Does eSherpa Login Guard have any unpatched vulnerabilities?

No. All known vulnerabilities in eSherpa Login Guard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is eSherpa Login Guard compatible with WordPress 6.9.4?

According to WordPress.org data, eSherpa Login Guard 3.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is eSherpa Login Guard compatible with PHP 7.4+?

eSherpa Login Guard requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is eSherpa Login Guard updated?

eSherpa Login Guard was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is eSherpa Login Guard's security score?

eSherpa Login Guard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

eSherpa Login Guard Security & Risk Analysis

wordpress.org/plugins/esherpa-login-guard

Intelligent login protection with honeypot detection, WordPress hardening, and a clear security admin overview.

0 active installs v3.0.0 PHP 7.4+ WP 5.6+ Updated Mar 3, 2026

bot-protectionbrute-force-protectionhoneypotlogin-securitywordpress-hardening

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is eSherpa Login Guard Safe to Use in 2026?

Generally Safe

Score 100/100

eSherpa Login Guard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "esherpa-login-guard" plugin v3.0.0 exhibits a generally good security posture with several positive indicators. The absence of known CVEs and a history of vulnerabilities is a strong sign of diligent maintenance and secure development. Static analysis reveals a limited attack surface, with no exposed REST API routes or shortcodes, and the single AJAX handler appears to be protected by an authentication check. The presence of nonce checks and capability checks further strengthens its security defenses.

However, there are areas for improvement. The plugin utilizes raw SQL queries for 40% of its database interactions, which presents a potential risk of SQL injection if input is not meticulously sanitized. While the taint analysis did not reveal critical or high severity flows, one unsanitized path was identified, which warrants attention. Additionally, only 62% of output escaping is properly handled, leaving room for potential cross-site scripting (XSS) vulnerabilities. The single file operation should also be carefully reviewed to ensure it's not being used in a way that could lead to arbitrary file access or modification.

In conclusion, "esherpa-login-guard" v3.0.0 is a relatively secure plugin with a clean vulnerability history and a well-controlled attack surface. The primary concerns revolve around the unescaped outputs and the use of prepared statements in a significant portion of SQL queries, along with the single identified unsanitized flow. Addressing these specific points would elevate the plugin's security to an even higher standard.

Key Concerns

SQL queries not using prepared statements
Output escaping not properly handled
Flows with unsanitized paths

Vulnerabilities

None known

eSherpa Login Guard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

eSherpa Login Guard Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

130 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

60% prepared40 total queries

Output Escaping

62% escaped211 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

esherpa_render_guard_message_direct (esherpa-login-guard.php:1203)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

eSherpa Login Guard Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_esherpa_guard_check_new_failedesherpa-login-guard.php:1788

WordPress Hooks 23

actionadmin_menuesherpa-login-guard.php:131

actionlogin_initesherpa-login-guard.php:161

actionlogin_initesherpa-login-guard.php:225

actionwp_login_failedesherpa-login-guard.php:260

actionwp_loginesherpa-login-guard.php:367

actionclear_auth_cookieesherpa-login-guard.php:399

filterxmlrpc_enabledesherpa-login-guard.php:433

filterxmlrpc_methodsesherpa-login-guard.php:434

actioninitesherpa-login-guard.php:435

filterrest_endpointsesherpa-login-guard.php:479

actiontemplate_redirectesherpa-login-guard.php:489

actionlogin_formesherpa-login-guard.php:499

actionadmin_initesherpa-login-guard.php:502

filterlogin_errorsesherpa-login-guard.php:508

filterthe_contentesherpa-login-guard.php:1162

actionlogin_formesherpa-login-guard.php:1196

actionesherpa_login_guard_cleanup_eventesherpa-login-guard.php:1265

actionplugins_loadedesherpa-login-guard.php:1292

actionplugins_loadedesherpa-login-guard.php:1293

actionplugins_loadedesherpa-login-guard.php:1294

filtergettextesherpa-login-guard.php:1765

filtergettext_with_contextesherpa-login-guard.php:1766

actionadmin_enqueue_scriptsesherpa-login-guard.php:1884

Scheduled Events 2

esherpa_login_guard_cleanup_event

Maintenance & Trust

eSherpa Login Guard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads172

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

eSherpa Login Guard Alternatives

Honeypot Toolkit

honeypot-toolkit

100

Automatically insert Project Honeypot links into your pages and block IP addresses that are listed on various block lists you can choose from.

400 No CVEs

Kaya Login Captcha

kaya-login-captcha

100

Adds a simple captcha on login form, register form and lost-password form.

200 No CVEs

Fortress Login Pro – Secure, Hide & Rename Login URL

fortress-login-pro

100

Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.

10 No CVEs

Simple Login Guard – Monitor & Block Attempts

simple-login-guard

100

Monitor failed login attempts and automatically block IPs after multiple failures. Lightweight and easy to use.

0 No CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Developer Profile

eSherpa Login Guard Developer Profile

Ralf Naumann

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect eSherpa Login Guard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/esherpa-login-guard/css/admin-style.css/wp-content/plugins/esherpa-login-guard/js/admin-script.js

Script Paths

/wp-content/plugins/esherpa-login-guard/js/admin-script.js

Version Parameters

esherpa-login-guard/css/admin-style.css?ver=esherpa-login-guard/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

esherpa-login-guard-pageesherpa-login-guard-admin-wrapesherpa-login-guard-message-successesherpa-login-guard-message-erroresherpa-login-guard-stats-tableesherpa-login-guard-stats-table thesherpa-login-guard-stats-table td

HTML Comments

+2 more

Data Attributes

data-esherpa-login-guard-actiondata-esherpa-login-guard-noncedata-esherpa-login-guard-id

JS Globals

window.esherpa_login_guard_ajax_object

FAQ