Does Bearmor Security have any unpatched vulnerabilities?

No. All known vulnerabilities in Bearmor Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bearmor Security compatible with WordPress 6.9.4?

According to WordPress.org data, Bearmor Security 0.9.16 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bearmor Security compatible with PHP 7.4+?

Bearmor Security requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bearmor Security updated?

Bearmor Security was last updated on Feb 28, 2026. Frequent updates are generally a positive security signal.

What is Bearmor Security's security score?

Bearmor Security has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bearmor Security Security & Risk Analysis

wordpress.org/plugins/bearmor-security

Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.

50 active installs v0.9.16 PHP 7.4+ WP 5.8+ Updated Feb 28, 2026

firewalllogin-securitymalware-scannersecuritytwo-factor-authentication

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bearmor Security Safe to Use in 2026?

Generally Safe

Score 100/100

Bearmor Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The bearmor-security plugin v0.9.16 exhibits a generally good security posture with a high percentage of properly escaped output and a significant portion of SQL queries using prepared statements. The absence of known CVEs and a clean vulnerability history are positive indicators. However, the static analysis reveals two AJAX handlers that lack authentication checks, representing a direct attack vector. Furthermore, the taint analysis identifies two flows with unsanitized paths, both categorized as high severity. These findings suggest potential vulnerabilities that could allow for unauthorized actions or data manipulation if exploited. While the plugin demonstrates strengths in secure coding practices, the identified unprotected entry points and high-severity taint flows warrant attention and mitigation.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths (High severity)

Vulnerabilities

None known

Bearmor Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Bearmor Security Code Analysis

Dangerous Functions

Raw SQL Queries

100

138 prepared

Unescaped Output

769 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

58% prepared238 total queries

Output Escaping

98% escaped785 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

<file-changes> (admin\file-changes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Bearmor Security Attack Surface

Entry Points13

Unprotected2

AJAX Handlers 13

authwp_ajax_bearmor_preview_filebearmor-security.php:828

authwp_ajax_bearmor_preview_malware_filebearmor-security.php:896

authwp_ajax_bearmor_scan_databasebearmor-security.php:1374

authwp_ajax_bearmor_scan_uploadsbearmor-security.php:1499

authwp_ajax_bearmor_view_threatbearmor-security.php:1572

authwp_ajax_bearmor_mark_safebearmor-security.php:1606

authwp_ajax_bearmor_clean_threatbearmor-security.php:1635

authwp_ajax_bearmor_quarantine_filebearmor-security.php:1732

authwp_ajax_bearmor_trigger_ai_analysisbearmor-security.php:1782

authwp_ajax_bearmor_generate_pdf_reportbearmor-security.php:1817

authwp_ajax_bearmor_get_uptime_historybearmor-security.php:1874

authwp_ajax_bearmor_download_pdfbearmor-security.php:2094

authwp_ajax_bearmor_cancel_subscriptionbearmor-security.php:2112

WordPress Hooks 71

actionplugins_loadedbearmor-security.php:90

actionadmin_initbearmor-security.php:91

actionbearmor_initial_baseline_scanbearmor-security.php:672

actionadmin_noticesbearmor-security.php:694

actionadmin_initbearmor-security.php:707

actionadmin_noticesbearmor-security.php:730

action_core_updated_successfullybearmor-security.php:735

actionactivated_pluginbearmor-security.php:745

actionupgrader_process_completebearmor-security.php:762

actionbearmor_create_plugin_baselinebearmor-security.php:786

actionbearmor_create_theme_baselinebearmor-security.php:790

actionadmin_initbearmor-security.php:823

actionadmin_menubearmor-security.php:1049

actionadmin_enqueue_scriptsbearmor-security.php:1175

actionadmin_bar_menubearmor-security.php:1220

actionadmin_headbearmor-security.php:1234

actionadmin_initbearmor-security.php:1846

filterauthenticateincludes\class-bearmor-2fa.php:15

actionlogin_formincludes\class-bearmor-2fa.php:16

actionlogin_enqueue_scriptsincludes\class-bearmor-2fa.php:17

actioninitincludes\class-bearmor-2fa.php:20

filterwp_login_errorsincludes\class-bearmor-2fa.php:23

actionwp_loginincludes\class-bearmor-2fa.php:26

actionwp_loginincludes\class-bearmor-activity-log.php:18

actionwp_logoutincludes\class-bearmor-activity-log.php:19

actionactivated_pluginincludes\class-bearmor-activity-log.php:22

actiondeactivated_pluginincludes\class-bearmor-activity-log.php:23

actionupgrader_process_completeincludes\class-bearmor-activity-log.php:24

actiondelete_pluginincludes\class-bearmor-activity-log.php:25

actionswitch_themeincludes\class-bearmor-activity-log.php:28

actionuser_registerincludes\class-bearmor-activity-log.php:31

actiondelete_userincludes\class-bearmor-activity-log.php:32

actionbearmor_cleanup_activity_logincludes\class-bearmor-activity-log.php:35

actionwp_loginincludes\class-bearmor-anomaly-detector.php:26

actionbearmor_plugin_activatedincludes\class-bearmor-callhome.php:24

actionbearmor_plugin_deactivatedincludes\class-bearmor-callhome.php:30

actioninitincludes\class-bearmor-firewall.php:16

actionsend_headersincludes\class-bearmor-hardening.php:16

actionsend_headersincludes\class-bearmor-hardening.php:19

actionsend_headersincludes\class-bearmor-hardening.php:22

actionsend_headersincludes\class-bearmor-hardening.php:25

actionsend_headersincludes\class-bearmor-hardening.php:28

filterthe_generatorincludes\class-bearmor-hardening.php:34

actioninitincludes\class-bearmor-hardening.php:39

filterlogin_errorsincludes\class-bearmor-hardening.php:44

filterxmlrpc_enabledincludes\class-bearmor-hardening.php:49

filterwp_xmlrpc_server_classincludes\class-bearmor-hardening.php:50

actiontemplate_redirectincludes\class-bearmor-hardening.php:55

actionphpmailer_initincludes\class-bearmor-helpers.php:172

actioncomment_form_after_fieldsincludes\class-bearmor-honeypot.php:22

actioncomment_form_logged_in_afterincludes\class-bearmor-honeypot.php:23

filterpreprocess_commentincludes\class-bearmor-honeypot.php:26

actionlogin_formincludes\class-bearmor-honeypot.php:29

filterauthenticateincludes\class-bearmor-honeypot.php:30

actionlogin_initincludes\class-bearmor-login-protection.php:24

filterauthenticateincludes\class-bearmor-login-protection.php:27

actionwp_login_failedincludes\class-bearmor-login-protection.php:30

actionwp_loginincludes\class-bearmor-login-protection.php:31

actionbearmor_cleanup_expired_blocksincludes\class-bearmor-login-protection.php:34

actionbearmor_daily_malware_scanincludes\class-bearmor-scan-scheduler.php:20

actionbearmor_daily_integrity_checkincludes\class-bearmor-scan-scheduler.php:21

actionbearmor_weekly_deep_scanincludes\class-bearmor-scan-scheduler.php:22

actionbearmor_daily_ai_analysisincludes\class-bearmor-scan-scheduler.php:23

actionbearmor_daily_cleanupincludes\class-bearmor-scan-scheduler.php:24

actionbearmor_activateincludes\class-bearmor-scan-scheduler.php:27

actionbearmor_deactivateincludes\class-bearmor-scan-scheduler.php:28

actionadmin_initincludes\class-bearmor-settings.php:22

actionbearmor_plugin_activatedincludes\class-bearmor-site-registration.php:23

actionbearmor_plugin_activatedincludes\class-bearmor-site-registration.php:24

actionbearmor_hourly_uptime_syncincludes\class-bearmor-uptime-sync.php:20

actionbearmor_daily_vulnerability_scanincludes\class-bearmor-vulnerability-scanner.php:20

Scheduled Events 15

bearmor_initial_baseline_scan

bearmor_create_plugin_baseline

bearmor_create_theme_baseline

bearmor_cleanup_activity_log

bearmor_cleanup_expired_blocks

bearmor_daily_malware_scan

bearmor_daily_integrity_check

bearmor_daily_cleanup

bearmor_daily_ai_analysis

bearmor_daily_malware_scan

bearmor_weekly_deep_scan

bearmor_hourly_uptime_sync

bearmor_daily_vulnerability_scan

Maintenance & Trust

Bearmor Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 28, 2026

PHP min version7.4

Downloads855

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Bearmor Security Alternatives

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Defender Security – Malware Scanner, Login Security & Firewall

defender-security

WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.

90K 7 CVEs

BulletProof Security

bulletproof-security

WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...

30K 12 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

Bearmor Security Developer Profile

bearmor

1 plugin · 50 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bearmor Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bearmor-security/assets/css/bearmor.css/wp-content/plugins/bearmor-security/assets/js/bearmor-admin.js/wp-content/plugins/bearmor-security/assets/js/bearmor-settings.js

Script Paths

/wp-content/plugins/bearmor-security/assets/js/bearmor-admin.js/wp-content/plugins/bearmor-security/assets/js/bearmor-settings.js

Version Parameters

bearmor-security/assets/css/bearmor.css?ver=bearmor-security/assets/js/bearmor-admin.js?ver=bearmor-security/assets/js/bearmor-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

bearmor-settings-pagebearmor-section-titlebearmor-tablebearmor-log-entrybearmor-blocked-ip-status

HTML Comments

Data Attributes

data-bearmor-setting-groupdata-bearmor-ip-iddata-bearmor-log-id

JS Globals

bearmor_admin_paramsbearmor_settings_paramsbearmor_ajax_object

REST Endpoints

/wp-json/bearmor/v1/settings/wp-json/bearmor/v1/logs/wp-json/bearmor/v1/ip-block

Shortcode Output

[bearmor_security_widget][bearmor_status_display]

FAQ