Does Salt Shaker have any unpatched vulnerabilities?

No. All known vulnerabilities in Salt Shaker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Salt Shaker compatible with WordPress 6.9.4?

According to WordPress.org data, Salt Shaker 2.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Salt Shaker updated?

Salt Shaker was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Salt Shaker's security score?

Salt Shaker has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Salt Shaker Security & Risk Analysis

wordpress.org/plugins/salt-shaker

Salt Shaker enhances WordPress security by changing WordPress security keys and salts manually and automatically.

6K active installs v2.1.1 PHP + WP 5.0+ Updated Dec 1, 2025

authentication-keyssalt-keyssaltssecuritysecurity-keys

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Salt Shaker Safe to Use in 2026?

Generally Safe

Score 100/100

Salt Shaker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The salt-shaker plugin v2.1.1 demonstrates a strong security posture based on the provided static analysis data. It adheres to several best practices, including 100% output escaping for all identified outputs and a high percentage (74%) of SQL queries utilizing prepared statements. The presence of 8 nonce checks and 10 capability checks across its AJAX endpoints suggests a robust approach to access control for its exposed functionality. Furthermore, the absence of any recorded historical vulnerabilities (CVEs) and the clean taint analysis results (0 critical or high severity flows) are positive indicators. However, the presence of 5 file operations and 1 external HTTP request, while not flagged as immediately problematic, represent potential areas that would warrant closer scrutiny in a deeper audit. The bundled Freemius library at v1.0 could also be a concern if it contains known vulnerabilities, though this is not specified.

Key Concerns

Bundled library version potentially outdated

Vulnerabilities

None known

Salt Shaker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Salt Shaker Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

74% prepared19 total queries

Output Escaping

100% escaped27 total outputs

Attack Surface

Salt Shaker Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 8

authwp_ajax_salt_shaker_get_settingsincludes\Admin.php:26

authwp_ajax_salt_shaker_save_settingsincludes\Admin.php:27

authwp_ajax_salt_shaker_change_saltsincludes\Admin.php:28

authwp_ajax_salt_shaker_get_audit_logsincludes\Admin.php:29

authwp_ajax_salt_shaker_get_audit_statsincludes\AuditAdmin.php:22

authwp_ajax_salt_shaker_get_audit_settingsincludes\AuditAdmin.php:23

authwp_ajax_salt_shaker_save_audit_settingsincludes\AuditAdmin.php:24

authwp_ajax_salt_shaker_cleanup_audit_logsincludes\AuditAdmin.php:25

WordPress Hooks 8

actionadmin_menuincludes\Admin.php:17

actionadmin_enqueue_scriptsincludes\Admin.php:18

actionadmin_noticesincludes\Admin.php:19

actionwp_dashboard_setupincludes\AuditAdmin.php:19

filtercron_schedulesincludes\Core.php:21

actionsalt_shaker_change_saltsincludes\Core.php:22

actionsalt_shaker_cleanup_old_logsincludes\Plugin.php:61

actionadmin_noticessalt-shaker.php:37

Scheduled Events 3

salt_shaker_change_salts

salt_shaker_cleanup_old_logs

Maintenance & Trust

Salt Shaker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version

Downloads236K

Community Trust

Rating94/100

Number of ratings27

Active installs6K

Alternatives

Salt Shaker Alternatives

Emergency Management

emergency-management

100

Handle all security topics: Reset passwords, delete sessions, define role-based password expiries, renew security KEYs & SALTs, define & monit …

10 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

3.0M 3 CVEs

Developer Profile

Salt Shaker Developer Profile

Nagdy

4 plugins · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Salt Shaker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/salt-shaker/assets/build/admin.js/wp-content/plugins/salt-shaker/assets/css/admin.css

Script Paths

/wp-content/plugins/salt-shaker/assets/build/admin.js

Version Parameters

salt-shaker/assets/build/admin.js?ver=salt-shaker/assets/css/admin.css?ver=

HTML / DOM Fingerprints

JS Globals

saltShakerData

REST Endpoints

/wp-json/salt-shaker/v1/salts

FAQ