Does WP Security By Made I.T. have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Security By Made I.T. have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Security By Made I.T. compatible with WordPress 5.5.18?

According to WordPress.org data, WP Security By Made I.T. 1.8.3 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is WP Security By Made I.T. compatible with PHP 7.0+?

WP Security By Made I.T. requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Security By Made I.T. updated?

WP Security By Made I.T. was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WP Security By Made I.T.'s security score?

WP Security By Made I.T. has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Security By Made I.T. Security Review

Safety Verdict

Is WP Security By Made I.T. Safe to Use in 2026?

Generally Safe

Score 100/100

WP Security By Made I.T. has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'wp-security-by-made-it' plugin v1.8.3 presents a mixed security posture. While it boasts a clean vulnerability history with no known CVEs, indicating a good track record of security maintenance or limited exposure, the static analysis reveals significant concerns. A substantial attack surface is exposed, with all 8 identified AJAX handlers lacking authentication checks. This means any authenticated user could potentially trigger these handlers, leading to unintended actions.

The taint analysis further highlights critical security risks. The presence of one critical severity flow with an unsanitized path suggests that user-supplied input could be used to influence sensitive operations, potentially leading to code execution or data manipulation. Additionally, the static analysis flags the use of dangerous functions like 'exec' and 'shell_exec', which, combined with unsanitized input, pose a severe risk of remote code execution.

Despite the clean CVE history, the identified vulnerabilities in the static analysis are serious enough to warrant caution. The lack of capability checks on AJAX handlers is a major oversight. While the use of prepared statements for SQL queries is positive, the presence of critical taint flows and dangerous function usage overrides this strength. This plugin should be treated with a high degree of suspicion until these critical issues are addressed.

Key Concerns

AJAX handlers without auth checks
Critical severity taint flow
Use of dangerous functions (exec, shell_exec)
Flows with unsanitized paths
Capability checks: 0

Vulnerabilities

None known

WP Security By Made I.T. Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Security By Made I.T. Code Analysis

Dangerous Functions

4

Raw SQL Queries

1

25 prepared

Unescaped Output

197

495 escaped

Nonce Checks

19

Capability Checks

0

File Operations

55

External Requests

17

Bundled Libraries

0

Dangerous Functions Found

execexec('mysql --user="'.$p_db_user.'" --password="'.$p_db_pass.'" --host="'.$p_db_host.'" '.$p_db_nameinc\backup\restore_template.php:108

shell_exec$os = shell_exec('cat /etc/os-release 2>/dev/null');inc\WP_MadeIT_Security_SystemInfo.php:120

shell_exec$rhelOs = shell_exec("cut -f 1 -d ' ' /etc/redhat-release 2>/dev/null");inc\WP_MadeIT_Security_SystemInfo.php:140

shell_exec'version_id' => trim(shell_exec('grep -o "[0-9\.]*" /etc/redhat-release |head -n1')),inc\WP_MadeIT_Security_SystemInfo.php:144

SQL Query Safety

96% prepared26 total queries

Output Escaping

72% escaped692 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths

save_settings (admin\WP_MadeIT_Security_Admin.php:89)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

WP Security By Made I.T. Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_madeit_security_start_scanadmin\WP_MadeIT_Security_Admin.php:992

authwp_ajax_madeit_security_stop_scanadmin\WP_MadeIT_Security_Admin.php:993

authwp_ajax_madeit_security_update_scanadmin\WP_MadeIT_Security_Admin.php:994

authwp_ajax_madeit_security_backupadmin\WP_MadeIT_Security_Admin.php:995

authwp_ajax_madeit_security_backup_checkadmin\WP_MadeIT_Security_Admin.php:996

authwp_ajax_madeit_security_backup_stopadmin\WP_MadeIT_Security_Admin.php:997

authwp_ajax_madeit_security_check_scanadmin\WP_MadeIT_Security_Admin.php:998

authwp_ajax_madeit_security_do_updateadmin\WP_MadeIT_Security_Admin.php:999

WordPress Hooks 22

actionadmin_menuadmin\WP_MadeIT_Security_Admin.php:989

actionadmin_enqueue_scriptsadmin\WP_MadeIT_Security_Admin.php:990

actionadmin_initadmin\WP_MadeIT_Security_Firewall.php:247

filterauthenticateinc\firewall\WP_MadeIT_Security_LimitLogin.php:137

actionmadeit_security_firewall_renderblockfileinc\firewall\WP_MadeIT_Security_LimitLogin.php:139

actionmadeit_security_backupinc\WP_MadeIT_Security_Backup.php:652

actionmadeit_security_backup_runinc\WP_MadeIT_Security_Backup.php:653

actionmadeit_security_loadfilesinc\WP_MadeIT_Security_LoadFiles.php:1016

actionmadeit_security_loadfiles_runinc\WP_MadeIT_Security_LoadFiles.php:1017

filterupgrader_pre_installinc\WP_MadeIT_Security_Plugin_Installer.php:36

filterupgrader_clear_destinationinc\WP_MadeIT_Security_Plugin_Installer.php:37

actionupgrader_process_completeinc\WP_MadeIT_Security_Plugin_Installer.php:41

filterwp_mail_content_typeinc\WP_MadeIT_Security_Report.php:77

actionmadeit_security_report_weeklyinc\WP_MadeIT_Security_Report.php:157

filterupgrader_pre_installinc\WP_MadeIT_Security_Theme_Installer.php:31

filterupgrader_post_installinc\WP_MadeIT_Security_Theme_Installer.php:32

filterupgrader_clear_destinationinc\WP_MadeIT_Security_Theme_Installer.php:33

actionupgrader_process_completeinc\WP_MadeIT_Security_Theme_Installer.php:36

actionmadeit_security_check_plugin_updatesinc\WP_MadeIT_Security_Update.php:154

actionupgrader_process_completeinc\WP_MadeIT_Security_Update.php:155

actionplugins_loadedmadeit-security.php:44

filtercron_schedulesmadeit-security.php:75

Scheduled Events 21

madeit_security_firewall_renderblockfile

madeit_security_backup

madeit_security_backup_run

madeit_security_loadfiles

madeit_security_loadfiles_run

madeit_security_report_weekly

madeit_security_check_plugin_updates

Maintenance & Trust

WP Security By Made I.T. Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedUnknown

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Security By Made I.T. Alternatives

SX User Name Security

user-name-security

A

100

SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di …

1K No CVEs

Virus Finder

virus-finder

A

100

Find viruses in your WordPress easily. Virus scan, malware finder.

100 No CVEs

SecuPress with Simple SSL – Simple and Performant Security

secupress

A

94

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

40K 6 CVEs

SP Move Login

sf-move-login

A

100

Move your WordPress login page to protect it from bots. This plugin contains the Move Login module from SecuPress. Other security modules are availabl …

7K No CVEs

WebDefender Security – Protection & AntiSpam

cwis-antivirus-malware-detected

A

100

PRO Security – Antivirus Scanner, 2-Layer Protection Hide Security, Brute Force Security & Antispam, Security Website and Security Hardening.

1K No CVEs

Developer Profile

WP Security By Made I.T. Developer Profile

Made I.T.

2 plugins · 110 total installs

67

trust score

Avg Security Score

83/100

Avg Patch Time

470 days

View full developer profile

Detection Fingerprints

How We Detect WP Security By Made I.T.

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-security-by-made-it/admin/css/bootstrap.css/wp-content/plugins/wp-security-by-made-it/admin/css/admin.css/wp-content/plugins/wp-security-by-made-it/admin/js/bootstrap.min.js/wp-content/plugins/wp-security-by-made-it/admin/js/admin.js

Version Parameters

wp-security-by-made-it/admin/css/bootstrap.css?ver=wp-security-by-made-it/admin/css/admin.css?ver=wp-security-by-made-it/admin/js/bootstrap.min.js?ver=wp-security-by-made-it/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

update-pluginsupdate-count

JS Globals

MADEIT_SECURITY_URL

FAQ

WP Security By Made I.T. Security & Risk Analysis