WP-Safety

My Private Site Security & Risk Analysis

wordpress.org/plugins/jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K active installs v4.1.0 PHP 5.4+ WP 4.4+ Updated Jan 28, 2026
loginprivacyprivate-siteregistrationsecurity
99
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 16, 2024
Plugin page Download
Safety Verdict

Is My Private Site Safe to Use in 2026?

Generally Safe

Score 99/100

My Private Site has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 16, 2024Updated 2mo ago
Risk Assessment

The "jonradio-private-site" v4.1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates a good number of entry points (AJAX, shortcodes) are protected with appropriate checks, and a significant majority of SQL queries utilize prepared statements, which is a strong defense against SQL injection. The plugin also appears to have a robust implementation of nonce and capability checks, contributing to its overall security. However, the presence of the `unserialize` function, even if not directly observed in taint flows, is a significant concern as it can lead to object injection vulnerabilities if not handled with extreme caution and input validation. The vulnerability history, particularly the past high and medium severity issues related to Improper Access Control and CSRF, indicates a recurring pattern of potential weaknesses that require diligent patching and ongoing scrutiny. While there are currently no unpatched CVEs, the history suggests a need for more rigorous security development practices to prevent future vulnerabilities. The taint analysis shows no critical or high severity unsanitized flows, which is encouraging, but the presence of two unsanitized paths warrants further investigation to ensure they do not pose an exploitable risk.

In conclusion, the plugin has strengths in its input validation and authorization mechanisms. However, the use of `unserialize` and the historical vulnerability patterns are significant red flags. Developers should prioritize a thorough review and sanitization of all data passed to `unserialize` and continue to focus on preventing access control and CSRF issues in future development. The presence of two unsanitized paths in the taint analysis also necessitates immediate attention.

Key Concerns

  • Use of unserialize function
  • 2 unsanitized paths found in taint analysis
  • History of High severity vulnerability
  • History of Medium severity vulnerability
Vulnerabilities
2

My Private Site Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-0978medium · 5.3Improper Access Control

My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API

Feb 16, 2024 Patched in 3.1.0 (5d)
CVE-2022-1627high · 8.8Cross-Site Request Forgery (CSRF)

My Private Site <= 3.0.7 - Cross-Site Request Forgery

May 29, 2022 Patched in 3.0.8 (604d)
Code Analysis
Analyzed Mar 16, 2026

My Private Site Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
4 prepared
Unescaped Output
57
290 escaped
Nonce Checks
19
Capability Checks
20
File Operations
3
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );library\cmb2\includes\CMB2_Utils.php:571

SQL Query Safety

80% prepared5 total queries

Output Escaping

84% escaped347 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
<advanced> (admin\advanced.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

My Private Site Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerlibrary\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerlibrary\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 1

[privacy] jonradio-private-site.php:221
WordPress Hooks 113
actioncmb2_admin_initadmin\addons.php:17
actionadmin_enqueue_scriptsadmin\addons.php:18
actionadmin_post_my_private_site_tab_advancedadmin\advanced.php:37
actioncmb2_admin_initadmin\advanced.php:54
actionadmin_noticesadmin\advanced.php:642
actionadmin_post_my_private_site_tab_landing_pageadmin\landing-page.php:37
actioncmb2_admin_initadmin\landing-page.php:50
actionadmin_post_my_private_site_tab_licensesadmin\licenses.php:38
actioncmb2_admin_initadmin\licenses.php:50
actionadmin_post_my_private_site_tab_mainadmin\main.php:40
actioncmb2_admin_initadmin\main.php:62
actionadmin_enqueue_scriptsadmin\main.php:167
actionadmin_post_my_private_site_tab_membershipadmin\membership.php:37
actioncmb2_admin_initadmin\membership.php:50
actionadmin_post_my_private_site_tab_public_pagesadmin\public-pages.php:40
actioncmb2_admin_initadmin\public-pages.php:53
actionadmin_enqueue_scriptsadmin\public-pages.php:55
actionadmin_post_my_private_site_tab_selective_contentadmin\selective-content.php:37
actioncmb2_admin_initadmin\selective-content.php:50
actionadmin_enqueue_scriptsadmin\selective-content.php:51
actionadmin_post_my_private_site_tab_site_privacyadmin\site-privacy.php:38
actioncmb2_admin_initadmin\site-privacy.php:55
actionadmin_enqueue_scriptsadmin\site-privacy.php:56
actionadmin_post_my_private_site_retest_robotsadmin\site-privacy.php:58
actionadmin_noticesadmin\site-privacy.php:59
actionall_admin_noticesincludes\all-admin.php:23
actionadmin_noticesincludes\all-admin.php:43
actionpre_current_active_pluginsincludes\installed-plugins.php:36
actionnetwork_admin_menuincludes\net-settings.php:7
actionget_headerincludes\public.php:32
actiontemplate_redirectincludes\public.php:35
actionrest_api_initincludes\public.php:38
actionlogin_initincludes\public.php:39
filterlogin_urlincludes\public.php:40
actionwp_login_failedincludes\public.php:41
actionwp_authenticateincludes\public.php:42
filterlogin_redirectincludes\public.php:49
actionplugins_loadedincludes\public.php:54
filterpmpro_login_redirect_urlincludes\public.php:57
filterrest_pre_dispatchincludes\public.php:320
actionadmin_enqueue_scriptsjonradio-private-site-admin.php:102
actionlogin_formjonradio-private-site.php:317
filterwp_authenticate_userjonradio-private-site.php:318
actionregister_formjonradio-private-site.php:354
filterregistration_errorsjonradio-private-site.php:415
actionwp_loadedjonradio-private-site.php:604
actioncmb2_admin_initlibrary\cmb2\example-functions.php:105
actioncmb2_admin_initlibrary\cmb2\example-functions.php:470
actioncmb2_admin_initlibrary\cmb2\example-functions.php:500
actioncmb2_admin_initlibrary\cmb2\example-functions.php:564
actioncmb2_admin_initlibrary\cmb2\example-functions.php:633
actioncmb2_admin_initlibrary\cmb2\example-functions.php:674
actioncmb2_initlibrary\cmb2\example-functions.php:777
actioncmb2_save_options-page_fieldslibrary\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadatalibrary\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadatalibrary\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onlibrary\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_toplibrary\cmb2\includes\CMB2_Hookup.php:118
actionedit_form_before_permalinklibrary\cmb2\includes\CMB2_Hookup.php:122
actionedit_form_after_titlelibrary\cmb2\includes\CMB2_Hookup.php:126
actionedit_form_after_editorlibrary\cmb2\includes\CMB2_Hookup.php:130
actionadd_meta_boxeslibrary\cmb2\includes\CMB2_Hookup.php:134
actionadd_meta_boxeslibrary\cmb2\includes\CMB2_Hookup.php:137
actionadd_attachmentlibrary\cmb2\includes\CMB2_Hookup.php:138
actionedit_attachmentlibrary\cmb2\includes\CMB2_Hookup.php:139
actionsave_postlibrary\cmb2\includes\CMB2_Hookup.php:140
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:147
actionadd_meta_boxes_commentlibrary\cmb2\includes\CMB2_Hookup.php:155
actionedit_commentlibrary\cmb2\includes\CMB2_Hookup.php:156
filtermanage_edit-comments_columnslibrary\cmb2\includes\CMB2_Hookup.php:159
actionmanage_comments_custom_columnlibrary\cmb2\includes\CMB2_Hookup.php:160
filtermanage_edit-comments_sortable_columnslibrary\cmb2\includes\CMB2_Hookup.php:161
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:162
actionshow_user_profilelibrary\cmb2\includes\CMB2_Hookup.php:171
actionedit_user_profilelibrary\cmb2\includes\CMB2_Hookup.php:172
actionuser_new_formlibrary\cmb2\includes\CMB2_Hookup.php:173
actionpersonal_options_updatelibrary\cmb2\includes\CMB2_Hookup.php:175
actionedit_user_profile_updatelibrary\cmb2\includes\CMB2_Hookup.php:176
actionuser_registerlibrary\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_columnslibrary\cmb2\includes\CMB2_Hookup.php:180
filtermanage_users_custom_columnlibrary\cmb2\includes\CMB2_Hookup.php:181
filtermanage_users_sortable_columnslibrary\cmb2\includes\CMB2_Hookup.php:182
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:183
actionpre_get_postslibrary\cmb2\includes\CMB2_Hookup.php:229
actioncreated_termlibrary\cmb2\includes\CMB2_Hookup.php:233
actionedited_termslibrary\cmb2\includes\CMB2_Hookup.php:234
actiondelete_termlibrary\cmb2\includes\CMB2_Hookup.php:235
filterwp_prepare_attachment_for_jslibrary\cmb2\includes\CMB2_Hookup_Field.php:54
actionadmin_enqueue_scriptslibrary\cmb2\includes\CMB2_Hookup_Field.php:71
actioncmb2_do_oembedlibrary\cmb2\includes\helper-functions.php:131
filteris_protected_metalibrary\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitlibrary\cmb2\init.php:131
filtermy_private_site_deactivate_feedback_form_pluginstelemetry\deactivate.php:17
actionadmin_enqueue_scriptstelemetry\deactivate.php:51
filtermy_private_site_deactivate_feedback_form_pluginstelemetry\deactivate.php:110
filtercmb2_row_classesutil\cmbhelpers.php:81
filtercmb2_field_argumentsutil\cmbhelpers.php:83
filtercmb2_field_argumentsutil\cmbhelpers.php:704
actionadmin_headutil\cmbhelpers.php:726
actionadmin_noticesutil\utilities.php:221
actionnetwork_admin_noticesutil\utilities.php:222
actionwp_headutil\utilities.php:370
actionsend_headersutil\utilities.php:385
actioninitutil\utilities.php:660
filterquery_varsutil\utilities.php:672
actioninitutil\utilities.php:720
actionadmin_post_my_private_site_backup_settingsutil\utilities.php:1081
actionadmin_post_my_private_site_restore_settingsutil\utilities.php:1249
actionadmin_post_my_private_site_reset_settingsutil\utilities.php:1272
actiontemplate_redirectutil\utilities.php:1345
actionget_headerutil\utilities.php:1347
filterrobots_txtutil\utilities.php:1385
filterrobots_txtutil\utilities.php:1415
Maintenance & Trust

My Private Site Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version5.4
Downloads569K

Community Trust

Rating90/100
Number of ratings80
Active installs20K
Alternatives

My Private Site Alternatives

Login With Ajax – Fast Logins, 2FA, Redirects

Login With Ajax – Fast Logins, 2FA, Redirects

login-with-ajax

A
97

Add beautiful login forms with smooth AJAX login/registration effects, 2FA support, custom redrection options and many more login-related features!

20K 6 CVEs
No CAPTCHA reCAPTCHA

No CAPTCHA reCAPTCHA

no-captcha-recaptcha

A
85

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

5K No CVEs
User Approval Manager

User Approval Manager

user-approval-manager

A
100

Requires administrator approval before new users can log in. Sends email notifications to admins and users during the approval process.

20 No CVEs
Behind Closed Doors

Behind Closed Doors

behind-closed-doors

A
100

Keep your site behind closed doors, by redirecting visitors to a single page, optionally giving them a login form to view the remainder of your site.

10 No CVEs
Force Login Pro

Force Login Pro

force-login-pro

A
85

A simple WordPress plugin to force login.

10 No CVEs
Developer Profile

My Private Site Developer Profile

David Gewirtz

1 plugin · 20K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
305 days
View full developer profile
Detection Fingerprints

How We Detect My Private Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jonradio-private-site/css/admin.css/wp-content/plugins/jonradio-private-site/css/admin-style.css/wp-content/plugins/jonradio-private-site/css/admin-table.css/wp-content/plugins/jonradio-private-site/css/color-picker.css/wp-content/plugins/jonradio-private-site/css/custom-login.css/wp-content/plugins/jonradio-private-site/css/login.css/wp-content/plugins/jonradio-private-site/css/privacy.css/wp-content/plugins/jonradio-private-site/js/admin-scripts.js+5 more
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
jonradio-private-site/css/admin.css?ver=jonradio-private-site/css/admin-style.css?ver=jonradio-private-site/css/admin-table.css?ver=jonradio-private-site/css/color-picker.css?ver=jonradio-private-site/css/custom-login.css?ver=jonradio-private-site/css/login.css?ver=jonradio-private-site/css/privacy.css?ver=jonradio-private-site/js/admin-scripts.js?ver=jonradio-private-site/js/color-picker.js?ver=jonradio-private-site/js/custom-login.js?ver=jonradio-private-site/js/login.js?ver=jonradio-private-site/js/privacy.js?ver=jonradio-private-site/js/responsive.js?ver=

HTML / DOM Fingerprints

CSS Classes
jr-ps-privacy-setting-field
HTML Comments
Security violation detected. Access denied. Codes up to [A008].Exit if .php file accessed directlyPrevious versions turned Privacy on at Activation; Now it is a Setting on the Settings page, so warn Admin.Plugin is either: - updated from a version so old that Version was not yet stored in the plugin's settings, or - first use after install: - first time ever installed, or - installed previously and properly uninstalled (data deleted)+10 more
Data Attributes
data-sitekey
JS Globals
jr_ps_pathjr_ps_plugin_basenamejr_ps_plugin_data
Shortcode Output
[privacy hide-if="logged-in"][privacy hide-if="logged-out"]
FAQ

Frequently Asked Questions about My Private Site