WP-Safety

Smart WP Login Security & Risk Analysis

wordpress.org/plugins/smart-wp-login

remove username, login, registration, password, authentication, wp-login, email, smart Requires at least: 3.1.0 Tested up to: 4.2.2 Stable tag: 1.0.

100 active installs v1.0.2 PHP + WP + Updated Jun 19, 2015
login-using-emailregistration-using-emailretrieve-password-using-email
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Smart WP Login Safe to Use in 2026?

Generally Safe

Score 85/100

Smart WP Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "smart-wp-login" v1.0.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, or external HTTP requests is commendable. The plugin also reports zero known vulnerabilities, which suggests a good track record. However, there are a few areas that warrant attention. The complete lack of nonce checks and capability checks across all entry points is a significant concern, as these are fundamental WordPress security mechanisms for preventing CSRF attacks and enforcing permissions. Furthermore, the 50% rate of improperly escaped output, while not catastrophic, could expose users to XSS vulnerabilities if the unescaped data originates from user input. The zero taint flows and attack surface are positive but don't fully mitigate the risks associated with missing core security checks.

Key Concerns

  • No nonce checks on entry points
  • No capability checks on entry points
  • 50% of outputs not properly escaped
Vulnerabilities
None known

Smart WP Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Smart WP Login Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

50% escaped4 total outputs
Attack Surface

Smart WP Login Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
filterauthenticateswpl_engine.php:30
actionlogin_form_loginswpl_engine.php:33
actionlogin_form_registerswpl_engine.php:40
filterregistration_errorsswpl_engine.php:43
actionlogin_headswpl_engine.php:54
actionlogin_footerswpl_engine.php:55
actionlogin_form_lostpasswordswpl_engine.php:61
actionlogin_form_retrievepasswordswpl_engine.php:62
filtergettextswpl_engine.php:131
filtergettextswpl_engine.php:186
actionlost_passwordswpl_engine.php:268
actionlost_passwordswpl_engine.php:273
filtergettextswpl_engine.php:280
actionadmin_enqueue_scriptsswpl_settings.php:49
actionadmin_menuswpl_settings.php:51
actionadmin_initswpl_settings.php:53
Maintenance & Trust

Smart WP Login Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedJun 19, 2015
PHP min version
Downloads8K

Community Trust

Rating60/100
Number of ratings4
Active installs100
Alternatives

Smart WP Login Alternatives

No alternatives data available yet.

Developer Profile

Smart WP Login Developer Profile

Nishant Kumar

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart WP Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-wp-login/assets/css/smart-wp-login.css/wp-content/plugins/smart-wp-login/assets/js/smart-wp-login.js
Script Paths
/wp-content/plugins/smart-wp-login/assets/js/smart-wp-login.js
Version Parameters
smart-wp-login/assets/css/smart-wp-login.css?ver=smart-wp-login/assets/js/smart-wp-login.js?ver=

HTML / DOM Fingerprints

CSS Classes
swpl-login-form-wrapswpl-login-form-inner
Data Attributes
data-swpl-login-options
JS Globals
swpl_login_object
FAQ

Frequently Asked Questions about Smart WP Login