WP-Safety

WhoKnew Shield — Contact Obfuscation & Bot Protection Security & Risk Analysis

wordpress.org/plugins/whoknew-shield

Stop spam bots from harvesting emails, phones & addresses. Dual-layer protection with auto-detection.

0 active installs v2.0.0 PHP 7.4+ WP 5.8+ Updated Mar 4, 2026
bot-blockeremail-encoderemail-obfuscationemail-protectionspam-protection
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WhoKnew Shield — Contact Obfuscation & Bot Protection Safe to Use in 2026?

Generally Safe

Score 100/100

WhoKnew Shield — Contact Obfuscation & Bot Protection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The whoknew-shield v2.0.1 plugin exhibits a very strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, raw SQL queries, and external HTTP requests are significant strengths. Furthermore, the high percentage of properly escaped output (99%) and the presence of nonce and capability checks on all identified entry points suggest a well-hardened codebase. The plugin also has no recorded vulnerability history, indicating a sustained commitment to security or a lack of past exploits, both positive indicators.

While the static analysis shows an attack surface of 12 entry points, all are protected by authentication or permission checks. The taint analysis revealing zero flows with unsanitized paths is particularly encouraging, as this often indicates potential for critical vulnerabilities like RCE or SQL injection. The only area that could be marginally improved is ensuring 100% output escaping, though 99% is generally considered very good.

In conclusion, whoknew-shield v2.0.1 appears to be a secure plugin. Its developers have implemented robust security practices, and there is no evidence of past vulnerabilities or concerning code patterns in the static analysis. The plugin's security posture is excellent, with minimal to no apparent risks.

Vulnerabilities
None known

WhoKnew Shield — Contact Obfuscation & Bot Protection Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WhoKnew Shield — Contact Obfuscation & Bot Protection Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
149 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped150 total outputs
Attack Surface

WhoKnew Shield — Contact Obfuscation & Bot Protection Attack Surface

Entry Points12
Unprotected0

AJAX Handlers 2

authwp_ajax_whoknewshield_dismiss_pro_missing_noticeincludes\admin-notices.php:343
authwp_ajax_whoknewshield_save_settingsincludes\class-settings.php:19

Shortcodes 10

[whoknewshield_compat_encode] includes\class-competitor-compat.php:75
[whoknewshield_compat_obfuscate_email] includes\class-competitor-compat.php:76
[whoknewshield_compat_eeb_protect_emails] includes\class-competitor-compat.php:77
[whoknewshield_compat_eeb_mailto] includes\class-competitor-compat.php:78
[whoknewshield_compat_antispambot] includes\class-competitor-compat.php:79
[whoknew-shield] includes\class-shortcode.php:20
[whoknew_shield] includes\class-shortcode.php:21
[whoknewshield_png_email] includes\class-shortcode.php:184
[whoknewshield_png_phone] includes\class-shortcode.php:185
[whoknewshield_png_address] includes\class-shortcode.php:186
WordPress Hooks 27
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:22
actionadmin_enqueue_scriptsincludes\admin-notices.php:22
actionadmin_noticesincludes\admin-notices.php:122
actionadmin_noticesincludes\admin-notices.php:191
actionadmin_initincludes\admin-notices.php:247
actionadmin_noticesincludes\admin-notices.php:271
actiontemplate_redirectincludes\class-autodetect.php:26
filterthe_contentincludes\class-autodetect.php:83
filterthe_contentincludes\class-autodetect.php:84
actionshutdownincludes\class-autodetect.php:94
actioninitincludes\class-autodetect.php:492
actioninitincludes\class-competitor-compat.php:60
filterthe_contentincludes\class-competitor-compat.php:62
filterthe_excerptincludes\class-competitor-compat.php:63
filtercomment_textincludes\class-competitor-compat.php:64
filterwidget_textincludes\class-competitor-compat.php:65
filterwidget_text_contentincludes\class-competitor-compat.php:67
actionadmin_initincludes\class-settings.php:18
actioninitincludes\class-shortcode.php:137
actioninitincludes\class-shortcode.php:170
actionadmin_menuwhoknew-menu.php:21
actionadmin_enqueue_scriptswhoknew-menu.php:22
filterwhoknew_suite_pluginswhoknew-shield.php:53
actionadmin_noticeswhoknew-shield.php:84
actionadmin_noticeswhoknew-shield.php:109
actionadmin_noticeswhoknew-shield.php:177
actionadmin_noticeswhoknew-shield.php:196
Maintenance & Trust

WhoKnew Shield — Contact Obfuscation & Bot Protection Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads198

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WhoKnew Shield — Contact Obfuscation & Bot Protection Alternatives

Email No Bot – Prevent bots from detecting emails

Email No Bot – Prevent bots from detecting emails

email-no-bot

A
100

Humans will see the email address on your page, but robots will not.

200 No CVEs
TG Email Protection

TG Email Protection

tg-email-protection

A
85

Protect email addresses from being harvested by spammers and spambots, obfuscating them. Your visitors can still see email addresses.

50 No CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

A
100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs
Developer Profile

WhoKnew Shield — Contact Obfuscation & Bot Protection Developer Profile

WhoKnew.io

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WhoKnew Shield — Contact Obfuscation & Bot Protection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/whoknew-shield/assets/js/whoknew-shield-public.js/wp-content/plugins/whoknew-shield/assets/css/whoknew-shield-public.css
Script Paths
/wp-content/plugins/whoknew-shield/assets/js/whoknew-shield-public.js
Version Parameters
whoknew-shield/assets/js/whoknew-shield-public.js?ver=whoknew-shield/assets/css/whoknew-shield-public.css?ver=

HTML / DOM Fingerprints

CSS Classes
whoknew-shield-obfuscated
Data Attributes
data-whoknew-shield-emaildata-whoknew-shield-phonedata-whoknew-shield-address
JS Globals
whoknewShield
Shortcode Output
[encode][/encode][obfuscate_email][/obfuscate_email]
FAQ

Frequently Asked Questions about WhoKnew Shield — Contact Obfuscation & Bot Protection