Does Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Security & Risk Analysis

wordpress.org/plugins/vigilante

Premium WordPress Security - 100% FREE: Firewall, 2FA, Security Headers, Login and Malware Protection, File Monitor, Security Audit & more

300 active installs v1.13.1 PHP 7.4+ WP 6.2+ Updated Apr 15, 2026

2fafirewallmalwarescannersecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Safe to Use in 2026?

Generally Safe

Score 100/100

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'vigilante' v1.5.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to output escaping and robust use of prepared statements for SQL queries, indicating good development practices in these areas. The complete absence of known CVEs and a clean vulnerability history are also significant strengths. However, a substantial attack surface exists within its AJAX handlers, with a concerning 23 out of 42 handlers lacking authentication checks. Furthermore, the taint analysis reveals 6 flows with unsanitized paths, 5 of which are categorized as high severity, suggesting potential vulnerabilities related to how user input is processed. While no critical issues were found in the taint analysis, these high-severity unsanitized paths on a plugin with a large number of unprotected AJAX endpoints represent the most significant risks.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths
Unsanitized paths in taint analysis

Vulnerabilities

None known

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Release Timeline

v1.13.1Current

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.1

v1.10.0

v1.9.0

v1.8.0

v1.7.2

v1.7.1

v1.7.0

v1.6.1

v1.6.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

Code Analysis

Analyzed Mar 16, 2026

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Code Analysis

Dangerous Functions

Raw SQL Queries

109 prepared

Unescaped Output

630 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

94% prepared116 total queries

Output Escaping

100% escaped632 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

14 flows6 with unsanitized paths

ajax_download_db_backup (admin\class-admin-ajax.php:1484)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

23 unprotected

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Attack Surface

Entry Points42

Unprotected23

AJAX Handlers 42

authwp_ajax_vigilante_save_settingsadmin\class-admin.php:112

authwp_ajax_vigilante_apply_presetadmin\class-admin.php:113

authwp_ajax_vigilante_reset_sectionadmin\class-admin.php:114

authwp_ajax_vigilante_clear_lockoutsadmin\class-admin.php:115

authwp_ajax_vigilante_clear_logsadmin\class-admin.php:116

authwp_ajax_vigilante_run_scanadmin\class-admin.php:117

authwp_ajax_vigilante_clear_scanadmin\class-admin.php:118

authwp_ajax_vigilante_ignore_fileadmin\class-admin.php:119

authwp_ajax_vigilante_unignore_fileadmin\class-admin.php:120

authwp_ajax_vigilante_clear_ignoredadmin\class-admin.php:121

authwp_ajax_vigilante_export_settingsadmin\class-admin.php:122

authwp_ajax_vigilante_import_settingsadmin\class-admin.php:123

authwp_ajax_vigilante_get_logsadmin\class-admin.php:124

authwp_ajax_vigilante_test_headersadmin\class-admin.php:125

authwp_ajax_vigilante_create_backupadmin\class-admin.php:126

authwp_ajax_vigilante_search_users_2faadmin\class-admin.php:129

authwp_ajax_vigilante_send_2fa_notificationadmin\class-admin.php:130

authwp_ajax_vigilante_search_totp_usersadmin\class-admin.php:131

authwp_ajax_vigilante_reset_totp_usersadmin\class-admin.php:132

authwp_ajax_vigilante_totp_get_setupadmin\class-admin.php:133

authwp_ajax_vigilante_notify_login_urladmin\class-admin.php:134

authwp_ajax_vigilante_search_users_password_resetadmin\class-admin.php:137

authwp_ajax_vigilante_force_password_resetadmin\class-admin.php:138

authwp_ajax_vigilante_force_password_reset_alladmin\class-admin.php:139

authwp_ajax_vigilante_approve_useradmin\class-admin.php:142

authwp_ajax_vigilante_reject_useradmin\class-admin.php:143

authwp_ajax_vigilante_get_user_sessionsadmin\class-admin.php:146

authwp_ajax_vigilante_revoke_sessionadmin\class-admin.php:147

authwp_ajax_vigilante_revoke_all_sessionsadmin\class-admin.php:148

authwp_ajax_vigilante_activate_under_attackadmin\class-admin.php:151

authwp_ajax_vigilante_deactivate_under_attackadmin\class-admin.php:152

authwp_ajax_vigilante_under_attack_statusadmin\class-admin.php:153

authwp_ajax_vigilante_get_db_tablesadmin\class-admin.php:156

authwp_ajax_vigilante_download_db_backupadmin\class-admin.php:157

authwp_ajax_vigilante_generate_prefixadmin\class-admin.php:160

authwp_ajax_vigilante_change_prefixadmin\class-admin.php:161

authwp_ajax_vigilante_add_to_firewall_listadmin\class-admin.php:164

noprivwp_ajax_vigilante_resend_2fa_codeincludes\class-two-factor-email.php:114

authwp_ajax_vigilante_totp_verify_setupincludes\class-two-factor-totp.php:144

authwp_ajax_vigilante_totp_regenerate_backupincludes\class-two-factor-totp.php:145

authwp_ajax_vigilante_totp_reconfigureincludes\class-two-factor-totp.php:146

authwp_ajax_vigilante_dismiss_noticevigilante.php:309

WordPress Hooks 143

actionadmin_menuadmin\class-admin.php:103

actionadmin_initadmin\class-admin.php:104

actionadmin_enqueue_scriptsadmin\class-admin.php:105

actionadmin_noticesadmin\class-admin.php:106

filtersubmenu_fileadmin\class-admin.php:109

actionadmin_initadmin\class-admin.php:167

actionadmin_noticesincludes\class-activator.php:109

actionadmin_noticesincludes\class-activator.php:121

actiontransition_post_statusincludes\class-activity-log.php:65

actiondelete_postincludes\class-activity-log.php:66

actionactivated_pluginincludes\class-activity-log.php:71

actiondeactivated_pluginincludes\class-activity-log.php:72

actionupgrader_process_completeincludes\class-activity-log.php:73

actiondeleted_pluginincludes\class-activity-log.php:74

actionswitch_themeincludes\class-activity-log.php:79

actionupdated_optionincludes\class-activity-log.php:84

actionwp_insert_commentincludes\class-activity-log.php:89

actionspam_commentincludes\class-activity-log.php:90

actiontrash_commentincludes\class-activity-log.php:91

actiondelete_commentincludes\class-activity-log.php:92

actionadd_attachmentincludes\class-activity-log.php:97

actiondelete_attachmentincludes\class-activity-log.php:98

filterxmlrpc_methodsincludes\class-comment-security.php:54

filterwp_headersincludes\class-comment-security.php:55

filterpings_openincludes\class-comment-security.php:56

filterpings_openincludes\class-comment-security.php:60

filtercomments_openincludes\class-comment-security.php:65

actioncomment_formincludes\class-comment-security.php:70

filterpreprocess_commentincludes\class-comment-security.php:71

filterpreprocess_commentincludes\class-comment-security.php:76

filterpreprocess_commentincludes\class-comment-security.php:81

filterpreprocess_commentincludes\class-comment-security.php:86

actiondo_feedincludes\class-feed-manager.php:54

actiondo_feed_rdfincludes\class-feed-manager.php:55

actiondo_feed_rssincludes\class-feed-manager.php:56

actiondo_feed_rss2includes\class-feed-manager.php:57

actiondo_feed_atomincludes\class-feed-manager.php:58

actiontemplate_redirectincludes\class-feed-manager.php:69

filterposts_whereincludes\class-feed-manager.php:74

actiondo_feed_rss2_commentsincludes\class-feed-manager.php:79

actiondo_feed_atom_commentsincludes\class-feed-manager.php:80

filterthe_generatorincludes\class-feed-manager.php:85

actionvigilante_file_integrity_scanincludes\class-file-integrity.php:120

actioninitincludes\class-firewall.php:62

actioninitincludes\class-firewall.php:66

actioninitincludes\class-head-cleaner.php:52

filterthe_generatorincludes\class-head-cleaner.php:62

actiontemplate_redirectincludes\class-https-enforcer.php:58

actionadmin_initincludes\class-https-enforcer.php:59

actionwp_loadedincludes\class-https-enforcer.php:64

actionshutdownincludes\class-https-enforcer.php:65

filterscript_loader_srcincludes\class-https-enforcer.php:66

filterstyle_loader_srcincludes\class-https-enforcer.php:67

filterwp_get_attachment_urlincludes\class-https-enforcer.php:68

filterthe_contentincludes\class-https-enforcer.php:69

filterwidget_textincludes\class-https-enforcer.php:70

filterauthenticateincludes\class-login-security.php:78

actionwp_login_failedincludes\class-login-security.php:81

actionwp_loginincludes\class-login-security.php:82

filterlogin_errorsincludes\class-login-security.php:86

filtershake_error_codesincludes\class-login-security.php:87

filterxmlrpc_enabledincludes\class-login-security.php:92

filterwp_xmlrpc_server_classincludes\class-login-security.php:93

filterxmlrpc_methodsincludes\class-login-security.php:100

filterwp_is_application_passwords_availableincludes\class-login-security.php:105

actionwp_loginincludes\class-login-security.php:110

actionlogin_formincludes\class-login-security.php:114

actionwp_loadedincludes\class-login-security.php:138

filterlogin_urlincludes\class-login-security.php:141

filterlogout_urlincludes\class-login-security.php:142

filterlostpassword_urlincludes\class-login-security.php:143

filterregister_urlincludes\class-login-security.php:144

actionlogin_initincludes\class-login-security.php:147

filtersite_urlincludes\class-login-security.php:150

filterlogout_redirectincludes\class-login-security.php:153

filterwp_redirectincludes\class-login-security.php:159

filterrest_authentication_errorsincludes\class-rest-api-security.php:50

filterrest_endpointsincludes\class-rest-api-security.php:54

filterrest_jsonp_enabledincludes\class-rest-api-security.php:59

filterauthenticateincludes\class-two-factor-email.php:105

actionlogin_form_vigilante_2faincludes\class-two-factor-email.php:108

actionlogin_formincludes\class-two-factor-email.php:111

actionlogin_enqueue_scriptsincludes\class-two-factor-email.php:117

filterlogin_errorsincludes\class-two-factor-email.php:120

filterauthenticateincludes\class-two-factor-totp.php:125

actionlogin_form_vigilante_2faincludes\class-two-factor-totp.php:128

actionlogin_formincludes\class-two-factor-totp.php:131

actionlogin_enqueue_scriptsincludes\class-two-factor-totp.php:134

filterlogin_errorsincludes\class-two-factor-totp.php:137

actionshow_user_profileincludes\class-two-factor-totp.php:140

actionedit_user_profileincludes\class-two-factor-totp.php:141

actionadmin_enqueue_scriptsincludes\class-two-factor-totp.php:149

actionadmin_noticesincludes\class-two-factor-totp.php:152

actionadmin_initincludes\class-two-factor-totp.php:155

actioninitincludes\class-under-attack.php:75

actiontemplate_redirectincludes\class-under-attack.php:80

actioninitincludes\class-under-attack.php:83

filtervigilante_rate_limit_requestsincludes\class-under-attack.php:86

filtervigilante_rate_limit_durationincludes\class-under-attack.php:87

actioninitincludes\class-under-attack.php:90

actioninitincludes\class-under-attack.php:93

filterxmlrpc_enabledincludes\class-under-attack.php:96

filterxmlrpc_methodsincludes\class-under-attack.php:97

filterrest_authentication_errorsincludes\class-under-attack.php:100

actionuser_profile_update_errorsincludes\class-user-security.php:63

filterpre_user_loginincludes\class-user-security.php:64

actionregister_postincludes\class-user-security.php:65

actionadmin_noticesincludes\class-user-security.php:70

actiontemplate_redirectincludes\class-user-security.php:75

filterrest_endpointsincludes\class-user-security.php:80

actionuser_profile_update_errorsincludes\class-user-security.php:85

filterregistration_errorsincludes\class-user-security.php:86

actionprofile_updateincludes\class-user-security.php:90

actionuser_registerincludes\class-user-security.php:91

actiondelete_userincludes\class-user-security.php:92

actionset_user_roleincludes\class-user-security.php:93

actionuser_registerincludes\class-user-security.php:98

filterwp_authenticate_userincludes\class-user-security.php:99

actionadmin_noticesincludes\class-user-security.php:100

filterwp_authenticate_userincludes\class-user-security.php:108

actionwp_loginincludes\class-user-security.php:111

actionprofile_updateincludes\class-user-security.php:117

actionwp_loginincludes\class-user-security.php:123

actionadmin_noticesincludes\class-user-security.php:124

actionadmin_initincludes\class-user-security.php:125

actionprofile_updateincludes\class-user-security.php:126

actionuser_registerincludes\class-user-security.php:127

actionuser_profile_update_errorsincludes\class-user-security.php:128

actionvigilante_password_expiry_reminderincludes\class-user-security.php:132

actionuser_registerincludes\class-user-security.php:142

filterwp_authenticate_userincludes\class-user-security.php:143

actioninitincludes\class-user-security.php:144

actionlogin_messageincludes\class-user-security.php:145

filterwp_new_user_notification_emailincludes\class-user-security.php:150

filterregistration_redirectincludes\class-user-security.php:151

actionlogin_messageincludes\class-user-security.php:152

filtervigilante_skip_failed_login_countincludes\class-user-security.php:960

filtervigilante_skip_failed_login_countincludes\class-user-security.php:1536

actionadmin_noticesvigilante.php:63

actioninitvigilante.php:145

actionvigilante_daily_maintenancevigilante.php:305

actionvigilante_hourly_checksvigilante.php:306

actionplugins_loadedvigilante.php:402

Scheduled Events 4

vigilante_daily_maintenance

vigilante_hourly_checks

vigilante_file_integrity_scan

vigilante_password_expiry_reminder

Maintenance & Trust

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedApr 15, 2026

PHP min version7.4

Downloads5K

Community Trust

Rating100/100

Number of ratings8

Active installs300

Alternatives

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Atomic Edge Security

atomic-edge-security

100

Connect your WordPress site to Atomic Edge for enterprise-grade WAF protection, real-time analytics, and advanced security tools.

10 No CVEs

Liveupx Security

liveupx-security

100

Complete WordPress security — Firewall, 2FA, Malware Scanner, Vulnerability Scanner, Login Protection, Security Headers. 100% free.

0 No CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs

Developer Profile

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Developer Profile

Fernando Tellado

21 plugins · 25K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vigilante/admin/css/style.css/wp-content/plugins/vigilante/admin/js/script.js/wp-content/plugins/vigilante/assets/css/frontend.css/wp-content/plugins/vigilante/assets/js/frontend.js

Script Paths

/wp-content/plugins/vigilante/admin/js/script.js/wp-content/plugins/vigilante/assets/js/frontend.js

Version Parameters

/wp-content/plugins/vigilante/admin/css/style.css?ver=/wp-content/plugins/vigilante/admin/js/script.js?ver=/wp-content/plugins/vigilante/assets/css/frontend.css?ver=/wp-content/plugins/vigilante/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

vigilante-admin-menu-iconvigilante-notice

JS Globals

vigilante_admin_object

REST Endpoints

/wp-json/vigilante/v1/settings

FAQ