Recently, the WordPress security plugin Change wp-admin login, which has 70,000+ active installs according to WordPress, was updated to fix security vulnerabilities involving the changing of the plugin’s settings. That a security plugin was insecure seems concerning. More concerning was that the developer made two failed attempts to fix the vulnerability before finally addressing it. While looking into the situation, we found yet another concern; the developer isn’t telling honest.

Two weeks ago, a review of the plugin was made with this claim: [Read more]