PLUGIN SECURITY
Is Loginpress safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Loginpress WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
loginpress - Max supported PHP (analyzed): 8.4
Known vulnerabilities
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.5.12 [CVE-2022-0347, LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter, LoginPress < 1.5.12 - Reflected Cross-Site Scripting]
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.4 [CVE-2019-15871, LoginPress | Custom Login Page Customizer <= 1.1.13 - Unauthorized Settings Update, LoginPress <= 1.1.13 - Unauthorized Blind SQL Injection]
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [CVE-2019-15872, LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import]
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.6.3 [CVE-2022-41839, WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability, LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes, LoginPress < 1.6.3 - Unauthenticated Settings Update]
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [LoginPress <= 1.1.15 - Authenticated Stored Cross-SIte Scripting]
+ 2 more known vulnerabilities
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [LoginPress <= 1.1.15 - Authenticated Blind SQL Injection]
- LoginPress | wp-login Custom Login Page Customizer [loginpress] < 4.0.0 [CVE-2025-1764, WordPress LoginPress Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF), LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update, EUVD-2025-6432]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WPS Hide Login — 2000000+ active installs — max PHP 8.4
- Loginizer — 1000000+ active installs — max PHP <8.0
- Security Optimizer – The All-In-One Protection Plugin — 1000000+ active installs — max PHP <8.0
- Limit Login Attempts — 300000+ active installs — max PHP 8.4
- WPS Limit Login — 100000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.