WP-Safety

Users Login Monitor Security & Risk Analysis

wordpress.org/plugins/users-login-monitor

A freeware plugin, for daily-notify site administrator, about users who logged in during the day.

30 active installs v5.22 PHP 5.4+ WP 4.1+ Updated Feb 26, 2026
loginlogoutmemberssecurityusers
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Users Login Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

Users Login Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "users-login-monitor" v5.22 plugin demonstrates a strong security posture based on the provided static analysis. It effectively utilizes prepared statements for all SQL queries and ensures that all output is properly escaped, mitigating common vulnerabilities like SQL injection and cross-site scripting. The absence of critical or high severity taint flows and dangerous functions further reinforces this positive assessment. The plugin also includes nonces and capability checks, indicating an effort to protect against common WordPress attack vectors. Its vulnerability history is clean, with no recorded CVEs, which suggests a mature and well-maintained codebase.

However, there is a single external HTTP request, which, while not inherently insecure, represents a potential external dependency that could be a vector for future vulnerabilities if the target service is compromised or misconfigured. The lack of any discovered entry points (AJAX, REST API, shortcodes, cron events) is unusual for a plugin of this nature and might indicate a limited functional scope or that the analysis did not fully capture all interaction points. Despite this, the overall security practices observed are commendable, and the plugin appears to be robust against common web application attacks.

Key Concerns

  • External HTTP requests detected
Vulnerabilities
None known

Users Login Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Users Login Monitor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
0
267 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared7 total queries

Output Escaping

100% escaped267 total outputs
Attack Surface

Users Login Monitor Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 13
actionadmin_menuincludes\admin\admin.php:14
actionadmin_enqueue_scriptsincludes\admin\admin.php:34
actionadmin_bar_menuincludes\admin\admin.php:49
filterplugin_action_links_users-login-monitor/users-login-monitor.phpincludes\admin\admin.php:90
filtermanage_users_columnsincludes\admin\users.php:14
filtermanage_users_custom_columnincludes\admin\users.php:25
filtermanage_users_custom_columnincludes\admin\users.php:40
filtermanage_users_sortable_columnsincludes\admin\users.php:60
filterpre_user_queryincludes\admin\users.php:70
actionwp_dashboard_setupincludes\admin\widgets.php:14
actioninitusers-login-monitor.php:31
actionwp_loginusers-login-monitor.php:159
actionwp_login_failedusers-login-monitor.php:241
Maintenance & Trust

Users Login Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version5.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Users Login Monitor Alternatives

Expire User Passwords

Expire User Passwords

expire-user-passwords

A
100

Require certain users to change their passwords on a regular basis.

3K No CVEs
Prevent Concurrent Logins

Prevent Concurrent Logins

prevent-concurrent-logins

A
85

Prevents users from staying logged into the same account from multiple places.

900 No CVEs
New Users Monitor

New Users Monitor

new-users-monitor

A
100

Ext Security. Automatic scanning of the Users list, detect unauthorized addition. Informs immediately Admin by email. Informative Widget.

10 No CVEs
Inactive Logout

Inactive Logout

inactive-logout

A
96

Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.

20K 3 CVEs
User Session Control

User Session Control

user-session-control

A
85

View and manage all active user sessions in a custom admin screen.

700 No CVEs
Developer Profile

Users Login Monitor Developer Profile

wpgear

15 plugins · 2K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
33 days
View full developer profile
Detection Fingerprints

How We Detect Users Login Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/users-login-monitor/css/ulm-admin-style.css/wp-content/plugins/users-login-monitor/css/ulm-widgets-style.css/wp-content/plugins/users-login-monitor/js/ulm-admin-script.js
Script Paths
/wp-content/plugins/users-login-monitor/js/ulm-admin-script.js
Version Parameters
users-login-monitor/css/ulm-admin-style.css?ver=users-login-monitor/css/ulm-widgets-style.css?ver=users-login-monitor/js/ulm-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ulm-admin-form-wrap
HTML Comments
<!-- Users Login Monitor. Daily-Digest -->
Data Attributes
data-ulm-url
JS Globals
UsersLoginMonitor_Plugin_URL
FAQ

Frequently Asked Questions about Users Login Monitor