Does Protected Site have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Protected Site compatible with WordPress 3.1.4?

According to WordPress.org data, Protected Site 1.0 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Protected Site updated?

Protected Site was last updated on Jul 7, 2011. Frequent updates are generally a positive security signal.

What is Protected Site's security score?

Protected Site has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Protected Site Security & Risk Analysis

wordpress.org/plugins/protected-site

The Protected Site plugin blocks incoming traffic from accessing a blog or a specific blog in a network by requiring visitors to log in to WordPress.

30 active installs v1.0 PHP + WP 3.1.3+ Updated Jul 7, 2011

password-protect-siteprotect-siteprotected-siterequire-passwordvalidation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Protected Site Safe to Use in 2026?

Generally Safe

Score 85/100

Protected Site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'protected-site' v1.0 plugin exhibits a strong overall security posture due to its lack of apparent attack vectors, dangerous functions, and use of prepared statements for SQL queries. The absence of known vulnerabilities in its history is also a positive indicator. However, a significant concern arises from the taint analysis, which identified two flows with unsanitized paths. While no critical or high severity issues were flagged, these unsanitized paths represent potential entry points for malicious input that could lead to unexpected behavior or further exploitation if not handled properly.

Furthermore, the code analysis reveals that 100% of the single output identified is not properly escaped. This is a critical weakness, as unescaped output can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into pages viewed by other users. The lack of nonce checks and capability checks, while not directly flagged as an issue due to the current minimal attack surface, means that if new entry points were to be introduced in future versions, they would be inherently unprotected. The plugin's strengths lie in its minimal attack surface and SQL handling, but the identified output escaping and taint flow issues necessitate attention.

Key Concerns

Unsanitized paths in taint flows
Output not properly escaped
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Protected Site Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Protected Site Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Protected Site Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ac_protected_site (protected-site.php:11)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Protected Site Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionget_headerprotected-site.php:10

Maintenance & Trust

Protected Site Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedJul 7, 2011

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Protected Site Alternatives

Contact Form 7

contact-form-7

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs

Jquery Validation For Contact Form 7

jquery-validation-for-contact-form-7

New standard of advance validation for Contact Form 7.

9K 1 CVE

EU/UK VAT Validation Manager for WooCommerce

eu-vat-for-woocommerce

Manage EU/ UK VAT in WooCommerce, validate VAT numbers real time with VIES, exempt or preserve VAT with various settings & cases.

7K 3 CVEs

Smart phone field for Gravity Forms

smart-phone-field-for-gravity-forms

100

A simple and nice plugin to get auto country flag from user ip address on gravity form phone field.

6K No CVEs

User Verification by PickPlugins

user-verification

Email verification for user registration to protect spam.

5K 4 CVEs

Developer Profile

Protected Site Developer Profile

dbhynds

2 plugins · 630 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Protected Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<h1>Login Required</h1><p><strong>Sorry!</strong> You must <a href="/wp-login.php?redirect_to=&reauth=1">log in</a> to view this page.</p>

FAQ