WP-Safety

Site-First SEO Security & Risk Analysis

wordpress.org/plugins/site-first-seo

Improve on-site SEO with your site’s own data: titles/meta, internal links, visits, redirects & 404s.

10 active installs v1.0.9 PHP 8.0+ WP 6.0+ Updated Dec 1, 2025
404-monitorbot-blockcontent-auditgenerative-engine-optimizationlocal-seo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Site-First SEO Safe to Use in 2026?

Generally Safe

Score 100/100

Site-First SEO has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'site-first-seo' plugin v1.0.10 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin has a small attack surface with only two shortcodes identified as entry points, and importantly, none of these are reported as unprotected. The absence of any known CVEs and a clean vulnerability history further bolster its security reputation, suggesting a well-maintained and secure codebase over time. Furthermore, the code analysis indicates robust security practices, with a high percentage of SQL queries using prepared statements and a significant number of nonce and capability checks, demonstrating a commitment to preventing common WordPress vulnerabilities.

However, there are minor areas for improvement. While the overall output escaping is high, 37% of outputs are not properly escaped, which could present a risk if any of these outputs handle user-supplied data without further sanitization. The presence of file operations and external HTTP requests, although not inherently problematic, warrant careful review to ensure they are implemented securely and do not introduce vulnerabilities. The taint analysis revealing no critical or high severity unsanitized flows is a strong positive sign, indicating that potentially dangerous data flows are being handled appropriately.

In conclusion, 'site-first-seo' v1.0.10 appears to be a secure plugin with a strong foundation in WordPress security best practices. The minimal attack surface, lack of historical vulnerabilities, and strong use of prepared statements and checks are commendable. The primary area of concern is the unescaped output, which should be addressed to achieve a perfect security score.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

Site-First SEO Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Site-First SEO Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
24 prepared
Unescaped Output
356
614 escaped
Nonce Checks
34
Capability Checks
64
File Operations
2
External Requests
2
Bundled Libraries
0

SQL Query Safety

67% prepared36 total queries

Output Escaping

63% escaped970 total outputs
Data Flows
All sanitized

Data Flow Analysis

22 flows
page_titles (includes\class-sfs-admin.php:385)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Site-First SEO Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[sfseo_utm_builder] includes\class-sfs-utm.php:54
[sfseo_utm_builder] trunk\includes\class-sfs-utm.php:54
WordPress Hooks 112
filterpre_get_document_titleincludes\class-sfs-admin.php:794
actionadmin_menuincludes\class-sfs-admin.php:1186
actionadmin_menuincludes\class-sfs-admin.php:1187
actionadmin_initincludes\class-sfs-admin.php:1188
actionadmin_initincludes\class-sfs-admin.php:1189
actionadmin_enqueue_scriptsincludes\class-sfs-admin.php:1190
actionadd_meta_boxesincludes\class-sfs-admin.php:1191
actionsave_postincludes\class-sfs-admin.php:1192
actionwp_headincludes\class-sfs-admin.php:1193
actionparse_requestincludes\class-sfs-botblock.php:39
actionadmin_menuincludes\class-sfs-botblock.php:42
actionadmin_post_sfseo_botblock_saveincludes\class-sfs-botblock.php:43
actionadmin_post_sfseo_botblock_ipincludes\class-sfs-botblock.php:46
actionadmin_post_sfseo_botblock_exportincludes\class-sfs-botblock.php:49
actioninitincludes\class-sfs-botblock.php:52
actionadmin_noticesincludes\class-sfs-botblock.php:554
actionwp_dashboard_setupincludes\class-sfs-dashboard-widget.php:9
actionadmin_post_sfseo_exportincludes\class-sfs-exports.php:16
actionadmin_post_sfseo_export_linksincludes\class-sfs-exports.php:17
actionadmin_post_sfseo_export_titlesincludes\class-sfs-exports.php:18
actionplugins_loadedincludes\class-sfs-exports.php:259
actiontemplate_redirectincludes\class-sfs-redirects.php:25
actiontemplate_redirectincludes\class-sfs-redirects.php:26
filterrobots_txtincludes\class-sfs-robots.php:10
actionadmin_post_sfs_exportincludes\class-sfs-router.php:5
actionadmin_post_sfs_export_linksincludes\class-sfs-router.php:6
actionadmin_post_sfs_export_titlesincludes\class-sfs-router.php:7
actionadmin_post_sfs_reset_visitincludes\class-sfs-router.php:8
actionadmin_menuincludes\class-sfs-schema-manager.php:14
actionadmin_initincludes\class-sfs-schema-manager.php:15
actionadmin_enqueue_scriptsincludes\class-sfs-schema-manager.php:16
actionwp_headincludes\class-sfs-schema-manager.php:17
filterwp_sitemaps_enabledincludes\class-sfs-sitemaps.php:10
filterwp_sitemaps_post_typesincludes\class-sfs-sitemaps.php:11
actionadmin_post_sfseo_export_sitemapsincludes\class-sfs-sitemaps.php:14
actionadmin_initincludes\class-sfs-utils.php:250
actionadmin_menuincludes\class-sfs-utm.php:38
actionadmin_initincludes\class-sfs-utm.php:39
actioninitincludes\class-sfs-utm.php:42
actionwp_headincludes\class-sfs-utm.php:43
actionadmin_headincludes\class-sfs-utm.php:57
actionplugins_loadedincludes\class-sfs-utm.php:615
actiontemplate_redirectincludes\class-sfs-visits.php:12
actionadmin_post_sfseo_reset_visitincludes\class-sfs-visits.php:16
actionadmin_post_sfseo_reset_all_visitsincludes\class-sfs-visits.php:18
actionadmin_noticesincludes\class-sfs-visits.php:21
actionadmin_noticessite-first-seo.php:52
actioninitsite-first-seo.php:100
actionadmin_initsite-first-seo.php:107
actionadmin_noticessite-first-seo.php:110
actionadmin_noticessite-first-seo.php:117
actionplugins_loadedsite-first-seo.php:128
actionadmin_noticessite-first-seo.php:157
actionadmin_enqueue_scriptssite-first-seo.php:222
actionin_admin_headersite-first-seo.php:238
actionplugins_loadedsite-first-seo.php:256
filterpre_get_document_titletrunk\includes\class-sfs-admin.php:794
actionadmin_menutrunk\includes\class-sfs-admin.php:1186
actionadmin_menutrunk\includes\class-sfs-admin.php:1187
actionadmin_inittrunk\includes\class-sfs-admin.php:1188
actionadmin_inittrunk\includes\class-sfs-admin.php:1189
actionadmin_enqueue_scriptstrunk\includes\class-sfs-admin.php:1190
actionadd_meta_boxestrunk\includes\class-sfs-admin.php:1191
actionsave_posttrunk\includes\class-sfs-admin.php:1192
actionwp_headtrunk\includes\class-sfs-admin.php:1193
actionparse_requesttrunk\includes\class-sfs-botblock.php:39
actionadmin_menutrunk\includes\class-sfs-botblock.php:42
actionadmin_post_sfseo_botblock_savetrunk\includes\class-sfs-botblock.php:43
actionadmin_post_sfseo_botblock_iptrunk\includes\class-sfs-botblock.php:46
actionadmin_post_sfseo_botblock_exporttrunk\includes\class-sfs-botblock.php:49
actioninittrunk\includes\class-sfs-botblock.php:52
actionadmin_noticestrunk\includes\class-sfs-botblock.php:554
actionwp_dashboard_setuptrunk\includes\class-sfs-dashboard-widget.php:9
actionadmin_post_sfseo_exporttrunk\includes\class-sfs-exports.php:16
actionadmin_post_sfseo_export_linkstrunk\includes\class-sfs-exports.php:17
actionadmin_post_sfseo_export_titlestrunk\includes\class-sfs-exports.php:18
actionplugins_loadedtrunk\includes\class-sfs-exports.php:259
actiontemplate_redirecttrunk\includes\class-sfs-redirects.php:25
actiontemplate_redirecttrunk\includes\class-sfs-redirects.php:26
filterrobots_txttrunk\includes\class-sfs-robots.php:10
actionadmin_post_sfs_exporttrunk\includes\class-sfs-router.php:5
actionadmin_post_sfs_export_linkstrunk\includes\class-sfs-router.php:6
actionadmin_post_sfs_export_titlestrunk\includes\class-sfs-router.php:7
actionadmin_post_sfs_reset_visittrunk\includes\class-sfs-router.php:8
actionadmin_menutrunk\includes\class-sfs-schema-manager.php:14
actionadmin_inittrunk\includes\class-sfs-schema-manager.php:15
actionadmin_enqueue_scriptstrunk\includes\class-sfs-schema-manager.php:16
actionwp_headtrunk\includes\class-sfs-schema-manager.php:17
filterwp_sitemaps_enabledtrunk\includes\class-sfs-sitemaps.php:10
filterwp_sitemaps_post_typestrunk\includes\class-sfs-sitemaps.php:11
actionadmin_post_sfseo_export_sitemapstrunk\includes\class-sfs-sitemaps.php:14
actionadmin_inittrunk\includes\class-sfs-utils.php:250
actionadmin_menutrunk\includes\class-sfs-utm.php:38
actionadmin_inittrunk\includes\class-sfs-utm.php:39
actioninittrunk\includes\class-sfs-utm.php:42
actionwp_headtrunk\includes\class-sfs-utm.php:43
actionadmin_headtrunk\includes\class-sfs-utm.php:57
actionplugins_loadedtrunk\includes\class-sfs-utm.php:615
actiontemplate_redirecttrunk\includes\class-sfs-visits.php:12
actionadmin_post_sfseo_reset_visittrunk\includes\class-sfs-visits.php:16
actionadmin_post_sfseo_reset_all_visitstrunk\includes\class-sfs-visits.php:18
actionadmin_noticestrunk\includes\class-sfs-visits.php:21
actionadmin_noticestrunk\site-first-seo.php:52
actioninittrunk\site-first-seo.php:100
actionadmin_inittrunk\site-first-seo.php:107
actionadmin_noticestrunk\site-first-seo.php:110
actionadmin_noticestrunk\site-first-seo.php:117
actionplugins_loadedtrunk\site-first-seo.php:128
actionadmin_noticestrunk\site-first-seo.php:157
actionadmin_enqueue_scriptstrunk\site-first-seo.php:222
actionin_admin_headertrunk\site-first-seo.php:238
actionplugins_loadedtrunk\site-first-seo.php:256
Maintenance & Trust

Site-First SEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version8.0
Downloads549

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Site-First SEO Alternatives

Post to Google My Business (Google Business Profile)

Post to Google My Business (Google Business Profile)

post-to-google-my-business

A
100

Auto-publish posts, pages & CPTs, plus manage Google Business Profile posts. All from your WordPress dashboard!

10K 1 CVE
Five Star Business Profile and Schema

Five Star Business Profile and Schema

business-profile

A
100

Add structured data to any page or post type. Create an SEO friendly contact card with your business info and associated schema.

8K 1 CVE
Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization

Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization

metasync

B
71

Search Atlas SEO is a user-friendly WordPress plugin that simplifies complex and time-consuming SEO tasks into efficient, easy-to-manage processes.

8K 1 unpatched
Better Robots.txt – AI-Ready Crawl Control & Bot Governance

Better Robots.txt – AI-Ready Crawl Control & Bot Governance

better-robots-txt

A
99

Replace the default WordPress robots.txt workflow with a smarter, structured version you can preview before publishing, with Free, Pro, and Premium ed …

6K 2 CVEs
Bulk Page Generator – LPagery

Bulk Page Generator – LPagery

lpagery

A
99

Effortlessly mass generate unlimited SEO-optimized pages in bulk with LPagery. Boost traffic, save time, and grow your business in just 5 minutes!

3K 1 CVE
Developer Profile

Site-First SEO Developer Profile

POTAR

4 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Site-First SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/site-first-seo/assets/js/sfseo-script.js/wp-content/plugins/site-first-seo/assets/css/sfseo-style.css
Generator Patterns
Site-First SEO v1.0.10
Script Paths
/wp-content/plugins/site-first-seo/assets/js/sfseo-script.js
Version Parameters
site-first-seo/assets/css/sfseo-style.css?ver=site-first-seo/assets/js/sfseo-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfseo-settings
HTML Comments
Site-First SEOSFSEO
Data Attributes
data-sfseo-inputdata-sfseo-label
JS Globals
sfseo_vars
REST Endpoints
/wp-json/sfseo/v1/settings
FAQ

Frequently Asked Questions about Site-First SEO