Does Safe Sites have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Safe Sites compatible with WordPress 6.7.5?

According to WordPress.org data, Safe Sites 1.0.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Safe Sites compatible with PHP 8.0+?

Safe Sites requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Safe Sites updated?

Safe Sites was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Safe Sites's security score?

Safe Sites has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Safe Sites Security & Risk Analysis

wordpress.org/plugins/safe-sites

Safe Sites is a WordPress security plugin offering real-time monitoring, file permission control, malware scanning, and plugin & theme security.

20 active installs v1.0.1 PHP 8.0+ WP 6.0+ Updated Mar 13, 2026

malwaresecuritysecurity-scannersite-protectionwp-security

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Safe Sites Safe to Use in 2026?

Generally Safe

Score 100/100

Safe Sites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "safe-sites" v1.0.1 plugin exhibits a strong security posture based on the provided static analysis. All identified entry points (REST API routes) have permission callbacks, indicating proper access control mechanisms are in place. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and proper output escaping for all outputs are significant strengths. File operations and external HTTP requests are present but do not appear to introduce immediate vulnerabilities based on the taint analysis, which found no unsanitized paths or critical/high severity flows. The plugin also includes nonce checks and capability checks, further bolstering its security. The lack of any recorded vulnerabilities in its history is a positive indicator of its development practices.

Vulnerabilities

None known

Safe Sites Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Safe Sites Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Safe Sites Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared3 total queries

Output Escaping

100% escaped53 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

render_2fa_form (includes\TwoFactorAuth\Manager.php:187)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Safe Sites Attack Surface

Entry Points2

Unprotected0

REST API Routes 2

GET/wp-json/safe-sites/v1/security/scan-permissionsincludes\Admin\RegisterAdmin.php:841

POST/wp-json/safe-sites/v1/security/fix-permissionsincludes\Admin\RegisterAdmin.php:847

WordPress Hooks 31

actionadmin_menuincludes\Admin\RegisterAdmin.php:31

actionrest_api_initincludes\Admin\RegisterAdmin.php:37

actionadmin_initincludes\Admin\RegisterAdmin.php:40

actionadmin_enqueue_scriptsincludes\Admin\RegisterAdmin.php:98

actionadmin_bar_menuincludes\Admin\RegisterAdmin.php:185

filterposts_searchincludes\Admin\RegisterAdmin.php:710

actionrest_api_initincludes\API\CodeSignerAPI.php:27

actionrest_api_initincludes\API\OptionsAPI.php:46

actionrest_api_initincludes\API\PluginsAPI.php:47

actioninitincludes\Blocks\RegisterBlocks.php:22

actionadmin_enqueue_scriptsincludes\Blocks\RegisterBlocks.php:37

actionrest_api_initincludes\Plugin.php:208

actionrest_api_initincludes\Plugin.php:209

actionrest_api_initincludes\Plugin.php:210

actionrest_api_initincludes\Plugin.php:211

filterxmlrpc_enabledincludes\Security\Hardening.php:32

filterwp_headersincludes\Security\Hardening.php:34

filterthe_generatorincludes\Security\Hardening.php:39

actiontemplate_redirectincludes\Security\Hardening.php:55

filterrest_endpointsincludes\Security\Hardening.php:56

actionadmin_noticesincludes\Security\MalwareScanner.php:69

actiontemplate_redirectincludes\Security\PanicMode.php:14

filterrest_authentication_errorsincludes\Security\PanicMode.php:15

actionadmin_noticesincludes\Security\PanicMode.php:35

filterauthenticateincludes\TwoFactorAuth\Manager.php:61

actionlogin_form_validate_2faincludes\TwoFactorAuth\Manager.php:62

actionadmin_post_safe_sites_verify_2faincludes\TwoFactorAuth\Manager.php:63

actionadmin_post_nopriv_safe_sites_verify_2faincludes\TwoFactorAuth\Manager.php:64

actionadmin_initincludes\TwoFactorAuth\Manager.php:65

actionadmin_noticessafe-sites.php:65

actionactivated_pluginsafe-sites.php:97

Maintenance & Trust

Safe Sites Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 13, 2026

PHP min version8.0

Downloads574

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Safe Sites Alternatives

Bravo WP security Plugin

bravo-security

Bravo WP Security Plugin, Is a plugin helps you to hide wordpress side by side Bravo wordpress firewall, wordpress antivirus (wordpress malware scanne …

10 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Developer Profile

Safe Sites Developer Profile

Hidayat Mahetar

3 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Safe Sites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/safe-sites/build/dashboard/index.js/wp-content/plugins/safe-sites/build/dashboard/index.css

Script Paths

/wp-content/plugins/safe-sites/build/dashboard/index.js

Version Parameters

safe-sites-dashboard?ver=safe-sites-dashboard-style?ver=

HTML / DOM Fingerprints

HTML Comments

REST Endpoints

/wp-json/safe-sites/v1/

FAQ