WP-Safety

Fuerte-WP Security & Risk Analysis

wordpress.org/plugins/fuerte-wp

Stronger WP. Limit access to critical WordPress areas, even for other admins.

100 active installs v1.7.5 PHP 8.1+ WP 6.4+ Updated Nov 19, 2025
security
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Fuerte-WP Safe to Use in 2026?

Generally Safe

Score 100/100

Fuerte-WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "fuerte-wp" plugin v1.7.5 exhibits a generally good security posture with a low overall risk. The absence of known CVEs and the use of prepared statements for the vast majority of SQL queries are strong indicators of secure development practices. However, there are specific areas of concern highlighted by the static analysis. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could be exploited if these handlers perform sensitive operations. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating a potential for input manipulation that could lead to unexpected behavior or vulnerabilities, even if no critical severity issues were identified. The plugin's vulnerability history is clean, suggesting a proactive approach to security by the developers, but the current static analysis findings warrant attention. While strengths include robust SQL practices and a clean history, the unprotected AJAX endpoints and high-severity taint flows are weaknesses that need to be addressed to further enhance its security.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

Fuerte-WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Fuerte-WP Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
44 prepared
Unescaped Output
12
35 escaped
Nonce Checks
10
Capability Checks
22
File Operations
10
External Requests
0
Bundled Libraries
0

SQL Query Safety

90% prepared49 total queries

Output Escaping

74% escaped47 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
display_login_messages (includes\class-fuerte-wp-login-manager.php:366)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Fuerte-WP Attack Surface

Entry Points11
Unprotected2

AJAX Handlers 11

authwp_ajax_fuertewp_clear_login_logsincludes\class-fuerte-wp-enforcer.php:193
authwp_ajax_fuertewp_reset_lockoutsincludes\class-fuerte-wp-enforcer.php:194
authwp_ajax_fuertewp_export_attemptsincludes\class-fuerte-wp-enforcer.php:195
authwp_ajax_fuertewp_export_ipsincludes\class-fuerte-wp-enforcer.php:196
authwp_ajax_fuertewp_add_ipincludes\class-fuerte-wp-enforcer.php:197
authwp_ajax_fuertewp_remove_ipincludes\class-fuerte-wp-enforcer.php:198
authwp_ajax_fuertewp_get_login_logsincludes\class-fuerte-wp-enforcer.php:199
authwp_ajax_fuertewp_unlock_ipincludes\class-fuerte-wp-enforcer.php:200
authwp_ajax_fuertewp_unblock_singleincludes\class-fuerte-wp-enforcer.php:201
noprivwp_ajax_fuertewp_get_remaining_attemptsincludes\class-fuerte-wp-login-manager.php:140
authwp_ajax_fuertewp_get_remaining_attemptsincludes\class-fuerte-wp-login-manager.php:141
WordPress Hooks 86
actionafter_setup_themefuerte-wp.php:66
actionplugins_loadedfuerte-wp.php:93
actionplugins_loadedfuerte-wp.php:138
actionadmin_initfuerte-wp.php:169
actionupgrader_process_completefuerte-wp.php:217
actioninitincludes\class-fuerte-wp-auto-update-manager.php:44
actionfuertewp_trigger_updatesincludes\class-fuerte-wp-auto-update-manager.php:53
filterauto_update_coreincludes\class-fuerte-wp-auto-update-manager.php:167
filterallow_minor_auto_core_updatesincludes\class-fuerte-wp-auto-update-manager.php:168
filterallow_major_auto_core_updatesincludes\class-fuerte-wp-auto-update-manager.php:169
filterauto_update_pluginincludes\class-fuerte-wp-auto-update-manager.php:173
filterauto_update_themeincludes\class-fuerte-wp-auto-update-manager.php:177
filterautoupdate_translationsincludes\class-fuerte-wp-auto-update-manager.php:181
actionfuertewp_cleanup_login_logsincludes\class-fuerte-wp-enforcer.php:172
actionadmin_initincludes\class-fuerte-wp-enforcer.php:205
actioncarbon_fields_fields_registeredincludes\class-fuerte-wp-enforcer.php:779
filterrecovery_mode_emailincludes\class-fuerte-wp-enforcer.php:828
filterwp_mail_fromincludes\class-fuerte-wp-enforcer.php:839
filterwp_mail_from_nameincludes\class-fuerte-wp-enforcer.php:844
filternotify_moderatorincludes\class-fuerte-wp-enforcer.php:875
filternotify_post_authorincludes\class-fuerte-wp-enforcer.php:886
filterauto_core_update_send_emailincludes\class-fuerte-wp-enforcer.php:957
filtersend_core_update_notification_emailincludes\class-fuerte-wp-enforcer.php:962
filterauto_plugin_update_send_emailincludes\class-fuerte-wp-enforcer.php:967
filterauto_theme_update_send_emailincludes\class-fuerte-wp-enforcer.php:968
filtersend_new_site_emailincludes\class-fuerte-wp-enforcer.php:976
filterwpmu_signup_blog_notificationincludes\class-fuerte-wp-enforcer.php:987
filterxmlrpc_enabledincludes\class-fuerte-wp-enforcer.php:1024
filterxmlrpc_methodsincludes\class-fuerte-wp-enforcer.php:1029
actioninitincludes\class-fuerte-wp-enforcer.php:1037
filterrest_authentication_errorsincludes\class-fuerte-wp-enforcer.php:1056
filteradmin_footerincludes\class-fuerte-wp-enforcer.php:1069
filterlogin_headincludes\class-fuerte-wp-enforcer.php:1074
filteradmin_headincludes\class-fuerte-wp-enforcer.php:1079
filterlogin_headincludes\class-fuerte-wp-enforcer.php:1084
actionlogin_enqueue_scriptsincludes\class-fuerte-wp-enforcer.php:1089
actionlogin_headerurlincludes\class-fuerte-wp-enforcer.php:1094
actionlogin_headertextincludes\class-fuerte-wp-enforcer.php:1099
filteradmin_menuincludes\class-fuerte-wp-enforcer.php:1114
filteradmin_bar_menuincludes\class-fuerte-wp-enforcer.php:1119
filtereditable_rolesincludes\class-fuerte-wp-enforcer.php:1130
filterwp_is_application_passwords_availableincludes\class-fuerte-wp-enforcer.php:1142
filteracf/settings/show_adminincludes\class-fuerte-wp-enforcer.php:1154
filtershow_admin_barincludes\class-fuerte-wp-enforcer.php:1175
actioncustomize_registerincludes\class-fuerte-wp-enforcer.php:1418
filterplugin_action_linksincludes\class-fuerte-wp-enforcer.php:1563
filterauthenticateincludes\class-fuerte-wp-login-manager.php:118
filterauthenticateincludes\class-fuerte-wp-login-manager.php:119
filterwp_authenticate_userincludes\class-fuerte-wp-login-manager.php:120
actionwp_login_failedincludes\class-fuerte-wp-login-manager.php:123
actionwp_loginincludes\class-fuerte-wp-login-manager.php:126
actionlogin_formincludes\class-fuerte-wp-login-manager.php:129
actionregister_formincludes\class-fuerte-wp-login-manager.php:130
actionlogin_footerincludes\class-fuerte-wp-login-manager.php:131
filterregistration_errorsincludes\class-fuerte-wp-login-manager.php:134
actionfuertewp_cleanup_login_logsincludes\class-fuerte-wp-login-manager.php:137
filtersite_urlincludes\class-fuerte-wp-login-url-hider.php:115
filternetwork_site_urlincludes\class-fuerte-wp-login-url-hider.php:116
filterwp_redirectincludes\class-fuerte-wp-login-url-hider.php:117
filterlogin_urlincludes\class-fuerte-wp-login-url-hider.php:118
filterlogout_urlincludes\class-fuerte-wp-login-url-hider.php:119
filterlostpassword_urlincludes\class-fuerte-wp-login-url-hider.php:120
filterregister_urlincludes\class-fuerte-wp-login-url-hider.php:121
actionwp_loadedincludes\class-fuerte-wp-login-url-hider.php:124
actionlogin_formincludes\class-fuerte-wp-login-url-hider.php:127
actionauthenticateincludes\class-fuerte-wp-login-url-hider.php:130
actionlogin_initincludes\class-fuerte-wp-login-url-hider.php:133
actionparse_requestincludes\class-fuerte-wp-login-url-hider.php:136
actionadmin_initincludes\class-fuerte-wp-login-url-hider.php:142
filterplugin_action_links_two-factor/two-factor.phpincludes\class-fuerte-wp-two-factor.php:74
actionplugins_loadedincludes\class-fuerte-wp.php:196
actioninitincludes\class-fuerte-wp.php:211
actionadmin_enqueue_scriptsincludes\class-fuerte-wp.php:260
actionadmin_enqueue_scriptsincludes\class-fuerte-wp.php:265
actioncarbon_fields_register_fieldsincludes\class-fuerte-wp.php:272
actionadmin_initincludes\class-fuerte-wp.php:279
actioncarbon_fields_theme_options_container_savedincludes\class-fuerte-wp.php:285
actionwp_enqueue_scriptsincludes\class-fuerte-wp.php:300
actionadmin_enqueue_scriptsincludes\class-fuerte-wp.php:301
actionenqueue_block_assetsincludes\class-fuerte-wp.php:302
filterstyle_loader_tagincludes\class-fuerte-wp.php:303
actionwp_enqueue_scriptsincludes\class-fuerte-wp.php:322
actionwp_enqueue_scriptsincludes\class-fuerte-wp.php:327
actionadmin_enqueue_scriptsincludes\class-fuerte-wp.php:343
actionadmin_print_footer_scriptsincludes\class-fuerte-wp.php:344
filtercron_schedulesincludes\helpers.php:135

Scheduled Events 2

fuertewp_cleanup_login_logs
fuertewp_trigger_updates
Maintenance & Trust

Fuerte-WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 19, 2025
PHP min version8.1
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Fuerte-WP Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
Hostinger Tools

Hostinger Tools

hostinger

A
99

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE
Jetpack – WP Security, Backup, Speed, & Growth

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

A
87

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

A
96

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

3.0M 3 CVEs
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

A
98

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs
Developer Profile

Fuerte-WP Developer Profile

Esteban

2 plugins · 110 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Fuerte-WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fuerte-wp/assets/css/fuerte-wp-admin.css/wp-content/plugins/fuerte-wp/assets/css/fuerte-wp-public.css/wp-content/plugins/fuerte-wp/assets/js/fuerte-wp-admin.js/wp-content/plugins/fuerte-wp/assets/js/fuerte-wp-public.js
Script Paths
/wp-content/plugins/fuerte-wp/vendor/htmlburger/carbon-fields/fields/carbon-fields.js/wp-content/plugins/fuerte-wp/vendor/htmlburger/carbon-fields/carbon-fields.js
Version Parameters
fuerte-wp/assets/css/fuerte-wp-admin.css?ver=fuerte-wp/assets/css/fuerte-wp-public.css?ver=fuerte-wp/assets/js/fuerte-wp-admin.js?ver=fuerte-wp/assets/js/fuerte-wp-public.js?ver=fuerte-wp/vendor/htmlburger/carbon-fields/fields/carbon-fields.js?ver=fuerte-wp/vendor/htmlburger/carbon-fields/carbon-fields.js?ver=

HTML / DOM Fingerprints

CSS Classes
carbon-fields-wrapcarbon-fields-settings-page
HTML Comments
BEGIN Fuerte-WPEND Fuerte-WP
Data Attributes
data-field="fuertewp_super_users"
JS Globals
window.carbon_fields
FAQ

Frequently Asked Questions about Fuerte-WP