Does WP Author Security have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Author Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Author Security compatible with WordPress 6.2.9?

According to WordPress.org data, WP Author Security 1.5.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is WP Author Security compatible with PHP 7.4+?

WP Author Security requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Author Security updated?

WP Author Security was last updated on Apr 12, 2023. Frequent updates are generally a positive security signal.

What is WP Author Security's security score?

WP Author Security has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Author Security Security & Risk Analysis

wordpress.org/plugins/wp-author-security

Protect against user enumeration attacks on author pages and other places where valid user names can be obtained.

500 active installs v1.5.0 PHP 7.4+ WP 4.7+ Updated Apr 12, 2023

authorprivacysecurityuser-enumerationwpscan

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Author Security Safe to Use in 2026?

Generally Safe

Score 85/100

WP Author Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'wp-author-security' v1.5.0 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of known vulnerabilities (CVEs) and the lack of critical or high-severity taint flows are significant strengths. The code also demonstrates good practices by exclusively using prepared statements for its single SQL query and avoiding file operations and external HTTP requests, which mitigates common attack vectors.

However, there are notable concerns. The plugin has a concerningly low percentage of properly escaped output (8%), indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While there are no explicit entry points identified with missing authentication or permission checks, the lack of nonces and capability checks on any potential future entry points is a weakness. The complete absence of taint analysis flows is also unusual and might suggest a limited scope of analysis rather than a complete absence of potential taint issues.

Overall, the plugin is not exhibiting known historical vulnerabilities. The current analysis highlights a significant risk related to output escaping. While the plugin appears robust in its direct interactions with the database and external systems, the poor output escaping practices present a clear and present danger for XSS attacks that could compromise user sessions or inject malicious scripts. Addressing the output escaping issues should be the top priority.

Key Concerns

Low percentage of properly escaped output
Missing nonce checks
Missing capability checks
No taint analysis flows analyzed

Vulnerabilities

None known

WP Author Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Author Security Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

8% escaped26 total outputs

Attack Surface

WP Author Security Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_menuoptions.php:17

actionadmin_initoptions.php:18

actiontemplate_redirectwp-author-security.php:28

actionrest_api_initwp-author-security.php:29

actionplugins_loadedwp-author-security.php:30

filterlogin_errorswp-author-security.php:31

actionlost_passwordwp-author-security.php:32

filterthe_authorwp-author-security.php:33

filteroembed_response_datawp-author-security.php:34

filterwp_sitemaps_add_providerwp-author-security.php:36

actionplugins_loadedwp-author-security.php:40

Maintenance & Trust

WP Author Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 12, 2023

PHP min version7.4

Downloads7K

Community Trust

Rating100/100

Number of ratings2

Active installs500

Alternatives

WP Author Security Alternatives

Stop User Enumeration

stop-user-enumeration

Helps secure your site against hacking attacks through detecting User Enumeration

50K 6 CVEs

No User Enumeration

no-user-enumeration

Stop user enumeration for security.

200 No CVEs

Prevent user name and email leakage

prevent-user-name-and-email-leakage

Stops user name enumeration and other type of user name and email leakages.

0 No CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

Restricted Site Access

restricted-site-access

100

Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.

20K 1 CVE

Developer Profile

WP Author Security Developer Profile

mgm security partners GmbH

1 plugin · 500 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Author Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-author-security/wp-author-security.php

Version Parameters

wp-author-security/wp-author-security.php?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/wp/v2/users

FAQ