WP-Safety

SI 2FA Login Security Security & Risk Analysis

wordpress.org/plugins/si-2fa-login-security

Secure WordPress login with SI 2FA Login Security - supports WP, Woo + other login forms, TOTP (Google Authenticator, Authy, etc.)

0 active installs v1.2 PHP 7.4+ WP 6.2+ Updated Mar 5, 2025
2-factor-authentication2famulti-step-authenticationtwo-factor-authenticationwordpress-authentication
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SI 2FA Login Security Safe to Use in 2026?

Generally Safe

Score 92/100

SI 2FA Login Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "si-2fa-login-security" plugin v1.2 exhibits a generally strong security posture with several good practices in place. The complete absence of known CVEs and a commitment to prepared statements for all SQL queries are significant strengths. The plugin also demonstrates good attention to output escaping and nonce checks, with a high percentage of outputs being properly escaped. However, the presence of one AJAX handler without authentication checks is a notable concern, representing a direct entry point that could potentially be exploited if not handled with extreme care by the application logic. While the taint analysis did not reveal critical or high severity unsanitized paths, the two flows with unsanitized paths warrant further investigation to ensure no potential for path traversal or other file system-related vulnerabilities exists. Overall, the plugin is well-developed from a security perspective, but the unauthenticated AJAX endpoint is a clear weakness that requires attention.

Key Concerns

  • AJAX handler without authentication check
  • Flows with unsanitized paths found in taint analysis
Vulnerabilities
None known

SI 2FA Login Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SI 2FA Login Security Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
20
170 escaped
Nonce Checks
10
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

89% escaped190 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths
log_incorrect_tfa_code_attempt (includes\mfa-provider-totp.php:251)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

SI 2FA Login Security Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 4

authwp_ajax_save_si2flose_settingincludes\mfa-provider-totp.php:45
authwp_ajax_get_si2flose_current_otpincludes\mfa-provider-totp.php:50
noprivwp_ajax_get_si2flose_inputboxincludes\mfa-provider-totp.php:52
noprivwp_ajax_get_si2flose_login_securityincludes\mfa-provider-totp.php:54

Shortcodes 1

[si2flose_twofactor_user_settings] includes\mfa-provider-totp.php:57
WordPress Hooks 15
filterauthenticateincludes\mfa-provider-totp.php:59
filterupload_dirincludes\mfa-provider-totp.php:666
filterset-screen-optionincludes\si-user-login-logs.php:7
actionall_admin_noticessi-2fa-login-security.php:60
actionall_admin_noticessi-2fa-login-security.php:65
actionwp_enqueue_scriptssi-2fa-login-security.php:70
actionadmin_enqueue_scriptssi-2fa-login-security.php:71
actionlogin_enqueue_scriptssi-2fa-login-security.php:72
actionadmin_menusi-2fa-login-security.php:75
actionwp_footersi-2fa-login-security.php:78
actionadmin_footersi-2fa-login-security.php:79
actionadmin_initsi-2fa-login-security.php:81
actionmanage_users_columnssi-2fa-login-security.php:92
actionwpmu_users_columnssi-2fa-login-security.php:93
actionmanage_users_custom_columnsi-2fa-login-security.php:94
Maintenance & Trust

SI 2FA Login Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 5, 2025
PHP min version7.4
Downloads589

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SI 2FA Login Security Alternatives

WP 2FA – Two-factor authentication for WordPress

WP 2FA – Two-factor authentication for WordPress

wp-2fa

A
95

Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.

100K 9 CVEs
EMLG TFA

EMLG TFA

emlg-tfa

A
85

Two-factor authentication via out of band email

0 No CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)

miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)

miniorange-2-factor-authentication

A
90

miniOrange WP 2FA plugin adds an extra layer of security to your WordPress website by protecting user logins from unauthorized access, brute-force att …

10K 10 CVEs
Two Factor (2FA) Authentication via Email

Two Factor (2FA) Authentication via Email

two-factor-2fa-via-email

A
99

Enable one-click login with this WordPress Two-Factor Authentication (2FA) plugin, utilizing email for added security.

9K 1 CVE
Developer Profile

SI 2FA Login Security Developer Profile

Stroke Infotech

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SI 2FA Login Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap-grid.css/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap-grid.min.css/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap-reboot.css/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap-reboot.min.css/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap.css/wp-content/plugins/si-2fa-login-security/assets/css/bootstrap.min.css/wp-content/plugins/si-2fa-login-security/assets/css/css/fontawesome-all.min.css/wp-content/plugins/si-2fa-login-security/assets/css/js/jquery.min.js+5 more
Script Paths
/wp-content/plugins/si-2fa-login-security/assets/js/backend/general.js/wp-content/plugins/si-2fa-login-security/assets/js/backend/login-log.js/wp-content/plugins/si-2fa-login-security/assets/js/backend/user-settings.js/wp-content/plugins/si-2fa-login-security/assets/js/frontend/login.js
Version Parameters
si-2fa-login-security/assets/css/bootstrap-grid.css?ver=si-2fa-login-security/assets/css/bootstrap-grid.min.css?ver=si-2fa-login-security/assets/css/bootstrap-reboot.css?ver=si-2fa-login-security/assets/css/bootstrap-reboot.min.css?ver=si-2fa-login-security/assets/css/bootstrap.css?ver=si-2fa-login-security/assets/css/bootstrap.min.css?ver=si-2fa-login-security/assets/css/css/fontawesome-all.min.css?ver=si-2fa-login-security/assets/css/js/jquery.min.js?ver=si-2fa-login-security/assets/css/style.css?ver=si-2fa-login-security/assets/js/backend/general.js?ver=si-2fa-login-security/assets/js/backend/login-log.js?ver=si-2fa-login-security/assets/js/backend/user-settings.js?ver=si-2fa-login-security/assets/js/frontend/login.js?ver=

HTML / DOM Fingerprints

CSS Classes
si2flose-login-page-wrappersi2flose-user-login-logs-listsi2flose_user_settingssi2flose-2fa-setup-qrsi2flose-2fa-status-badgesi2flose-admin-users-columnsi2flose-2fa-option-wrapper
HTML Comments
<!-- SI 2FA Login Security Footer Script --><!-- SI 2FA Login Security Admin Footer Script -->
Data Attributes
data-nonce-fielddata-nonce-actiondata-nonce-namedata-user-iddata-login-log-id
JS Globals
si2flose_ajax_object
FAQ

Frequently Asked Questions about SI 2FA Login Security