RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Security & Risk Analysis

Smart Content Restriction & Membership Control plugin for WordPress. Restrict pages, posts, or custom content by membership level, login, or membe …

20 active installs v1.1.16 PHP 7.4+ WP 6.0+ Updated Jan 3, 2026

content-restriction-pluginmembership-pluginrestrict-contentrestrict-pagerestrict-post

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Safe to Use in 2026?

Generally Safe

Score 100/100

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "restrictmate" v1.1.16 plugin exhibits a generally strong security posture, with excellent adherence to WordPress best practices. The static analysis reveals a low attack surface with all identified entry points protected by authentication checks. The plugin also demonstrates a high level of code hygiene, with a near-perfect percentage of SQL queries using prepared statements and output escaping. Nonce and capability checks are present, further bolstering its security. The absence of any recorded vulnerabilities in its history is a significant positive indicator of its security reliability.

Despite the positive indicators, there are areas for attention. The taint analysis identified 7 flows with unsanitized paths, all classified as high severity. While there are no direct vulnerabilities stemming from these flows in the current version, they represent potential risks if not properly managed or if future code modifications interact with these paths inadequately. The presence of external HTTP requests, though not inherently a vulnerability, requires careful monitoring for any potential data leakage or exposure.

In conclusion, "restrictmate" v1.1.16 is a well-secured plugin with a commendable track record and robust defensive coding practices. The primary area of concern lies in the high-severity taint flows with unsanitized paths, which, while not currently exploited, warrants vigilance and potential developer review to ensure they remain secure against future threats. The bundled libraries, while common, should also be periodically checked for updates to mitigate risks associated with known vulnerabilities in those components.

Key Concerns

High severity taint flows with unsanitized paths
External HTTP requests
Bundled Freemius v1.0
Bundled Select2

Vulnerabilities

None known

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Code Analysis

Dangerous Functions

Raw SQL Queries

66 prepared

Unescaped Output

785 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0Stripe PHP

SQL Query Safety

94% prepared70 total queries

Output Escaping

99% escaped791 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

16 flows7 with unsanitized paths

subscription_handler (includes\Admin\DispatchActions.php:171)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 4

authwp_ajax_restrictmate_registrationincludes\Ajax.php:21

noprivwp_ajax_restrictmate_registrationincludes\Ajax.php:22

authwp_ajax_restrictmate_calculate_totalincludes\Ajax.php:23

noprivwp_ajax_restrictmate_calculate_totalincludes\Ajax.php:24

Shortcodes 3

[restrictmate_register] includes\Frontend\Shortcode.php:21

[restrictmate_account] includes\Frontend\Shortcode.php:22

[restrictmate_thankyou] includes\Frontend\Shortcode.php:23

WordPress Hooks 64

actionadmin_menuincludes\Admin\Menu.php:26

actionwp_loadedincludes\Admin\Menu.php:27

filterset-screen-optionincludes\Admin\Menu.php:28

actioncmb2_admin_initincludes\Admin\Metabox.php:24

filterrestrictmate_admin_settings_tabsincludes\Admin\Settings\CorePage.php:50

actionadmin_initincludes\Admin.php:35

actionadmin_initincludes\Admin.php:36

actionadmin_initincludes\Admin.php:37

actionadmin_initincludes\Admin.php:38

actionadmin_initincludes\Admin.php:39

actionadmin_post_restrictmate-members-deleteincludes\Admin.php:40

actionadmin_post_restrictmate-membership-levels-deleteincludes\Admin.php:41

actionadmin_post_restrictmate-transactions-deleteincludes\Admin.php:42

actionwp_enqueue_scriptsincludes\Assets.php:21

actionadmin_enqueue_scriptsincludes\Assets.php:22

filterwp_mail_fromincludes\Email.php:201

filterwp_mail_from_nameincludes\Email.php:202

actioninitincludes\Frontend.php:31

actioninitincludes\Frontend.php:32

actionwp_loginincludes\Hooks.php:24

actionredirect_post_locationincludes\Hooks.php:25

actionadmin_noticesincludes\Hooks.php:26

actionadmin_menuincludes\Hooks.php:27

actionrestrictmate_send_feedbackincludes\Hooks.php:28

actionrestrictmate_payment_is_receivedincludes\Hooks.php:29

actionrestrictmate_subscription_is_activatedincludes\Hooks.php:30

actionrestrictmate_subscription_is_cancelledincludes\Hooks.php:31

actionrestrictmate_cleanup_completed_actionsincludes\Hooks.php:32

actionrestrictmate_send_reminder_emailsincludes\Hooks.php:33

actionrestrictmate_subscription_expiry_reminderincludes\Hooks.php:34

actionrestrictmate_send_expired_emailsincludes\Hooks.php:35

actionrestrictmate_subscription_expired_emailincludes\Hooks.php:36

actionplugin_row_metaincludes\Hooks.php:37

actionplugin_action_links_restrictmate/restrictmate.phpincludes\Hooks.php:38

actiontemplate_redirectincludes\Hooks.php:39

actioninitincludes\Hooks.php:40

actionadmin_body_classincludes\Hooks.php:41

actionadmin_initincludes\Hooks.php:42

actionrestrictmate_register_form_beforeincludes\Hooks.php:44

actionrestrictmate_register_formincludes\Hooks.php:45

actionrestrictmate_register_formincludes\Hooks.php:46

actionrestrictmate_register_formincludes\Hooks.php:47

actionrestrictmate_register_formincludes\Hooks.php:48

actionrestrictmate_register_formincludes\Hooks.php:49

actionrestrictmate_register_formincludes\Hooks.php:50

actionrestrictmate_register_form_membershipincludes\Hooks.php:51

actionrestrictmate_register_form_membershipincludes\Hooks.php:52

actionrestrictmate_register_form_calculate_totalincludes\Hooks.php:53

actionrestrictmate_register_form_calculate_totalincludes\Hooks.php:54

actionrestrictmate_register_form_calculate_totalincludes\Hooks.php:55

actionrestrictmate_register_form_paymentsincludes\Hooks.php:56

actionrestrictmate_register_form_submitincludes\Hooks.php:57

actionrestrictmate_register_form_submitincludes\Hooks.php:58

actionrestrictmate_after_backend_registrationincludes\Hooks.php:60

filterdisplay_post_statesincludes\Page.php:23

actioninitincludes\PostTypes.php:20

actioninitincludes\PostTypes.php:21

actionpre_get_postsincludes\RestrictContent.php:20

actiontemplate_redirectincludes\RestrictContent.php:21

actionthe_contentincludes\RestrictContent.php:22

actionthe_contentincludes\RestrictContent.php:23

actionadmin_initincludes\Upgrader.php:26

actionplugins_loadedrestrictmate.php:54

actioninitrestrictmate.php:55

Maintenance & Trust

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 3, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Alternatives

Membership Plugin – Restrict Content

restrict-content

Restrict Content is a powerful WordPress membership plugin that gives you full control over who can and cannot view content on your WordPress site.

10K 11 CVEs

Restrict Posts based on Conditions – Conditional Post Restrictions

wp-conditional-post-restrictions

Restrict , hide , or block the content of your WordPress posts using a conditional rules system.

30 No CVEs

Recapture for Restrict Content Pro

recapture-for-restrict-content-pro

100

Recapture is the easiest and most effective way to recover abandoned carts and do email marketing for your Restrict Content Pro site in WordPress.

20 No CVEs

Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content

password-protected

Protect your WordPress site, pages, posts, WooCommerce products, and categories with single or multiple passwords.

300K 5 CVEs

PPWP – Password Protect Pages

password-protect-page

Password protect WordPress pages and posts by user roles or with multiple passwords; protect your entire website with a single password.

30K 5 CVEs

Developer Profile

RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin) Developer Profile

RestrictMate

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RestrictMate – Restrict Page, Post and any Content ( Content Restriction and Membership Plugin)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/restrictmate/assets/css/backend.css/wp-content/plugins/restrictmate/assets/css/frontend.css/wp-content/plugins/restrictmate/assets/css/backend-dashboard.css/wp-content/plugins/restrictmate/assets/js/backend.js/wp-content/plugins/restrictmate/assets/js/frontend.js/wp-content/plugins/restrictmate/assets/js/backend-dashboard.js

Script Paths

/wp-content/plugins/restrictmate/assets/js/backend.js/wp-content/plugins/restrictmate/assets/js/frontend.js/wp-content/plugins/restrictmate/assets/js/backend-dashboard.js

Version Parameters

restrictmate/assets/css/backend.css?ver=restrictmate/assets/css/frontend.css?ver=restrictmate/assets/css/backend-dashboard.css?ver=restrictmate/assets/js/backend.js?ver=restrictmate/assets/js/frontend.js?ver=restrictmate/assets/js/backend-dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

restrictmate-backend-dashboard-wrapperrestrictmate-license-formrestrictmate-add-new-level-formrestrictmate-level-form

HTML Comments

+2 more

Data Attributes

data-restrictmate-license-noncedata-restrictmate-level-noncedata-restrictmate-save-settings-noncedata-restrictmate-nonce

JS Globals

RestrictMateBackendRestrictMateFrontendrestrictmate

REST Endpoints

/wp-json/restrictmate/v1/settings/wp-json/restrictmate/v1/levels/wp-json/restrictmate/v1/subscriptions/wp-json/restrictmate/v1/transactions/wp-json/restrictmate/v1/license

FAQ