Does Secure Login have any unpatched vulnerabilities?

No. All known vulnerabilities in Secure Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Secure Login compatible with WordPress 4.1.42?

According to WordPress.org data, Secure Login 1.0.4 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Secure Login updated?

Secure Login was last updated on Dec 20, 2014. Frequent updates are generally a positive security signal.

What is Secure Login's security score?

Secure Login has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Secure Login Security & Risk Analysis

wordpress.org/plugins/secure-login

Secure, 2 step Verification for WordPress login, via One Time Pin (OTP).

10 active installs v1.0.4 PHP + WP 3.9+ Updated Dec 20, 2014

2-steploginsafetysecureverification

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Secure Login Safe to Use in 2026?

Generally Safe

Score 85/100

Secure Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The secure-login plugin version 1.0.4 exhibits a mixed security posture. On the positive side, it boasts a zero attack surface from common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, with no unprotected entry points identified. Furthermore, the plugin has no recorded vulnerability history, including critical or high severity CVEs, suggesting a history of relative stability. However, significant concerns arise from the static analysis. The presence of dangerous functions like 'unserialize' and 'create_function' is a red flag, as these can be exploited if user-supplied data is not meticulously validated and sanitized. The low percentage of properly escaped output (44%) also indicates a risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the application that are then rendered by users' browsers. The complete lack of nonce checks and capability checks, coupled with the identification of dangerous functions, creates a substantial risk of unauthorized actions and privilege escalation, especially if any of the (currently unexposed) entry points were to become accessible or if the dangerous functions were to process untrusted input.

Key Concerns

Dangerous functions found (unserialize, create_function)
Low percentage of properly escaped output
No nonce checks found
No capability checks found

Vulnerabilities

None known

Secure Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Secure Login Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize( $login_attempt->user_obj );includes\authenticate.php:7

create_functionadd_filter( 'login_message', create_function( '', "return '<div id=\"login_error\">$message</div>';"secure-login.php:115

unserialize$user = unserialize( $login_attempt->user_obj );templates\verify-login.php:36

unserialize$user = unserialize( $login_attempt->user_obj );templates\verify-login.php:87

SQL Query Safety

80% prepared5 total queries

Output Escaping

44% escaped16 total outputs

Attack Surface

Secure Login Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_menuadmin\page-settings.php:24

actionadmin_initadmin\page-settings.php:100

actioninitincludes\rewrite-rules.php:5

filterquery_varsincludes\rewrite-rules.php:12

actionparse_requestincludes\rewrite-rules.php:20

filterauthenticatesecure-login.php:27

filterlogin_messagesecure-login.php:115

actionlogin_headsecure-login.php:118

actionadmin_enqueue_scriptssecure-login.php:125

actionsl_otp_sendtemplates\verify-login.php:113

Maintenance & Trust

Secure Login Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 20, 2014

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Secure Login Alternatives

Real Protection & Safegaurd OTP

real-protection-otp

Safeguard is an SMS & Email based OTP service provider plugin. Also available woocommerce transactional alert.

0 No CVEs

WP Secure Login

wp-secure-login

WP Secure Login adds a security layer and 2 step authentication to your WordPress site by asking a One Time Password in addition to the username and p …

10 No CVEs

Temporary Login Without Password

temporary-login-without-password

100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE

BulletProof Security

bulletproof-security

WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...

30K 12 CVEs

Login rebuilder

This plugin will create a new login page for your site. You can also create separate login pages for administrators and for other users.

20K 2 CVEs

Developer Profile

Secure Login Developer Profile

David Leonard

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Secure Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/secure-login/admin/css/style.css

Version Parameters

/secure-login/admin/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

login_error

HTML Comments

Protect from alien invasion

FAQ