Does SP Move Login have any unpatched vulnerabilities?

No. All known vulnerabilities in SP Move Login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SP Move Login compatible with WordPress 6.9.4?

According to WordPress.org data, SP Move Login 2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SP Move Login compatible with PHP 8.0+?

SP Move Login requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SP Move Login updated?

SP Move Login was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is SP Move Login's security score?

SP Move Login has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SP Move Login Security & Risk Analysis

wordpress.org/plugins/sf-move-login

Move your WordPress login page to protect it from bots. This plugin contains the Move Login module from SecuPress. Other security modules are availabl …

7K active installs v2.6 PHP 8.0+ WP 6.7+ Updated Dec 2, 2025

loginmove-loginsecuritysecurity-pluginwordpress-security

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SP Move Login Safe to Use in 2026?

Generally Safe

Score 100/100

SP Move Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The sf-move-login plugin v2.6 presents a generally positive security posture based on the provided static analysis. The plugin has a minimal attack surface, with only one AJAX handler, and importantly, this handler appears to be protected. The absence of known vulnerabilities in its history is a significant strength, suggesting a history of responsible development and patching. Furthermore, the presence of capability checks and a reasonable number of nonce checks on its entry points are good security practices.

However, there are areas of concern that warrant attention. The output escaping is a notable weakness, with less than half of all outputs being properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. Additionally, the taint analysis revealed six flows with unsanitized paths. While no critical or high severity issues were flagged in the taint analysis, unsanitized paths are a precursor to potential vulnerabilities, especially when combined with the output escaping issue. The SQL query practice, while generally using prepared statements, still has a significant portion that doesn't, which could pose a risk if these queries are exposed to user input.

In conclusion, while sf-move-login v2.6 benefits from a small attack surface and a clean vulnerability history, the significant percentage of unescaped output and the presence of unsanitized paths in the taint analysis indicate potential risks. Addressing these specific code-level concerns will be crucial for further strengthening its security.

Key Concerns

Unsanitized paths in taint analysis
Low percentage of properly escaped output
SQL queries not using prepared statements

Vulnerabilities

None known

SP Move Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SP Move Login Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

172

144 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

68% prepared25 total queries

Output Escaping

46% escaped316 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths

movelogin_scanit_async (free\admin\functions\scan-fix.php:91)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SP Move Login Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_sanitize_move_login_slugfree\admin\ajax-post-callbacks.php:8

WordPress Hooks 43

filteradmin_page_access_deniedfree\admin\admin.php:8

actionmovelogin.loadedfree\admin\admin.php:26

filtermovelogin.settings.helpfree\admin\admin.php:65

filtermovelogin.settings.descriptionfree\admin\admin.php:66

filterpre_http_requestfree\admin\admin.php:70

filtermanage_plugins_custom_columnfree\admin\admin.php:85

actionadmin_post_nopriv_movelogin_unlock_adminfree\admin\ajax-post-callbacks.php:42

actionadmin_post_nopriv_movelogin_deactivate_modulefree\admin\ajax-post-callbacks.php:111

actionadmin_enqueue_scriptsfree\admin\functions\admin.php:19

actionadmin_noticesfree\admin\functions\admin.php:122

actionadmin_footerfree\admin\functions\scan-fix.php:202

actionadmin_initfree\admin\options.php:8

actiondoing_dark_modefree\admin\settings.php:8

actionadmin_enqueue_scriptsfree\admin\settings.php:22

actionmovelogin.first_installfree\admin\upgrader.php:79

actionadmin_footerfree\classes\settings\class-movelogin-settings.php:619

filterwp_login_errorsfree\functions\common.php:2408

actionwpfree\functions\hotfixes.php:6

filterwp_robotsfree\functions\hotfixes.php:17

filterwp_robotsfree\functions\hotfixes.php:18

filterdoing_it_wrong_trigger_errorfree\functions\hotfixes.php:21

filtersite_urlfree\modules\users-login\plugins\move-login.php:103

filternetwork_site_urlfree\modules\users-login\plugins\move-login.php:135

filterlogout_urlfree\modules\users-login\plugins\move-login.php:159

filterlostpassword_urlfree\modules\users-login\plugins\move-login.php:175

filterwp_redirectfree\modules\users-login\plugins\move-login.php:191

filterupdate_welcome_emailfree\modules\users-login\plugins\move-login.php:235

actionlogin_headfree\modules\users-login\plugins\move-login.php:345

filteruser_request_action_email_contentfree\modules\users-login\plugins\move-login.php:360

filterrewrite_rules_arrayfree\modules\users-login\plugins\move-login.php:395

actionlogin_initfree\modules\users-login\plugins\move-login.php:418

actionsecure_auth_redirectfree\modules\users-login\plugins\move-login.php:419

actionwpfree\modules\users-login\plugins\move-login.php:501

actionsetup_themefree\modules\users-login\plugins\move-login.php:549

filterdetermine_localefree\modules\users-login\plugins\move-login.php:561

filterregister_urlfree\modules\users-login\plugins\move-login.php:580

filterwp_login_errorsfree\modules\users-login\plugins\move-login.php:601

actionpre_get_usersfree\modules\users-login\tools.php:307

filterauthenticatefree\modules\users-login\tools.php:449

actioninitsf-move-login.php:58

actionplugins_loadedsf-move-login.php:70

actionmovelogin.loadedsf-move-login.php:118

filterload_textdomain_mofilesf-move-login.php:376

Maintenance & Trust

SP Move Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version8.0

Downloads147K

Community Trust

Rating86/100

Number of ratings43

Active installs7K

Alternatives

SP Move Login Alternatives

Virus Finder

virus-finder

100

Find viruses in your WordPress easily. Virus scan, malware finder.

100 No CVEs

SecuPress with Simple SSL – Simple and Performant Security

secupress

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

40K 6 CVEs

WebDefender Security – Protection & AntiSpam

cwis-antivirus-malware-detected

100

PRO Security – Antivirus Scanner, 2-Layer Protection Hide Security, Brute Force Security & Antispam, Security Website and Security Hardening.

1K No CVEs

SiteLock Security – WP Hardening, Login Security & Malware Scans

sitelock

Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.

1K 2 CVEs

SX User Name Security

user-name-security

100

SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di …

1K No CVEs

Developer Profile

SP Move Login Developer Profile

SecuPress

2 plugins · 47K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

177 days

View full developer profile

Detection Fingerprints

How We Detect SP Move Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sf-move-login/free/front/css/move-login.css/wp-content/plugins/sf-move-login/free/front/js/move-login.js/wp-content/plugins/sf-move-login/assets/admin/css/admin-bar.css/wp-content/plugins/sf-move-login/assets/admin/css/settings.css/wp-content/plugins/sf-move-login/assets/admin/js/settings.js/wp-content/plugins/sf-move-login/assets/admin/js/move-login.js

Script Paths

/wp-content/plugins/sf-move-login/free/front/js/move-login.js/wp-content/plugins/sf-move-login/assets/admin/js/settings.js/wp-content/plugins/sf-move-login/assets/admin/js/move-login.js

Version Parameters

sf-move-login/free/front/css/move-login.css?ver=sf-move-login/free/front/js/move-login.js?ver=sf-move-login/assets/admin/css/admin-bar.css?ver=sf-move-login/assets/admin/css/settings.css?ver=sf-move-login/assets/admin/js/settings.js?ver=sf-move-login/assets/admin/js/move-login.js?ver=

HTML / DOM Fingerprints

CSS Classes

movelogin-settingsmove-login-content

Data Attributes

data-movelogin-activation

JS Globals

movelogin_vars

FAQ