Does Project Force Field have any unpatched vulnerabilities?

No. All known vulnerabilities in Project Force Field have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Project Force Field compatible with WordPress 3.9.40?

According to WordPress.org data, Project Force Field 0.6.1 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Project Force Field updated?

Project Force Field was last updated on May 13, 2014. Frequent updates are generally a positive security signal.

What is Project Force Field's security score?

Project Force Field has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Project Force Field Security & Risk Analysis

wordpress.org/plugins/project-force-field

Save your WordPress sites and servers from certain death during brute force attacks with Project Force Field by Orion Group!

20 active installs v0.6.1 PHP + WP 3.8+ Updated May 13, 2014

apachebrute-forcebrute-force-attackbrute-force-protectionmodrewrite

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Project Force Field Safe to Use in 2026?

Generally Safe

Score 85/100

Project Force Field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'project-force-field' plugin version 0.6.1 exhibits a strong security posture in several key areas. The static analysis shows no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero-total attack surface. Furthermore, all SQL queries utilize prepared statements, output is properly escaped, and there are no file operations or external HTTP requests, which are all positive indicators of secure coding practices. The absence of any known vulnerabilities or CVEs in its history is also a significant strength, suggesting a well-maintained and secure plugin over time.

Key Concerns

Dangerous function usage (unserialize)
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Project Force Field Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Project Force Field Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$blocks = array_merge( $blocks, unserialize( $optional_blocks ) );classes\class-force-field.php:281

unserialize$optional_blocks = unserialize( $optional_blocks );classes\class-force-field.php:298

Attack Surface

Project Force Field Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_footerclasses\class-force-field.php:54

actioninitclasses\class-force-field.php:62

actioninitclasses\class-force-field.php:65

filtersite_urlclasses\class-force-field.php:68

filternetwork_site_urlclasses\class-force-field.php:69

filterwp_redirectclasses\class-force-field.php:70

filterwp_login_errorsclasses\class-force-field.php:73

Maintenance & Trust

Project Force Field Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMay 13, 2014

PHP min version

Downloads3K

Community Trust

Rating92/100

Number of ratings16

Active installs20

Alternatives

Project Force Field Alternatives

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

Disable XML-RPC-API

disable-xml-rpc-api

100

A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website

100K No CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Manage XML-RPC

manage-xml-rpc

Enable/Disable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.

6K No CVEs

Honeypot Toolkit

honeypot-toolkit

100

Automatically insert Project Honeypot links into your pages and block IP addresses that are listed on various block lists you can choose from.

400 No CVEs

Developer Profile

Project Force Field Developer Profile

Faison

3 plugins · 9K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Project Force Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/project-force-field/classes//wp-content/plugins/project-force-field/classes/class-base-file-manager.php/wp-content/plugins/project-force-field/classes/class-wordpress-file-manager.php/wp-content/plugins/project-force-field/classes/class-force-field-rewrite-manager.php/wp-content/plugins/project-force-field/classes/class-base-system-manager.php/wp-content/plugins/project-force-field/classes/class-wordpress-system-manager.php/wp-content/plugins/project-force-field/classes/class-force-field.php

HTML / DOM Fingerprints

JS Globals

OG_Force_FieldFZ_WordPress_System_Manager

FAQ