WP-Safety

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Security & Risk Analysis

wordpress.org/plugins/vigilante

Premium WordPress Security - 100% FREE: Firewall, 2FA, Security Headers, Login and Malware Protection, File Monitor, Activity Log, Under Attack & more

90 active installs v1.5.1 PHP 7.4+ WP 6.2+ Updated Mar 14, 2026
2fafirewallmalwareprotectionsecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Safe to Use in 2026?

Generally Safe

Score 100/100

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago
Risk Assessment

The 'vigilante' v1.5.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to output escaping and robust use of prepared statements for SQL queries, indicating good development practices in these areas. The complete absence of known CVEs and a clean vulnerability history are also significant strengths. However, a substantial attack surface exists within its AJAX handlers, with a concerning 23 out of 42 handlers lacking authentication checks. Furthermore, the taint analysis reveals 6 flows with unsanitized paths, 5 of which are categorized as high severity, suggesting potential vulnerabilities related to how user input is processed. While no critical issues were found in the taint analysis, these high-severity unsanitized paths on a plugin with a large number of unprotected AJAX endpoints represent the most significant risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized paths
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
109 prepared
Unescaped Output
2
630 escaped
Nonce Checks
53
Capability Checks
54
File Operations
27
External Requests
4
Bundled Libraries
0

SQL Query Safety

94% prepared116 total queries

Output Escaping

100% escaped632 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

14 flows6 with unsanitized paths
ajax_download_db_backup (admin\class-admin-ajax.php:1484)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
23 unprotected

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Attack Surface

Entry Points42
Unprotected23

AJAX Handlers 42

authwp_ajax_vigilante_save_settingsadmin\class-admin.php:112
authwp_ajax_vigilante_apply_presetadmin\class-admin.php:113
authwp_ajax_vigilante_reset_sectionadmin\class-admin.php:114
authwp_ajax_vigilante_clear_lockoutsadmin\class-admin.php:115
authwp_ajax_vigilante_clear_logsadmin\class-admin.php:116
authwp_ajax_vigilante_run_scanadmin\class-admin.php:117
authwp_ajax_vigilante_clear_scanadmin\class-admin.php:118
authwp_ajax_vigilante_ignore_fileadmin\class-admin.php:119
authwp_ajax_vigilante_unignore_fileadmin\class-admin.php:120
authwp_ajax_vigilante_clear_ignoredadmin\class-admin.php:121
authwp_ajax_vigilante_export_settingsadmin\class-admin.php:122
authwp_ajax_vigilante_import_settingsadmin\class-admin.php:123
authwp_ajax_vigilante_get_logsadmin\class-admin.php:124
authwp_ajax_vigilante_test_headersadmin\class-admin.php:125
authwp_ajax_vigilante_create_backupadmin\class-admin.php:126
authwp_ajax_vigilante_search_users_2faadmin\class-admin.php:129
authwp_ajax_vigilante_send_2fa_notificationadmin\class-admin.php:130
authwp_ajax_vigilante_search_totp_usersadmin\class-admin.php:131
authwp_ajax_vigilante_reset_totp_usersadmin\class-admin.php:132
authwp_ajax_vigilante_totp_get_setupadmin\class-admin.php:133
authwp_ajax_vigilante_notify_login_urladmin\class-admin.php:134
authwp_ajax_vigilante_search_users_password_resetadmin\class-admin.php:137
authwp_ajax_vigilante_force_password_resetadmin\class-admin.php:138
authwp_ajax_vigilante_force_password_reset_alladmin\class-admin.php:139
authwp_ajax_vigilante_approve_useradmin\class-admin.php:142
authwp_ajax_vigilante_reject_useradmin\class-admin.php:143
authwp_ajax_vigilante_get_user_sessionsadmin\class-admin.php:146
authwp_ajax_vigilante_revoke_sessionadmin\class-admin.php:147
authwp_ajax_vigilante_revoke_all_sessionsadmin\class-admin.php:148
authwp_ajax_vigilante_activate_under_attackadmin\class-admin.php:151
authwp_ajax_vigilante_deactivate_under_attackadmin\class-admin.php:152
authwp_ajax_vigilante_under_attack_statusadmin\class-admin.php:153
authwp_ajax_vigilante_get_db_tablesadmin\class-admin.php:156
authwp_ajax_vigilante_download_db_backupadmin\class-admin.php:157
authwp_ajax_vigilante_generate_prefixadmin\class-admin.php:160
authwp_ajax_vigilante_change_prefixadmin\class-admin.php:161
authwp_ajax_vigilante_add_to_firewall_listadmin\class-admin.php:164
noprivwp_ajax_vigilante_resend_2fa_codeincludes\class-two-factor-email.php:114
authwp_ajax_vigilante_totp_verify_setupincludes\class-two-factor-totp.php:144
authwp_ajax_vigilante_totp_regenerate_backupincludes\class-two-factor-totp.php:145
authwp_ajax_vigilante_totp_reconfigureincludes\class-two-factor-totp.php:146
authwp_ajax_vigilante_dismiss_noticevigilante.php:309
WordPress Hooks 143
actionadmin_menuadmin\class-admin.php:103
actionadmin_initadmin\class-admin.php:104
actionadmin_enqueue_scriptsadmin\class-admin.php:105
actionadmin_noticesadmin\class-admin.php:106
filtersubmenu_fileadmin\class-admin.php:109
actionadmin_initadmin\class-admin.php:167
actionadmin_noticesincludes\class-activator.php:109
actionadmin_noticesincludes\class-activator.php:121
actiontransition_post_statusincludes\class-activity-log.php:65
actiondelete_postincludes\class-activity-log.php:66
actionactivated_pluginincludes\class-activity-log.php:71
actiondeactivated_pluginincludes\class-activity-log.php:72
actionupgrader_process_completeincludes\class-activity-log.php:73
actiondeleted_pluginincludes\class-activity-log.php:74
actionswitch_themeincludes\class-activity-log.php:79
actionupdated_optionincludes\class-activity-log.php:84
actionwp_insert_commentincludes\class-activity-log.php:89
actionspam_commentincludes\class-activity-log.php:90
actiontrash_commentincludes\class-activity-log.php:91
actiondelete_commentincludes\class-activity-log.php:92
actionadd_attachmentincludes\class-activity-log.php:97
actiondelete_attachmentincludes\class-activity-log.php:98
filterxmlrpc_methodsincludes\class-comment-security.php:54
filterwp_headersincludes\class-comment-security.php:55
filterpings_openincludes\class-comment-security.php:56
filterpings_openincludes\class-comment-security.php:60
filtercomments_openincludes\class-comment-security.php:65
actioncomment_formincludes\class-comment-security.php:70
filterpreprocess_commentincludes\class-comment-security.php:71
filterpreprocess_commentincludes\class-comment-security.php:76
filterpreprocess_commentincludes\class-comment-security.php:81
filterpreprocess_commentincludes\class-comment-security.php:86
actiondo_feedincludes\class-feed-manager.php:54
actiondo_feed_rdfincludes\class-feed-manager.php:55
actiondo_feed_rssincludes\class-feed-manager.php:56
actiondo_feed_rss2includes\class-feed-manager.php:57
actiondo_feed_atomincludes\class-feed-manager.php:58
actiontemplate_redirectincludes\class-feed-manager.php:69
filterposts_whereincludes\class-feed-manager.php:74
actiondo_feed_rss2_commentsincludes\class-feed-manager.php:79
actiondo_feed_atom_commentsincludes\class-feed-manager.php:80
filterthe_generatorincludes\class-feed-manager.php:85
actionvigilante_file_integrity_scanincludes\class-file-integrity.php:120
actioninitincludes\class-firewall.php:62
actioninitincludes\class-firewall.php:66
actioninitincludes\class-head-cleaner.php:52
filterthe_generatorincludes\class-head-cleaner.php:62
actiontemplate_redirectincludes\class-https-enforcer.php:58
actionadmin_initincludes\class-https-enforcer.php:59
actionwp_loadedincludes\class-https-enforcer.php:64
actionshutdownincludes\class-https-enforcer.php:65
filterscript_loader_srcincludes\class-https-enforcer.php:66
filterstyle_loader_srcincludes\class-https-enforcer.php:67
filterwp_get_attachment_urlincludes\class-https-enforcer.php:68
filterthe_contentincludes\class-https-enforcer.php:69
filterwidget_textincludes\class-https-enforcer.php:70
filterauthenticateincludes\class-login-security.php:78
actionwp_login_failedincludes\class-login-security.php:81
actionwp_loginincludes\class-login-security.php:82
filterlogin_errorsincludes\class-login-security.php:86
filtershake_error_codesincludes\class-login-security.php:87
filterxmlrpc_enabledincludes\class-login-security.php:92
filterwp_xmlrpc_server_classincludes\class-login-security.php:93
filterxmlrpc_methodsincludes\class-login-security.php:100
filterwp_is_application_passwords_availableincludes\class-login-security.php:105
actionwp_loginincludes\class-login-security.php:110
actionlogin_formincludes\class-login-security.php:114
actionwp_loadedincludes\class-login-security.php:138
filterlogin_urlincludes\class-login-security.php:141
filterlogout_urlincludes\class-login-security.php:142
filterlostpassword_urlincludes\class-login-security.php:143
filterregister_urlincludes\class-login-security.php:144
actionlogin_initincludes\class-login-security.php:147
filtersite_urlincludes\class-login-security.php:150
filterlogout_redirectincludes\class-login-security.php:153
filterwp_redirectincludes\class-login-security.php:159
filterrest_authentication_errorsincludes\class-rest-api-security.php:50
filterrest_endpointsincludes\class-rest-api-security.php:54
filterrest_jsonp_enabledincludes\class-rest-api-security.php:59
filterauthenticateincludes\class-two-factor-email.php:105
actionlogin_form_vigilante_2faincludes\class-two-factor-email.php:108
actionlogin_formincludes\class-two-factor-email.php:111
actionlogin_enqueue_scriptsincludes\class-two-factor-email.php:117
filterlogin_errorsincludes\class-two-factor-email.php:120
filterauthenticateincludes\class-two-factor-totp.php:125
actionlogin_form_vigilante_2faincludes\class-two-factor-totp.php:128
actionlogin_formincludes\class-two-factor-totp.php:131
actionlogin_enqueue_scriptsincludes\class-two-factor-totp.php:134
filterlogin_errorsincludes\class-two-factor-totp.php:137
actionshow_user_profileincludes\class-two-factor-totp.php:140
actionedit_user_profileincludes\class-two-factor-totp.php:141
actionadmin_enqueue_scriptsincludes\class-two-factor-totp.php:149
actionadmin_noticesincludes\class-two-factor-totp.php:152
actionadmin_initincludes\class-two-factor-totp.php:155
actioninitincludes\class-under-attack.php:75
actiontemplate_redirectincludes\class-under-attack.php:80
actioninitincludes\class-under-attack.php:83
filtervigilante_rate_limit_requestsincludes\class-under-attack.php:86
filtervigilante_rate_limit_durationincludes\class-under-attack.php:87
actioninitincludes\class-under-attack.php:90
actioninitincludes\class-under-attack.php:93
filterxmlrpc_enabledincludes\class-under-attack.php:96
filterxmlrpc_methodsincludes\class-under-attack.php:97
filterrest_authentication_errorsincludes\class-under-attack.php:100
actionuser_profile_update_errorsincludes\class-user-security.php:63
filterpre_user_loginincludes\class-user-security.php:64
actionregister_postincludes\class-user-security.php:65
actionadmin_noticesincludes\class-user-security.php:70
actiontemplate_redirectincludes\class-user-security.php:75
filterrest_endpointsincludes\class-user-security.php:80
actionuser_profile_update_errorsincludes\class-user-security.php:85
filterregistration_errorsincludes\class-user-security.php:86
actionprofile_updateincludes\class-user-security.php:90
actionuser_registerincludes\class-user-security.php:91
actiondelete_userincludes\class-user-security.php:92
actionset_user_roleincludes\class-user-security.php:93
actionuser_registerincludes\class-user-security.php:98
filterwp_authenticate_userincludes\class-user-security.php:99
actionadmin_noticesincludes\class-user-security.php:100
filterwp_authenticate_userincludes\class-user-security.php:108
actionwp_loginincludes\class-user-security.php:111
actionprofile_updateincludes\class-user-security.php:117
actionwp_loginincludes\class-user-security.php:123
actionadmin_noticesincludes\class-user-security.php:124
actionadmin_initincludes\class-user-security.php:125
actionprofile_updateincludes\class-user-security.php:126
actionuser_registerincludes\class-user-security.php:127
actionuser_profile_update_errorsincludes\class-user-security.php:128
actionvigilante_password_expiry_reminderincludes\class-user-security.php:132
actionuser_registerincludes\class-user-security.php:142
filterwp_authenticate_userincludes\class-user-security.php:143
actioninitincludes\class-user-security.php:144
actionlogin_messageincludes\class-user-security.php:145
filterwp_new_user_notification_emailincludes\class-user-security.php:150
filterregistration_redirectincludes\class-user-security.php:151
actionlogin_messageincludes\class-user-security.php:152
filtervigilante_skip_failed_login_countincludes\class-user-security.php:960
filtervigilante_skip_failed_login_countincludes\class-user-security.php:1536
actionadmin_noticesvigilante.php:63
actioninitvigilante.php:145
actionvigilante_daily_maintenancevigilante.php:305
actionvigilante_hourly_checksvigilante.php:306
actionplugins_loadedvigilante.php:402

Scheduled Events 4

vigilante_daily_maintenance
vigilante_hourly_checks
vigilante_file_integrity_scan
vigilante_password_expiry_reminder
Maintenance & Trust

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs90
Alternatives

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Alternatives

VMP Security – Firewall, Malware Scan, and Login Security

VMP Security – Firewall, Malware Scan, and Login Security

vmpfence-security

A
100

Your all-in-one WordPress security solution. Stop hackers with our firewall, detect malware before it spreads, and protect your site.

0 No CVEs
Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall

NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall

ninjafirewall

A
100

A true Web Application Firewall to protect and secure WordPress.

100K 1 CVE
Iron Security – WordPress Security Plugin

Iron Security – WordPress Security Plugin

iron-security

A
100

Hardening tool that blocks hackers and protect against: Brute Force Attacks, Exploits, Injections, Clickjacking and other important functionalities.

40 No CVEs
ArkHost Security Pack

ArkHost Security Pack

arkhost-security-pack

A
100

WordPress security without the nonsense. No upsells, no premium tier, no fake threat counters.

0 No CVEs
Developer Profile

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… Developer Profile

Fernando Tellado

21 plugins · 24K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vigilante/admin/css/style.css/wp-content/plugins/vigilante/admin/js/script.js/wp-content/plugins/vigilante/assets/css/frontend.css/wp-content/plugins/vigilante/assets/js/frontend.js
Script Paths
/wp-content/plugins/vigilante/admin/js/script.js/wp-content/plugins/vigilante/assets/js/frontend.js
Version Parameters
/wp-content/plugins/vigilante/admin/css/style.css?ver=/wp-content/plugins/vigilante/admin/js/script.js?ver=/wp-content/plugins/vigilante/assets/css/frontend.css?ver=/wp-content/plugins/vigilante/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
vigilante-admin-menu-iconvigilante-notice
JS Globals
vigilante_admin_object
REST Endpoints
/wp-json/vigilante/v1/settings
FAQ

Frequently Asked Questions about Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…