WP-Safety

Secure Login Collector Security & Risk Analysis

wordpress.org/plugins/secure-login-collector

Secure way for agencies to receive client login credentials. Stop asking clients to send passwords via email.

0 active installs v2.0.7 PHP 7.4+ WP 6.2+ Updated Jan 27, 2026
credential-managementdata-securityloginpasswordpassword-collection
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Secure Login Collector Safe to Use in 2026?

Generally Safe

Score 100/100

Secure Login Collector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The secure-login-collector plugin v2.0.7 exhibits a generally good security posture with several strong practices observed. The complete absence of raw SQL queries and the high percentage of properly escaped output are positive indicators. The plugin also demonstrates a robust use of nonces and capability checks across most of its entry points, along with no recorded vulnerability history, suggesting a commitment to secure development.

However, concerns arise from the static analysis. Specifically, the presence of 2 AJAX handlers without authentication checks exposes potential vulnerabilities. Furthermore, the taint analysis revealed 5 high-severity flows with unsanitized paths, indicating a significant risk of data being processed without proper validation or sanitization, which could lead to various attacks if these paths are reachable. The large number of AJAX handlers (17 total) further amplifies the risk associated with the unprotected ones.

While the lack of historical CVEs is reassuring, the current taint analysis findings are a red flag. The plugin has strengths in its database interaction and output handling, but the identified unsanitized paths and unprotected AJAX endpoints represent significant weaknesses that require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • High severity flows with unsanitized paths
  • Bundled Freemius v1.0 library
Vulnerabilities
None known

Secure Login Collector Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Secure Login Collector Release Timeline

v2.0.7Current
v2.0.6
v2.0.5
v2.0.4
v2.0.3
Code Analysis
Analyzed Apr 16, 2026

Secure Login Collector Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
35 prepared
Unescaped Output
7
235 escaped
Nonce Checks
15
Capability Checks
17
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared35 total queries

Output Escaping

97% escaped242 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
search_box (includes/class-seculoco-list-table.php:493)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Secure Login Collector Attack Surface

Entry Points18
Unprotected2

AJAX Handlers 17

authwp_ajax_seculoco_get_encrypted_entryincludes/class-admin-interface.php:75
authwp_ajax_seculoco_get_encryption_infoincludes/class-admin-interface.php:76
authwp_ajax_seculoco_delete_entryincludes/class-admin-interface.php:77
authwp_ajax_seculoco_extend_entryincludes/class-admin-interface.php:78
authwp_ajax_seculoco_update_metadataincludes/class-admin-interface.php:79
authwp_ajax_seculoco_bulk_exportincludes/class-admin-interface.php:80
authwp_ajax_seculoco_get_public_keyincludes/class-encryption-handler-v2.php:87
noprivwp_ajax_seculoco_get_public_keyincludes/class-encryption-handler-v2.php:88
authwp_ajax_seculoco_get_wrapped_private_keyincludes/class-encryption-handler-v2.php:89
authwp_ajax_seculoco_initialize_free_keysincludes/class-encryption-handler-v2.php:90
authwp_ajax_seculoco_save_entry_v2includes/class-frontend-handler.php:78
noprivwp_ajax_seculoco_save_entry_v2includes/class-frontend-handler.php:79
authwp_ajax_seculoco_get_public_keyincludes/class-frontend-handler.php:82
noprivwp_ajax_seculoco_get_public_keyincludes/class-frontend-handler.php:83
authwp_ajax_seculoco_setup_password_encryptionincludes/class-settings-manager.php:44
authwp_ajax_seculoco_reset_password_encryptionincludes/class-settings-manager.php:45
authwp_ajax_seculoco_check_password_statusincludes/class-settings-manager.php:46

Shortcodes 1

[seculoco_form] includes/class-frontend-handler.php:74
WordPress Hooks 22
actionadmin_menuincludes/class-admin-interface.php:70
actionadmin_enqueue_scriptsincludes/class-admin-interface.php:71
actionload-toplevel_page_secure-login-collectorincludes/class-admin-interface.php:83
actionseculoco_cleanup_cronincludes/class-database-manager.php:50
actionwp_enqueue_scriptsincludes/class-frontend-handler.php:73
actionadmin_menuincludes/class-settings-manager.php:39
actionadmin_initincludes/class-settings-manager.php:40
actionadmin_enqueue_scriptsincludes/class-settings-manager.php:41
filterredirect_on_activationincludes/freemius-config.php:64
filterplugin_stringsincludes/freemius-config.php:78
actionadmin_enqueue_scriptsincludes/freemius-config.php:95
filtershow_admin_noticesincludes/freemius-config.php:101
actioninitincludes/freemius-config.php:105
filterconnect_messageincludes/freemius-hooks.php:32
filtertrial_promotion_messageincludes/freemius-hooks.php:51
actionadmin_noticesincludes/freemius-hooks.php:83
actionafter_uninstallincludes/freemius-uninstall.php:282
actionseculoco_fs_loadedincludes/freemius-uninstall.php:287
actionadmin_noticessecure-login-collector.php:27
actionadmin_noticessecure-login-collector.php:165
actionadmin_noticessecure-login-collector.php:166
actionplugins_loadedsecure-login-collector.php:373

Scheduled Events 1

seculoco_cleanup_cron
Maintenance & Trust

Secure Login Collector Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 27, 2026
PHP min version7.4
Downloads325

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Secure Login Collector Alternatives

Temporary Login Without Password

Temporary Login Without Password

temporary-login-without-password

A
100

Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username/password) with your developers or editors.

100K 1 CVE
Theme My Login

Theme My Login

theme-my-login

A
95

The ultimate login branding solution! Theme My Login offers matchless customization of your WordPress user experience!

60K 4 CVEs
Temporary Login

Temporary Login

temporary-login

A
86

Create a secure, temporary URL for easy access to your WP admin.

40K 1 CVE
Google Authenticator

Google Authenticator

google-authenticator

A
100

Google Authenticator for your WordPress blog.

20K 1 CVE
Frontend Reset Password

Frontend Reset Password

frontend-reset-password

A
100

Let your users reset their forgotten passwords from the frontend of your website.

10K No CVEs
Developer Profile

Secure Login Collector Developer Profile

Mike Miler

2 plugins · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Secure Login Collector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/secure-login-collector/assets/js/seculoco-frontend.js/wp-content/plugins/secure-login-collector/assets/css/seculoco-frontend.css
Script Paths
/wp-content/plugins/secure-login-collector/assets/js/seculoco-frontend.js
Version Parameters
secure-login-collector/assets/js/seculoco-frontend.js?ver=secure-login-collector/assets/css/seculoco-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
seculoco-login-form
HTML Comments
<!-- Secure Login Collector --><!-- BEGIN SECURE LOGIN COLLECTOR FORM --><!-- END SECURE LOGIN COLLECTOR FORM -->
Data Attributes
data-seculoco-noncedata-seculoco-ajax-url
JS Globals
seculocoFrontend
REST Endpoints
/wp-json/seculoco/v1/collect_login
Shortcode Output
[secure_login_collector]
FAQ

Frequently Asked Questions about Secure Login Collector