Does Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening compatible with WordPress 6.8.5?

According to WordPress.org data, Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening 1.0.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening compatible with PHP 8.1+?

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Security & Risk Analysis

wordpress.org/plugins/ultimate-security

Protect your WordPress site with 2FA, brute force protection, CAPTCHA, custom login URL, and security hardening.

10 active installs v1.0.17 PHP 8.1+ WP 5.8+ Updated Feb 18, 2026

brute-forcefirewalllogin-securitysecuritytwo-factor-authentication

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "ultimate-security" plugin v1.0.17 exhibits a generally strong security posture, with a significant emphasis on secure coding practices. The extensive use of prepared statements for SQL queries and the high percentage of properly escaped output are commendable. The plugin also demonstrates a robust implementation of security checks, with a substantial number of nonce and capability checks across its entry points. Its vulnerability history being clear of any recorded CVEs further reinforces this positive outlook.

However, there are a few areas that warrant attention. The presence of dangerous functions like `set_time_limit` and `shell_exec` in the code, while potentially necessary for certain functionalities, inherently increases the risk if not handled with extreme caution and robust input validation. Furthermore, the static analysis revealed a single unprotected entry point among 64 total, which, though minor, represents a potential avenue for attackers. The analysis did not uncover any critical or high-severity taint flows, which is reassuring, but the lack of taint analysis flows overall (only 2 analyzed) might suggest limited testing scope in this area.

In conclusion, "ultimate-security" v1.0.17 has a solid foundation with good security practices. The primary concerns lie in the potential risks associated with dangerous functions and the single unprotected entry point. The absence of past vulnerabilities is a significant strength, but ongoing vigilance and thorough testing of all entry points, especially those involving sensitive functions, are crucial for maintaining this security.

Key Concerns

Unprotected entry point detected
Presence of dangerous functions: set_time_limit, shell_exec

Vulnerabilities

None known

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Release Timeline

v1.0.17Current

v1.0.16

v1.0.15

v1.0.14

v1.0.13

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Code Analysis

Dangerous Functions

Raw SQL Queries

219 prepared

Unescaped Output

907 escaped

Nonce Checks

Capability Checks

104

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit(300); // 5 minutesphp/src/Modules/Maintenance/UpdateManager.php:243

set_time_limitset_time_limit(sizeof($plugin_updates) * 300);php/src/Modules/Maintenance/UpdateManager.php:277

set_time_limitset_time_limit(300);php/src/Modules/Maintenance/UpdateManager.php:303

set_time_limitset_time_limit(sizeof($theme_updates) * 300);php/src/Modules/Maintenance/UpdateManager.php:308

set_time_limitset_time_limit(300);php/src/Modules/Maintenance/UpdateManager.php:409

set_time_limitset_time_limit(300);php/src/Modules/Maintenance/UpdateManager.php:475

shell_exec$result = @shell_exec('pgrep -x fail2ban-server 2>/dev/null');php/src/Modules/Monitoring/ServerProtectionDetector.php:88

SQL Query Safety

100% prepared219 total queries

Output Escaping

98% escaped929 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

inject_lockout_refresh_script (php/src/Modules/Authentication/LoginLimit.php:163)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Attack Surface

Entry Points64

Unprotected1

AJAX Handlers 34

noprivwp_ajax_check_lockout_statusphp/src/Modules/Authentication/LoginLimit.php:155

authwp_ajax_ultimate_security_block_ipphp/src/Modules/Authentication/LoginNotifications.php:164

authwp_ajax_ultimate_security_get_password_hintsphp/src/Modules/Authentication/PasswordPolicies.php:85

authwp_ajax_ultimate_security_password_validation_on_myaccountphp/src/Modules/Authentication/PasswordPolicies.php:88

authwp_ajax_ultimate_security_update_totp_otp_codephp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:45

authwp_ajax_ultimate_security_update_totp_secret_codephp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:46

authwp_ajax_ultimate_security_update_hotp_otp_codephp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:49

authwp_ajax_ultimate_security_update_hotp_secret_codephp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:50

authwp_ajax_ultimate_security_sent_otp_emailphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:53

authwp_ajax_ultimate_security_enable_otp_emailphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:54

noprivwp_ajax_ultimate_security_resend_2fa_codephp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:55

authwp_ajax_ultimate_security_enable_encryption_database_keysphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:58

authwp_ajax_ultimate_security_user_2fa_resetphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:61

authwp_ajax_ultimate_security_user_2fa_setphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:62

authwp_ajax_ultimate_security_user_2fa_getphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:63

authwp_ajax_ultimate_security_generate_backup_codesphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:66

authwp_ajax_ultimate_security_get_backup_codes_statusphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:67

authwp_ajax_ultimate_security_revoke_backup_codesphp/src/Modules/Authentication/TwoFactor/Http/AjaxHandlers.php:68

authwp_ajax_ultimate_security_dismiss_noticephp/src/Modules/Compatibility/CompatibilityManager.php:84

authwp_ajax_ultimate_security_send_update_notification_test_emailphp/src/Modules/Maintenance/UpdateManager.php:52

authwp_ajax_ultimate_security_update_pluginsphp/src/Modules/Maintenance/UpdateManager.php:55

authwp_ajax_ultimate_security_update_themesphp/src/Modules/Maintenance/UpdateManager.php:58

authwp_ajax_ultimate_security_update_corephp/src/Modules/Maintenance/UpdateManager.php:61

authwp_ajax_ultimate_security_get_pending_updatesphp/src/Modules/Maintenance/UpdateManager.php:65

authwp_ajax_ultimate_security_update_single_pluginphp/src/Modules/Maintenance/UpdateManager.php:66

authwp_ajax_ultimate_security_update_single_themephp/src/Modules/Maintenance/UpdateManager.php:67

authwp_ajax_ultimate_security_dismiss_wizardphp/src/Modules/Setup/SecurityWizard.php:63

authwp_ajax_ultimate_security_search_recent_ipsphp/src/Presentation/API/Controllers/AjaxAPI.php:11

authwp_ajax_ultimate_security_ip_setphp/src/Presentation/API/Controllers/AjaxAPI.php:12

authwp_ajax_ultimate_security_ip_validatephp/src/Presentation/API/Controllers/AjaxAPI.php:13

authwp_ajax_ultimate_security_shop_ip_resetphp/src/Presentation/API/Controllers/AjaxAPI.php:14

authwp_ajax_ultimate_security_review_actionphp/src/Presentation/API/Controllers/AjaxAPI.php:15

authwp_ajax_ultimate_security_deact_submitphp/src/Presentation/API/Controllers/AjaxAPI.php:16

authwp_ajax_ultimate_security_dismiss_passkey_noticephp/src/Presentation/API/Controllers/AjaxAPI.php:17

REST API Routes 28

GET/wp-json/ultimate-security/v1/disable-ultimate-security-popupphp/src/Modules/Maintenance/DeactivationUrl.php:64

POST/wp-json/ultimate-security/v1/disable-ultimate-security-popupphp/src/Modules/Maintenance/DeactivationUrl.php:73

POST/wp-json/ultimate-security/v1/regenerate-deactivation-urlphp/src/Modules/Maintenance/DeactivationUrl.php:82

POST/wp-json/ultimate-security/v1/settingsphp/src/Modules/Maintenance/ImportExport.php:49

GET/wp-json/ultimate-security/v1/rest-statusphp/src/Modules/Maintenance/MoreTools.php:53

GET/wp-json/ultimate-security/v1/pingphp/src/Modules/Maintenance/MoreTools.php:61

GET/wp-json/ultimate-security/v1/cron-statusphp/src/Modules/Maintenance/MoreTools.php:69

POST/wp-json/ultimate-security/v1/run-cronphp/src/Modules/Maintenance/MoreTools.php:77

GET/wp-json/ultimate-security/v1/server-statusphp/src/Modules/Maintenance/MoreTools.php:90

POST/wp-json/ultimate-security/v1/reset-settingsphp/src/Modules/Maintenance/MoreTools.php:101

POST/wp-json/ultimate-security/v1/clear-cachephp/src/Modules/Maintenance/MoreTools.php:110

GET/wp-json/ultimate-security/v1/simple-cleanup/statsphp/src/Modules/Maintenance/SimpleCleanup.php:120

POST/wp-json/ultimate-security/v1/simple-cleanup/deletephp/src/Modules/Maintenance/SimpleCleanup.php:128

POST/wp-json/ultimate-security/v1/simple-cleanup/delete-allphp/src/Modules/Maintenance/SimpleCleanup.php:146

GET/wp-json/ultimate-security/v1/security-scorephp/src/Modules/Monitoring/BasicSecurityScore.php:316

GET/wp-json/ultimate-security/v1/security-score/checksphp/src/Modules/Monitoring/BasicSecurityScore.php:324

POST/wp-json/ultimate-security/v1/security-score/refreshphp/src/Modules/Monitoring/BasicSecurityScore.php:332

GET/wp-json/ultimate-security/v1/audit-logsphp/src/Modules/Monitoring/SimpleEventLogger.php:505

GET/wp-json/ultimate-security/v1/audit-logs/statsphp/src/Modules/Monitoring/SimpleEventLogger.php:523

GET/wp-json/ultimate-security/v1/audit-logs/event-typesphp/src/Modules/Monitoring/SimpleEventLogger.php:531

DELETE/wp-json/ultimate-security/v1/audit-logs/cleanupphp/src/Modules/Monitoring/SimpleEventLogger.php:539

GET/wp-json/ultimate-security/v1/site-health-infophp/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:118

GET/wp-json/ultimate-security/v1/site-health/mu-pluginsphp/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:130

GET/wp-json/ultimate-security/v1/site-health/(?P<tab_id>[a-zA-Z0-9-_]+)php/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:142

GET/wp-json/ultimate-security/v1/health-checkphp/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:161

GET/wp-json/ultimate-security/v1/health-check/(?P<collector>[a-zA-Z0-9-_]+)php/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:173

GET/wp-json/ultimate-security/v1/health-check/collectorsphp/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:191

GET/wp-json/ultimate-security/v1/turnstile-logsphp/src/Modules/Protection/CloudflareTurnstile.php:141

Shortcodes 2

[ultimate-security-gdpr-banner] php/src/Modules/Authentication/LoginControl.php:86

[ultimate-security-gdpr-banner] php/src/Presentation/PublicSite/PublicHooks.php:19

WordPress Hooks 217

actioninitphp/src/Bootstrap/Initializer.php:24

actionlogin_formphp/src/Bootstrap/Initializer.php:40

filterauto_update_pluginphp/src/Bootstrap/Initializer.php:51

filterauto_update_pluginphp/src/Bootstrap/Initializer.php:61

filterpre_site_transient_update_pluginsphp/src/Bootstrap/Initializer.php:62

filterauto_update_themephp/src/Bootstrap/Initializer.php:66

filterauto_update_themephp/src/Bootstrap/Initializer.php:76

filterpre_site_transient_update_themesphp/src/Bootstrap/Initializer.php:77

filterauto_update_translationphp/src/Bootstrap/Initializer.php:82

filterauto_update_corephp/src/Bootstrap/Initializer.php:88

filterallow_minor_auto_core_updatesphp/src/Bootstrap/Initializer.php:90

filterallow_major_auto_core_updatesphp/src/Bootstrap/Initializer.php:91

filterallow_minor_auto_core_updatesphp/src/Bootstrap/Initializer.php:93

filterallow_major_auto_core_updatesphp/src/Bootstrap/Initializer.php:95

filterallow_dev_auto_core_updatesphp/src/Bootstrap/Initializer.php:97

filterautomatic_updates_is_vcs_checkoutphp/src/Bootstrap/Initializer.php:102

filteradmin_initphp/src/Bootstrap/Initializer.php:107

actionplugins_loadedphp/src/Bootstrap/Lifecycle/DatabaseUpdater.php:101

actionupgrader_process_completephp/src/Bootstrap/Lifecycle/DatabaseUpdater.php:110

actionwp_password_change_notificationphp/src/Infrastructure/WordPress/Hooks/CustomHooks.php:223

filterretrieve_password_messagephp/src/Infrastructure/WordPress/Hooks/CustomHooks.php:225

actionshow_user_profilephp/src/Modules/Authentication/Authentication2FA.php:81

actionedit_user_profilephp/src/Modules/Authentication/Authentication2FA.php:82

filterauthenticatephp/src/Modules/Authentication/Authentication2FA.php:85

filterlogin_redirectphp/src/Modules/Authentication/Authentication2FA.php:86

actionwp_login_failedphp/src/Modules/Authentication/Authentication2FA.php:89

actionlogin_initphp/src/Modules/Authentication/Authentication2FA.php:92

filterwoocommerce_login_redirectphp/src/Modules/Authentication/Authentication2FA.php:97

actionwoocommerce_login_form_endphp/src/Modules/Authentication/Authentication2FA.php:98

filterwoocommerce_prevent_admin_accessphp/src/Modules/Authentication/Authentication2FA.php:101

actioninitphp/src/Modules/Authentication/Authentication2FA.php:107

actioninitphp/src/Modules/Authentication/Authentication2FA.php:110

filterxmlrpc_enabledphp/src/Modules/Authentication/Authentication2FA.php:217

actionlogin_footerphp/src/Modules/Authentication/LoginControl.php:62

filtersite_urlphp/src/Modules/Authentication/LoginControl.php:73

filternetwork_site_urlphp/src/Modules/Authentication/LoginControl.php:74

filterwp_redirectphp/src/Modules/Authentication/LoginControl.php:75

filtersite_option_ultimate_security_welcome_email_contentphp/src/Modules/Authentication/LoginControl.php:76

filteruser_request_action_email_contentphp/src/Modules/Authentication/LoginControl.php:77

filterlogin_urlphp/src/Modules/Authentication/LoginControl.php:79

actioninitphp/src/Modules/Authentication/LoginControl.php:81

actionwp_loadedphp/src/Modules/Authentication/LoginControl.php:82

actionlogin_formphp/src/Modules/Authentication/LoginControl.php:85

filterwpseo_exclude_from_sitemap_by_urlphp/src/Modules/Authentication/LoginControl.php:89

filtercron_schedulesphp/src/Modules/Authentication/LoginLimit.php:76

filterauthenticatephp/src/Modules/Authentication/LoginLimit.php:135

actionwp_login_failedphp/src/Modules/Authentication/LoginLimit.php:136

actionwp_loginphp/src/Modules/Authentication/LoginLimit.php:137

actionlogin_initphp/src/Modules/Authentication/LoginLimit.php:143

filterlogin_errorsphp/src/Modules/Authentication/LoginLimit.php:147

actionlogin_formphp/src/Modules/Authentication/LoginLimit.php:148

actionlogin_initphp/src/Modules/Authentication/LoginLimit.php:149

filterauthenticatephp/src/Modules/Authentication/LoginLimit.php:327

filterlogin_messagephp/src/Modules/Authentication/LoginLimit.php:329

actionwp_loginphp/src/Modules/Authentication/LoginLimit.php:678

actionwp_login_failedphp/src/Modules/Authentication/LoginNotifications.php:146

actionwp_loginphp/src/Modules/Authentication/LoginNotifications.php:147

actionultimate_security_user_lockedphp/src/Modules/Authentication/LoginNotifications.php:150

actionultimate_security_log_eventphp/src/Modules/Authentication/LoginNotifications.php:151

filtercron_schedulesphp/src/Modules/Authentication/LoginNotifications.php:154

actionadmin_footerphp/src/Modules/Authentication/PasswordPolicies.php:64

actionvalidate_password_resetphp/src/Modules/Authentication/PasswordPolicies.php:66

actionuser_profile_update_errorsphp/src/Modules/Authentication/PasswordPolicies.php:67

actionwoocommerce_save_account_details_errorsphp/src/Modules/Authentication/PasswordPolicies.php:69

filterpassword_hintphp/src/Modules/Authentication/PasswordPolicies.php:71

actionwp_set_passwordphp/src/Modules/Authentication/PasswordPolicies.php:73

actionprofile_updatephp/src/Modules/Authentication/PasswordPolicies.php:74

actionwoocommerce_save_account_detailsphp/src/Modules/Authentication/PasswordPolicies.php:75

filterlostpassword_urlphp/src/Modules/Authentication/PasswordPolicies.php:77

actiontemplate_redirectphp/src/Modules/Authentication/PasswordPolicies.php:78

actionwp_enqueue_scriptsphp/src/Modules/Authentication/PasswordPolicies.php:80

actionlogin_enqueue_scriptsphp/src/Modules/Authentication/PasswordPolicies.php:81

actionadmin_enqueue_scriptsphp/src/Modules/Authentication/PasswordPolicies.php:82

filterlost_password_html_linkphp/src/Modules/Authentication/PasswordPolicies.php:91

actiontemplate_redirectphp/src/Modules/Compatibility/CachePluginsIntegration.php:18

actionultimate_security_settings_savedphp/src/Modules/Compatibility/CachePluginsIntegration.php:21

filternonce_lifephp/src/Modules/Compatibility/CachePluginsIntegration.php:24

actionlogin_initphp/src/Modules/Compatibility/CachePluginsIntegration.php:27

actionplugins_loadedphp/src/Modules/Compatibility/CompatibilityManager.php:72

actionadmin_noticesphp/src/Modules/Compatibility/CompatibilityManager.php:75

filterultimate_security_skip_rate_limitphp/src/Modules/Compatibility/CompatibilityManager.php:78

filterultimate_security_skip_rest_protectionphp/src/Modules/Compatibility/CompatibilityManager.php:81

actionadmin_footerphp/src/Modules/Compatibility/CompatibilityManager.php:193

filterultimate_security_rate_limit_checkphp/src/Modules/Compatibility/FlavorIntegration.php:17

filterultimate_security_frame_optionsphp/src/Modules/Compatibility/FlavorIntegration.php:20

filterultimate_security_url_guard_checkphp/src/Modules/Compatibility/FlavorIntegration.php:23

filterultimate_security_skip_heartbeat_limitphp/src/Modules/Compatibility/FlavorIntegration.php:26

filterultimate_security_rate_limit_checkphp/src/Modules/Compatibility/FormPluginsIntegration.php:18

filterultimate_security_captcha_checkphp/src/Modules/Compatibility/FormPluginsIntegration.php:21

filterultimate_security_url_guard_checkphp/src/Modules/Compatibility/FormPluginsIntegration.php:24

filterultimate_security_rate_limit_checkphp/src/Modules/Compatibility/PageBuildersIntegration.php:20

filterultimate_security_frame_optionsphp/src/Modules/Compatibility/PageBuildersIntegration.php:23

filterultimate_security_skip_heartbeat_limitphp/src/Modules/Compatibility/PageBuildersIntegration.php:26

filterwpseo_exclude_from_sitemap_by_urlphp/src/Modules/Compatibility/SEOPluginsIntegration.php:19

filterrank_math/sitemap/exclude_post_typephp/src/Modules/Compatibility/SEOPluginsIntegration.php:23

filteraioseo_sitemap_excluded_pagesphp/src/Modules/Compatibility/SEOPluginsIntegration.php:27

actionwp_headphp/src/Modules/Compatibility/SEOPluginsIntegration.php:31

filterultimate_security_rate_limit_checkphp/src/Modules/Compatibility/WooCommerceIntegration.php:18

actionwoocommerce_login_form_endphp/src/Modules/Compatibility/WooCommerceIntegration.php:21

filterultimate_security_url_guard_checkphp/src/Modules/Compatibility/WooCommerceIntegration.php:24

actiontemplate_redirectphp/src/Modules/Compatibility/WooCommerceIntegration.php:27

filternonce_lifephp/src/Modules/Compatibility/WooCommerceIntegration.php:30

actionrest_api_initphp/src/Modules/Maintenance/DeactivationUrl.php:47

actionadmin_post_ultimate_security_deactivatephp/src/Modules/Maintenance/DeactivationUrl.php:49

actionadmin_post_nopriv_ultimate_security_deactivatephp/src/Modules/Maintenance/DeactivationUrl.php:50

actionrest_api_initphp/src/Modules/Maintenance/ImportExport.php:45

actionrest_api_initphp/src/Modules/Maintenance/MoreTools.php:48

actionrest_api_initphp/src/Modules/Maintenance/SimpleCleanup.php:104

actionultimate_security_weekly_cleanupphp/src/Modules/Maintenance/SimpleCleanup.php:110

actionupgrader_process_completephp/src/Modules/Maintenance/UpdateManager.php:73

actionultimate_security_send_update_success_emailphp/src/Modules/Maintenance/UpdateManager.php:74

filtercron_schedulesphp/src/Modules/Maintenance/UpdateManager.php:78

actionwpphp/src/Modules/Maintenance/UpdateManager.php:79

actionultimate_security_daily_9am_taskphp/src/Modules/Maintenance/UpdateManager.php:80

actioninitphp/src/Modules/Maintenance/UpdateManager.php:83

filterauto_core_update_send_emailphp/src/Modules/Maintenance/UpdateManager.php:87

filterwp_mail_content_typephp/src/Modules/Maintenance/UpdateManager.php:217

filterwp_mail_content_typephp/src/Modules/Maintenance/UpdateManager.php:720

filterwp_mail_content_typephp/src/Modules/Maintenance/UpdateManager.php:736

filterauto_update_pluginphp/src/Modules/Maintenance/UpdateManager.php:890

filterauto_update_pluginphp/src/Modules/Maintenance/UpdateManager.php:900

filterpre_site_transient_update_pluginsphp/src/Modules/Maintenance/UpdateManager.php:901

filterauto_update_themephp/src/Modules/Maintenance/UpdateManager.php:907

filterauto_update_themephp/src/Modules/Maintenance/UpdateManager.php:912

filterpre_site_transient_update_themesphp/src/Modules/Maintenance/UpdateManager.php:915

filterauto_update_translationphp/src/Modules/Maintenance/UpdateManager.php:920

filterauto_update_corephp/src/Modules/Maintenance/UpdateManager.php:926

filterallow_minor_auto_core_updatesphp/src/Modules/Maintenance/UpdateManager.php:928

filterallow_major_auto_core_updatesphp/src/Modules/Maintenance/UpdateManager.php:929

filterallow_minor_auto_core_updatesphp/src/Modules/Maintenance/UpdateManager.php:931

filterallow_major_auto_core_updatesphp/src/Modules/Maintenance/UpdateManager.php:933

filterallow_dev_auto_core_updatesphp/src/Modules/Maintenance/UpdateManager.php:935

filterautomatic_updates_is_vcs_checkoutphp/src/Modules/Maintenance/UpdateManager.php:940

filteradmin_initphp/src/Modules/Maintenance/UpdateManager.php:945

actionrest_api_initphp/src/Modules/Monitoring/BasicSecurityScore.php:305

actionultimate_security_options_updatedphp/src/Modules/Monitoring/BasicSecurityScore.php:306

actionwp_loginphp/src/Modules/Monitoring/SimpleEventLogger.php:74

actionwp_login_failedphp/src/Modules/Monitoring/SimpleEventLogger.php:75

actionwp_logoutphp/src/Modules/Monitoring/SimpleEventLogger.php:76

actionpassword_resetphp/src/Modules/Monitoring/SimpleEventLogger.php:77

actionprofile_updatephp/src/Modules/Monitoring/SimpleEventLogger.php:78

actionultimate_security_2fa_method_enabledphp/src/Modules/Monitoring/SimpleEventLogger.php:81

actionultimate_security_2fa_method_disabledphp/src/Modules/Monitoring/SimpleEventLogger.php:82

actionultimate_security_2fa_verifiedphp/src/Modules/Monitoring/SimpleEventLogger.php:83

actionultimate_security_2fa_failedphp/src/Modules/Monitoring/SimpleEventLogger.php:84

actionultimate_security_user_locked_outphp/src/Modules/Monitoring/SimpleEventLogger.php:85

actionultimate_security_device_trustedphp/src/Modules/Monitoring/SimpleEventLogger.php:86

actionultimate_security_device_revokedphp/src/Modules/Monitoring/SimpleEventLogger.php:87

actionrest_api_initphp/src/Modules/Monitoring/SimpleEventLogger.php:90

actionultimate_security_cleanup_audit_logsphp/src/Modules/Monitoring/SimpleEventLogger.php:96

actionrest_api_initphp/src/Modules/Monitoring/SiteHealth/SiteHealthInfo.php:72

actionrest_api_initphp/src/Modules/Monitoring/VulnerabilityScanner/VulnerabilityScanner.php:87

actionadmin_initphp/src/Modules/Monitoring/VulnerabilityScanner/VulnerabilityScanner.php:89

actionadmin_enqueue_scriptsphp/src/Modules/Protection/CloudflareTurnstile.php:91

actionwp_enqueue_scriptsphp/src/Modules/Protection/CloudflareTurnstile.php:92

actionlogin_enqueue_scriptsphp/src/Modules/Protection/CloudflareTurnstile.php:93

actionlogin_initphp/src/Modules/Protection/CloudflareTurnstile.php:96

actionsclm_capthaphp/src/Modules/Protection/CloudflareTurnstile.php:99

actionlogin_formphp/src/Modules/Protection/CloudflareTurnstile.php:107

actionwoocommerce_login_formphp/src/Modules/Protection/CloudflareTurnstile.php:108

actionregister_formphp/src/Modules/Protection/CloudflareTurnstile.php:112

actionwoocommerce_register_formphp/src/Modules/Protection/CloudflareTurnstile.php:113

actionlostpassword_formphp/src/Modules/Protection/CloudflareTurnstile.php:118

actioncomment_formphp/src/Modules/Protection/CloudflareTurnstile.php:125

filterauthenticatephp/src/Modules/Protection/CloudflareTurnstile.php:129

filterregistration_errorsphp/src/Modules/Protection/CloudflareTurnstile.php:130

actionlostpassword_postphp/src/Modules/Protection/CloudflareTurnstile.php:131

filterpreprocess_commentphp/src/Modules/Protection/CloudflareTurnstile.php:132

actionrest_api_initphp/src/Modules/Protection/CloudflareTurnstile.php:135

filterscript_loader_tagphp/src/Modules/Protection/CloudflareTurnstile.php:181

actionwp_headphp/src/Modules/Protection/ContentProtection.php:78

actionwp_headphp/src/Modules/Protection/ContentProtection.php:79

actionadmin_initphp/src/Modules/Protection/ContentProtection.php:82

actionlogin_headphp/src/Modules/Protection/GoogleRecaptcha.php:68

actionwpphp/src/Modules/Protection/GoogleRecaptcha.php:69

actionlogin_enqueue_scriptsphp/src/Modules/Protection/GoogleRecaptcha.php:78

actionwp_enqueue_scriptsphp/src/Modules/Protection/GoogleRecaptcha.php:79

actionlogin_headphp/src/Modules/Protection/GoogleRecaptcha.php:81

actionlogin_formphp/src/Modules/Protection/GoogleRecaptcha.php:85

actionregister_formphp/src/Modules/Protection/GoogleRecaptcha.php:87

actionlostpassword_formphp/src/Modules/Protection/GoogleRecaptcha.php:88

actionwoocommerce_login_formphp/src/Modules/Protection/GoogleRecaptcha.php:92

actionwoocommerce_register_formphp/src/Modules/Protection/GoogleRecaptcha.php:93

actionwoocommerce_process_login_errorsphp/src/Modules/Protection/GoogleRecaptcha.php:94

actionwoocommerce_register_postphp/src/Modules/Protection/GoogleRecaptcha.php:95

actionwoocommerce_before_checkout_formphp/src/Modules/Protection/GoogleRecaptcha.php:96

actionwoocommerce_before_customer_login_formphp/src/Modules/Protection/GoogleRecaptcha.php:97

actionwoocommerce_before_register_formphp/src/Modules/Protection/GoogleRecaptcha.php:98

actionwp_authenticate_userphp/src/Modules/Protection/GoogleRecaptcha.php:101

actionregister_postphp/src/Modules/Protection/GoogleRecaptcha.php:102

actionlostpassword_postphp/src/Modules/Protection/GoogleRecaptcha.php:103

actionadmin_noticesphp/src/Modules/Setup/SecurityWizard.php:62

actionadmin_noticesphp/src/Modules/TestMode/TestModeModule.php:44

actionwp_dashboard_setupphp/src/Modules/TestMode/TestModeModule.php:45

actionupdate_option_ultimate_security_optionsphp/src/Modules/TestMode/TestModeModule.php:46

actionwp_before_admin_bar_renderphp/src/Modules/TestMode/TestModeModule.php:49

actionrest_api_initphp/src/Presentation/API/Controllers/RestAPI.php:37

actionadmin_enqueue_scriptsphp/src/Presentation/Admin/AdminAssets.php:26

actionadmin_enqueue_scriptsphp/src/Presentation/Admin/AdminAssets.php:28

actionadmin_enqueue_scriptsphp/src/Presentation/Admin/AdminAssets.php:30

actioncurrent_screenphp/src/Presentation/Admin/AdminAssets.php:32

filteradmin_body_classphp/src/Presentation/Admin/AdminAssets.php:34

filterwp_resource_hintsphp/src/Presentation/Admin/AdminAssets.php:52

actionadmin_initphp/src/Presentation/Admin/AdminHooks.php:14

actionadmin_bar_menuphp/src/Presentation/Admin/AdminHooks.php:16

actionadmin_initphp/src/Presentation/Admin/AdminHooks.php:18

actionadmin_initphp/src/Presentation/Admin/AdminHooks.php:20

filtercron_schedulesphp/src/Presentation/Admin/AdminHooks.php:22

actionadmin_noticesphp/src/Presentation/Admin/AdminHooks.php:25

actionadmin_footerphp/src/Presentation/Admin/AdminHooks.php:26

actionadmin_menuphp/src/Presentation/Admin/AdminMenu.php:11

actionadmin_noticesphp/src/Presentation/Admin/AdminNotices.php:9

actionadmin_enqueue_scriptsphp/src/Presentation/Admin/ReactAssets.php:17

actionwp_enqueue_scriptsphp/src/Presentation/PublicSite/PublicHooks.php:13

actionwp_enqueue_scriptsphp/src/Presentation/PublicSite/PublicHooks.php:14

actionwp_footerphp/src/Presentation/PublicSite/PublicHooks.php:15

actionwp_headphp/src/Presentation/PublicSite/PublicHooks.php:17

Scheduled Events 5

ultimate_security_trusted_devices_cleanup

ultimate_security_weekly_cleanup

ultimate_security_daily_9am_task

ultimate_security_send_update_success_email

ultimate_security_cleanup_audit_logs

Maintenance & Trust

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 18, 2026

PHP min version8.1

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Alternatives

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Bearmor Security

bearmor-security

100

Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.

60 No CVEs

Atlant Security

atlant-security

100

Enterprise-grade WordPress security: WAF, brute force protection, malware scanner, 2FA, honeypots, AI crawler control, and post-breach recovery.

0 No CVEs

LogiShield Security – Login Security, 2FA, Limit Login, Brute Force Protection, Firewall

logishield-security

100

LogiSheild Security with 2FA, limit login, custom login URL, and temp login is your go-to login security plugin for WordPress.

0 No CVEs

VMP Security – Firewall, Malware Scan, and Login Security

vmpfence-security

100

Firewall, malware scanner, 2FA, country blocking, and audit log — all free with real-time updates. No 30-day delays. No paywall.

0 No CVEs

Developer Profile

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Developer Profile

WP Ultimate Security

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-security/assets/admin/js/password-strength-meter.js

Script Paths

assets/admin/js/password-strength-meter.js

Version Parameters

ultimate-security/assets/admin/js/password-strength-meter.js?ver=

HTML / DOM Fingerprints

JS Globals

ultimateSecurityPolicies

REST Endpoints

/wp-json/ultimate-security

FAQ

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Security & Risk Analysis

Is Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Safe to Use in 2026?

Generally Safe

Key Concerns

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Security Vulnerabilities

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Release Timeline

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Attack Surface

AJAX Handlers 34

REST API Routes 28

Shortcodes 2

Scheduled Events 5

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Maintenance & Trust

Maintenance Signals

Community Trust

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Alternatives

All-In-One Security (AIOS) – Security and Firewall

Bearmor Security

Atlant Security

LogiShield Security – Login Security, 2FA, Limit Login, Brute Force Protection, Firewall

VMP Security – Firewall, Malware Scan, and Login Security

Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening Developer Profile

How We Detect Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening