Does Lockr have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Lockr compatible with WordPress 5.7.15?

According to WordPress.org data, Lockr 3.0.4 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is Lockr compatible with PHP 5.5+?

Lockr requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Lockr updated?

Lockr was last updated on Jun 2, 2021. Frequent updates are generally a positive security signal.

What is Lockr's security score?

Lockr has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lockr Security & Risk Analysis

wordpress.org/plugins/lockr

Lockr is the first API & Encryption key management service for WordPress, providing an affordable solution to secure secrets used by plugins.

20 active installs v3.0.4 PHP 5.5+ WP 2.7+ Updated Jun 2, 2021

encryptencryptionsecretssecrets-managementsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Lockr Safe to Use in 2026?

Generally Safe

Score 85/100

Lockr has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The lockr plugin v3.0.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates excellent adherence to secure coding practices by exclusively using prepared statements for all SQL queries and ensuring all output is properly escaped. The absence of any known CVEs, unpatched vulnerabilities, or common vulnerability types in its history further suggests a history of responsible development and maintenance.

However, the static analysis does reveal a potential concern with the presence of the `passthru` function. While there are no identified taint flows with unsanitized paths or critical/high severity issues, the use of a dangerous function like `passthru` warrants careful scrutiny. Without further context on how `passthru` is implemented and if it is properly sanitized and restricted, it represents a theoretical attack vector. The plugin also utilizes a bundled library (Guzzle), which, while not inherently a security risk, implies a dependency that could potentially inherit vulnerabilities from the library itself if not kept updated.

In conclusion, lockr v3.0.4 appears to be a secure plugin with a solid track record. The overwhelming majority of security best practices are followed. The primary area for attention is the usage of the `passthru` function, which, despite current analysis showing no immediate exploitability, remains a high-risk function that should be thoroughly reviewed for proper sanitization and containment. The bundled Guzzle library also suggests a need for ongoing monitoring of its security status.

Key Concerns

Use of dangerous function 'passthru'
Bundled library (Guzzle)

Vulnerabilities

None known

Lockr Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Lockr Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Lockr Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

58 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

passthrupassthru( $cmd, $return_code );lockr-command.php:205

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared17 total queries

Output Escaping

100% escaped58 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

lockr_admin_submit_edit_key (lockr-admin-edit.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Lockr Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

actionadmin_menulockr-admin.php:24

actionadmin_initlockr-admin.php:25

actionadmin_post_lockr_admin_submit_add_keylockr-admin.php:26

actionadmin_post_lockr_admin_submit_override_keylockr-admin.php:27

actionadmin_post_lockr_admin_submit_edit_keylockr-admin.php:28

actionadmin_enqueue_scriptslockr-admin.php:65

actionupdated_optionlockr-overrides.php:160

actiondeleted_optionlockr-overrides.php:178

filtermc4wp_settingslockr-overrides.php:216

filtergive_get_optionlockr-overrides.php:251

filtercmb2_override_option_get_give_settingslockr-overrides.php:292

filterwp_insert_post_datalockr-secure-posts.php:46

filterthe_contentlockr-secure-posts.php:75

actionthe_postlockr-secure-posts.php:93

actionlogin_form_postpasslockr-secure-posts.php:120

actionwplockr-secure-posts.php:144

filterpost_password_requiredlockr-secure-posts.php:169

actionplugins_loadedlockr.php:183

Maintenance & Trust

Lockr Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJun 2, 2021

PHP min version5.5

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Lockr Alternatives

WP PGP Encrypted Emails

wp-pgp-encrypted-emails

Signs and encrypts emails using PGP/GPG keys or X.509 certificates. Provides OpenPGP and S/MIME functions via WordPress plugin API.

400 No CVEs

Semisecure Login Reimagined

semisecure-login-reimagined

"Re-imagined" version of Semisecure Login that uses public and secret-key encryption to encrypt passwords when logging in.

80 No CVEs

WP jCryption Security

wp-jcryption

Prevents forms data against sniffing network traffic through encryption provided by jCryption javascript library.

30 No CVEs

Encryption Tools Generator

encryption-tools-generator

Convert your wordpress page or post to a security or encryption online tool generator.

10 No CVEs

Fernet Encryption

fernet-encryption

Fernet Encryption is a plugin that can be used to encrypt and decrypt data in WordPress using fernet.

10 No CVEs

Developer Profile

Lockr Developer Profile

Chris Teitzel

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Lockr

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lockr/css/lockr-admin.css/wp-content/plugins/lockr/css/lockr-public.css/wp-content/plugins/lockr/js/lockr-admin.js/wp-content/plugins/lockr/js/lockr-public.js

Script Paths

/wp-content/plugins/lockr/js/lockr-public.js/wp-content/plugins/lockr/js/lockr-admin.js

Version Parameters

lockr/css/lockr-admin.css?ver=lockr/css/lockr-public.css?ver=lockr/js/lockr-admin.js?ver=lockr/js/lockr-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

lockr-admin-pagelockr-settings-formlockr-integration-status

HTML Comments

+1 more

Data Attributes

data-lockr-secret-iddata-lockr-secret-namedata-lockr-secret-valuedata-lockr-integration-statusdata-lockr-api-key

JS Globals

lockrAdminConfiglockrPublicConfiglockrApiUrl

REST Endpoints

/wp-json/lockr/v1/secrets/wp-json/lockr/v1/integration/status/wp-json/lockr/v1/settings

Shortcode Output

[lockr_secret_list][lockr_secret_display]

FAQ

Lockr Security & Risk Analysis

Is Lockr Safe to Use in 2026?

Generally Safe

Key Concerns

Lockr Security Vulnerabilities

Lockr Release Timeline

Lockr Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Lockr Attack Surface

Lockr Maintenance & Trust

Maintenance Signals

Community Trust

Lockr Alternatives

WP PGP Encrypted Emails

Semisecure Login Reimagined

WP jCryption Security

Encryption Tools Generator

Fernet Encryption

Lockr Developer Profile

How We Detect Lockr

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Lockr