WP-Safety

SRWorks ArmorPro Lite Security & Risk Analysis

wordpress.org/plugins/srworks-armorlite

Free WordPress security with firewall, brute force protection, bot detection, security headers, IP whitelist, and login monitoring. No bloat.

0 active installs v1.0.0 PHP 7.4+ WP 5.3+ Updated Mar 5, 2026
brute-forcefirewallheaderslogin-protectionsecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SRWorks ArmorPro Lite Safe to Use in 2026?

Generally Safe

Score 100/100

SRWorks ArmorPro Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago
Risk Assessment

The "srworks-armorlite" v1.0.0 plugin exhibits a generally good security posture, with a significant number of AJAX handlers protected by authentication. The plugin also demonstrates strong practices regarding output escaping (96%) and the use of prepared statements for SQL queries (70%). The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment, suggesting a commitment to secure development.

However, a closer look at the static analysis reveals potential areas of concern. The presence of one flow with unsanitized paths identified through taint analysis, specifically rated as high severity, is a critical finding that warrants immediate attention. While the attack surface for AJAX handlers is protected, the single high-severity taint flow indicates a specific vulnerability that could be exploited if not addressed. The plugin also makes four external HTTP requests, which can introduce risks if the external endpoints are compromised or if the data sent is not handled securely.

Overall, "srworks-armorlite" v1.0.0 has a solid foundation in security best practices, particularly in output sanitization and SQL query preparation. The lack of historical vulnerabilities is reassuring. However, the identified high-severity taint flow represents a significant risk that overshadows the plugin's strengths. Addressing this specific issue should be the top priority to maintain a secure environment. The external HTTP requests, while not an immediate critical risk, should be monitored for any potential downstream impacts.

Key Concerns

  • High severity unsanitized path flow
  • External HTTP requests present
Vulnerabilities
None known

SRWorks ArmorPro Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SRWorks ArmorPro Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
56
130 prepared
Unescaped Output
8
173 escaped
Nonce Checks
42
Capability Checks
44
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

70% prepared186 total queries

Output Escaping

96% escaped181 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class-armor-unlock> (includes\class-armor-unlock.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SRWorks ArmorPro Lite Attack Surface

Entry Points37
Unprotected0

AJAX Handlers 37

authwp_ajax_srwapl_dismiss_proxy_warningadmin\class-armor-admin.php:64
authwp_ajax_srwapl_dismiss_telemetry_optinadmin\class-armor-admin.php:65
authwp_ajax_srwapl_save_settingadmin\class-armor-admin.php:69
authwp_ajax_srwapl_get_statsadmin\class-armor-admin.php:70
authwp_ajax_srwapl_get_chart_dataadmin\class-armor-admin.php:71
authwp_ajax_srwapl_get_login_logadmin\class-armor-admin.php:72
authwp_ajax_srwapl_whitelist_ipadmin\class-armor-admin.php:73
authwp_ajax_srwapl_unblock_ipadmin\class-armor-admin.php:74
authwp_ajax_srwapl_remove_whitelistadmin\class-armor-admin.php:75
authwp_ajax_srwapl_update_whitelist_notesadmin\class-armor-admin.php:76
authwp_ajax_srwapl_clear_logsadmin\class-armor-admin.php:77
authwp_ajax_srwapl_get_health_checksadmin\class-armor-admin.php:80
authwp_ajax_srwapl_test_databaseadmin\class-armor-admin.php:81
authwp_ajax_srwapl_repair_tablesadmin\class-armor-admin.php:82
authwp_ajax_srwapl_export_settingsadmin\class-armor-admin.php:83
authwp_ajax_srwapl_import_settingsadmin\class-armor-admin.php:84
authwp_ajax_srwapl_clear_all_logsadmin\class-armor-admin.php:85
authwp_ajax_srwapl_reset_settingsadmin\class-armor-admin.php:86
authwp_ajax_srwapl_factory_resetadmin\class-armor-admin.php:87
authwp_ajax_srwapl_load_demo_dataadmin\class-armor-admin.php:88
authwp_ajax_srwapl_get_feature_statusadmin\class-armor-admin.php:89
authwp_ajax_srwapl_export_login_csvadmin\class-armor-admin.php:92
authwp_ajax_srwapl_clear_login_logadmin\class-armor-admin.php:93
authwp_ajax_srwapl_get_firewall_logadmin\class-armor-admin.php:95
authwp_ajax_srwapl_export_firewall_csvadmin\class-armor-admin.php:96
authwp_ajax_srwapl_clear_firewall_logadmin\class-armor-admin.php:97
authwp_ajax_srwapl_get_firewall_patternsadmin\class-armor-admin.php:98
authwp_ajax_srwapl_toggle_firewall_patternadmin\class-armor-admin.php:99
authwp_ajax_srwapl_add_firewall_patternadmin\class-armor-admin.php:100
authwp_ajax_srwapl_delete_firewall_patternadmin\class-armor-admin.php:101
authwp_ajax_srwapl_reset_pattern_hitsadmin\class-armor-admin.php:102
authwp_ajax_srwapl_remove_bypass_fileadmin\class-armor-admin.php:105
authwp_ajax_srwapl_run_cleanupadmin\class-armor-admin.php:119
authwp_ajax_srwapl_whitelist_prompt_ipincludes\class-armor-brute-force.php:57
authwp_ajax_srwapl_dismiss_whitelistincludes\class-armor-brute-force.php:58
authwp_ajax_srwapl_telemetry_optinincludes\class-srworks-telemetry.php:159
authwp_ajax_srwapl_telemetry_optoutincludes\class-srworks-telemetry.php:160
WordPress Hooks 38
actionadmin_menuadmin\class-armor-admin.php:57
actionadmin_enqueue_scriptsadmin\class-armor-admin.php:58
actionadmin_enqueue_scriptsadmin\class-armor-admin.php:59
actionadmin_headadmin\class-armor-admin.php:60
actionwp_dashboard_setupadmin\class-armor-admin.php:61
actionadmin_noticesadmin\class-armor-admin.php:62
actionadmin_noticesadmin\class-armor-admin.php:63
actionsrwapl_daily_cleanupadmin\class-armor-admin.php:108
actionlogin_formincludes\class-armor-bot-protection.php:47
actionregister_formincludes\class-armor-bot-protection.php:48
actionlostpassword_formincludes\class-armor-bot-protection.php:49
actionlogin_enqueue_scriptsincludes\class-armor-bot-protection.php:52
filterauthenticateincludes\class-armor-bot-protection.php:54
filterauthenticateincludes\class-armor-bot-protection.php:55
filterregistration_errorsincludes\class-armor-bot-protection.php:58
actionlostpassword_postincludes\class-armor-bot-protection.php:61
actionlogin_initincludes\class-armor-brute-force.php:33
actioninitincludes\class-armor-brute-force.php:34
actionwp_login_failedincludes\class-armor-brute-force.php:37
actionwp_loginincludes\class-armor-brute-force.php:38
filterlogin_errorsincludes\class-armor-brute-force.php:41
filterxmlrpc_enabledincludes\class-armor-brute-force.php:45
filterxmlrpc_methodsincludes\class-armor-brute-force.php:46
actioninitincludes\class-armor-brute-force.php:47
filterrest_authentication_errorsincludes\class-armor-brute-force.php:52
actionadmin_noticesincludes\class-armor-brute-force.php:56
actioninitincludes\class-armor-database.php:142
filterauthor_linkincludes\class-armor-obfuscation.php:36
actiontemplate_redirectincludes\class-armor-obfuscation.php:37
filterrest_prepare_userincludes\class-armor-obfuscation.php:38
actionpre_get_postsincludes\class-armor-obfuscation.php:39
actiontemplate_redirectincludes\class-armor-obfuscation.php:42
filterthe_contentincludes\class-armor-obfuscation.php:47
actionwp_footerincludes\class-armor-obfuscation.php:48
actionsrwapl_telemetry_heartbeatincludes\class-srworks-telemetry.php:162
actionadmin_noticessrworks-armorlite.php:51
actionplugins_loadedsrworks-armorlite.php:137
actioninitsrworks-armorlite.php:202

Scheduled Events 6

srwapl_daily_cleanup
srwapl_daily_cleanup
srwapl_daily_cleanup
srwapl_daily_cleanup
srwapl_daily_cleanup
srwapl_telemetry_heartbeat
Maintenance & Trust

SRWorks ArmorPro Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads129

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SRWorks ArmorPro Lite Alternatives

Security Hardener

Security Hardener

security-hardener

A
100

Basic hardening: secure headers, user enumeration blocking, generic login errors, IP-based rate limiting, and WordPress security improvements.

100 No CVEs
Cyber Smart Defence

Cyber Smart Defence

cyber-smart-defence

A
100

Lightweight WordPress security firewall with login protection and threat monitoring.

0 No CVEs
Liveupx Security

Liveupx Security

liveupx-security

A
100

Comprehensive WordPress security plugin with login protection, firewall, brute force prevention, IP blocking, and activity logging.

0 No CVEs
VigiGuard Security

VigiGuard Security

vigiguard-security

A
100

Simple one-click WordPress security. Protect your site in 30 seconds.

0 No CVEs
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

A
98

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs
Developer Profile

SRWorks ArmorPro Lite Developer Profile

SRWorks LLC

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SRWorks ArmorPro Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/srworks-armorlite/admin/css/armor-admin.css/wp-content/plugins/srworks-armorlite/admin/js/armor-admin.js/wp-content/plugins/srworks-armorlite/includes/js/armor-common.js/wp-content/plugins/srworks-armorlite/includes/js/armor-helpers.js/wp-content/plugins/srworks-armorlite/assets/css/armorlite-frontend.css/wp-content/plugins/srworks-armorlite/assets/js/armorlite-frontend.js
Script Paths
/wp-content/plugins/srworks-armorlite/admin/js/armor-admin.js/wp-content/plugins/srworks-armorlite/includes/js/armor-common.js/wp-content/plugins/srworks-armorlite/includes/js/armor-helpers.js/wp-content/plugins/srworks-armorlite/assets/js/armorlite-frontend.js
Version Parameters
srworks-armorlite/admin/css/armor-admin.css?ver=srworks-armorlite/admin/js/armor-admin.js?ver=srworks-armorlite/includes/js/armor-common.js?ver=srworks-armorlite/includes/js/armor-helpers.js?ver=srworks-armorlite/assets/css/armorlite-frontend.css?ver=srworks-armorlite/assets/js/armorlite-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
srwapl-admin-notice
HTML Comments
SRWorks Telemetry (shared across plugins)Emergency bypass file check: create .emergency-bypass in plugin directory to disable all protectionMain Plugin ClassSingleton instance+21 more
JS Globals
SRWAPL_LITESRWAPL_VERSIONSRWAPL_DB_VERSIONSRWAPL_LITE_PLUGIN_DIRSRWAPL_LITE_PLUGIN_URLSRWAPL_LITE_PLUGIN_BASENAME
FAQ

Frequently Asked Questions about SRWorks ArmorPro Lite