Does CloudGuard have any unpatched vulnerabilities?

No. All known vulnerabilities in CloudGuard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CloudGuard compatible with WordPress 6.9.4?

According to WordPress.org data, CloudGuard 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is CloudGuard updated?

CloudGuard was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is CloudGuard's security score?

CloudGuard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CloudGuard Security & Risk Analysis

wordpress.org/plugins/cloudguard

Use Cloudflare's free geolocation service to restrict access to your site's login page.

1K active installs v1.4.6 PHP + WP 4.9+ Updated Dec 3, 2025

cloudflaregeolocationiploginsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CloudGuard Safe to Use in 2026?

Generally Safe

Score 100/100

CloudGuard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The cloudguard plugin v1.4.6 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and performing capability checks, there are significant concerns regarding its attack surface. The presence of an unprotected AJAX handler is a critical vulnerability, as it represents a direct entry point for unauthenticated attackers. This single unprotected entry point significantly increases the risk profile despite other positive code signals.

The static analysis reveals a concerning taint flow with an unsanitized path, indicating a potential for directory traversal or other path manipulation vulnerabilities, although it is not classified as critical or high severity. The lack of vulnerability history, while seemingly positive, also means there's no historical context to assess how the developers have addressed past issues. The plugin's strengths lie in its SQL security and capability checks, but the critical weakness of an unprotected AJAX endpoint and the potential unsanitized path require immediate attention and mitigation.

Key Concerns

Unprotected AJAX handler
Flow with unsanitized path
Low percentage of proper output escaping

Vulnerabilities

None known

CloudGuard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CloudGuard Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped31 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

cloudguard_options_section_callback (cloudguard.php:192)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CloudGuard Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_cloudguard_nag_ajaxcloudguard.php:492

WordPress Hooks 6

actionplugins_loadedcloudguard.php:33

actioninitcloudguard.php:101

actionadmin_enqueue_scriptscloudguard.php:110

actionadmin_menucloudguard.php:124

actionadmin_initcloudguard.php:157

actionwp_dashboard_setupcloudguard.php:401

Maintenance & Trust

CloudGuard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads28K

Community Trust

Rating98/100

Number of ratings30

Active installs1K

Alternatives

CloudGuard Alternatives

DoLogin Security

dologin

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs

Login Security Captcha

100

Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.

10K No CVEs

Expire User Passwords

expire-user-passwords

100

Require certain users to change their passwords on a regular basis.

3K No CVEs

Advanced Country Blocker

advanced-country-blocker

An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas …

2K 1 CVE

Prevent Concurrent Logins

prevent-concurrent-logins

Prevents users from staying logged into the same account from multiple places.

900 No CVEs

Developer Profile

CloudGuard Developer Profile

pipdig

10 plugins · 80K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

353 days

View full developer profile

Detection Fingerprints

How We Detect CloudGuard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cloudguard/assets/ammap/ammap.js/wp-content/plugins/cloudguard/assets/ammap/maps/js/worldLow.js

Script Paths