WP-Safety

Secure Login Authorization Security & Risk Analysis

wordpress.org/plugins/secure-login-authorization

This plugin prevents unauthorized logins and sets time limits for users by using app authentication.

0 active installs v1.0.0 PHP + WP + Updated Dec 4, 2025
authorizationloginprotect-login-pagesecurity-pluginwp-admin
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Secure Login Authorization Safe to Use in 2026?

Generally Safe

Score 100/100

Secure Login Authorization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'secure-login-authorization' plugin v1.0.0 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all outputs, indicating a strong defense against common injection and XSS vulnerabilities. The absence of file operations, external HTTP requests, and known CVEs in its history further contributes to a relatively clean profile.

However, significant concerns arise from the attack surface. The plugin exposes 5 AJAX handlers, with 3 of them lacking any authentication checks. This is a critical oversight, as it allows unauthenticated users to potentially trigger these AJAX actions, opening the door for various exploits depending on what these handlers do. While no critical taint flows or dangerous functions were identified in static analysis, the presence of unprotected AJAX endpoints represents a tangible and immediate risk that could be exploited if these handlers perform sensitive operations.

In conclusion, while the plugin's adherence to secure coding practices like prepared statements and output escaping is commendable, the unprotected AJAX endpoints are a serious vulnerability. The lack of any recorded vulnerabilities in its history might suggest a small user base or that it has not been extensively scrutinized, but it does not negate the current risks identified in the static analysis. The plugin needs immediate attention to secure its AJAX handlers to achieve a robust security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
Vulnerabilities
None known

Secure Login Authorization Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Secure Login Authorization Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
85 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped85 total outputs
Attack Surface
3 unprotected

Secure Login Authorization Attack Surface

Entry Points8
Unprotected3

AJAX Handlers 5

authwp_ajax_itc_slawp_pause_authorization_allincludes\class-authorization.php:14
authwp_ajax_continue_authorization_allincludes\class-authorization.php:15
authwp_ajax_generate_qr_codeincludes\class-itc.php:64
authwp_ajax_itc_slawp_secure_login_authorization_dismissedincludes\class-itc.php:102
authwp_ajax_itc_slawp_secure_login_authorization_dismissed_alertincludes\class-itc.php:103

REST API Routes 3

POST/wp-json/secure-login-authorization/v1/authorizeincludes\class-authorization.php:25
GET/wp-json/secure-login-authorization/v1/authorizeincludes\class-authorization.php:36
POST/wp-json/secure-login-authorization/v1/force-logoutincludes\class-authorization.php:47
WordPress Hooks 25
actionadmin_noticesadmin\class-admin.php:12
actionadmin_noticesincludes\class-activator.php:55
actionrest_api_initincludes\class-authorization.php:9
actionadmin_initincludes\class-authorization.php:10
actionadmin_enqueue_scriptsincludes\class-authorization.php:11
filterauthenticateincludes\class-authorization.php:12
actionadmin_footerincludes\class-authorization.php:13
actionrest_api_initincludes\class-authorization.php:16
filterrest_authentication_errorsincludes\class-authorization.php:17
actionrest_api_initincludes\class-authorization.php:18
actionadmin_enqueue_scriptsincludes\class-hide-plugin.php:31
actionplugins_loadedincludes\class-itc.php:47
filterall_pluginsincludes\class-itc.php:71
actionadmin_menuincludes\class-itc.php:72
actionadmin_initincludes\class-itc.php:80
actioninitincludes\class-itc.php:88
actionadmin_enqueue_scriptsincludes\class-itc.php:97
actionadmin_enqueue_scriptsincludes\class-itc.php:98
actionadmin_menuincludes\class-itc.php:99
actionadmin_initincludes\class-itc.php:100
actionadmin_noticesincludes\class-itc.php:104
actionwp_enqueue_scriptsincludes\class-itc.php:109
actionwp_enqueue_scriptsincludes\class-itc.php:110
actionupdate_option_itc_slawp_secure_login_authorizationincludes\itc-rewrite-handler.php:7
actionitc_slawp_secure_login_authorization_plugin_reset_secretincludes\itc-rewrite-handler.php:8
Maintenance & Trust

Secure Login Authorization Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version
Downloads501

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Secure Login Authorization Alternatives

MM Login Customization

MM Login Customization

mm-login-customization

A
85

To hide admin login url by this plugin auto generated URL and make secure your site and it's data. You may frequenty change the URL for your site …

0 No CVEs
WP Ghost (Hide My WP Ghost) – Security & Firewall

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

A
92

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs
All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

A
96

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs
Change WordPress Login Logo

Change WordPress Login Logo

change-login-logo

A
91

Upload your logo for WordPress login page instead of the usual WordPress logo with simple settings.

20K 1 CVE
Add Logo to Admin

Add Logo to Admin

add-logo-to-admin

A
85

Add a custom logo to your wp-admin and login page.

7K No CVEs
Developer Profile

Secure Login Authorization Developer Profile

ideasToCode

5 plugins · 13K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
390 days
View full developer profile
Detection Fingerprints

How We Detect Secure Login Authorization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/secure-login-authorization/admin/css/itc-secure-login-authorization-admin.css/wp-content/plugins/secure-login-authorization/admin/js/itc-secure-login-authorization-admin.js
Script Paths
/wp-content/plugins/secure-login-authorization/admin/js/itc-secure-login-authorization-admin.js
Version Parameters
itc-secure-login-authorization-admin-css?ver=itc-secure-login-authorization-admin-js?ver=

HTML / DOM Fingerprints

JS Globals
ITC_QR_Code
REST Endpoints
/wp-json/itc-slawp/v1/auth
FAQ

Frequently Asked Questions about Secure Login Authorization