WP-Safety

Multisite Blog Alias Security & Risk Analysis

wordpress.org/plugins/multisite-blog-alias

Set up redirects for Multisite-Blogs.

0 active installs v1.2.1 PHP 7.4+ WP 4.8+ Updated Dec 5, 2025
domainmultisitenetworkredirect
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multisite Blog Alias Safe to Use in 2026?

Generally Safe

Score 100/100

Multisite Blog Alias has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "multisite-blog-alias" plugin version 1.2.1 exhibits a generally strong security posture based on the static analysis. The absence of any known CVEs, coupled with the plugin's adherence to secure coding practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, suggests a well-maintained and security-conscious development process. The plugin also demonstrates good use of nonce and capability checks.

However, there are a few areas that warrant attention. The presence of four "flows with unsanitized paths" in the taint analysis, even without critical or high severity findings, indicates a potential for unintended data handling that could be exploited under specific circumstances. While the external HTTP requests are not inherently a vulnerability, they represent an additional point of interaction with external systems that could be a vector if those systems are compromised or if the plugin mishandles the response. The attack surface is commendably small and appears to be protected, but any potential weakness in that minimal surface is amplified.

In conclusion, the plugin is in good shape, but the taint analysis findings, though not critical, suggest a need for a closer review of data handling to ensure robustness. The overall lack of historical vulnerabilities is a very positive indicator, implying the developers are proactive about security.

Key Concerns

  • Taint flows with unsanitized paths (4)
  • External HTTP requests (2)
Vulnerabilities
None known

Multisite Blog Alias Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Multisite Blog Alias Release Timeline

v1.2.1Current
v1.2.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Multisite Blog Alias Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
2
112 escaped
Nonce Checks
7
Capability Checks
11
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

98% escaped114 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
ajax_callback (include/BlogAlias/Ajax/AjaxHandler.php:147)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Multisite Blog Alias Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
filternetwork_edit_site_nav_linksinclude/BlogAlias/Admin/NetworkAdmin.php:51
actionadmin_action_alias-domainsinclude/BlogAlias/Admin/NetworkAdmin.php:54
actionadmin_action_alias-domain-addinclude/BlogAlias/Admin/NetworkAdmin.php:57
actionadmin_action_alias-domain-removeinclude/BlogAlias/Admin/NetworkAdmin.php:58
actionadmin_action_alias-domain-remove-allinclude/BlogAlias/Admin/NetworkAdmin.php:59
actionwp_uninitialize_siteinclude/BlogAlias/Admin/NetworkAdmin.php:66
actionupdate_wpmu_optionsinclude/BlogAlias/Admin/NetworkAdmin.php:68
actionwpmu_optionsinclude/BlogAlias/Admin/NetworkAdmin.php:70
filterremovable_query_argsinclude/BlogAlias/Admin/NetworkAdmin.php:548
filterparent_fileinclude/BlogAlias/Admin/NetworkAdmin.php:567
filtersubmenu_fileinclude/BlogAlias/Admin/NetworkAdmin.php:568
actionadmin_initinclude/BlogAlias/Core/Plugin.php:44
actionplugins_loadedinclude/BlogAlias/Core/Plugin.php:46
actionactivated_plugininclude/BlogAlias/Core/Sunrise.php:78
actionadmin_noticesindex.php:77
actionms_site_not_foundsunrise.php:75
actionms_network_not_foundsunrise.php:76
Maintenance & Trust

Multisite Blog Alias Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 5, 2025
PHP min version7.4
Downloads8K

Community Trust

Rating100/100
Number of ratings5
Active installs0
Alternatives

Multisite Blog Alias Alternatives

Safe Redirect Manager

Safe Redirect Manager

safe-redirect-manager

A
100

Safely manage your website's HTTP redirects.

40K 1 CVE
Multiple Domain

Multiple Domain

multiple-domain

A
85

This plugin allows you to have multiple domains in a single Wordpress installation and enables custom redirects for each domain.

10K 1 CVE
Multiple Domain Mapping on Single Site

Multiple Domain Mapping on Single Site

multiple-domain-mapping-on-single-site

A
92

Show content of specific posts, pages, ... within their own, additional domains. Useful for SEO: different domains for landingpages.

6K No CVEs
Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

domain-mapping-system

A
100

Domain Mapping System is the most powerful way to manage alias domains and map them to any published resource - creating Microsites with ease!

2K No CVEs
Content Mask

Content Mask

content-mask

B
73

Embed any external content on a Page, Post, or Custom Post Type without the need to use complicated domain forwarding or domain masks.

1K 1 unpatched
Developer Profile

Multisite Blog Alias Developer Profile

podpirate

7 plugins · 51K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
345 days
View full developer profile
Detection Fingerprints

How We Detect Multisite Blog Alias

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multisite-blog-alias/asset/css/blog-alias.css/wp-content/plugins/multisite-blog-alias/asset/js/blog-alias.js
Script Paths
/wp-content/plugins/multisite-blog-alias/asset/js/blog-alias.js
Version Parameters
multisite-blog-alias/asset/css/blog-alias.css?ver=multisite-blog-alias/asset/js/blog-alias.js?ver=

HTML / DOM Fingerprints

HTML Comments
Copyright 2018 Jörn LundThis program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 3, aspublished by the Free Software Foundation.+37 more
REST Endpoints
/wp-json/blogalias/v1/aliases/wp-json/blogalias/v1/aliases/(?P<id>\d+)
FAQ

Frequently Asked Questions about Multisite Blog Alias