PLUGIN SECURITY
Is WPS Hide Login safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the WPS Hide Login WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wps-hide-login - Requires PHP: 7.0+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- WPS Hide Login [wps-hide-login] < 1.9.1 [CVE-2021-24917, WordPress WPS Hide Login plugin <= 1.9 - Protection Bypass with Referer-Header vulnerability, WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure, WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header]
- WPS Hide Login [wps-hide-login] < 1.1 [CVE-2015-9498, WPS Hide Login <= 1.0 - Cross-Site Request Forgery, WPS Hide Login 1.0 - CSRF]
- WPS Hide Login [wps-hide-login] < 1.5.3 [CVE-2019-15823, WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=confirmaction']
- WPS Hide Login [wps-hide-login] < 1.5.3 [CVE-2019-15824, WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'adminhash']
- WPS Hide Login [wps-hide-login] < 1.5.3 [CVE-2019-15825, WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=rp']
+ 11 more known vulnerabilities
- WPS Hide Login [wps-hide-login] < 1.5.3 [CVE-2019-15826, WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via Referer Header, WPS Hide Login <= 1.5.2.2 - Multiples Issues]
- WPS Hide Login [wps-hide-login] < 1.7 [CVE-2021-3332, WordPress WPS Hide Login plugin <= 1.6.1 - Login Page Protection Bypass vulnerability]
- WPS Hide Login [wps-hide-login] < 1.5.5 [WordPress WPS Hide Login plugin <= 1.5.4.2 - Secret login page location disclosure vulnerability]
- WPS Hide Login [wps-hide-login] < 1.5.3 [WordPress WPS Hide Login plugin <= 1.5.2.2 - Multiples Security Issues]
- WPS Hide Login [wps-hide-login] < 1.1 [WordPress WPS Hide Login Plugin <= 1.0 - CSRF]
- WPS Hide Login [wps-hide-login] < 1.5.5 [WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure]
- WPS Hide Login [wps-hide-login] < 1.5.5 [WPS Hide Login < 1.5.5 - Secret Login Page Disclosure]
- WPS Hide Login [wps-hide-login] < 1.5.5 [CVE-2020-36710]
- WPS Hide Login [wps-hide-login] < 1.9.12 [CVE-2023-49748, WordPress WPS Hide Login Plugin <= 1.9.11 is vulnerable to Bypass Vulnerability, WPS Hide Login <= 1.9.11 - Hidden Login Page Location Disclosure, WPS Hide Login < 1.9.12 - Hidden Login Page Location Disclosure]
- WPS Hide Login [wps-hide-login] < 1.9.16 [CVE-2024-2473, WPS Hide Login <= 1.9.15.2 - Login Page Disclosure, WordPress WPS Hide Login Plugin <= 1.9.15.2 is vulnerable to Bypass Vulnerability]
- WPS Hide Login [wps-hide-login] < 1.9.16.4 [CVE-2024-6289, WordPress WPS Hide Login Plugin < 1.9.16.4 is vulnerable to Bypass Vulnerability, WPS Hide Login <= 1.9.16.3 - Login Page Disclosure]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Loginizer — 1000000+ active installs — max PHP <8.0
- Security Optimizer – The All-In-One Protection Plugin — 1000000+ active installs — max PHP <8.0
- Limit Login Attempts — 300000+ active installs — max PHP 8.4
- LoginPress | wp-login Custom Login Page Customizer — 200000+ active installs — max PHP 8.4
- WPS Limit Login — 100000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.