Does WP Login Flow have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Login Flow compatible with WordPress 5.5.18?

According to WordPress.org data, WP Login Flow 3.1.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is WP Login Flow updated?

WP Login Flow was last updated on Oct 7, 2020. Frequent updates are generally a positive security signal.

What is WP Login Flow's security score?

WP Login Flow has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Login Flow Security & Risk Analysis

wordpress.org/plugins/wp-login-flow

wp-login permalinks, auto login, register w/ pass, login/logout redirects, email as username, bg/logo/color customizations, hide admin bar, and more!

70 active installs v3.1.1 PHP + WP 4.4.0+ Updated Oct 7, 2020

activationlogin-flowwp-loginwp-login-flowwp-login-php

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Login Flow Safe to Use in 2026?

Generally Safe

Score 85/100

WP Login Flow has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'wp-login-flow' v3.1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, executing all SQL queries with prepared statements, and avoiding file operations and external HTTP requests. It also includes nonce and capability checks, which are crucial for WordPress security. However, a significant concern arises from the presence of an unprotected AJAX handler, which represents a direct entry point into the plugin's functionality without any authentication or authorization checks. While there is no recorded vulnerability history, suggesting a generally stable past, this single unprotected entry point, coupled with a notable percentage of improperly escaped output, presents a tangible risk. The taint analysis revealing unsanitized paths, although not reaching critical or high severity, further emphasizes the need for careful input handling. The plugin's strengths lie in its backend data handling, but its frontend interaction points require immediate attention.

Key Concerns

Unprotected AJAX handler
Insufficient output escaping
Taint flow with unsanitized path

Vulnerabilities

None known

WP Login Flow Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Login Flow Release Timeline

v3.1.1Current

v3.1.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.0.0

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

WP Login Flow Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

37% escaped89 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

user_registered (classes\register.php:302)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Login Flow Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wp_login_flow_dl_backupclasses\settings.php:43

WordPress Hooks 47

actionadmin_enqueue_scriptsclasses\assets.php:20

actionadmin_enqueue_scriptsclasses\assets.php:21

actionadmin_enqueue_scriptsclasses\assets.php:22

actionadmin_enqueue_scriptsclasses\assets.php:23

actionwp_enqueue_scriptsclasses\assets.php:24

filtershow_admin_barclasses\core.php:24

filterretrieve_password_titleclasses\emails\resetpw.php:18

filterretrieve_password_messageclasses\emails\resetpw.php:19

actionlogin_enqueue_scriptsclasses\login\styles.php:19

actionlogin_headerurlclasses\login\styles.php:20

filterlogin_headertextclasses\login\styles.php:23

filterlogin_headertitleclasses\login\styles.php:25

actionlogin_initclasses\login.php:28

filterwp_login_errorsclasses\login.php:29

filtergettextclasses\login.php:30

filterlogin_enqueue_scriptsclasses\login.php:36

actionlogin_headerclasses\login.php:37

filterwp_mail_fromclasses\mail.php:27

filterwp_mail_from_nameclasses\mail.php:28

filterlogin_redirectclasses\redirects.php:19

filterlogout_redirectclasses\redirects.php:20

filterregistration_redirectclasses\redirects.php:22

actionuser_registerclasses\register.php:17

actionregister_new_userclasses\register.php:18

filterwp_pre_insert_user_dataclasses\register.php:19

actionregister_formclasses\register.php:20

filterregistration_errorsclasses\register.php:21

filtergettextclasses\register.php:22

filterlogin_form_registerclasses\register.php:23

filterwp_login_errorsclasses\register.php:24

actionshutdownclasses\rewrite.php:39

filterlostpassword_urlclasses\rewrite.php:40

filterlogin_urlclasses\rewrite.php:41

filterregister_urlclasses\rewrite.php:42

filtersite_urlclasses\rewrite.php:43

filternetwork_site_urlclasses\rewrite.php:44

filterwp_redirectclasses\rewrite.php:45

actionwp_loadedclasses\rewrite.php:46

actionadmin_initclasses\settings.php:41

actionadmin_menuclasses\settings.php:42

actionauthenticateclasses\user\auth.php:20

filtermanage_users_columnsclasses\user\list\table.php:19

actionmanage_users_custom_columnclasses\user\list\table.php:20

filtergettextclasses\user.php:34

actioninitwp-login-flow.php:66

actionadmin_noticeswp-login-flow.php:67

filterplugin_row_metawp-login-flow.php:68

Maintenance & Trust

WP Login Flow Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedOct 7, 2020

PHP min version

Downloads5K

Community Trust

Rating88/100

Number of ratings7

Active installs70

Alternatives

WP Login Flow Alternatives

WPS Hide Login

wps-hide-login

Change wp-login.php to anything you want.

2.0M 10 CVEs

Rename wp-login.php to anything you want

rename-wp-loginphp-to-anything-you-want

This plugin changes the way you login into your website.

500 No CVEs

Blue Login Style

blue-login-style

Blue Login Style is a tiny plugin which allows to customize your wp-login theme easily with a click.

300 No CVEs

FC Login Customizer

fc-login-customizer

Automatically customize the login screen with your brand logo, the associated link when clicked and the hidden H1 title inside the page.

50 No CVEs

Anton Extensions

4nton-extensions

Developer and Programmer tools and tasks helper. Helpful SOP features.

10 No CVEs

Developer Profile

WP Login Flow Developer Profile

tripflex

9 plugins · 890 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Login Flow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-login-flow/assets/css/login-page.css/wp-content/plugins/wp-login-flow/assets/css/login-form.css/wp-content/plugins/wp-login-flow/assets/js/login-form.js

Script Paths

/wp-content/plugins/wp-login-flow/assets/js/login-form.js

Version Parameters

wp-login-flow/assets/css/login-page.css?ver=wp-login-flow/assets/css/login-form.css?ver=wp-login-flow/assets/js/login-form.js?ver=

HTML / DOM Fingerprints

CSS Classes

wplf-loginwp-login-flow-container

HTML Comments

<!-- WP Login Flow : Plugin Row Meta ---<!-- WP Login Flow : Settings Link ---

Data Attributes

data-plugin-slug="wp-login-flow"

JS Globals

window.wpLoginFlowSettings

FAQ