WP-Safety

Swipe Security & Risk Analysis

wordpress.org/plugins/swipe

The Swipe plugin allows you too securely login into Wordpress giving you 2-factor authentication without the hassle of one-time codes.

10 active installs v1.4 PHP 5.2.4+ WP 4.0+ Updated Sep 25, 2019
authenticateclefloginsecuritytwo-factor-auth
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Swipe Safe to Use in 2026?

Generally Safe

Score 85/100

Swipe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "swipe" v1.4 plugin presents a significant security risk due to a large number of unprotected AJAX handlers. With 14 AJAX handlers identified and 13 of them lacking proper authentication checks, there's a high likelihood of unauthorized actions being performed. This is further exacerbated by the taint analysis, which reveals 9 flows with unsanitized paths and rated as high severity, indicating potential for malicious input to be processed insecurely. While the plugin has no recorded vulnerability history, this absence does not negate the substantial security concerns identified in the code. The plugin also exhibits poor SQL query sanitization, with 100% of its SQL queries not using prepared statements, increasing the risk of SQL injection vulnerabilities. Despite the lack of external HTTP requests and file operations, the critical issues with AJAX handlers and taint analysis create a concerning security posture.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • SQL queries without prepared statements
  • Low output escaping coverage
  • Low nonce check coverage
Vulnerabilities
None known

Swipe Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Swipe Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Swipe Code Analysis

Dangerous Functions
0
Raw SQL Queries
20
0 prepared
Unescaped Output
67
23 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared20 total queries

Output Escaping

26% escaped90 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

12 flows9 with unsanitized paths
wp_ajax_swipe_save_settings (controller.php:473)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Swipe Attack Surface

Entry Points14
Unprotected13

AJAX Handlers 14

noprivwp_ajax_swipe_check_appcontroller.php:10
authwp_ajax_swipe_check_appcontroller.php:11
noprivwp_ajax_qr_verifycontroller.php:14
noprivwp_ajax_qr_logoutcontroller.php:15
authwp_ajax_qr_logoutcontroller.php:16
noprivwp_ajax_swipe_logscontroller.php:17
authwp_ajax_swipe_logscontroller.php:18
noprivwp_ajax_swipe_check_logoutcontroller.php:19
authwp_ajax_swipe_check_logoutcontroller.php:20
authwp_ajax_who_iscontroller.php:22
noprivwp_ajax_who_iscontroller.php:23
authwp_ajax_swipe_save_settingscontroller.php:24
authwp_ajax_swipe_view_qr_userscontroller.php:27
authwp_ajax_swipe_view_app_userscontroller.php:28
WordPress Hooks 7
actionlogin_formcontroller.php:7
actionadmin_menucontroller.php:9
actionclear_auth_cookiecontroller.php:12
actionadmin_initcontroller.php:13
actionadmin_enqueue_scriptscontroller.php:21
actionadmin_headcontroller.php:25
actionadmin_initcontroller.php:26
Maintenance & Trust

Swipe Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedSep 25, 2019
PHP min version5.2.4
Downloads2K

Community Trust

Rating82/100
Number of ratings9
Active installs10
Alternatives

Swipe Alternatives

Two Factor Auth

Two Factor Auth

two-factor-auth

A
85

Secure WordPress login with Two Factor Auth. Users will have to enter an One Time Password when they log in.

10 No CVEs
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Titan Anti-spam & Security

Titan Anti-spam & Security

anti-spam

A
98

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs
IP & Country Blocker Lite

IP & Country Blocker Lite

ip-blocker-lite

A
100

Advanced WordPress security plugin with IP/country blocking and two-factor authentication for comprehensive website protection.

400 No CVEs
Developer Profile

Swipe Developer Profile

swipepro

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Swipe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/swipe/css/swipe.css/wp-content/plugins/swipe/js/swipe.js/wp-content/plugins/swipe/js/admin-script.js/wp-content/plugins/swipe/js/login-script.js
Script Paths
/wp-content/plugins/swipe/js/swipe.js/wp-content/plugins/swipe/js/admin-script.js/wp-content/plugins/swipe/js/login-script.js
Version Parameters
swipe/style.css?ver=swipe/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
swipe_loginswipe_qr_loginswipe-logo-container
HTML Comments
<!-- Swipe Login Form --><!-- Swipe QR Code Container -->
Data Attributes
data-swipe-noncedata-swipe-ajax-url
JS Globals
swipe_ajax_object
REST Endpoints
/wp-json/swipe/v1/check_login/wp-json/swipe/v1/logout
Shortcode Output
<div class="swipe_login"><div class="swipe_qr_login">
FAQ

Frequently Asked Questions about Swipe