Does VMP Security – Firewall, Malware Scan, and Login Security have any unpatched vulnerabilities?

No. All known vulnerabilities in VMP Security – Firewall, Malware Scan, and Login Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VMP Security – Firewall, Malware Scan, and Login Security compatible with WordPress 6.9.4?

According to WordPress.org data, VMP Security – Firewall, Malware Scan, and Login Security 2.2.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is VMP Security – Firewall, Malware Scan, and Login Security compatible with PHP 7.4+?

VMP Security – Firewall, Malware Scan, and Login Security requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

VMP Security – Firewall, Malware Scan, and Login Security Security & Risk Analysis

wordpress.org/plugins/vmpfence-security

Your all-in-one WordPress security solution. Stop hackers with our firewall, detect malware before it spreads, and protect your site.

0 active installs v2.2.5 PHP 7.4+ WP 5.0+ Updated Mar 5, 2026

2fabrute-force-protectionfirewallmalware-scannersecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is VMP Security – Firewall, Malware Scan, and Login Security Safe to Use in 2026?

Generally Safe

Score 100/100

VMP Security – Firewall, Malware Scan, and Login Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

The vmpfence-security v2.2.6 plugin exhibits a mixed security posture. On the positive side, it has a history of no known CVEs, indicating a relatively stable development track record. The code analysis reveals a good percentage of SQL queries using prepared statements and a high rate of properly escaped output, which are strong security practices. However, there are several areas of concern that detract from its overall security. The presence of 8 AJAX handlers without authentication checks represents a significant attack surface that could be exploited by unauthenticated users. Furthermore, the use of dangerous functions like 'exec', 'shell_exec', and 'unserialize' without explicit context of their sanitization is a red flag, as these functions are prone to remote code execution vulnerabilities if not handled with extreme care. The taint analysis also identified 5 high-severity flows, even though none are classified as critical, suggesting potential issues with data handling that could lead to vulnerabilities.

Key Concerns

AJAX handlers without auth checks
Use of dangerous functions (exec, shell_exec, unserialize)
High severity taint flows detected

Vulnerabilities

None known

VMP Security – Firewall, Malware Scan, and Login Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

VMP Security – Firewall, Malware Scan, and Login Security Code Analysis

Dangerous Functions

Raw SQL Queries

217

550 prepared

Unescaped Output

347

1768 escaped

Nonce Checks

176

Capability Checks

143

File Operations

168

External Requests

Bundled Libraries

Dangerous Functions Found

exec$size = exec('for %i in ("' . $file_path . '") do @echo %~zi');includes\class-advanced-file-handler.php:438

exec$size = exec('stat -f%z "' . escapeshellarg($file_path) . '" 2>/dev/null || stat -c%s "' . escapesheincludes\class-advanced-file-handler.php:442

shell_exec$cpu_count = (int)@shell_exec('nproc 2>/dev/null') ?: 2;includes\class-advanced-scan-engine.php:45

unserialize$unserialized = @unserialize($cleaned_value);includes\class-ajax-handler.php:3286

unserialize$unserialized = @unserialize($content);includes\class-user-option-audit-scanner.php:658

SQL Query Safety

72% prepared767 total queries

Output Escaping

84% escaped2115 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

25 flows8 with unsanitized paths

handle_repair_file (includes\class-file-repair-engine.php:757)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

VMP Security – Firewall, Malware Scan, and Login Security Attack Surface

Entry Points175

Unprotected8

AJAX Handlers 174

authwp_ajax_vmpfence_get_audit_entryadmin\ajax\audit-log-ajax.php:20

authwp_ajax_vmpfence_export_audit_logadmin\ajax\audit-log-ajax.php:84

authwp_ajax_vmpfence_download_audit_exportadmin\ajax\audit-log-ajax.php:149

authwp_ajax_vmpfence_cleanup_audit_logadmin\ajax\audit-log-ajax.php:185

authwp_ajax_vmpfence_get_recent_audit_entriesadmin\ajax\audit-log-ajax.php:213

authwp_ajax_vmpfence_reload_audit_tableadmin\ajax\audit-log-ajax.php:297

authwp_ajax_vmpfence_block_countriesadmin\ajax\block-country-ajax.php:206

authwp_ajax_vmpfence_sync_blocked_ipsadmin\ajax\blocked-ip-sync-ajax.php:17

authwp_ajax_vmpfence_add_custom_patternadmin\ajax\custom-pattern-ajax.php:21

authwp_ajax_vmpfence_get_custom_patternsadmin\ajax\custom-pattern-ajax.php:323

authwp_ajax_vmpfence_delete_custom_patternadmin\ajax\custom-pattern-ajax.php:350

authwp_ajax_vmpfence_toggle_custom_patternadmin\ajax\custom-pattern-ajax.php:452

authwp_ajax_vmpfence_delete_ipadmin\ajax\delete-ip-ajax.php:82

authwp_ajax_vmpfence_disable_debugadmin\ajax\disable-debug-ajax.php:179

authwp_ajax_vmpfence_disable_debugadmin\ajax\disable-debug-ajax.php:180

authwp_ajax_vmpfence_save_brute_force_settingsadmin\ajax\firewall-options-ajax.php:20

authwp_ajax_vmpfence_restore_brute_force_defaultsadmin\ajax\firewall-options-ajax.php:21

authwp_ajax_vmpfence_load_brute_force_settingsadmin\ajax\firewall-options-ajax.php:22

authwp_ajax_vmpfence_enable_firewalladmin\ajax\firewall-options-ajax.php:23

authwp_ajax_vmpfence_load_firewall_summaryadmin\ajax\firewall-options-ajax.php:24

authwp_ajax_vmpfence_get_attack_timelineadmin\ajax\firewall-options-ajax.php:25

authwp_ajax_vmpfence_enable_extended_protectionadmin\ajax\firewall-options-ajax.php:26

authwp_ajax_vmpfence_disable_extended_protectionadmin\ajax\firewall-options-ajax.php:27

authwp_ajax_vmpfence_get_blocked_countriesadmin\ajax\get-blocked-countries-ajax.php:108

authwp_ajax_vmpfence_setup_2faadmin\ajax\login-security-ajax.php:65

authwp_ajax_vmpfence_verify_2fa_setupadmin\ajax\login-security-ajax.php:106

authwp_ajax_vmpfence_enable_2faadmin\ajax\login-security-ajax.php:142

authwp_ajax_vmpfence_disable_2faadmin\ajax\login-security-ajax.php:176

authwp_ajax_vmpfence_regenerate_backup_codesadmin\ajax\login-security-ajax.php:203

authwp_ajax_vmpfence_save_login_settingsadmin\ajax\login-security-ajax.php:421

authwp_ajax_vmpfence_load_login_settingsadmin\ajax\login-security-ajax.php:472

authwp_ajax_vmpfence_get_user_statsadmin\ajax\login-security-ajax.php:534

authwp_ajax_vmpfence_validate_ip_allowlistadmin\ajax\login-security-ajax.php:578

authwp_ajax_vmpfence_restore_defaultsadmin\ajax\scan-options-ajax.php:15

authwp_ajax_vmpfence_load_scan_typeadmin\ajax\scan-options-ajax.php:16

authwp_ajax_vmpfence_save_changesadmin\ajax\scan-options-ajax.php:17

authwp_ajax_vmpfence_load_current_configadmin\ajax\scan-options-ajax.php:18

authwp_ajax_vmpfence_enable_scansadmin\ajax\scan-options-ajax.php:19

authwp_ajax_vmpfence_preview_scheduleadmin\ajax\scan-options-ajax.php:22

authwp_ajax_vmpfence_update_scheduleadmin\ajax\scan-options-ajax.php:23

authwp_ajax_vmpfence_get_schedule_statusadmin\ajax\scan-options-ajax.php:24

authwp_ajax_vmpfence_preview_manual_patternadmin\ajax\scan-options-ajax.php:25

authwp_ajax_vmpfence_get_pattern_descriptionadmin\ajax\scan-options-ajax.php:26

authwp_ajax_vmpfence_get_current_scheduleadmin\ajax\scan-options-ajax.php:27

authwp_ajax_vmpfence_get_scan_percentageadmin\ajax\scan-percentage-ajax.php:16

authwp_ajax_vmpfence_search_blocked_ipsadmin\ajax\search-blocked-ips-ajax.php:17

authwp_ajax_vmpfence_sync_signaturesadmin\ajax\signature-sync-ajax.php:19

authwp_ajax_vmpfence_get_top_countriesadmin\ajax\top-countries-ajax.php:22

authwp_ajax_vmpfence_get_top_blocked_ipsadmin\ajax\top-ips-ajax.php:22

authwp_ajax_vmpfence_unblock_countryadmin\ajax\unblock-country-ajax.php:113

authwp_ajax_vmpfence_unblock_ipadmin\ajax\unblock-ip-ajax.php:112

authwp_ajax_vmpfence_yara_scan_fileadmin\ajax\yara-scanner-ajax.php:35

authwp_ajax_vmpfence_yara_scan_wp_fileadmin\ajax\yara-scanner-ajax.php:36

authwp_ajax_vmpfence_get_wp_filesadmin\ajax\yara-scanner-ajax.php:37

authwp_ajax_vmpfence_get_yara_statsadmin\ajax\yara-scanner-ajax.php:38

authwp_ajax_vmpfence_get_yara_historyadmin\ajax\yara-scanner-ajax.php:39

authwp_ajax_vmpfence_get_yara_session_detailsadmin\ajax\yara-scanner-ajax.php:40

authwp_ajax_vmpfence_get_yara_server_statsadmin\ajax\yara-scanner-ajax.php:41

authwp_ajax_vmpfence_yara_batch_scanadmin\ajax\yara-scanner-ajax.php:42

authwp_ajax_vmpfence_yara_batch_statusadmin\ajax\yara-scanner-ajax.php:43

authwp_ajax_vmpfence_yara_batch_resultsadmin\ajax\yara-scanner-ajax.php:44

authwp_ajax_vmpfence_yara_cancel_batchadmin\ajax\yara-scanner-ajax.php:45

authwp_ajax_vmpfence_yara_get_batch_sessionsadmin\ajax\yara-scanner-ajax.php:46

authwp_ajax_vmpfence_yara_whitelist_fileadmin\ajax\yara-scanner-ajax.php:47

authwp_ajax_vmpfence_yara_unwhitelist_fileadmin\ajax\yara-scanner-ajax.php:48

authwp_ajax_vmpfence_yara_delete_threat_fileadmin\ajax\yara-scanner-ajax.php:49

authwp_ajax_vmpfence_yara_get_threatsadmin\ajax\yara-scanner-ajax.php:50

authwp_ajax_vmpfence_yara_get_whitelistedadmin\ajax\yara-scanner-ajax.php:51

authwp_ajax_vmpfence_yara_mark_fixedadmin\ajax\yara-scanner-ajax.php:52

authwp_ajax_vmpfence_yara_count_total_filesadmin\ajax\yara-scanner-ajax.php:53

authwp_ajax_vmpfence_integrity_pre_filteradmin\ajax\yara-scanner-ajax.php:54

authwp_ajax_vmpfence_detect_missing_pluginsadmin\ajax\yara-scanner-ajax.php:55

authwp_ajax_vmpfence_download_plugin_checksumadmin\ajax\yara-scanner-ajax.php:56

authwp_ajax_vmpfence_yara_get_performance_metricsadmin\ajax\yara-scanner-ajax.php:57

authwp_ajax_vmpfence_get_dashboard_statsadmin\dashboard.php:29

authwp_ajax_vmpfence_dismiss_onboardingadmin\includes\class-onboarding.php:33

authwp_ajax_vmpfence_reset_onboardingadmin\includes\class-onboarding.php:34

authwp_ajax_vmpfence_save_settingsadmin\settings.php:30

authwp_ajax_vmpfence_save_firewall_optionsadmin\settings.php:33

authwp_ajax_vmpfence_load_firewall_optionsadmin\settings.php:34

authwp_ajax_vmpfence_restore_firewall_defaultsadmin\settings.php:35

authwp_ajax_vmpfence_save_blocking_optionsadmin\settings.php:38

authwp_ajax_vmpfence_load_blocking_optionsadmin\settings.php:39

authwp_ajax_vmpfence_reset_blocking_optionsadmin\settings.php:40

authwp_ajax_vmpfence_export_configadmin\settings.php:43

authwp_ajax_vmpfence_import_configadmin\settings.php:44

authwp_ajax_vmpfence_dismiss_activation_modaladmin\setup-wizard.php:34

authwp_ajax_vmpfence_dismiss_plugins_cardadmin\setup-wizard.php:35

authwp_ajax_vmpfence_remind_lateradmin\setup-wizard.php:36

authwp_ajax_vmpfence_activate_licenseadmin\setup-wizard.php:37

authwp_ajax_vmpfence_save_all_optionsall-options\ajax-handler.php:539

authwp_ajax_vmpfence_change_licenseall-options\ajax-handler.php:719

authwp_ajax_vmpfence_add_param_allowlistfirewall\ajax\class-allowlist-ajax.php:23

authwp_ajax_vmpfence_remove_param_allowlistfirewall\ajax\class-allowlist-ajax.php:24

authwp_ajax_vmpfence_toggle_param_allowlistfirewall\ajax\class-allowlist-ajax.php:25

authwp_ajax_vmpfence_get_allowlist_datafirewall\ajax\class-allowlist-ajax.php:26

authwp_ajax_vmpfence_unlock_ipfirewall\ajax\class-brute-force-ajax.php:43

authwp_ajax_vmpfence_save_brute_force_settingsfirewall\ajax\class-brute-force-ajax.php:46

authwp_ajax_vmpfence_get_locked_ipsfirewall\ajax\class-brute-force-ajax.php:49

authwp_ajax_vmpfence_get_failed_attemptsfirewall\ajax\class-brute-force-ajax.php:52

authwp_ajax_vmpfence_unblock_ipfirewall\ajax\class-rate-limit-ajax.php:48

authwp_ajax_vmpfence_get_rate_limit_statsfirewall\ajax\class-rate-limit-ajax.php:49

authwp_ajax_vmpfence_get_blocked_ipsfirewall\ajax\class-rate-limit-ajax.php:50

authwp_ajax_vmpfence_toggle_waf_rulefirewall\ajax\class-waf-ajax.php:30

authwp_ajax_vmpfence_toggle_waf_categoryfirewall\ajax\class-waf-ajax.php:31

authwp_ajax_vmpfence_sync_waf_rulesfirewall\ajax\class-waf-ajax.php:32

authwp_ajax_vmpfence_get_waf_statusfirewall\ajax\waf-optimizer-ajax.php:20

authwp_ajax_vmpfence_download_htaccessfirewall\ajax\waf-optimizer-ajax.php:21

authwp_ajax_vmpfence_dismiss_waf_noticefirewall\ajax\waf-optimizer-ajax.php:22

authwp_ajax_vmpfence_start_scanincludes\class-ajax-handler.php:25

authwp_ajax_vmpfence_get_scan_progressincludes\class-ajax-handler.php:26

authwp_ajax_vmpfence_get_scan_resultsincludes\class-ajax-handler.php:27

authwp_ajax_vmpfence_clear_scan_progressincludes\class-ajax-handler.php:28

authwp_ajax_vmpfence_get_debug_logsincludes\class-ajax-handler.php:29

authwp_ajax_vmpfence_email_activity_logincludes\class-ajax-handler.php:30

authwp_ajax_vmpfence_ignore_issueincludes\class-ajax-handler.php:31

authwp_ajax_vmpfence_unignore_issueincludes\class-ajax-handler.php:32

authwp_ajax_vmpfence_mark_as_fixedincludes\class-ajax-handler.php:33

authwp_ajax_vmpfence_get_scan_statusincludes\class-ajax-handler.php:34

authwp_ajax_vmpfence_store_scan_statusincludes\class-ajax-handler.php:35

authwp_ajax_vmpfence_get_reputation_percentageincludes\class-ajax-handler.php:36

authwp_ajax_vmpfence_get_security_scoresincludes\class-ajax-handler.php:37

authwp_ajax_vmpfence_get_scan_type_percentageincludes\class-ajax-handler.php:38

authwp_ajax_vmpfence_testAjaxincludes\class-ajax-handler.php:41

noprivwp_ajax_vmpfence_testAjaxincludes\class-ajax-handler.php:42

authwp_ajax_vmpfence_repair_fileincludes\class-ajax-handler.php:48

authwp_ajax_vmpfence_bulk_repairincludes\class-ajax-handler.php:49

authwp_ajax_vmpfence_check_repairabilityincludes\class-ajax-handler.php:50

authwp_ajax_vmpfence_download_fileincludes\class-ajax-handler.php:51

authwp_ajax_vmpfence_serve_fileincludes\class-ajax-handler.php:52

noprivwp_ajax_vmpfence_serve_fileincludes\class-ajax-handler.php:53

authwp_ajax_vmpfence_get_file_view_tokenincludes\class-ajax-handler.php:54

authwp_ajax_vmpfence_get_view_file_nonceincludes\class-ajax-handler.php:55

authwp_ajax_vmpfence_get_security_eventsincludes\class-ajax-handler.php:58

authwp_ajax_vmpfence_get_login_attemptsincludes\class-ajax-handler.php:59

authwp_ajax_vmpfence_block_ipincludes\class-ajax-handler.php:60

authwp_ajax_vmpfence_unblock_ipincludes\class-ajax-handler.php:61

authwp_ajax_vmpfence_get_blocked_ipsincludes\class-ajax-handler.php:62

authwp_ajax_vmpfence_clean_optionincludes\class-ajax-handler.php:65

authwp_ajax_vmpfence_view_option_codeincludes\class-ajax-handler.php:66

authwp_ajax_vmpfence_get_file_differencesincludes\class-ajax-handler.php:69

authwp_ajax_vmpfence_delete_fileincludes\class-ajax-handler.php:72

authwp_ajax_vmpfence_bulk_delete_filesincludes\class-ajax-handler.php:73

authwp_ajax_vmpfence_download_logincludes\class-ajax-handler.php:76

authwp_ajax_vmpfence_send_test_emailincludes\class-ajax-handler.php:79

authwp_ajax_vmpfence_send_activity_reportincludes\class-ajax-handler.php:80

authwp_ajax_vmpfence_send_deactivation_feedbackincludes\class-deactivation-feedback.php:27

authwp_ajax_vmpfence_repair_fileincludes\class-file-repair-engine.php:51

authwp_ajax_vmpfence_bulk_repairincludes\class-file-repair-engine.php:52

authwp_ajax_vmpfence_check_repairabilityincludes\class-file-repair-engine.php:53

authwp_ajax_vmpfence_classify_issueincludes\class-issue-manager.php:158

authwp_ajax_vmpfence_extract_contextincludes\class-issue-manager.php:159

noprivwp_ajax_vmpfence_verify_login_2faincludes\class-login-2fa-handler.php:48

authwp_ajax_vmpfence_get_statusstatus-modal\ajax\status-ajax.php:53

authwp_ajax_vmpfence_mark_human_visitortools\ajax\tools-ajax.php:66

noprivwp_ajax_vmpfence_mark_human_visitortools\ajax\tools-ajax.php:67

authwp_ajax_vmpfence_whois_lookuptools\ajax\tools-ajax.php:112

authwp_ajax_vmpfence_run_diagnosticstools\controllers\class-diagnostic-controller.php:32

authwp_ajax_vmpfence_export_diagnosticstools\controllers\class-diagnostic-controller.php:33

authwp_ajax_vmpfence_email_diagnosticstools\controllers\class-diagnostic-controller.php:34

authwp_ajax_vmpfence_get_live_traffictools\controllers\class-live-traffic-controller.php:34

authwp_ajax_vmpfence_get_audit_logtools\controllers\class-live-traffic-controller.php:35

authwp_ajax_vmpfence_get_traffic_statstools\controllers\class-live-traffic-controller.php:36

authwp_ajax_vmpfence_get_traffic_optionstools\controllers\class-live-traffic-controller.php:37

authwp_ajax_vmpfence_save_traffic_optionstools\controllers\class-live-traffic-controller.php:38

authwp_ajax_vmpfence_get_audit_log_optionstools\controllers\class-live-traffic-controller.php:39

authwp_ajax_vmpfence_save_audit_log_optionstools\controllers\class-live-traffic-controller.php:40

authwp_ajax_vmpfence_get_live_traffic_realtimetools\controllers\class-live-traffic-controller.php:43

authwp_ajax_vmpfence_reload_live_traffic_tabletools\controllers\class-live-traffic-controller.php:44

authwp_ajax_vmpfence_get_filter_optionstools\controllers\class-live-traffic-controller.php:45

authwp_ajax_vmpfence_get_groupby_optionstools\controllers\class-live-traffic-controller.php:46

authwp_ajax_vmpfence_get_traffic_detailtools\controllers\class-live-traffic-controller.php:49

authwp_ajax_vmpfence_get_recent_traffic_by_iptools\controllers\class-live-traffic-controller.php:52

authwp_ajax_vmpfence_dismiss_update_noticevmpfence.php:1011

Shortcodes 1

[vmpfence_2fa] includes\class-2fa-shortcode.php:24

WordPress Hooks 298

actionadmin_footeradmin\ajax\scan-percentage-ajax.php:93

actionadmin_menuadmin\dashboard.php:27

actionadmin_enqueue_scriptsadmin\dashboard.php:28

actionadmin_enqueue_scriptsadmin\dashboard.php:52

actionadmin_enqueue_scriptsadmin\dashboard.php:63

actionadmin_footeradmin\dashboard.php:308

actionadmin_enqueue_scriptsadmin\includes\activation-notices.php:111

actionadmin_enqueue_scriptsadmin\includes\class-onboarding.php:32

actionadmin_initadmin\settings.php:29

actionadmin_menuadmin\setup-wizard.php:28

actionadmin_initadmin\setup-wizard.php:29

actionadmin_initadmin\setup-wizard.php:30

actionadmin_enqueue_scriptsadmin\setup-wizard.php:31

actionadmin_noticesadmin\setup-wizard.php:32

actionadmin_noticesadmin\setup-wizard.php:33

actionadmin_footeradmin\setup-wizard.php:38

actioninitfirewall\class-country-blocker.php:25

filterauthenticatefirewall\controllers\class-brute-force-additional-option-controller.php:45

filterregistration_errorsfirewall\controllers\class-brute-force-additional-option-controller.php:48

actionuser_profile_update_errorsfirewall\controllers\class-brute-force-additional-option-controller.php:51

actioninitfirewall\controllers\class-brute-force-additional-option-controller.php:54

actioninitfirewall\controllers\class-brute-force-additional-option-controller.php:57

actioninitfirewall\controllers\class-brute-force-additional-option-controller.php:60

actionprofile_updatefirewall\controllers\class-brute-force-additional-option-controller.php:64

actionparse_requestfirewall\controllers\class-brute-force-additional-option-controller.php:196

filterrest_authentication_errorsfirewall\controllers\class-brute-force-additional-option-controller.php:234

filteroembed_response_datafirewall\controllers\class-brute-force-additional-option-controller.php:272

actionwp_sitemaps_add_providerfirewall\controllers\class-brute-force-additional-option-controller.php:299

actiontemplate_redirectfirewall\controllers\class-brute-force-additional-option-controller.php:302

filterwp_is_application_passwords_availablefirewall\controllers\class-brute-force-additional-option-controller.php:356

actionedit_user_profilefirewall\controllers\class-brute-force-additional-option-controller.php:359

actionshow_user_profilefirewall\controllers\class-brute-force-additional-option-controller.php:360

filterwp_die_handlerfirewall\controllers\class-brute-force-additional-option-controller.php:400

actioninitfirewall\controllers\class-brute-force-controller.php:43

filterauthenticatefirewall\controllers\class-brute-force-controller.php:46

filterauthenticatefirewall\controllers\class-brute-force-controller.php:47

actionwp_login_failedfirewall\controllers\class-brute-force-controller.php:48

actionwp_loginfirewall\controllers\class-brute-force-controller.php:49

actionlogin_formfirewall\controllers\class-brute-force-controller.php:50

actionretrieve_passwordfirewall\controllers\class-brute-force-controller.php:51

actionlogin_messagefirewall\controllers\class-brute-force-controller.php:668

actionuser_profile_update_errorsfirewall\controllers\class-password-enforcement-controller.php:31

actionvalidate_password_resetfirewall\controllers\class-password-enforcement-controller.php:35

actionplugins_loadedfirewall\init-brute-force.php:59

actionwp_loadedfirewall\init-brute-force.php:68

actionadmin_initfirewall\init-brute-force.php:87

actionplugins_loadedfirewall\init-rate-limit.php:118

actionvmpfence_rate_limit_cleanupfirewall\init-rate-limit.php:119

actionadmin_noticesfirewall\init-rate-limit.php:120

actionadmin_initfirewall\init-waf.php:64

actionadmin_initfirewall\init-waf.php:104

actiontransition_post_statusincludes\audit-log\class-observer-content.php:27

actionsave_postincludes\audit-log\class-observer-content.php:28

actionbefore_delete_postincludes\audit-log\class-observer-content.php:29

actiontrashed_postincludes\audit-log\class-observer-content.php:30

actionuntrashed_postincludes\audit-log\class-observer-content.php:31

actionwp_insert_commentincludes\audit-log\class-observer-content.php:34

actiontransition_comment_statusincludes\audit-log\class-observer-content.php:35

actiondelete_commentincludes\audit-log\class-observer-content.php:36

actionadd_attachmentincludes\audit-log\class-observer-content.php:39

actionedit_attachmentincludes\audit-log\class-observer-content.php:40

actiondelete_attachmentincludes\audit-log\class-observer-content.php:41

actioncreated_termincludes\audit-log\class-observer-content.php:44

actionedited_termincludes\audit-log\class-observer-content.php:45

actiondelete_termincludes\audit-log\class-observer-content.php:46

actionwp_initialize_siteincludes\audit-log\class-observer-multisite.php:30

actionwp_delete_siteincludes\audit-log\class-observer-multisite.php:31

actionwp_update_siteincludes\audit-log\class-observer-multisite.php:32

actionactivate_blogincludes\audit-log\class-observer-multisite.php:33

actiondeactivate_blogincludes\audit-log\class-observer-multisite.php:34

actionarchive_blogincludes\audit-log\class-observer-multisite.php:35

actionunarchive_blogincludes\audit-log\class-observer-multisite.php:36

actionmake_delete_blogincludes\audit-log\class-observer-multisite.php:37

actionmake_undelete_blogincludes\audit-log\class-observer-multisite.php:38

actionupdate_blog_publicincludes\audit-log\class-observer-multisite.php:39

actionmake_spam_blogincludes\audit-log\class-observer-multisite.php:40

actionmake_ham_blogincludes\audit-log\class-observer-multisite.php:41

actionafter_signup_siteincludes\audit-log\class-observer-multisite.php:42

actionadd_user_to_blogincludes\audit-log\class-observer-multisite.php:45

actionremove_user_from_blogincludes\audit-log\class-observer-multisite.php:46

actionwpmu_new_userincludes\audit-log\class-observer-multisite.php:47

actionwpmu_delete_userincludes\audit-log\class-observer-multisite.php:48

actionwpmu_activate_userincludes\audit-log\class-observer-multisite.php:49

actioninvite_userincludes\audit-log\class-observer-multisite.php:50

actionafter_signup_userincludes\audit-log\class-observer-multisite.php:51

actiongranted_super_adminincludes\audit-log\class-observer-multisite.php:52

actionrevoked_super_adminincludes\audit-log\class-observer-multisite.php:53

actionactivated_pluginincludes\audit-log\class-observer-site.php:58

actiondeactivated_pluginincludes\audit-log\class-observer-site.php:59

actionupgrader_process_completeincludes\audit-log\class-observer-site.php:60

actiondeleted_pluginincludes\audit-log\class-observer-site.php:61

actionswitch_themeincludes\audit-log\class-observer-site.php:64

actiondeleted_themeincludes\audit-log\class-observer-site.php:66

actioncustomize_save_afterincludes\audit-log\class-observer-site.php:68

action_core_updated_successfullyincludes\audit-log\class-observer-site.php:71

actionautomatic_updates_completeincludes\audit-log\class-observer-site.php:72

actionwp_update_nav_menuincludes\audit-log\class-observer-site.php:75

actionwp_create_nav_menuincludes\audit-log\class-observer-site.php:76

actionwp_delete_nav_menuincludes\audit-log\class-observer-site.php:77

actionwp_edit_theme_plugin_fileincludes\audit-log\class-observer-site.php:80

actionupdate_option_wp_user_rolesincludes\audit-log\class-observer-site.php:83

actionuser_has_capincludes\audit-log\class-observer-site.php:84

actionexport_wpincludes\audit-log\class-observer-site.php:87

actiongenerate_recovery_mode_keyincludes\audit-log\class-observer-site.php:88

actionwp_mail_succeededincludes\audit-log\class-observer-site.php:92

actionwp_mail_failedincludes\audit-log\class-observer-site.php:93

actionuser_registerincludes\audit-log\class-observer-user.php:26

actionset_user_roleincludes\audit-log\class-observer-user.php:27

actiondelete_userincludes\audit-log\class-observer-user.php:28

actionwp_loginincludes\audit-log\class-observer-user.php:29

actionwp_login_failedincludes\audit-log\class-observer-user.php:30

actionwp_logoutincludes\audit-log\class-observer-user.php:31

actionprofile_updateincludes\audit-log\class-observer-user.php:32

actionpassword_resetincludes\audit-log\class-observer-user.php:33

actionretrieve_passwordincludes\audit-log\class-observer-user.php:34

actionset_auth_cookieincludes\audit-log\class-observer-user.php:35

actionwp_create_application_passwordincludes\audit-log\class-observer-user.php:39

actionwp_delete_application_passwordincludes\audit-log\class-observer-user.php:40

actionapplication_password_did_authenticateincludes\audit-log\class-observer-user.php:41

actionupdate_user_metaincludes\audit-log\class-observer-user.php:45

actionmake_spam_userincludes\audit-log\class-observer-user.php:49

actionmake_ham_userincludes\audit-log\class-observer-user.php:50

actionvmpfence_config_changedincludes\audit-log\class-observer-vmpfence.php:32

actionvmpfence_waf_rule_createdincludes\audit-log\class-observer-vmpfence.php:35

actionvmpfence_waf_rule_deletedincludes\audit-log\class-observer-vmpfence.php:36

actionvmpfence_waf_rule_toggledincludes\audit-log\class-observer-vmpfence.php:37

actionvmpfence_waf_category_toggledincludes\audit-log\class-observer-vmpfence.php:38

actionvmpfence_waf_allow_entry_createdincludes\audit-log\class-observer-vmpfence.php:39

actionvmpfence_waf_allow_entry_deletedincludes\audit-log\class-observer-vmpfence.php:40

actionvmpfence_waf_allow_entry_toggledincludes\audit-log\class-observer-vmpfence.php:41

actionvmpfence_scan_startedincludes\audit-log\class-observer-vmpfence.php:44

actionvmpfence_scan_completedincludes\audit-log\class-observer-vmpfence.php:45

actionvmpfence_ip_blockedincludes\audit-log\class-observer-vmpfence.php:48

actionvmpfence_ip_unblockedincludes\audit-log\class-observer-vmpfence.php:49

actionvmpfence_country_blockedincludes\audit-log\class-observer-vmpfence.php:50

actionvmpfence_country_unblockedincludes\audit-log\class-observer-vmpfence.php:51

actionvmpfence_custom_pattern_addedincludes\audit-log\class-observer-vmpfence.php:54

actionvmpfence_custom_pattern_deletedincludes\audit-log\class-observer-vmpfence.php:55

actionvmpfence_custom_pattern_toggledincludes\audit-log\class-observer-vmpfence.php:56

actionvmpfence_settings_importedincludes\audit-log\class-observer-vmpfence.php:59

actionvmpfence_settings_exportedincludes\audit-log\class-observer-vmpfence.php:60

actionvmpfence_config_resetincludes\audit-log\class-observer-vmpfence.php:61

actionvmpfence_brute_force_lockoutincludes\audit-log\class-observer-vmpfence.php:64

actionvmpfence_brute_force_detectedincludes\audit-log\class-observer-vmpfence.php:65

actionvmpfence_backup_createdincludes\audit-log\class-observer-vmpfence.php:68

actionvmpfence_backup_restoredincludes\audit-log\class-observer-vmpfence.php:69

actionvmpfence_backup_deletedincludes\audit-log\class-observer-vmpfence.php:70

actionvmpfence_database_updatedincludes\audit-log\class-observer-vmpfence.php:73

actionvmpfence_database_cleanupincludes\audit-log\class-observer-vmpfence.php:74

actionvmpfence_support_ticket_submittedincludes\audit-log\class-observer-vmpfence.php:77

actionvmpfence_feedback_submittedincludes\audit-log\class-observer-vmpfence.php:78

actionvmpfence_audit_log_mode_changedincludes\audit-log\class-observer-vmpfence.php:81

actionvmpfence_config_deletedincludes\audit-log\class-observer-vmpfence.php:84

actionvmpfence_ip_deletedincludes\audit-log\class-observer-vmpfence.php:87

actionvmpfence_license_changedincludes\audit-log\class-observer-vmpfence.php:90

actionupdated_optionincludes\audit-log\class-observer-vmpfence.php:95

actionadded_optionincludes\audit-log\class-observer-vmpfence.php:96

filterauthenticateincludes\class-2fa-enforcement.php:23

actionlogin_messageincludes\class-2fa-enforcement.php:26

actionwp_loginincludes\class-2fa-enforcement.php:29

actionadmin_initincludes\class-2fa-enforcement.php:32

actionadmin_noticesincludes\class-2fa-enforcement.php:35

filterrest_authentication_errorsincludes\class-2fa-enforcement.php:38

actionuser_registerincludes\class-2fa-enforcement.php:41

actionset_user_roleincludes\class-2fa-enforcement.php:44

actionadd_user_roleincludes\class-2fa-enforcement.php:45

actionwp_logoutincludes\class-2fa-enforcement.php:48

actiontemplate_redirectincludes\class-2fa-enforcement.php:51

actionplugins_loadedincludes\class-2fa-enforcement.php:541

actioninitincludes\class-2fa-shortcode.php:77

actionvmpfence_async_scan_workerincludes\class-ajax-handler.php:45

actionplugins_loadedincludes\class-blocked-ip-scheduler.php:47

actionsave_postincludes\class-content-safety-scanner.php:213

actionwp_insert_commentincludes\class-content-safety-scanner.php:214

actionwp_dashboard_setupincludes\class-dashboard-widget.php:24

actionadmin_enqueue_scriptsincludes\class-dashboard-widget.php:25

actionadmin_footerincludes\class-deactivation-feedback.php:26

actionwp_loginincludes\class-email-alert-hooks.php:39

actionretrieve_passwordincludes\class-email-alert-hooks.php:40

actionautomatic_updates_completeincludes\class-email-alert-hooks.php:41

actionvmpfence_brute_force_lockoutincludes\class-email-alert-hooks.php:44

actionvmpfence_ip_blockedincludes\class-email-alert-hooks.php:45

actionvmpfence_config_changedincludes\class-email-alert-hooks.php:46

actionuser_registerincludes\class-event-tracker.php:70

actionset_user_roleincludes\class-event-tracker.php:71

actiondelete_userincludes\class-event-tracker.php:72

actionwp_login_failedincludes\class-event-tracker.php:75

actionwp_loginincludes\class-event-tracker.php:76

actionactivated_pluginincludes\class-event-tracker.php:79

actiondeactivated_pluginincludes\class-event-tracker.php:80

actionswitch_themeincludes\class-event-tracker.php:83

actionadd_attachmentincludes\class-event-tracker.php:86

action_core_updated_successfullyincludes\class-event-tracker.php:89

actionupdate_option_siteurlincludes\class-event-tracker.php:92

actionupdate_option_homeincludes\class-event-tracker.php:93

actioninitincludes\class-file-repair-engine.php:885

actionvmpfence_refresh_integrity_cacheincludes\class-integrity-cache-manager.php:47

actionupgrader_process_completeincludes\class-integrity-cache-manager.php:50

actionactivated_pluginincludes\class-integrity-cache-manager.php:51

actionswitch_themeincludes\class-integrity-cache-manager.php:52

actionadmin_initincludes\class-issue-manager.php:150

filterauthenticateincludes\class-login-2fa-handler.php:33

actionlogin_formincludes\class-login-2fa-handler.php:36

actionlogin_headincludes\class-login-2fa-handler.php:39

actionlogin_initincludes\class-login-2fa-handler.php:42

actionlogin_enqueue_scriptsincludes\class-login-2fa-handler.php:45

actionwp_logoutincludes\class-login-2fa-handler.php:51

actionlogin_errorsincludes\class-login-2fa-handler.php:54

actionplugins_loadedincludes\class-login-2fa-handler.php:885

actionwp_loginincludes\class-login-security-features.php:29

filtermanage_users_columnsincludes\class-login-security-features.php:46

filtermanage_users_custom_columnincludes\class-login-security-features.php:47

filtermanage_users_sortable_columnsincludes\class-login-security-features.php:50

actionpre_get_usersincludes\class-login-security-features.php:51

actionlogin_enqueue_scriptsincludes\class-recaptcha-integration.php:28

actionlogin_formincludes\class-recaptcha-integration.php:31

actionregister_formincludes\class-recaptcha-integration.php:32

filterauthenticateincludes\class-recaptcha-integration.php:35

filterregistration_errorsincludes\class-recaptcha-integration.php:36

actionplugins_loadedincludes\class-recaptcha-integration.php:369

filtercron_schedulesincludes\class-scan-monitor.php:321

actionplugins_loadedincludes\class-signature-scheduler.php:41

actionuser_registerincludes\class-user-monitor.php:27

actionprofile_updateincludes\class-user-monitor.php:28

actiondeleted_userincludes\class-user-monitor.php:29

actionwp_loginincludes\class-user-monitor.php:32

actionwp_logoutincludes\class-user-monitor.php:33

actionafter_password_resetincludes\class-user-monitor.php:34

actionadd_user_roleincludes\class-user-monitor.php:37

actionremove_user_roleincludes\class-user-monitor.php:38

actionset_user_roleincludes\class-user-monitor.php:39

actionupdate_option_admin_emailincludes\class-user-monitor.php:42

actionupdate_option_siteurlincludes\class-user-monitor.php:43

actionupdate_option_homeincludes\class-user-monitor.php:44

actionupdate_option_users_can_registerincludes\class-user-monitor.php:45

actionupdate_option_default_roleincludes\class-user-monitor.php:46

actionupdate_option_active_pluginsincludes\class-user-monitor.php:47

actionplugins_loadedincludes\class-waf-rule-scheduler.php:41

actionwoocommerce_login_formincludes\class-woocommerce-integration.php:34

actionwoocommerce_register_formincludes\class-woocommerce-integration.php:35

filterwoocommerce_process_login_errorsincludes\class-woocommerce-integration.php:38

filterwoocommerce_process_login_errorsincludes\class-woocommerce-integration.php:41

filterwoocommerce_process_registration_errorsincludes\class-woocommerce-integration.php:42

actionplugins_loadedincludes\class-woocommerce-integration.php:261

filterthe_generatorincludes\class-wp-version-hider.php:36

filterstyle_loader_srcincludes\class-wp-version-hider.php:39

filterscript_loader_srcincludes\class-wp-version-hider.php:40

filterupdate_footerincludes\class-wp-version-hider.php:43

filterxmlrpc_enabledincludes\class-xmlrpc-security.php:29

filterwp_xmlrpc_server_classincludes\class-xmlrpc-security.php:30

filterauthenticateincludes\class-xmlrpc-security.php:37

filterauthenticateincludes\class-xmlrpc-security.php:194

actionplugins_loadedincludes\class-xmlrpc-security.php:217

actionvmpfence_daily_cve_syncincludes\cve\class-cve-scheduler.php:40

actionvmpfence_daily_cve_scanincludes\cve\class-cve-scheduler.php:43

actionmuplugins_loadedmu-plugins\vmpfence-early-protection.php:132

actionadmin_enqueue_scriptsstatus-modal\class-bootstrap.php:32

actionadmin_footerstatus-modal\class-bootstrap.php:35

actioninittools\class-bootstrap.php:44

actiontemplate_redirecttools\controllers\class-diagnostic-special-functions.php:25

actionwp_loadedtools\models\class-live-traffic-logger.php:114

actioninittools\models\class-live-traffic-logger.php:117

actioninittools\models\class-live-traffic-logger.php:118

actionadmin_footervmpfence.php:305

actionplugins_loadedvmpfence.php:437

actioninitvmpfence.php:523

actioninitvmpfence.php:530

actionplugins_loadedvmpfence.php:559

actionplugins_loadedvmpfence.php:595

actionplugins_loadedvmpfence.php:611

actionvmpfence_daily_syncvmpfence.php:630

actionplugins_loadedvmpfence.php:644

actionplugins_loadedvmpfence.php:657

actionplugins_loadedvmpfence.php:670

actionplugins_loadedvmpfence.php:683

filtercron_schedulesvmpfence.php:690

actionvmpfence_siem_syncvmpfence.php:705

actionvmpfence_retry_identificationvmpfence.php:720

actionvmpfence_geoip_updatevmpfence.php:741

actionadmin_noticesvmpfence.php:770

actionadmin_noticesvmpfence.php:776

actionadmin_noticesvmpfence.php:903

actionadmin_enqueue_scriptsvmpfence.php:904

actionadmin_noticesvmpfence.php:989

filterauto_update_pluginvmpfence.php:1021

actionadmin_initvmpfence.php:1032

actionadmin_initvmpfence.php:1047

actionadmin_initvmpfence.php:1054

actionadmin_initvmpfence.php:1061

actionadmin_initvmpfence.php:1068

actionadmin_initvmpfence.php:1080

actionplugins_loadedvmpfence.php:1734

actionvmpfence_monitor_fork_scanvmpfence.php:1738

actionset_user_rolevmpfence.php:1756

actionadd_user_rolevmpfence.php:1757

actionremove_user_rolevmpfence.php:1758

actiongranted_super_adminvmpfence.php:1761

actionrevoked_super_adminvmpfence.php:1762

Scheduled Events 31

vmpfence_refresh_integrity_cache

vmpfence_hourly_blocked_ip_sync

vmpfence_hourly_waf_sync

vmpfence_rate_limit_cleanup

vmpfence_async_scan_worker

vmpfence_geoip_update

vmpfence_refresh_integrity_cache

vmpfence_monitor_fork_scan

vmpfence_sync_signatures

vmpfence_async_scan_worker

vmpfence_yara_batch_scan_worker

vmpfence_scheduled_scan

vmpfence_daily_cve_sync

vmpfence_daily_cve_scan

vmpfence_retry_identification

vmpfence_hourly_blocked_ip_sync

vmpfence_hourly_signature_sync

vmpfence_hourly_waf_sync

vmpfence_daily_scan

vmpfence_cleanup

vmpfence_cleanup_human_cache

vmpfence_hourly_blocked_ip_sync

vmpfence_hourly_signature_sync

vmpfence_hourly_waf_sync

vmpfence_daily_sync

vmpfence_retry_identification

vmpfence_siem_sync

Maintenance & Trust

VMP Security – Firewall, Malware Scan, and Login Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads765

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

VMP Security – Firewall, Malware Scan, and Login Security Alternatives

Atomic Edge Security

atomic-edge-security

100

Connect your WordPress site to Atomic Edge for enterprise-grade WAF protection, real-time analytics, and advanced security tools.

0 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs

Developer Profile

VMP Security – Firewall, Malware Scan, and Login Security Developer Profile

VMP™

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect VMP Security – Firewall, Malware Scan, and Login Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vmpfence-security/assets/css/frontend.css/wp-content/plugins/vmpfence-security/assets/js/frontend.js/wp-content/plugins/vmpfence-security/assets/css/backend.css/wp-content/plugins/vmpfence-security/assets/js/backend.js

Script Paths

/wp-content/plugins/vmpfence-security/assets/js/frontend.js/wp-content/plugins/vmpfence-security/assets/js/backend.js

Version Parameters

vmpfence-security/assets/css/frontend.css?ver=vmpfence-security/assets/js/frontend.js?ver=vmpfence-security/assets/css/backend.css?ver=vmpfence-security/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

vmpfence-security

FAQ

VMP Security – Firewall, Malware Scan, and Login Security Security & Risk Analysis

Is VMP Security – Firewall, Malware Scan, and Login Security Safe to Use in 2026?

Generally Safe

Key Concerns

VMP Security – Firewall, Malware Scan, and Login Security Security Vulnerabilities

VMP Security – Firewall, Malware Scan, and Login Security Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

VMP Security – Firewall, Malware Scan, and Login Security Attack Surface

AJAX Handlers 174

Shortcodes 1

Scheduled Events 31

VMP Security – Firewall, Malware Scan, and Login Security Maintenance & Trust

Maintenance Signals

Community Trust

VMP Security – Firewall, Malware Scan, and Login Security Alternatives

Atomic Edge Security

Wordfence Security – Firewall, Malware Scan, and Login Security

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

Security Optimizer – The All-In-One Protection Plugin

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

VMP Security – Firewall, Malware Scan, and Login Security Developer Profile

How We Detect VMP Security – Firewall, Malware Scan, and Login Security

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about VMP Security – Firewall, Malware Scan, and Login Security