WP-Login and WP-Admin Whitelist Security & Risk Analysis
wordpress.org/plugins/swiftninjapro-wp-login-whitelist-ipA Plugin That only allows whitelisted IP's, or optionally whitelisted browsers, to access wp-login, or optionally wp-admin.
Is WP-Login and WP-Admin Whitelist Safe to Use in 2026?
Generally Safe
Score 85/100WP-Login and WP-Admin Whitelist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "swiftninjapro-wp-login-whitelist-ip" plugin version 1.11.1 demonstrates a generally good security posture, with no known CVEs and a complete lack of critical or high severity issues in its vulnerability history. The static analysis reveals good practices such as using prepared statements for all SQL queries and performing capability checks for critical operations. However, there are some areas for concern. The plugin has a low number of entry points, with none found to be unprotected, which is positive. Despite this, the taint analysis flagged one flow with unsanitized paths, which, while not rated as critical or high severity, represents a potential avenue for unexpected behavior or information disclosure if exploited. Furthermore, the output escaping is only 63% properly escaped, indicating a moderate risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining outputs. The absence of nonce checks on the identified entry point is also a weakness, potentially allowing for Cross-Site Request Forgery (CSRF) attacks if the shortcode's functionality can be triggered maliciously.
Key Concerns
- Taint flow with unsanitized path
- Moderate unescaped output risk
- Missing nonce check on entry point
WP-Login and WP-Admin Whitelist Security Vulnerabilities
WP-Login and WP-Admin Whitelist Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WP-Login and WP-Admin Whitelist Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
WP-Login and WP-Admin Whitelist Maintenance & Trust
Maintenance Signals
Community Trust
WP-Login and WP-Admin Whitelist Alternatives
Unauthorised Login Redirect
unauthorised-login-redirect
This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL.
Admin Login Hide – PTI
admin-login-hide-pti
Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.
Admin Allow by IP
admin-allow-by-ip
Protect your admin form hackers!. You can allow your wp-admin for specific IP(s).
Basic Auth for WP-Admin
basic-auth-for-wp-admin
Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.
Secure WordPress Admin – Change & Hide Login URL
change-hide-login-url
Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin …
WP-Login and WP-Admin Whitelist Developer Profile
7 plugins · 710 total installs
How We Detect WP-Login and WP-Admin Whitelist
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/swiftninjapro-wp-login-whitelist-ip/assets/style.css/wp-content/plugins/swiftninjapro-wp-login-whitelist-ip/assets/script.js/wp-content/plugins/swiftninjapro-wp-login-whitelist-ip/assets/script.jsswiftninjapro-wp-login-whitelist-ip/assets/style.css?ver=swiftninjapro-wp-login-whitelist-ip/assets/script.js?ver=HTML / DOM Fingerprints
<!-- BEGIN SwiftNinjaPro Whitelist Login IP --><!-- END SwiftNinjaPro Whitelist Login IP -->window.SwiftNinjaProWhitelistLoginIPSwiftNinjaProWhitelistLoginIP[wp-login-recovery-page]