WP-Safety

WPC Advanced Password Protect for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wpc-advanced-password-protect

WPC Advanced Password Protect provides ultimate protection for your online stores with sophisticated accessibility rules to restrict visitors.

60 active installs v1.1.2 PHP + WP 4.0+ Updated Mar 15, 2026
passwordprivateprotectwoocommercewpc
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPC Advanced Password Protect for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

WPC Advanced Password Protect for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 19d ago
Risk Assessment

The wpc-advanced-password-protect plugin v1.1.2 exhibits a generally good security posture with several strengths. The static analysis reveals a strong adherence to secure coding practices, notably the absence of raw SQL queries and a high percentage of properly escaped output. Furthermore, the presence of nonce and capability checks on all identified entry points (AJAX handlers) significantly mitigates common web vulnerabilities. The lack of any recorded CVEs in its history suggests a mature and well-maintained codebase.

However, a significant concern lies in the presence of three 'unserialize' function calls. Unserialization of untrusted data is a well-known vulnerability that can lead to Remote Code Execution (RCE) or Denial of Service (DoS) if not handled with extreme care. While no taint analysis flows indicated unsanitized paths related to these functions, the mere presence of 'unserialize' without further context on data sanitization before its use represents a potential risk. The static analysis also shows 3 external HTTP requests, which could be a vector for further attacks if the target endpoints are compromised or if the requests themselves are not properly secured.

Key Concerns

  • Dangerous function: unserialize usage detected
  • External HTTP requests present
Vulnerabilities
None known

WPC Advanced Password Protect for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPC Advanced Password Protect for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
7
241 escaped
Nonce Checks
10
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Output Escaping

97% escaped248 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<class-frontend> (includes\class-frontend.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPC Advanced Password Protect for WooCommerce Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_wpcpp_add_ruleincludes\class-backend.php:38
authwp_ajax_wpcpp_add_timeincludes\class-backend.php:39
authwp_ajax_wpcpp_search_termincludes\class-backend.php:40
authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
WordPress Hooks 20
actioninitincludes\class-backend.php:23
actionadmin_initincludes\class-backend.php:26
filterpre_update_optionincludes\class-backend.php:27
actionadmin_menuincludes\class-backend.php:28
actionadmin_enqueue_scriptsincludes\class-backend.php:31
filterplugin_action_linksincludes\class-backend.php:34
filterplugin_row_metaincludes\class-backend.php:35
actionwpincludes\class-frontend.php:17
actiontemplate_redirectincludes\class-frontend.php:18
actionwp_enqueue_scriptsincludes\class-frontend.php:19
filterwoocommerce_is_purchasableincludes\class-frontend.php:23
actionwp_headincludes\class-frontend.php:287
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionadmin_initincludes\log\wpc-log.php:6
actionplugins_loadedwpc-advanced-password-protect.php:39
actionadmin_noticeswpc-advanced-password-protect.php:43
Maintenance & Trust

WPC Advanced Password Protect for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

WPC Advanced Password Protect for WooCommerce Alternatives

Hide Price Until Login

Hide Price Until Login

hide-price-until-login

A
85

Hide product price until the correct password is entered or until login.

2K No CVEs
Customize Private & Protected – Change or remove title prefix and more

Customize Private & Protected – Change or remove title prefix and more

customize-private-protected

A
100

Use WP Customize to modify elements of password protected and private posts and pages.

300 No CVEs
Private Post Share

Private Post Share

sharable-password-protected-posts

A
99

Share password protected posts via secret URLs

100 1 CVE
Password Protected Site and Store

Password Protected Site and Store

password-protected-site-and-store

A
100

This is a great plugin for securing your WordPress Site. Easily set passwords to restrict access to the site and WooCommerce products.

40 No CVEs
Hide Price For WooCommerce

Hide Price For WooCommerce

hide-price-for-woocommerce

A
92

Hide Price for woocommerce will hide price until login.

30 No CVEs
Developer Profile

WPC Advanced Password Protect for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Advanced Password Protect for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpc-advanced-password-protect/assets/css/backend.css/wp-content/plugins/wpc-advanced-password-protect/assets/css/frontend.css/wp-content/plugins/wpc-advanced-password-protect/assets/js/backend.js/wp-content/plugins/wpc-advanced-password-protect/assets/js/frontend.js
Script Paths
/wp-content/plugins/wpc-advanced-password-protect/assets/js/backend.js/wp-content/plugins/wpc-advanced-password-protect/assets/js/frontend.js
Version Parameters
wpc-advanced-password-protect/assets/css/backend.css?ver=wpc-advanced-password-protect/assets/css/frontend.css?ver=wpc-advanced-password-protect/assets/js/backend.js?ver=wpc-advanced-password-protect/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpclever_settings_pagewpclever_settings_page_headerwpclever_settings_page_header_logowpclever_settings_page_header_textwpclever_settings_page_titlewpcpp_premium_badge
HTML Comments
WPC Advanced Password ProtectThank you for using our plugin! If you are satisfied, please reward it a full five-starReviewsChangelog+2 more
Data Attributes
data-key="wpcpp_settings"data-key="wpcpp_rules"
JS Globals
wpcpp_optionswpcpp_rules
FAQ

Frequently Asked Questions about WPC Advanced Password Protect for WooCommerce