Maintenance & Trust

Loginstyle Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedJun 16, 2016
PHP min version
Downloads5K

Community Trust

Rating98/100
Number of ratings7
Active installs200
Alternatives

Loginstyle Alternatives

Loginizer

Loginizer

loginizer

A
87

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs
All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

A
96

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs
Ultimate Dashboard – Custom WordPress Dashboard

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

A
97

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs
Remove Dashboard Access

Remove Dashboard Access

remove-dashboard-access-for-non-admins

A
92

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs
Admin Custom Login

Admin Custom Login

admin-custom-login

A
98

Customize Your WordPress Login Screen Amazingly - Add Own Logo, Add Social Profiles, Login Form Positions, Background Image Slide Show

20K 2 CVEs
Developer Profile

Loginstyle Developer Profile

archtheme

1 plugin · 200 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Loginstyle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loginstyle/public/css/loginstyle-public.css/wp-content/plugins/loginstyle/public/js/loginstyle-public.js
Version Parameters
/wp-content/plugins/loginstyle/public/css/loginstyle-public.css?ver=/wp-content/plugins/loginstyle/public/js/loginstyle-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
loginstyle-backgroundloginstyle-form-wraploginstyle-social-iconsloginstyle-social-loginloginstyle-message-boxloginstyle-errorsloginstyle-form-rowloginstyle-label+7 more
Data Attributes
data-loginstyle
JS Globals
loginstyle_public_params
FAQ

Frequently Asked Questions about Loginstyle