WP-Safety

HTTP Header Authentication for Application Passwords Security & Risk Analysis

wordpress.org/plugins/http-header-authentication-for-application-passwords

Allows sending application passwords using HTTP headers instead of basic authentication

10 active installs v1.0.1 PHP 5.6+ WP 5.6.1+ Updated Jul 10, 2021
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is HTTP Header Authentication for Application Passwords Safe to Use in 2026?

Generally Safe

Score 85/100

HTTP Header Authentication for Application Passwords has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'http-header-authentication-for-application-passwords' plugin, version 1.0.1, exhibits an excellent security posture based on the provided static analysis. The plugin demonstrates strong adherence to security best practices by having no identified entry points like AJAX handlers, REST API routes, or shortcodes that lack proper authentication or permission checks. Furthermore, the code analysis reveals a complete absence of dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, and nonce checks. Taint analysis also indicates zero flows with unsanitized paths, suggesting no immediate risks of data injection or manipulation through user-controlled input. The plugin's vulnerability history is clean, with no recorded CVEs, which further strengthens its perceived security.

Vulnerabilities
None known

HTTP Header Authentication for Application Passwords Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

HTTP Header Authentication for Application Passwords Release Timeline

v1.0.0
Code Analysis
Analyzed Mar 17, 2026

HTTP Header Authentication for Application Passwords Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

HTTP Header Authentication for Application Passwords Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
filterdetermine_current_userinc\class-http-header-authentication-for-application-passwords.php:54
filterwp_is_site_protected_by_basic_authinc\class-http-header-authentication-for-application-passwords.php:55
Maintenance & Trust

HTTP Header Authentication for Application Passwords Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJul 10, 2021
PHP min version5.6
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

HTTP Header Authentication for Application Passwords Alternatives

No alternatives data available yet.

Developer Profile

HTTP Header Authentication for Application Passwords Developer Profile

Cameron Jones

4 plugins · 10K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
668 days
View full developer profile
Detection Fingerprints

How We Detect HTTP Header Authentication for Application Passwords

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about HTTP Header Authentication for Application Passwords