WP-Safety

Persistent Login Security & Risk Analysis

wordpress.org/plugins/wp-persistent-login

Persistent Login keeps users logged into your website, limits the number of active logins allowed at one time and alerts users of new devices logging …

7K active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Feb 8, 2026
active-loginsconcurrent-loginsloginsession-managementsessions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Persistent Login Safe to Use in 2026?

Generally Safe

Score 100/100

Persistent Login has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The wp-persistent-login plugin v3.0.3 exhibits a generally good security posture with a relatively small attack surface and a strong emphasis on authentication and authorization checks for its entry points. The absence of any known CVEs and the limited number of identified code signals, such as dangerous functions and file operations, are positive indicators. However, the presence of the `unserialize` function is a notable concern, as it can be a vector for object injection vulnerabilities if not handled with extreme care and strict input validation. Furthermore, the relatively low percentage of properly escaped outputs (45%) suggests a potential for cross-site scripting (XSS) vulnerabilities, especially given the large number of total outputs.

Key Concerns

  • Presence of unserialize function
  • Low percentage of properly escaped outputs
Vulnerabilities
None known

Persistent Login Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Persistent Login Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
8 prepared
Unescaped Output
53
44 escaped
Nonce Checks
9
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$ip_data = unserialize(file_get_contents('http://www.geoplugin.net/php.gp?ip='.$remote_address));classes\wp-persistent-login-active-logins.php:117

Bundled Libraries

Freemius1.0

SQL Query Safety

73% prepared11 total queries

Output Escaping

45% escaped97 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
render_page_header (classes\wp-persistent-login-dashboard.php:34)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Persistent Login Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_wppl_stop_user_countclasses\wp-persistent-login-dashboard.php:24
authwp_ajax_wppl_send_test_emailclasses\wp-persistent-login-email.php:16
noprivwp_ajax_wppl_send_test_emailclasses\wp-persistent-login-email.php:17
authwp_ajax_wppl_send_inactivity_test_emailclasses\wp-persistent-login-email.php:20
noprivwp_ajax_wppl_send_inactivity_test_emailclasses\wp-persistent-login-email.php:21
authwp_ajax_wppl_toggle_featureclasses\wp-persistent-login-settings.php:57
authwp_ajax_wppl_get_user_count_statusclasses\wp-persistent-login-settings.php:58
WordPress Hooks 28
filterauthenticateclasses\wp-persistent-login-active-logins.php:42
actionadmin_menuclasses\wp-persistent-login-admin.php:29
actionadmin_post_wppl_empty_login_history_tableclasses\wp-persistent-login-login-history.php:34
actionwp_loginclasses\wp-persistent-login-login-history.php:38
actionshow_user_profileclasses\wp-persistent-login-login-history.php:43
actionedit_user_profileclasses\wp-persistent-login-login-history.php:44
actionshow_user_profileclasses\wp-persistent-login-profile.php:28
actionpersonal_options_updateclasses\wp-persistent-login-profile.php:31
actionedit_user_profile_updateclasses\wp-persistent-login-profile.php:32
actionadmin_initclasses\wp-persistent-login-settings.php:37
actionadmin_initclasses\wp-persistent-login-settings.php:51
actionadmin_enqueue_scriptsclasses\wp-persistent-login-settings.php:54
filtercron_schedulesclasses\wp-persistent-login-user-count.php:31
actionpersistent_login_user_countclasses\wp-persistent-login-user-count.php:34
actionpersistent_login_update_countclasses\wp-persistent-login-user-count.php:37
actionactivity_box_endclasses\wp-persistent-login-user-count.php:43
filterauth_cookie_expirationclasses\wp-persistent-login.php:38
actionset_current_userclasses\wp-persistent-login.php:41
filtersecure_signon_cookieclasses\wp-persistent-login.php:44
actionwp_footerclasses\wp-persistent-login.php:47
filterlogin_footerclasses\wp-persistent-login.php:48
actionclear_auth_cookieclasses\wp-persistent-login.php:51
filterwoocommerce_login_credentialsclasses\wp-persistent-login.php:54
actionwoo_slg_login_user_authenticatedclasses\wp-persistent-login.php:57
actionplugins_loadedincludes\database-upgrades.php:23
actioninitwp_persistent_login.php:54
actionafter_uninstallwp_persistent_login.php:63
actionwp_mail_failedwp_persistent_login.php:90

Scheduled Events 4

persistent_login_user_count
persistent_login_update_count
persistent_login_user_count
persistent_login_user_count
Maintenance & Trust

Persistent Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 8, 2026
PHP min version7.4
Downloads119K

Community Trust

Rating78/100
Number of ratings25
Active installs7K
Alternatives

Persistent Login Alternatives

Loggedin – Limit Concurrent Sessions

Loggedin – Limit Concurrent Sessions

loggedin

A
99

Lightweight plugin that limits an account to a specific number of concurrent logins.

8K 1 CVE
User Session Control

User Session Control

user-session-control

A
85

View and manage all active user sessions in a custom admin screen.

700 No CVEs
Login Timeout Sessions

Login Timeout Sessions

login-timeout-sessions

A
100

Allows you the ability to set login session / expiry Settings on user capacities by admin panel.

300 No CVEs
Prevent Users Concurrent Sign In

Prevent Users Concurrent Sign In

prevent-users-concurrent-sign-in

A
92

The "Prevent Users Concurrent Sign In" plugin for WordPress is a powerful tool designed to enhance the security of your website by preventin …

50 No CVEs
User and Login Management

User and Login Management

user-and-login-management

A
100

This plugin provides bulk user import/export, users session & login activity management, page privacy & security, and user redirection in one place

20 No CVEs
Developer Profile

Persistent Login Developer Profile

lukeseager

1 plugin · 7K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Persistent Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-persistent-login/css/dashboard.css/wp-content/plugins/wp-persistent-login/js/dashboard.js
Script Paths
/wp-content/plugins/wp-persistent-login/js/dashboard.js
Version Parameters
wp-persistent-login/css/dashboard.css?ver=wp-persistent-login/js/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes
wppl-containerwppl-wrapwppl-msg
Data Attributes
data-wppl-settings
JS Globals
ajaxurlWPPL_ACCOUNT_PAGEWPPL_UPGRADE_PAGEWPPL_SUPPORT_PAGE
FAQ

Frequently Asked Questions about Persistent Login