WP-Safety

After Login Redirect Security & Risk Analysis

wordpress.org/plugins/wp-after-login-redirect-advanced

Redirect user to anywhere at your will.

1K active installs v2.0.4 PHP 8.1+ WP 5.6+ Updated Dec 9, 2025
custom-redirectlogin-redirectwp-loginwp-custom-loginwp-login-customize
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is After Login Redirect Safe to Use in 2026?

Generally Safe

Score 100/100

After Login Redirect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "wp-after-login-redirect-advanced" plugin v2.0.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, with all queries using prepared statements, and a high percentage of output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests also contributes to a generally clean code base. Furthermore, the plugin has no recorded vulnerability history, suggesting a history of stable and secure development. However, a significant concern arises from the attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks. This creates a direct entry point for unauthenticated attackers to interact with the plugin's functionality, potentially leading to unintended actions or information disclosure depending on what these AJAX handlers do. While taint analysis did not reveal any critical or high-severity unsanitized flows, the lack of authentication on these entry points is a notable weakness.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

After Login Redirect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

After Login Redirect Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
41 escaped
Nonce Checks
3
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped46 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save_redirect_filters (admin\class-wp-after-login-redirect-advanced-admin.php:313)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

After Login Redirect Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wplra_save_enable_disable_toggleincludes\class-wp-after-login-redirect-advanced.php:130
authwp_ajax_wplra_save_redirect_filtersincludes\class-wp-after-login-redirect-advanced.php:131
WordPress Hooks 7
actionadmin_enqueue_scriptsincludes\class-wp-after-login-redirect-advanced.php:120
actionadmin_enqueue_scriptsincludes\class-wp-after-login-redirect-advanced.php:121
actionadmin_menuincludes\class-wp-after-login-redirect-advanced.php:125
actionadmin_noticesincludes\class-wp-after-login-redirect-advanced.php:126
filterwplra_login_redirect_messagesincludes\class-wp-after-login-redirect-advanced.php:128
filterlogin_redirectincludes\class-wp-after-login-redirect-advanced.php:144
filterwoocommerce_login_redirectincludes\class-wp-after-login-redirect-advanced.php:145
Maintenance & Trust

After Login Redirect Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version8.1
Downloads14K

Community Trust

Rating100/100
Number of ratings7
Active installs1K
Alternatives

After Login Redirect Alternatives

WP Login and Logout Redirect

WP Login and Logout Redirect

wp-login-and-logout-redirect

A
99

This plugin enable simple and easy way to redirect user to your chosen page URL after login or logout or both.

6K 1 CVE
User and Login Management

User and Login Management

user-and-login-management

A
100

This plugin provides bulk user import/export, users session & login activity management, page privacy & security, and user redirection in one place

20 No CVEs
Custom Login URL Manager – Hide Login Admin URL

Custom Login URL Manager – Hide Login Admin URL

custom-login-url-manager

A
100

Change the default WordPress login URL and redirect unauthorized attempts to a specified page for enhanced security.

0 No CVEs
Ajaxify WP Login

Ajaxify WP Login

wp-login-ajaxify

A
100

This plugin turns wp-login.php form submission to an ajax form submission.

0 No CVEs
WPS Hide Login

WPS Hide Login

wps-hide-login

A
95

Change wp-login.php to anything you want.

2.0M 10 CVEs
Developer Profile

After Login Redirect Developer Profile

Sajjad Hossain Sagor

32 plugins · 10K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
139 days
View full developer profile
Detection Fingerprints

How We Detect After Login Redirect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-after-login-redirect-advanced/admin/css/admin.css/wp-content/plugins/wp-after-login-redirect-advanced/admin/js/admin.js
Script Paths
/wp-content/plugins/wp-after-login-redirect-advanced/admin/js/admin.js
Version Parameters
wp-after-login-redirect-advanced/admin/css/admin.css?ver=wp-after-login-redirect-advanced/admin/js/admin.js?ver=

HTML / DOM Fingerprints

JS Globals
WpAfterLoginRedirectAdvanced
FAQ

Frequently Asked Questions about After Login Redirect