Does Watchtower have any unpatched vulnerabilities?

No. All known vulnerabilities in Watchtower have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Watchtower compatible with WordPress 5.4.19?

According to WordPress.org data, Watchtower 0.2 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Watchtower compatible with PHP 5.6+?

Watchtower requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Watchtower updated?

Watchtower was last updated on May 28, 2020. Frequent updates are generally a positive security signal.

What is Watchtower's security score?

Watchtower has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Watchtower Security & Risk Analysis

wordpress.org/plugins/watchtower

Uptime and performance auditing, monitoring and alerting for WordPress.

10 active installs v0.2 PHP 5.6+ WP 5.0+ Updated May 28, 2020

auditauditingmonitormonitoringwordpress-monitoring

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Watchtower Safe to Use in 2026?

Generally Safe

Score 85/100

Watchtower has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "watchtower" v0.2 plugin exhibits a generally good security posture with a very small attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits potential entry points for attackers. Furthermore, the code analysis reveals no dangerous functions or raw SQL queries, with all SQL operations utilizing prepared statements. The high percentage of properly escaped output is also a positive indicator.

However, there are areas of concern. The presence of two taint flows with unsanitized paths, despite the lack of critical or high severity, suggests potential weaknesses in how data is handled. While the plugin has no recorded vulnerabilities and a clean history, the lack of any capability checks or nonce checks on the identified entry points (even if they are currently zero) represents a potential future risk. If new entry points are introduced without these fundamental security measures, it could lead to vulnerabilities.

In conclusion, "watchtower" v0.2 is off to a promising start regarding security, particularly due to its minimal attack surface and good SQL practices. Nevertheless, the identified taint flows and the complete absence of capability and nonce checks warrant attention. Addressing these areas proactively will be crucial for maintaining a strong security posture as the plugin evolves.

Key Concerns

Taint flow with unsanitized path
Taint flow with unsanitized path
No capability checks
No nonce checks
Output not properly escaped (13% of 167)

Vulnerabilities

None known

Watchtower Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Watchtower Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

145 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped167 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_token_and_keys (includes\classes\core\class-connect.php:90)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Watchtower Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_enqueue_scriptsincludes\classes\admin\class-assets.php:40

actionadmin_enqueue_scriptsincludes\classes\admin\class-assets.php:41

actionadmin_initincludes\classes\admin\class-ui.php:100

actionadmin_menuincludes\classes\admin\class-ui.php:101

actionadmin_initincludes\classes\admin\class-ui.php:102

actioninitincludes\classes\core\class-connect.php:64

actioninitincludes\classes\core\class-connect.php:65

Maintenance & Trust

Watchtower Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedMay 28, 2020

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Watchtower Alternatives

Watchman Tower

watchman-tower

100

Centralized WordPress monitoring for agencies. Track uptime, performance, SSL, and site health across multiple client sites.

10 No CVEs

WP-Stack

wp-stack-connect

Wp-stack makes your lives easy by automating the most boring tasks you do on your websites and saves you hours of work and hundreds of dollars every m …

10 No CVEs

FBS Activity Tracker

fbs-activity-tracker

100

A modern, granular user activity and audit log WordPress plugin with a custom-designed dashboard interface for comprehensive site monitoring.

0 No CVEs

Liaison Site Prober

liaison-site-prober

100

Liaison Site Prober helps you log and track key changes and user actions on your WordPress website — giving you better visibility and security.

0 No CVEs

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs

Developer Profile

Watchtower Developer Profile

MattGeri

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Watchtower

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/watchtower/assets/js/src/connect.js/wp-content/plugins/watchtower/assets/js/dist/chart.min.js/wp-content/plugins/watchtower/assets/js/dist/index.js/wp-content/plugins/watchtower/assets/css/admin.css

Script Paths

assets/js/src/connect.jsassets/js/dist/chart.min.jsassets/js/dist/index.js

Version Parameters

watchtower-admin-css?ver=0.2

HTML / DOM Fingerprints

JS Globals

watchtowerContactstokenWindow

FAQ