Does LoginWP (Formerly Peter's Login Redirect) have any unpatched vulnerabilities?

No. All known vulnerabilities in LoginWP (Formerly Peter's Login Redirect) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LoginWP (Formerly Peter's Login Redirect) compatible with WordPress 6.9.4?

According to WordPress.org data, LoginWP (Formerly Peter's Login Redirect) 3.0.8.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LoginWP (Formerly Peter's Login Redirect) compatible with PHP 7.4+?

LoginWP (Formerly Peter's Login Redirect) requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LoginWP (Formerly Peter's Login Redirect) updated?

LoginWP (Formerly Peter's Login Redirect) was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is LoginWP (Formerly Peter's Login Redirect)'s security score?

LoginWP (Formerly Peter's Login Redirect) has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoginWP (Formerly Peter's Login Redirect) Security & Risk Analysis

wordpress.org/plugins/peters-login-redirect

Redirect users to different locations after they log in, log out and register based on different conditions.

90K active installs v3.0.8.8 PHP 7.4+ WP 4.9+ Updated Dec 11, 2025

after-registration-redirectlogin-redirectlogout-redirect

A · Safe

CVEs total3

Unpatched0

Last CVENov 8, 2021

Plugin page Download

Safety Verdict

Is LoginWP (Formerly Peter's Login Redirect) Safe to Use in 2026?

Generally Safe

Score 98/100

LoginWP (Formerly Peter's Login Redirect) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 8, 2021Updated 3mo ago

Risk Assessment

The 'peters-login-redirect' plugin, version 3.0.8.8, presents a mixed security posture. While the static analysis shows a good number of defensive measures like nonce and capability checks, the output escaping is a significant concern, with only 48% of outputs being properly escaped. This could leave the plugin vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not handled with sufficient care. The SQL query preparedness is also not ideal, with 45% of queries not using prepared statements, which could introduce SQL injection risks. The plugin's vulnerability history is notable, with 3 past CVEs, including one high severity XSS and two medium severity vulnerabilities. The absence of currently unpatched vulnerabilities is positive, but the recurring nature of XSS and CSRF in its history suggests a pattern of input validation and output sanitization weaknesses that have been exploited previously.

Despite the presence of many security checks, the code signals for output escaping and SQL query preparedness raise red flags. The attack surface is primarily composed of AJAX handlers, all of which appear to have authentication checks, which is a positive sign. However, the lack of robust sanitization and escaping mechanisms creates potential entry points for attackers. The vulnerability history further reinforces the need for caution, as past issues point to fundamental security flaws that may not be entirely resolved in this version. Overall, while the plugin attempts to implement security controls, the identified weaknesses in output sanitization and SQL practices, combined with its vulnerability history, indicate a moderate to high risk of exploitation.

Key Concerns

Output escaping is only 48% properly escaped
55% of SQL queries use prepared statements (45% don't)
1 High severity CVE in vulnerability history
2 Medium severity CVEs in vulnerability history

Vulnerabilities

LoginWP (Formerly Peter's Login Redirect) Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2019

2019

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2021-24939medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting via rul_login_url, rul_logout_url Parameter

Nov 8, 2021 Patched in 3.0.0.5 (806d)

CVE-2019-15115high · 8.8Cross-Site Request Forgery (CSRF)

LoginWP <= 2.9.1 - Multiple Cross-Site Request Forgery vulnerabilities

Feb 23, 2019 Patched in 2.9.2 (1795d)

CVE-2016-10925medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LoginWP < 2.9.1 - Cross-Site Scripting

Aug 11, 2016 Patched in 2.9.1 (2927d)

Code Analysis

Analyzed Mar 16, 2026

LoginWP (Formerly Peter's Login Redirect) Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

157

144 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

55% prepared33 total queries

Output Escaping

48% escaped301 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

loginwp_activate_free_license (src\core\src\Admin\Admin.php:287)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LoginWP (Formerly Peter's Login Redirect) Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_loginwp_activate_pluginsrc\core\src\Admin\FuseWP.php:26

authwp_ajax_loginwp_install_pluginsrc\core\src\Admin\FuseWP.php:27

authwp_ajax_loginwp_fusewp_page_check_plugin_statussrc\core\src\Admin\FuseWP.php:30

authwp_ajax_loginwp_activate_pluginsrc\core\src\Admin\ProfilePress.php:26

authwp_ajax_loginwp_install_pluginsrc\core\src\Admin\ProfilePress.php:27

authwp_ajax_loginwp_profilepress_page_check_plugin_statussrc\core\src\Admin\ProfilePress.php:30

WordPress Hooks 54

actionloginwp_register_menu_pagesrc\core\src\Admin\AbstractSettingsPage.php:9

actionadmin_enqueue_scriptssrc\core\src\Admin\Admin.php:14

filteradmin_footer_textsrc\core\src\Admin\Admin.php:16

actionadmin_menusrc\core\src\Admin\Admin.php:18

filterplugin_row_metasrc\core\src\Admin\Admin.php:24

filterremovable_query_argssrc\core\src\Admin\Admin.php:26

actionadmin_initsrc\core\src\Admin\Admin.php:30

actionadmin_initsrc\core\src\Admin\Admin.php:33

filteradmin_body_classsrc\core\src\Admin\Admin.php:52

actionadmin_noticessrc\core\src\Admin\Admin.php:54

actionadmin_noticessrc\core\src\Admin\Admin.php:55

actionadmin_noticessrc\core\src\Admin\Admin.php:56

actionadmin_initsrc\core\src\Admin\Admin.php:57

actionadmin_noticessrc\core\src\Admin\Admin.php:328

actionadmin_noticessrc\core\src\Admin\Admin.php:340

actionadmin_noticessrc\core\src\Admin\Admin.php:357

actionadmin_noticessrc\core\src\Admin\Admin.php:370

actionloginwp_admin_hookssrc\core\src\Admin\FuseWP.php:22

actionadmin_initsrc\core\src\Admin\FuseWP.php:38

actionadmin_enqueue_scriptssrc\core\src\Admin\FuseWP.php:39

actionadmin_initsrc\core\src\Admin\ProfilePress.php:38

actionadmin_enqueue_scriptssrc\core\src\Admin\ProfilePress.php:39

actionadmin_initsrc\core\src\Admin\RedirectionsPage.php:22

actionadmin_initsrc\core\src\Admin\RedirectionsPage.php:23

actionloginwp_admin_settings_page_rulessrc\core\src\Admin\RedirectionsPage.php:24

filterset-screen-optionsrc\core\src\Admin\RedirectionsPage.php:27

filterset_screen_option_rules_per_pagesrc\core\src\Admin\RedirectionsPage.php:28

filterscreen_options_show_screensrc\core\src\Admin\RedirectionsPage.php:126

actionwp_cspa_before_closing_headersrc\core\src\Admin\RedirectionsPage.php:159

actionwp_cspa_main_content_areasrc\core\src\Admin\RedirectionsPage.php:160

actionadmin_footersrc\core\src\Admin\RedirectionsPage.php:193

actionadmin_noticessrc\core\src\Admin\RedirectionsPage.php:461

actionloginwp_admin_settings_page_generalsrc\core\src\Admin\SettingsPage.php:13

actionadmin_initsrc\core\src\Admin\SettingsPage.php:17

actionmedia_buttonssrc\core\src\Admin\SettingsPageApi.php:801

actionadd_meta_boxessrc\core\src\Admin\views\include.view.php:12

actionadd_meta_boxessrc\core\src\Admin\views\include.view.php:23

actionadd_meta_boxessrc\core\src\Admin\views\include.view.php:36

filterwpmu_drop_tablessrc\core\src\Core.php:25

actionactivate_blogsrc\core\src\Core.php:26

actionwpmu_new_blogsrc\core\src\Core.php:31

actionwp_initialize_sitesrc\core\src\Core.php:33

actionadmin_initsrc\core\src\Core.php:36

filterallowed_redirect_hostssrc\core\src\Helpers.php:204

actionadmin_noticessrc\core\src\MoAdminNotice.php:9

actionnetwork_admin_noticessrc\core\src\MoAdminNotice.php:10

actionadmin_initsrc\core\src\MoAdminNotice.php:12

actioninitsrc\core\src\Redirections\Redirections.php:11

filterlogin_redirectsrc\core\src\Redirections\Redirections.php:12

filterregistration_redirectsrc\core\src\Redirections\Redirections.php:13

filterlogout_redirectsrc\core\src\Redirections\Redirections.php:14

actionwp_logoutsrc\core\src\Redirections\Redirections.php:16

actionwp_login_failedsrc\core\src\Redirections\Redirections.php:25

actioninitwplogin_redirect.php:21

Maintenance & Trust

LoginWP (Formerly Peter's Login Redirect) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version7.4

Downloads2.7M

Community Trust

Rating96/100

Number of ratings492

Active installs90K

Alternatives

LoginWP (Formerly Peter's Login Redirect) Alternatives

WP Login and Logout Redirect

wp-login-and-logout-redirect

This plugin enable simple and easy way to redirect user to your chosen page URL after login or logout or both.

6K 1 CVE

Sky Login Redirect

sky-login-redirect

100

Control where users land after login/logout. Redirect by role, user, or previous page. Includes a powerful login customizer and WooCommerce support.

2K No CVEs

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control)

powerup

100

Simplify site management with Login/Logout Redirect, Hide Admin Bar, Disable Comments, Header Footer Scripts and Remove Footer Credit.

200 No CVEs

WC Quick Customer Redirects

wc-quick-customer-redirects

100

This plugin lets you set custom page redirects for customers after registration, login, logout actions.

30 No CVEs

VS Custom Redirects

very-simple-custom-redirects

100

With this lightweight plugin you can set a custom page redirect for the default Login, Logout, Register and Lost Password feature.

10 No CVEs

Developer Profile

LoginWP (Formerly Peter's Login Redirect) Developer Profile

Marketing Fire

4 plugins · 212K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

643 days

View full developer profile

Detection Fingerprints

How We Detect LoginWP (Formerly Peter's Login Redirect)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/peters-login-redirect/assets/css/admin.css/wp-content/plugins/peters-login-redirect/assets/js/admin.js

Script Paths

/wp-content/plugins/peters-login-redirect/assets/js/admin.js

Version Parameters

peters-login-redirect/assets/css/admin.css?ver=peters-login-redirect/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

loginwp-admin

JS Globals

loginwp_globals

FAQ