Does WP Custom Login Branding have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Custom Login Branding have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Custom Login Branding compatible with WordPress 5.4.19?

According to WordPress.org data, WP Custom Login Branding 1.3 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is WP Custom Login Branding updated?

WP Custom Login Branding was last updated on Apr 27, 2020. Frequent updates are generally a positive security signal.

What is WP Custom Login Branding's security score?

WP Custom Login Branding has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Custom Login Branding Security & Risk Analysis

wordpress.org/plugins/wp-custom-login-branding

A simple plugin that allows web developers and designers to brand the login page of WordPress for their customers.

200 active installs v1.3 PHP + WP 4.0.0+ Updated Apr 27, 2020

brandingcustom-loginloginwp-loginwp-admin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Custom Login Branding Safe to Use in 2026?

Generally Safe

Score 85/100

WP Custom Login Branding has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

Based on the static analysis and vulnerability history provided, the "wp-custom-login-branding" plugin version 1.3 exhibits a strong security posture. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, file operations, external HTTP requests, or vulnerabilities in its history suggests a well-developed and secure plugin. The code analysis indicates a good practice of using prepared statements for any SQL operations (though none were found) and a reasonable level of output escaping.

However, there are areas for concern that prevent a perfect score. The complete lack of nonces and capability checks across all identified output points, even with a low number of total outputs, is a significant weakness. This implies that even if there were entry points, they might be susceptible to CSRF attacks or unauthorized access by users without proper permissions. The taint analysis showing zero flows is also unusual and could indicate either exceptionally clean code or incomplete analysis. Overall, while the plugin appears to have avoided common vulnerabilities and has no known exploitable flaws, the missing security controls on its output present a latent risk.

Key Concerns

Missing nonce checks on output points
Missing capability checks on output points
Output escaping is only 61% proper

Vulnerabilities

None known

WP Custom Login Branding Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Custom Login Branding Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped38 total outputs

Attack Surface

WP Custom Login Branding Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menuinc\wclbsettings.class.php:16

actionadmin_initinc\wclbsettings.class.php:17

actionadmin_enqueue_scriptsinc\wclbsettings.class.php:18

actionlogin_messageinc\wpcustombranding.class.php:21

actionlogin_footerinc\wpcustombranding.class.php:22

actionlogin_enqueue_scriptsinc\wpcustombranding.class.php:23

filterlogin_headerurlinc\wpcustombranding.class.php:25

Maintenance & Trust

WP Custom Login Branding Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedApr 27, 2020

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings3

Active installs200

Alternatives

WP Custom Login Branding Alternatives

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs

Rename wp-admin login

rename-wp-admin-login

100

Rename wp-admin login* is a plugin that allows us to rename wp-admin login URL to anything you want

7K No CVEs

Simple Custom Login Page

simple-custom-login-page

100

A simple, lightweight plugin to easily customise the admin login page with your brand's logo and colors.

60 No CVEs

Admin Login Hide – PTI

admin-login-hide-pti

100

Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.

10 No CVEs

Secure WordPress Admin – Change & Hide Login URL

change-hide-login-url

100

Secure and customize your WordPress admin login by changing the default wp-login.php URL to a custom slug and blocking unauthorized access to wp-admin …

0 No CVEs

Developer Profile

WP Custom Login Branding Developer Profile

Webtronic

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Custom Login Branding

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-custom-login-branding/js/admin.js

Script Paths