WP-Safety

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Security & Risk Analysis

wordpress.org/plugins/puzzle-gate

Stop bots in their tracks with a human-friendly puzzle CAPTCHA for WordPress logins.

0 active installs v1.0.1 PHP 7.4+ WP 6.3+ Updated Feb 2, 2026
anti-botlogin-securityprotectionpuzzle
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Safe to Use in 2026?

Generally Safe

Score 100/100

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "puzzle-gate" v1.0.1 plugin demonstrates some good security practices, such as 100% proper output escaping for all identified outputs and 100% of SQL queries utilizing prepared statements. The complete absence of known vulnerabilities, including critical or high-severity ones, and no recorded past issues is a strong positive indicator. However, a significant concern arises from the presence of 6 AJAX handlers, of which 4 lack authentication checks. This exposes a substantial attack surface that could be exploited by unauthenticated users. While taint analysis shows no identified vulnerabilities, the absence of flows analyzed might be due to the nature of the analysis or a limited scope, and doesn't necessarily guarantee the complete absence of such issues. The plugin also only implements one nonce check across its entry points, which is insufficient to protect against all potential Cross-Site Request Forgery (CSRF) attacks on its unprotected AJAX endpoints.

Key Concerns

  • 4 AJAX handlers without auth checks
  • Insufficient nonce checks (1 total)
Vulnerabilities
None known

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
20 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped20 total outputs
Attack Surface
4 unprotected

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 6

noprivwp_ajax_pgate_get_puzzleinc\class-pgate-puzzle-gate.php:42
authwp_ajax_pgate_get_puzzleinc\class-pgate-puzzle-gate.php:43
noprivwp_ajax_pgate_verify_puzzleinc\class-pgate-puzzle-gate.php:44
authwp_ajax_pgate_verify_puzzleinc\class-pgate-puzzle-gate.php:45
noprivwp_ajax_pgate_check_requiredinc\class-pgate-puzzle-gate.php:46
authwp_ajax_pgate_check_requiredinc\class-pgate-puzzle-gate.php:47
WordPress Hooks 7
actionadmin_initinc\class-pgate-puzzle-gate.php:37
actionlogin_enqueue_scriptsinc\class-pgate-puzzle-gate.php:38
actionwp_logininc\class-pgate-puzzle-gate.php:39
actionwp_login_failedinc\class-pgate-puzzle-gate.php:40
actionwp_logininc\class-pgate-puzzle-gate.php:41
actionadmin_menuinc\class-pgate-settings.php:26
actionadmin_initinc\class-pgate-settings.php:27
Maintenance & Trust

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version7.4
Downloads157

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Alternatives

Cartpauj Register Captcha

Cartpauj Register Captcha

cartpauj-register-captcha

A
100

Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.

1K 1 CVE
Kaya Login Captcha

Kaya Login Captcha

kaya-login-captcha

A
100

Adds a simple captcha on login form, register form and lost-password form.

200 No CVEs
BotFirewall | Stop Spam Bots & Secure Login

BotFirewall | Stop Spam Bots & Secure Login

botfirewall

A
100

BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks.

20 No CVEs
Fortress Login Pro – Secure, Hide & Rename Login URL

Fortress Login Pro – Secure, Hide & Rename Login URL

fortress-login-pro

A
100

Hide and rotate your WordPress login URL. Track access, export logs, and prevent brute-force attacks with real-time visibility.

10 No CVEs
PasswordSentry

PasswordSentry

passwordsentry

A
92

Secure WordPress by detecting shared passwords, and blocking password sharing. The plugin integrates Password Sentry app into WP to track logins.

10 No CVEs
Developer Profile

Puzzle Gate – Login Security with Smart Puzzle CAPTCHA Developer Profile

wpsqr

6 plugins · 430 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Puzzle Gate – Login Security with Smart Puzzle CAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/puzzle-gate/assets/css/styles.css/wp-content/plugins/puzzle-gate/assets/js/login-captcha.js
Script Paths
/wp-content/plugins/puzzle-gate/assets/js/login-captcha.js
Version Parameters
puzzle-gate/assets/css/styles.css?ver=puzzle-gate/assets/js/login-captcha.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-pgate-captcha
JS Globals
pgate_vars
REST Endpoints
/wp-json/puzzle-gate/v1/get-puzzle/wp-json/puzzle-gate/v1/verify-puzzle/wp-json/puzzle-gate/v1/check-required
FAQ

Frequently Asked Questions about Puzzle Gate – Login Security with Smart Puzzle CAPTCHA