WP-Safety

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Security & Risk Analysis

wordpress.org/plugins/wporlogin

Stop installing 7 plugins! WPOrLogin is the All-in-One Suite: Custom Login Design, Social Login (Google), Hide Login URL, Limit Attempts & reCAPTCHA.

2K active installs v3.0.2 PHP 7.4+ WP 6.0+ Updated Jan 21, 2026
custom-loginhide-loginlimit-loginrecaptchasecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Safe to Use in 2026?

Generally Safe

Score 100/100

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "wporlogin" v3.0.2 plugin presents a mixed security posture. While it demonstrates some good practices like a high percentage of prepared SQL statements and proper output escaping, it also has significant security concerns. The plugin exposes two AJAX handlers without authentication checks, creating a considerable attack surface for unauthorized actions. Furthermore, taint analysis revealed flows with unsanitized paths, including one of high severity, indicating potential for injection vulnerabilities that could be exploited if data is not properly validated.

The plugin's vulnerability history is clean, with no recorded CVEs. This suggests that in the past, it has not been a target or has been developed with a high level of security awareness. However, the current static analysis findings, particularly the unprotected AJAX endpoints and the high-severity taint flow, indicate that the current version has introduced new risks. The absence of past vulnerabilities should not lead to complacency, as the present code analysis highlights areas needing immediate attention.

In conclusion, "wporlogin" v3.0.2 has a concerning number of unprotected entry points and a high-severity taint flow, outweighing its strengths in SQL prepared statements and output escaping. The clean vulnerability history is a positive sign but does not mitigate the immediate risks identified in the code. It is recommended that the unprotected AJAX handlers be secured with appropriate authentication and capability checks, and the identified unsanitized path flow be thoroughly investigated and remediated.

Key Concerns

  • AJAX handlers without auth checks
  • High severity unsanitized path taint flow
  • Unprotected entry points: 2
Vulnerabilities
None known

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
10 prepared
Unescaped Output
85
244 escaped
Nonce Checks
3
Capability Checks
6
File Operations
1
External Requests
3
Bundled Libraries
0

SQL Query Safety

71% prepared14 total queries

Output Escaping

74% escaped329 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
ajax_dismiss_notice (admin\class-wporlogin-admin-notices.php:418)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wporlogin_dismiss_notice_genericincludes\class-wporlogin.php:322
authwp_ajax_delete-notice-wpincludes\class-wporlogin.php:324
WordPress Hooks 82
actionplugins_loadedincludes\class-wporlogin.php:69
actioninitincludes\class-wporlogin.php:191
actionplugins_loadedincludes\class-wporlogin.php:219
actionwp_trash_postincludes\class-wporlogin.php:294
actionbefore_delete_postincludes\class-wporlogin.php:295
actionadmin_noticesincludes\class-wporlogin.php:296
filterpage_row_actionsincludes\class-wporlogin.php:297
actionload-post.phpincludes\class-wporlogin.php:302
actionadmin_menuincludes\class-wporlogin.php:312
actionadmin_initincludes\class-wporlogin.php:313
actionadmin_initincludes\class-wporlogin.php:314
actionadmin_enqueue_scriptsincludes\class-wporlogin.php:315
actionupdate_option_wporlogin_limit_whitelistincludes\class-wporlogin.php:316
actionadmin_noticesincludes\class-wporlogin.php:319
actionadmin_noticesincludes\class-wporlogin.php:320
actionadmin_noticesincludes\class-wporlogin.php:321
actionadmin_noticesincludes\class-wporlogin.php:323
actionwp_dashboard_setupincludes\class-wporlogin.php:328
actionadmin_initincludes\class-wporlogin.php:332
actionpre_get_postsincludes\class-wporlogin.php:469
filterwp_nav_menu_objectsincludes\class-wporlogin.php:472
filterwp_page_menu_argsincludes\class-wporlogin.php:473
filterwp_list_pages_excludesincludes\class-wporlogin.php:474
actionpre_get_postsincludes\class-wporlogin.php:477
filterget_pagesincludes\class-wporlogin.php:480
filterrest_page_queryincludes\class-wporlogin.php:481
actiontemplate_redirectincludes\class-wporlogin.php:486
filterlogin_redirectincludes\class-wporlogin.php:504
actionwp_logoutincludes\class-wporlogin.php:505
actionlogin_initincludes\class-wporlogin.php:508
actionlogin_headincludes\class-wporlogin.php:509
actionlogin_headincludes\class-wporlogin.php:510
actionlogin_headincludes\class-wporlogin.php:511
actionlogin_enqueue_scriptsincludes\class-wporlogin.php:512
filterlogin_headertextincludes\class-wporlogin.php:513
filterlogin_headerurlincludes\class-wporlogin.php:514
actionlogin_enqueue_scriptsincludes\class-wporlogin.php:517
actionlogin_formincludes\class-wporlogin.php:518
filterwp_authenticate_userincludes\class-wporlogin.php:519
actionregister_formincludes\class-wporlogin.php:520
filterregistration_errorsincludes\class-wporlogin.php:521
actionlostpassword_formincludes\class-wporlogin.php:522
filterlostpassword_errorsincludes\class-wporlogin.php:523
filterwp_authenticate_userincludes\class-wporlogin.php:526
actionwp_login_failedincludes\class-wporlogin.php:527
actionwp_loginincludes\class-wporlogin.php:528
filterlogin_errorsincludes\class-wporlogin.php:529
actionwporlogin_daily_maintenance_hookincludes\class-wporlogin.php:530
actionlogin_formincludes\class-wporlogin.php:538
actionregister_formincludes\class-wporlogin.php:539
actionlogin_enqueue_scriptsincludes\class-wporlogin.php:540
actionlogin_footerincludes\class-wporlogin.php:541
actioninitincludes\class-wporlogin.php:542
filterwp_login_errorsincludes\class-wporlogin.php:543
filterget_avatarincludes\class-wporlogin.php:544
filtertemplate_includeincludes\class-wporlogin.php:552
actioncustomize_controls_enqueue_scriptsincludes\customizer\class-customizer-assets.php:23
actioncustomize_preview_initincludes\customizer\class-customizer-preview.php:17
actioncustomize_controls_enqueue_scriptsincludes\customizer\class-customizer-preview.php:18
actionwp_enqueue_scriptsincludes\customizer\class-wporlogin-custom-css-loader.php:22
actionwp_enqueue_scriptsincludes\customizer\class-wporlogin-custom-css-loader.php:26
actioncustomize_registerincludes\customizer\class-wporlogin-customizer.php:26
actioncustomize_save_afterincludes\customizer\class-wporlogin-dynamic-css-generator.php:18
actionupdate_option_remove_language_wporloginincludes\customizer\class-wporlogin-dynamic-css-generator.php:19
actioncustomize_controls_print_stylesincludes\customizer\sections\class-background.php:23
actioncustomize_controls_print_stylesincludes\customizer\sections\class-background.php:184
actioncustomize_registerincludes\customizer\sections\class-background.php:228
actioncustomize_controls_print_footer_scriptsincludes\customizer\sections\class-background.php:230
actioncustomize_controls_print_stylesincludes\customizer\sections\class-background.php:600
actionlogin_enqueue_scriptspublic\class-wporlogin-public-assets.php:33
actionwp_enqueue_scriptspublic\class-wporlogin-public-assets.php:35
actionwp_enqueue_scriptspublic\class-wporlogin-public-assets.php:39
filterlogin_display_language_dropdownpublic\class-wporlogin-public-design.php:59
actionwp_loadedpublic\class-wporlogin-public-hide-login.php:29
filtersite_urlpublic\class-wporlogin-public-hide-login.php:32
filternetwork_site_urlpublic\class-wporlogin-public-hide-login.php:33
filterwp_redirectpublic\class-wporlogin-public-hide-login.php:34
filterlostpassword_urlpublic\class-wporlogin-public-hide-login.php:37
actioninitpublic\class-wporlogin-public-hide-login.php:40
actioninitpublic\class-wporlogin-public-hide-login.php:44
actionlogin_enqueue_scriptspublic\social\class-wporlogin-social-only-register.php:19
filterregistration_errorspublic\social\class-wporlogin-social-only-register.php:22

Scheduled Events 1

wporlogin_daily_maintenance_hook
Maintenance & Trust

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 21, 2026
PHP min version7.4
Downloads50K

Community Trust

Rating96/100
Number of ratings31
Active installs2K
Alternatives

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Alternatives

Admin Login Hide – PTI

Admin Login Hide – PTI

admin-login-hide-pti

A
100

Easily hide or customize your WordPress login URL to enhance security and prevent unauthorized access.

10 No CVEs
CubeMage Login Guard

CubeMage Login Guard

cubemage-login-guard

A
100

Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.

0 No CVEs
ShieldGate

ShieldGate

shieldgate

A
100

Protect your site by hiding the login page with a secret slug and limiting failed login attempts.

0 No CVEs
reCaptcha by BestWebSoft

reCaptcha by BestWebSoft

google-captcha

A
98

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs
WPS Limit Login

WPS Limit Login

wps-limit-login

A
96

WPS Limit login limit connection attempts by IP address

100K 3 CVEs
Developer Profile

WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA Developer Profile

Nivardo Ch

1 plugin · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wporlogin/assets/css/wporlogin-admin.css/wp-content/plugins/wporlogin/assets/js/wporlogin-admin.js
Script Paths
/wp-content/plugins/wporlogin/assets/js/wporlogin-admin.js
Version Parameters
wporlogin-admin.css?ver=wporlogin-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wporlogin-admin-wrapwporlogin-page-settings
HTML Comments
<!-- NEW --><!-- AGREGAMOS EL "NEW" ROJO AL SUBMENÚ "SOCIAL LOGIN" --><!-- Creamos el HTML para la etiqueta roja -->
Data Attributes
data-plugin-name="Wporlogin"data-plugin-version="3.0.2"
JS Globals
wporlogin_admin_params
FAQ

Frequently Asked Questions about WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA