WP-Safety

SiteGuard WP Plugin Security & Risk Analysis

wordpress.org/plugins/siteguard

SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.

600K active installs v1.7.9 PHP + WP 3.9+ Updated Apr 16, 2026
captchalogin-alertlogin-lockpingbacksecurity
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 23, 2026
Plugin page Download
Safety Verdict

Is SiteGuard WP Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

SiteGuard WP Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Feb 23, 2026Updated 1mo ago
Risk Assessment

The SiteGuard plugin v1.7.9 exhibits a mixed security posture. While the static analysis shows a commendable absence of direct attack surface vectors like unprotected AJAX handlers, REST API routes, or shortcodes, and a high percentage of SQL queries utilizing prepared statements, there are significant areas of concern. A substantial portion of output operations (33%) are not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities if malicious data is introduced. Furthermore, seven taint analysis flows were found with unsanitized paths, indicating potential for path traversal or file inclusion vulnerabilities, even if no critical or high-severity issues were flagged directly in the static analysis. The vulnerability history is also a red flag. With two known CVEs, one of which remains unpatched, and both falling into the 'Missing Authorization' and 'Protection Mechanism Failure' categories, this suggests recurring or persistent weaknesses in how the plugin handles user permissions and security controls. The presence of an unpatched medium severity vulnerability, coupled with the potential for XSS and path-related issues from the code analysis, outweighs the otherwise strong zero-attack-surface findings. The plugin's strengths lie in its low direct attack surface and good SQL practices, but its weaknesses, particularly the unpatched vulnerability and potential for unsanitized output and paths, necessitate careful consideration and immediate patching.

Key Concerns

  • Unpatched medium severity vulnerability
  • Significant unsanitized output (33%)
  • Taint flows with unsanitized paths (7 total)
  • Low capability checks (2 total)
Vulnerabilities
2 published

SiteGuard WP Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-27411medium · 5.3Missing Authorization

SiteGuard WP Plugin <= 1.7.9 - Missing Authorization

Feb 23, 2026 Patched in 1.7.10 (61d)
CVE-2024-37881medium · 5.3Protection Mechanism Failure

SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure

Jun 21, 2024 Patched in 1.7.7 (1d)
Version History

SiteGuard WP Plugin Release Timeline

v1.7.9Current1 CVE5 files changed
CVE-2026-27411
v1.7.81 CVE3 files changed
CVE-2026-27411
v1.7.71 CVE3 files changed
CVE-2026-27411
v1.7.62 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.52 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.42 CVEs9 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.32 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.22 CVEs36 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.12 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.7.02 CVEs7 files changed
CVE-2024-37881 CVE-2026-27411
v1.6.12 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.6.02 CVEs14 files changed
CVE-2024-37881 CVE-2026-27411
v1.5.22 CVEs3 files changed
CVE-2024-37881 CVE-2026-27411
v1.5.12 CVEs8 files changed
CVE-2024-37881 CVE-2026-27411
v1.5.02 CVEs8 files changed
CVE-2024-37881 CVE-2026-27411
v1.4.32 CVEs39 files changed
CVE-2024-37881 CVE-2026-27411
v1.2.32 CVEs4 files changed
CVE-2024-37881 CVE-2026-27411
v1.2.22 CVEs29 files changed
CVE-2024-37881 CVE-2026-27411
v1.2.12 CVEs103 files changed
CVE-2024-37881 CVE-2026-27411
v1.2.02 CVEs
CVE-2024-37881 CVE-2026-27411
Code Analysis
Analyzed Mar 16, 2026

SiteGuard WP Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
23 prepared
Unescaped Output
87
175 escaped
Nonce Checks
14
Capability Checks
2
File Operations
49
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared26 total queries

Output Escaping

67% escaped262 total outputs
Data Flows · Security
7 unsanitized

Data Flow Analysis

19 flows7 with unsanitized paths
handler_wp_authenticate_user (classes\siteguard-captcha.php:213)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SiteGuard WP Plugin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 37
actionadmin_menuadmin\siteguard-menu-init.php:4
actionwp_loginclasses\siteguard-admin-filter.php:8
filtershake_error_codesclasses\siteguard-captcha.php:15
filterlogin_formclasses\siteguard-captcha.php:19
filterwp_authenticate_userclasses\siteguard-captcha.php:20
filterlostpassword_formclasses\siteguard-captcha.php:24
filterlostpassword_postclasses\siteguard-captcha.php:25
filterregister_formclasses\siteguard-captcha.php:29
actionregistration_errorsclasses\siteguard-captcha.php:30
actioncomment_form_after_fieldsclasses\siteguard-captcha.php:34
actioncomment_form_logged_in_afterclasses\siteguard-captcha.php:35
actioncomment_formclasses\siteguard-captcha.php:36
filterpreprocess_commentclasses\siteguard-captcha.php:37
filterlogin_errorsclasses\siteguard-captcha.php:41
filterallow_password_resetclasses\siteguard-captcha.php:232
actioninitclasses\siteguard-disable-author-query.php:8
filterrest_pre_dispatchclasses\siteguard-disable-author-query.php:10
filterxmlrpc_methodsclasses\siteguard-disable-pingback.php:8
actionwp_loginclasses\siteguard-login-alert.php:7
actionwp_loginclasses\siteguard-login-history.php:7
actionwp_login_failedclasses\siteguard-login-history.php:8
actionxmlrpc_callclasses\siteguard-login-history.php:9
actionwp_login_failedclasses\siteguard-login-lock.php:9
filterauthenticateclasses\siteguard-login-lock.php:10
filterwp_authenticate_userclasses\siteguard-login-lock.php:13
filtershake_error_codesclasses\siteguard-login-lock.php:138
filterplugins_loadedclasses\siteguard-rename-login.php:64
filterlogin_initclasses\siteguard-rename-login.php:65
filtersite_urlclasses\siteguard-rename-login.php:66
filternetwork_site_urlclasses\siteguard-rename-login.php:67
filterwp_redirectclasses\siteguard-rename-login.php:68
filterregisterclasses\siteguard-rename-login.php:69
filterauth_redirect_schemeclasses\siteguard-rename-login.php:70
actionplugins_loadedsiteguard.php:136
actioninitsiteguard.php:141
actionadmin_initsiteguard.php:142
actionadmin_noticessiteguard.php:144
Maintenance & Trust

SiteGuard WP Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 16, 2026
PHP min version
Downloads5.2M

Community Trust

Rating86/100
Number of ratings15
Active installs600K
Alternatives

SiteGuard WP Plugin Alternatives

CloudSecure WP Security

CloudSecure WP Security

cloudsecure-wp-security

A
100

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

100K No CVEs
reCaptcha by BestWebSoft

reCaptcha by BestWebSoft

google-captcha

A
98

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Login No Captcha reCAPTCHA

Login No Captcha reCAPTCHA

login-recaptcha

A
85

Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.

60K 1 CVE
Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

A
99

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs
Developer Profile

SiteGuard WP Plugin Developer Profile

jp-secure

1 plugin · 600K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
31 days
View full developer profile
Detection Fingerprints

How We Detect SiteGuard WP Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-black.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-bold.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-heavy.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-light.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-medium.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-regular.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1c-hiragana-thin.ttf/wp-content/plugins/siteguard/mplus-TESTFLIGHT-058/mplus-1m-hiragana-bold.ttf+39 more

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about SiteGuard WP Plugin