WP-Safety

SiteGround Migrator Security & Risk Analysis

wordpress.org/plugins/siteground-migrator

Transfer your WordPress website to SiteGround without any hassle in a completely automated way using SiteGround Migrator.

70K active installs v2.1.0 PHP 5.6.0+ WP 4.8+ Updated Apr 7, 2026
automatic-migrationautomatic-transfermigrationsitegroundtransfer
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SiteGround Migrator Safe to Use in 2026?

Generally Safe

Score 100/100

SiteGround Migrator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The SiteGround Migrator plugin version 2.0.9 exhibits a mixed security posture. On the positive side, it has no recorded historical vulnerabilities (CVEs) and utilizes prepared statements for a significant majority of its SQL queries, along with proper output escaping for most outputs. This suggests a generally conscientious approach to secure coding. However, there are significant concerns regarding its attack surface. All three identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to interact with potentially sensitive functionality. Furthermore, the presence of the `exec` function, a dangerous function capable of executing arbitrary commands on the server, coupled with taint analysis revealing flows with unsanitized paths, indicates a potential for command injection vulnerabilities if input to this function is not meticulously validated and sanitized.

Key Concerns

  • AJAX handlers without authentication checks
  • Presence of dangerous function 'exec'
  • Taint flows with unsanitized paths
  • Unescaped output observed
  • File operations without clear context
Vulnerabilities
None known

SiteGround Migrator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SiteGround Migrator Release Timeline

v2.1.0Current
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
Code Analysis
Analyzed Mar 16, 2026

SiteGround Migrator Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
8 prepared
Unescaped Output
9
20 escaped
Nonce Checks
2
Capability Checks
1
File Operations
5
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

execexec( "kill -9 $pid" );core\Background_Process\Siteground_WP_Background_Process.php:538

SQL Query Safety

80% prepared10 total queries

Output Escaping

69% escaped29 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<Files_Service> (core\Files_Service\Files_Service.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

SiteGround Migrator Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

noprivwp_ajax_siteground_migrator_is_plugin_installedcore\Loader\Loader.php:150
noprivwp_ajax_siteground_migrator_download_filecore\Loader\Loader.php:171
noprivwp_ajax_siteground_migrator_update_transfer_statuscore\Loader\Loader.php:181
WordPress Hooks 11
filtercron_schedulescore\Background_Process\Siteground_WP_Background_Process.php:73
actionnetwork_admin_menucore\Loader\Loader.php:129
actionadmin_enqueue_scriptscore\Loader\Loader.php:133
actionadmin_enqueue_scriptscore\Loader\Loader.php:135
actionadmin_print_stylescore\Loader\Loader.php:137
actionadmin_menucore\Loader\Loader.php:140
actioninitcore\Loader\Loader.php:161
actionadmin_initcore\Loader\Loader.php:183
actionafter_setup_themecore\Loader\Loader.php:225
actionupgrader_process_completecore\Loader\Loader.php:227
actionrest_api_initcore\Loader\Loader.php:237
Maintenance & Trust

SiteGround Migrator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 7, 2026
PHP min version5.6.0
Downloads2.1M

Community Trust

Rating86/100
Number of ratings395
Active installs70K
Alternatives

SiteGround Migrator Alternatives

W2S – Migrate WooCommerce to Shopify

W2S – Migrate WooCommerce to Shopify

w2s-migrate-woo-to-shopify

A
99

Migrate all products and categories from WooCommerce to Shopify

1K 1 CVE
Migrate to WordPress.com

Migrate to WordPress.com

wpcom-migration

A
100

A WordPress plugin that helps users to migrate their sites to WordPress.com

1K No CVEs
Transferito: WP Migration

Transferito: WP Migration

transferito

A
100

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 No CVEs
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

B
74

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

300 1 unpatched
FlyWP Migrator – Migrate Your Site to FlyWP

FlyWP Migrator – Migrate Your Site to FlyWP

flywp-migrator

A
100

Move your WordPress site to FlyWP's lightning-fast hosting platform with just a few clicks. No technical knowledge required!

100 No CVEs
Developer Profile

SiteGround Migrator Developer Profile

SiteGround

5 plugins · 2.1M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
483 days
View full developer profile
Detection Fingerprints

How We Detect SiteGround Migrator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/siteground-migrator/assets/css/main.min.css/wp-content/plugins/siteground-migrator/assets/js/main.min.js
Script Paths
/wp-content/plugins/siteground-migrator/assets/js/main.min.js
Version Parameters
siteground-migrator/assets/css/main.min.css?ver=siteground-migrator/assets/js/main.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-dom-element-iddata-pagedata-config
JS Globals
SGMigrator
REST Endpoints
/wp-json/siteground-migrator
FAQ

Frequently Asked Questions about SiteGround Migrator