Does HTTP Basic Auth have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is HTTP Basic Auth compatible with WordPress 5.9.13?

According to WordPress.org data, HTTP Basic Auth 1.1.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is HTTP Basic Auth compatible with PHP 7.0+?

HTTP Basic Auth requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HTTP Basic Auth updated?

HTTP Basic Auth was last updated on Feb 27, 2022. Frequent updates are generally a positive security signal.

What is HTTP Basic Auth's security score?

HTTP Basic Auth has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HTTP Basic Auth Security & Risk Analysis

wordpress.org/plugins/http-basic-auth

Basic Auth for Wordpress.

200 active installs v1.1.0 PHP 7.0+ WP 4.5+ Updated Feb 27, 2022

authbasic-authhttp-authhttp-basic-authsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HTTP Basic Auth Safe to Use in 2026?

Generally Safe

Score 85/100

HTTP Basic Auth has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The 'http-basic-auth' plugin v1.1.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any detected vulnerabilities in its history, coupled with the lack of critical findings in the taint analysis, is a positive indicator. The plugin also demonstrates good practices in its SQL query handling, utilizing prepared statements exclusively, and has a relatively low count of file operations and external HTTP requests, which are common areas for security concerns.

However, there are areas that warrant attention. The significant percentage of unescaped output (49%) presents a potential risk for cross-site scripting (XSS) vulnerabilities, as this could allow attackers to inject malicious scripts into the application if user-supplied data is not properly sanitized before being displayed.

Overall, the plugin's zero-vulnerability history is a significant strength. While the unescaped output is a notable weakness that requires remediation, the plugin's limited attack surface and reliance on prepared statements are commendable. The absence of known CVEs and the clean taint analysis suggest a well-maintained and relatively secure codebase, but the XSS risk from unescaped output should be addressed.

Key Concerns

Significant percentage of unescaped output

Vulnerabilities

None known

HTTP Basic Auth Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HTTP Basic Auth Release Timeline

v1.1.0Current

v1.0.12

Code Analysis

Analyzed Mar 17, 2026

HTTP Basic Auth Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

51% escaped53 total outputs

Attack Surface

HTTP Basic Auth Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionadmin_bar_menuclasses\class-admin-bar.php:28

actionplugins_loadedclasses\class-http-basic-auth-plugin.php:91

actionadmin_noticesclasses\wpdesk\class-helper.php:43

actionadmin_enqueue_scriptsclasses\wpdesk\class-plugin.php:111

actionwp_enqueue_scriptsclasses\wpdesk\class-plugin.php:113

actionplugins_loadedclasses\wpdesk\class-plugin.php:115

actionadmin_noticesclasses\wpdesk\class-requirements.php:28

actionadmin_noticesclasses\wpdesk\class-requirements.php:43

actionadmin_noticesclasses\wpdesk\class-requirements.php:62

actionadmin_menuclasses\wpdesk\settings-api\class.s214-settings.php:113

actionadmin_initclasses\wpdesk\settings-api\class.s214-settings.php:116

actionadmin_enqueue_scriptsclasses\wpdesk\settings-api\class.s214-settings.php:120

actionadmin_initclasses\wpdesk\settings-api\class.s214-settings.php:123

Maintenance & Trust

HTTP Basic Auth Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 27, 2022

PHP min version7.0

Downloads10K

Community Trust

Rating20/100

Number of ratings1

Active installs200

Alternatives

HTTP Basic Auth Alternatives

VA Simple Basic Auth

va-simple-basic-auth

Simply by enabling the plugin can set up a basic auth to dashboard and login page.

70 No CVEs

WP Similar Basic Auth

wp-similar-basic-auth

Protect WordPress admin page on similar Basic Auth without .htaccess.

20 No CVEs

Basic Auth for WP-Admin

basic-auth-for-wp-admin

Add an additional layer of security with this super light plugin that adds a basic authentication HTTP to the wp-admin and wp-login pages.

0 No CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Developer Profile

HTTP Basic Auth Developer Profile

Roland Murg

5 plugins · 32K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

327 days

View full developer profile

Detection Fingerprints

How We Detect HTTP Basic Auth

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ