reCaptcha Protected Downloads Security & Risk Analysis
wordpress.org/plugins/recaptcha-protected-downloadsProtect your downloads from bots and spiders with a shortcode and Google's no-captcha reCaptcha
Is reCaptcha Protected Downloads Safe to Use in 2026?
Generally Safe
Score 85/100reCaptcha Protected Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "recaptcha-protected-downloads" plugin version 0.1 presents a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs), no critical or high severity taint flows, and no dangerous functions. The majority of its output is properly escaped, and it doesn't bundle external libraries, which are good indicators of a relatively safe codebase. However, there are significant concerns stemming from the static analysis. The plugin exposes two AJAX handlers, both of which lack proper authentication checks. This is a critical security flaw as it allows unauthenticated users to interact with potentially sensitive functionality. Furthermore, the plugin uses raw SQL queries without prepared statements, which opens the door to SQL injection vulnerabilities. The presence of file operations and an external HTTP request without clear sanitization or authentication context also warrants caution. While the lack of vulnerability history is a strength, it could also indicate that the plugin has not been extensively reviewed or tested, and the identified code-level weaknesses represent a tangible risk.
Key Concerns
- AJAX handlers without authentication checks
- SQL queries not using prepared statements
- Capability checks missing
reCaptcha Protected Downloads Security Vulnerabilities
reCaptcha Protected Downloads Code Analysis
SQL Query Safety
Output Escaping
reCaptcha Protected Downloads Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
reCaptcha Protected Downloads Maintenance & Trust
Maintenance Signals
Community Trust
reCaptcha Protected Downloads Alternatives
Scramble Email
scramble-email
Simple shortcode to scramble (hide) email addresses to email bot harvesters.
Better Page Comments
swiftninjapro-comments
Comments that Strip away HTML, but allow basic fonts in another way. Also includes some basic spam control options.
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
Antispam Bee
antispam-bee
Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7
contact-form-7-honeypot
Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.
reCaptcha Protected Downloads Developer Profile
12 plugins · 670 total installs
How We Detect reCaptcha Protected Downloads
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/recaptcha-protected-downloads/Inc/Lib/recaptcha/src/autoload.php/wp-content/plugins/recaptcha-protected-downloads/Inc/Admin/Admin.phpHTML / DOM Fingerprints
<!-- reCaptcha Protected Downloads: Start of shortcode HTML --><!-- reCaptcha Protected Downloads: End of shortcode HTML -->data-sitekeydata-callbackdata-expired-callbackreCaptchaProtectedDownloadsreCaptchaProtectedDownloadsCoregrecaptcha/wp-json/rcpdl/v1/verify[recaptcha-protected-download