Does Page Protection have any unpatched vulnerabilities?

No. All known vulnerabilities in Page Protection have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Page Protection compatible with WordPress 2.8.4?

According to WordPress.org data, Page Protection 1.2 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is Page Protection updated?

Page Protection was last updated on Sep 9, 2009. Frequent updates are generally a positive security signal.

What is Page Protection's security score?

Page Protection has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Page Protection Security & Risk Analysis

wordpress.org/plugins/page-protection

Protect pages and their subpages with user name/password, and keep protected pages from showing up in menus, search results and page lists.

80 active installs v1.2 PHP + WP 2.8+ Updated Sep 9, 2009

accessprivacyprotectionsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Page Protection Safe to Use in 2026?

Generally Safe

Score 85/100

Page Protection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "page-protection" plugin v1.2 exhibits a generally strong security posture based on the provided static analysis. The absence of identified dangerous functions, file operations, external HTTP requests, and a lack of critical or high severity taint flows are positive indicators. All identified outputs are properly escaped, and there are no known vulnerabilities in its history, suggesting a well-maintained and secure plugin. The limited attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events, further contributes to its robust security.

However, a significant concern arises from the two SQL queries that are not using prepared statements. This lack of sanitization for database interactions introduces a potential risk for SQL injection vulnerabilities, even if no such vulnerabilities have been publicly recorded or identified in taint analysis. While the plugin has a clean vulnerability history, this specific coding practice should be addressed. The complete absence of nonce checks and capability checks, while not directly leading to immediate exploitation given the current attack surface, represents a missed opportunity for robust authorization and could become a risk if the plugin's functionality or attack surface expands in the future.

In conclusion, the "page-protection" plugin v1.2 is commendably secure in many aspects, particularly concerning its limited attack surface and output escaping. The primary area for improvement lies in adopting prepared statements for all SQL queries to mitigate the risk of SQL injection. Addressing this, along with considering the implementation of nonce and capability checks for future-proofing, would further solidify its security.

Key Concerns

SQL queries without prepared statements

Vulnerabilities

None known

Page Protection Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Page Protection Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

100% escaped4 total outputs

Attack Surface

Page Protection Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actiontemplate_redirectpage-protection.php:24

actionparse_querypage-protection.php:36

filterwp_list_pages_excludespage-protection.php:89

filterthe_contentpage-protection.php:146

filterthe_excerptpage-protection.php:153

actionadmin_headpage-protection.php:162

actionwp_insert_postpage-protection.php:202

actionadmin_initpage-protection.php:207

actioninitpage-protection.php:213

Maintenance & Trust

Page Protection Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedSep 9, 2009

PHP min version

Downloads10K

Community Trust

Rating60/100

Number of ratings2

Active installs80

Alternatives

Page Protection Alternatives

Simple Password Protect

simple-password-protect

100

Protect your entire WordPress site with a simple password. GDPR-compliant with modal links for legal pages.

100 No CVEs

htaccess protect

zotya-htaccess-protect

htaccess protect - Protect your wordpress login or admin pages with password.

900 No CVEs

SAR One Click Security

sar-one-click-security

Adds some extra security to your WordPress with only one click.

200 No CVEs

Protect My Infos

protect-my-infos

100

Protect sensitive information like emails and phone numbers from bots with advanced obfuscation techniques.

90 No CVEs

Access Defender – Advanced VPN & Proxy Blocker

access-defender

100

Advanced VPN & proxy blocker for WordPress. 99.9% accuracy, multi-API rotation, real-time monitoring. Protect against fraud & spam.

50 No CVEs

Developer Profile

Page Protection Developer Profile

mortenf

4 plugins · 110 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Page Protection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

page-protectionpage-protection-switchpage-protection-user-passpage-protection-options

Data Attributes

id="page-protection-user-pass"id="page-protection-options"id="page-protection-searchable"id="page-protection-on"name="page-protection-user"id="page-protection-user"+4 more

Shortcode Output

This page is protected with user name and password...

FAQ