Does ArkHost Security Pack have any unpatched vulnerabilities?

No. All known vulnerabilities in ArkHost Security Pack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ArkHost Security Pack compatible with WordPress 6.9.4?

According to WordPress.org data, ArkHost Security Pack 1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ArkHost Security Pack compatible with PHP 7.4+?

ArkHost Security Pack requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ArkHost Security Pack updated?

ArkHost Security Pack was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is ArkHost Security Pack's security score?

ArkHost Security Pack has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ArkHost Security Pack Security & Risk Analysis

wordpress.org/plugins/arkhost-security-pack

WordPress security without the nonsense. No upsells, no premium tier, no fake threat counters.

0 active installs v1.1 PHP 7.4+ WP 5.0+ Updated Feb 19, 2026

2fafirewallloginmalwaresecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ArkHost Security Pack Safe to Use in 2026?

Generally Safe

Score 100/100

ArkHost Security Pack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "arkhost-security-pack" v1.1 plugin exhibits a strong adherence to many security best practices, particularly concerning its handling of AJAX endpoints and output escaping. The absence of any recorded vulnerabilities (CVEs) in its history is a significant positive indicator, suggesting a mature and well-maintained codebase. Furthermore, the plugin demonstrates robust internal security measures, with all identified AJAX handlers having authentication checks, a high percentage of SQL queries utilizing prepared statements, and comprehensive nonce and capability checks in place.

However, the static analysis reveals a potential area of concern within the taint analysis, where three flows were identified with unsanitized paths. While no critical or high severity issues were flagged, the presence of unsanitized paths, even if not currently exploited or leading to severe outcomes, represents a latent risk. These could potentially be leveraged in future attacks if not addressed. The plugin also performs a notable number of file operations (23) and external HTTP requests (3), which, while not inherently insecure, represent additional vectors that warrant careful scrutiny and ongoing monitoring.

In conclusion, the plugin's current security posture appears generally good, with strong foundational security practices. The primary area for improvement lies in thoroughly investigating and sanitizing the identified unsanitized paths to eliminate any potential for future vulnerabilities. The absence of historical vulnerabilities is encouraging, but continuous vigilance, especially around the identified taint flow issues, is recommended to maintain this positive security record.

Key Concerns

Flows with unsanitized paths found

Vulnerabilities

None known

ArkHost Security Pack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ArkHost Security Pack Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

235 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared41 total queries

Output Escaping

100% escaped235 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

ajax_quarantine_file (includes\class-arksp-admin.php:2698)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ArkHost Security Pack Attack Surface

Entry Points23

Unprotected0

AJAX Handlers 23

authwp_ajax_arksp_clear_logsincludes\class-arksp-admin.php:31

authwp_ajax_arksp_export_logsincludes\class-arksp-admin.php:32

authwp_ajax_arksp_whitelist_ipincludes\class-arksp-admin.php:33

authwp_ajax_arksp_unblock_ipincludes\class-arksp-admin.php:34

authwp_ajax_arksp_clear_lockoutsincludes\class-arksp-admin.php:35

authwp_ajax_arksp_run_file_scanincludes\class-arksp-admin.php:36

authwp_ajax_arksp_run_malware_scanincludes\class-arksp-admin.php:37

authwp_ajax_arksp_reset_file_baselineincludes\class-arksp-admin.php:38

authwp_ajax_arksp_clear_malware_resultsincludes\class-arksp-admin.php:39

authwp_ajax_arksp_download_geo_dbincludes\class-arksp-admin.php:40

authwp_ajax_arksp_export_settingsincludes\class-arksp-admin.php:41

authwp_ajax_arksp_import_settingsincludes\class-arksp-admin.php:42

authwp_ajax_arksp_reset_settingsincludes\class-arksp-admin.php:43

authwp_ajax_arksp_test_emailincludes\class-arksp-admin.php:44

authwp_ajax_arksp_force_logout_allincludes\class-arksp-admin.php:45

authwp_ajax_arksp_quarantine_fileincludes\class-arksp-admin.php:46

authwp_ajax_arksp_restore_fileincludes\class-arksp-admin.php:47

authwp_ajax_arksp_delete_quarantinedincludes\class-arksp-admin.php:48

authwp_ajax_arksp_delete_wp_fileincludes\class-arksp-admin.php:49

authwp_ajax_arksp_generate_2fa_secretincludes\class-arksp-two-factor.php:80

authwp_ajax_arksp_verify_2fa_setupincludes\class-arksp-two-factor.php:81

authwp_ajax_arksp_disable_2faincludes\class-arksp-two-factor.php:82

authwp_ajax_arksp_regenerate_backup_codesincludes\class-arksp-two-factor.php:83

WordPress Hooks 51

actionplugins_loadedarkhost-security-pack.php:96

actioninitarkhost-security-pack.php:97

actionarksp_daily_cleanuparkhost-security-pack.php:100

actionadmin_menuincludes\class-arksp-admin.php:22

actionadmin_initincludes\class-arksp-admin.php:23

actionadmin_enqueue_scriptsincludes\class-arksp-admin.php:24

actionwp_dashboard_setupincludes\class-arksp-admin.php:25

filterplugin_row_metaincludes\class-arksp-admin.php:26

filtersubmenu_fileincludes\class-arksp-admin.php:28

actionarksp_daily_file_scanincludes\class-arksp-file-integrity.php:48

filterxmlrpc_enabledincludes\class-arksp-hardening.php:24

filterwp_headersincludes\class-arksp-hardening.php:25

actionwpincludes\class-arksp-hardening.php:26

filterthe_generatorincludes\class-arksp-hardening.php:36

filterstyle_loader_srcincludes\class-arksp-hardening.php:38

filterscript_loader_srcincludes\class-arksp-hardening.php:39

actionsend_headersincludes\class-arksp-hardening.php:44

filterrest_authentication_errorsincludes\class-arksp-hardening.php:49

filterwp_is_application_passwords_availableincludes\class-arksp-hardening.php:54

actioninitincludes\class-arksp-hardening.php:58

actioninitincludes\class-arksp-hardening.php:62

filterrest_endpointsincludes\class-arksp-hardening.php:63

filteroembed_response_dataincludes\class-arksp-hardening.php:64

filterxmlrpc_methodsincludes\class-arksp-hardening.php:69

filterwp_headersincludes\class-arksp-hardening.php:70

filterpings_openincludes\class-arksp-hardening.php:71

actionwp_login_failedincludes\class-arksp-login-protection.php:44

filterauthenticateincludes\class-arksp-login-protection.php:46

actionwp_loginincludes\class-arksp-login-protection.php:49

actionlogin_initincludes\class-arksp-login-protection.php:53

actionlogin_formincludes\class-arksp-login-protection.php:59

actionregister_formincludes\class-arksp-login-protection.php:60

filterauthenticateincludes\class-arksp-login-protection.php:61

filterregistration_errorsincludes\class-arksp-login-protection.php:62

filterauthenticateincludes\class-arksp-login-protection.php:70

filterlogin_errorsincludes\class-arksp-login-protection.php:72

actioninitincludes\class-arksp-login-protection.php:85

filtersite_urlincludes\class-arksp-login-protection.php:86

filterwp_redirectincludes\class-arksp-login-protection.php:87

filterlogin_urlincludes\class-arksp-login-protection.php:88

actioninitincludes\class-arksp-login-protection.php:99

actionarksp_weekly_malware_scanincludes\class-arksp-malware-scanner.php:101

filterauthenticateincludes\class-arksp-two-factor.php:62

actionlogin_form_arksp_2faincludes\class-arksp-two-factor.php:66

actionlogin_initincludes\class-arksp-two-factor.php:68

actionshow_user_profileincludes\class-arksp-two-factor.php:71

actionedit_user_profileincludes\class-arksp-two-factor.php:72

actionpersonal_options_updateincludes\class-arksp-two-factor.php:73

actionedit_user_profile_updateincludes\class-arksp-two-factor.php:74

actionadmin_enqueue_scriptsincludes\class-arksp-two-factor.php:77

actionadmin_initincludes\class-arksp-two-factor.php:87

Scheduled Events 3

arksp_daily_cleanup

arksp_daily_file_scan

arksp_weekly_malware_scan

Maintenance & Trust

ArkHost Security Pack Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version7.4

Downloads165

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ArkHost Security Pack Alternatives

Iron Security – WordPress Security Plugin

iron-security

100

Hardening tool that blocks hackers and protect against: Brute Force Attacks, Exploits, Injections, Clickjacking and other important functionalities.

40 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

ArkHost Security Pack Developer Profile

ArkHost

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ArkHost Security Pack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/arkhost-security-pack/assets/css/admin.css/wp-content/plugins/arkhost-security-pack/assets/js/admin.js

Version Parameters

arkhost-security-pack/assets/css/admin.css?ver=arkhost-security-pack/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

arksp-admin-pagearksp-dashboard-widget

HTML Comments

Data Attributes

data-arksp-noncedata-arksp-ajax-url

JS Globals

window.arksp_admin_vars

REST Endpoints

/wp-json/arksp/v1/settings/wp-json/arksp/v1/logs/wp-json/arksp/v1/ip_control

FAQ