WP-Safety

VA Simple Enhanced Security Security & Risk Analysis

wordpress.org/plugins/va-simple-enhanced-security

This plugin will enhance the security of your WordPress.

10 active installs v0.4.6 PHP + WP 4.4+ Updated Apr 5, 2016
authbasic-authbasicauthdigest-authdigestauth
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VA Simple Enhanced Security Safe to Use in 2026?

Generally Safe

Score 85/100

VA Simple Enhanced Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'va-simple-enhanced-security' plugin version 0.4.6 demonstrates a generally strong security posture, with no known vulnerabilities or CVEs recorded. The static analysis reveals robust adherence to good practices, including 100% of SQL queries using prepared statements and a high percentage (90%) of output properly escaped. The presence of nonce and capability checks further strengthens its defense against common attack vectors. However, the analysis does flag one flow with an unsanitized path, which, while not classified as critical or high severity in the taint analysis, warrants attention as a potential avenue for unexpected behavior or information leakage if exploited in conjunction with other factors. The plugin also interacts with the file system, though the nature and security of these operations are not detailed.

Key Concerns

  • Flow with unsanitized path
Vulnerabilities
None known

VA Simple Enhanced Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

VA Simple Enhanced Security Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
43 escaped
Nonce Checks
1
Capability Checks
8
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped48 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
render_ip_limitation (incs\class-module-settings-api.php:329)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

VA Simple Enhanced Security Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 31
actionplugins_loadedincs\class-module-author-base.php:35
actioninitincs\class-module-author-base.php:47
actionadmin_initincs\class-module-author-base.php:48
actionload-options-permalink.phpincs\class-module-author-base.php:49
actionlogin_initincs\class-module-basic-auth.php:39
actionlogin_initincs\class-module-digest-auth.php:39
actionlogin_initincs\class-module-email-login.php:42
actionlogin_enqueue_scriptsincs\class-module-email-login.php:48
filterauthenticateincs\class-module-email-login.php:50
filtergettextincs\class-module-email-login.php:51
filterwp_login_errorsincs\class-module-email-login.php:52
filterbody_classincs\class-module-etc.php:54
actionxmlrpc_enabledincs\class-module-etc.php:60
filterxmlrpc_methodsincs\class-module-etc.php:68
actionadmin_initincs\class-module-etc.php:73
filterauto_update_pluginincs\class-module-etc.php:86
filterauto_update_themeincs\class-module-etc.php:92
actionplugins_loadedincs\class-module-ip-limitation.php:34
actionadmin_print_footer_scriptsincs\class-module-ip-limitation.php:45
actionlogin_initincs\class-module-ip-limitation.php:47
actionpre_option_enable_xmlrpcincs\class-module-ip-limitation.php:48
actionvases_http_auth_send_mailincs\class-module-send-mail.php:23
actionuser_registerincs\class-module-send-mail.php:24
actionadmin_menuincs\class-module-settings-api.php:28
actionadmin_initincs\class-module-settings-api.php:29
actionupdate_option_vases_settingsincs\class-module-settings-api.php:30
actionadd_option_vases_settingsincs\class-module-settings-api.php:31
actionshow_user_profileincs\class-module-settings-api.php:33
actionedit_user_profileincs\class-module-settings-api.php:34
actionuser_profile_update_errorsincs\class-module-settings-api.php:35
actionplugins_loadedva-simple-enhanced-security.php:97

Scheduled Events 1

vases_http_auth_send_mail
Maintenance & Trust

VA Simple Enhanced Security Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedApr 5, 2016
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

VA Simple Enhanced Security Alternatives

VA Simple Basic Auth

VA Simple Basic Auth

va-simple-basic-auth

A
85

Simply by enabling the plugin can set up a basic auth to dashboard and login page.

70 No CVEs
WP BASIC Auth

WP BASIC Auth

wp-basic-auth

A
85

Enabling this plugin allows you to set up Basic authentication on your site using your WordPress's user name and password.

4K No CVEs
WP Basic Authentication

WP Basic Authentication

wp-basic-authentication

A
100

Basic Authentication for protected your development WordPress site like .htpasswd

2K No CVEs
HTTP Basic Auth

HTTP Basic Auth

http-basic-auth

A
85

Basic Auth for Wordpress.

200 No CVEs
Simple REST API Authenticaton with WooCommerce Credentials

Simple REST API Authenticaton with WooCommerce Credentials

wp-simple-rest-api-authentication

A
100

Simple REST API Authentication plugin for WordPress - a powerful solution for integrating your website with external applications.

50 No CVEs
Developer Profile

VA Simple Enhanced Security Developer Profile

kuck1u

7 plugins · 2K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VA Simple Enhanced Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/va-simple-enhanced-security/assets/css/vases-login.css
Version Parameters
va-simple-enhanced-security/assets/css/vases-login.css?ver=

HTML / DOM Fingerprints

CSS Classes
vases-login-container
Data Attributes
data-vases-login
JS Globals
VASES_AJAX_URL
FAQ

Frequently Asked Questions about VA Simple Enhanced Security