Themepaste Secure Admin Security & Risk Analysis
wordpress.org/plugins/themepaste-secure-adminThemepaste secure admin protects your wp-admin and you can change wp-admin URLs yourself, check login attempts manage users roles.
Is Themepaste Secure Admin Safe to Use in 2026?
Generally Safe
Score 92/100Themepaste Secure Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "themepaste-secure-admin" v1.1 plugin exhibits a concerning security posture primarily due to its unprotected entry points. While the plugin demonstrates good practices in its database interactions by using prepared statements exclusively, and it does not appear to have a history of known vulnerabilities, the static analysis reveals significant weaknesses. A substantial portion of its output is not properly escaped, and critically, all four AJAX handlers lack authentication checks. This creates a large attack surface where unauthorized users could potentially interact with these endpoints. Furthermore, the taint analysis, while not revealing critical or high-severity vulnerabilities, did identify unsanitized paths in all analyzed flows, which warrants attention. The presence of a dangerous function like `ini_set` further contributes to potential risks if not handled with extreme care. In conclusion, the plugin has some positive technical aspects, but the lack of authorization on its AJAX endpoints and the prevalence of unescaped output represent significant security risks that need immediate remediation.
Key Concerns
- AJAX handlers without auth checks
- Output escaping not properly handled (45%)
- Taint analysis: flows with unsanitized paths
- Use of dangerous function: ini_set
- Missing nonce checks on AJAX
Themepaste Secure Admin Security Vulnerabilities
Themepaste Secure Admin Release Timeline
Themepaste Secure Admin Code Analysis
Dangerous Functions Found
Bundled Libraries
Output Escaping
Data Flow Analysis
Themepaste Secure Admin Attack Surface
AJAX Handlers 4
WordPress Hooks 21
Maintenance & Trust
Themepaste Secure Admin Maintenance & Trust
Maintenance Signals
Community Trust
Themepaste Secure Admin Alternatives
Unoapp Protect WP Admin
unoapp-protects-wp-admin
unoapp protect wp admin allows access for you only by URL change and access on IP based.
EchBay Admin Security
echbay-admin-security
Protect Your Website Admin Against Hackers & Modify Login Page Design ( Nhiệm vụ: chặn mọi truy cập trực tiếp vào trang quản trị wordpress dưới dạ …
Themepaste Secure Admin Developer Profile
1 plugin · 0 total installs
How We Detect Themepaste Secure Admin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/themepaste-secure-admin/css/wptpsa-frontend.css/wp-content/plugins/themepaste-secure-admin/js/wptpsa.js/wp-content/plugins/themepaste-secure-admin/js/bootstrap/bootstrap.min.css/wp-content/plugins/themepaste-secure-admin/js/bootstrap/bootstrap.min.js/wp-content/plugins/themepaste-secure-admin/js/jscolor.js/wp-content/plugins/themepaste-secure-admin/js/datatable/jquery.dataTables.min.css/wp-content/plugins/themepaste-secure-admin/js/datatable/jquery.dataTables.min.js/wp-content/plugins/themepaste-secure-admin/js/wptpsa.js/wp-content/plugins/themepaste-secure-admin/js/bootstrap/bootstrap.min.js/wp-content/plugins/themepaste-secure-admin/js/jscolor.js/wp-content/plugins/themepaste-secure-admin/js/datatable/jquery.dataTables.min.jswptpsa-secure-admin/css/wptpsa-frontend.css?v=wptpsa-secure-admin/js/wptpsa.js?v=wptpsa-secure-admin/js/bootstrap/bootstrap.min.css?v=wptpsa-secure-admin/js/bootstrap/bootstrap.min.js?v=wptpsa-secure-admin/js/jscolor.js?v=wptpsa-secure-admin/js/datatable/jquery.dataTables.min.css?v=wptpsa-secure-admin/js/datatable/jquery.dataTables.min.js?v=HTML / DOM Fingerprints
wptpsa_version