WP-Safety

Migrate to WordPress.com Security & Risk Analysis

wordpress.org/plugins/wpcom-migration

A WordPress plugin that helps users to migrate their sites to WordPress.com

1K active installs v5.88 PHP 5.6.0+ WP 4.0+ Updated Dec 1, 2025
copymigratemigrationmovetransfer
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Migrate to WordPress.com Safe to Use in 2026?

Generally Safe

Score 100/100

Migrate to WordPress.com has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The wpcom-migration plugin v5.88 presents a mixed security posture. On the positive side, it demonstrates good practices by largely utilizing prepared statements for SQL queries and properly escaping output. The absence of known CVEs and recorded vulnerabilities is a strong indicator of a well-maintained codebase in terms of historical security issues. However, the static analysis reveals significant weaknesses that elevate its risk profile. The presence of two AJAX handlers without any authentication checks creates a direct and exploitable attack surface. The complete lack of nonce checks, combined with these unprotected AJAX endpoints, is particularly concerning and opens the door for potential Cross-Site Request Forgery (CSRF) attacks or unauthorized actions by unauthenticated users. While no critical taint flows were detected, the unprotected entry points remain a substantial concern that overshadows the plugin's other positive attributes.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks
Vulnerabilities
None known

Migrate to WordPress.com Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Migrate to WordPress.com Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
7 prepared
Unescaped Output
4
62 escaped
Nonce Checks
0
Capability Checks
1
File Operations
17
External Requests
3
Bundled Libraries
0

SQL Query Safety

70% prepared10 total queries

Output Escaping

94% escaped66 total outputs
Attack Surface
2 unprotected

Migrate to WordPress.com Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_bvadmwpcom_migration.php:148
noprivwp_ajax_bvadmwpcom_migration.php:149
WordPress Hooks 13
actionwp_footerwpcom_migration.php:62
actionwpcom_clear_bv_services_configwpcom_migration.php:63
actionadmin_initwpcom_migration.php:78
filterall_pluginswpcom_migration.php:79
filterplugin_row_metawpcom_migration.php:80
actionnetwork_admin_menuwpcom_migration.php:83
actionadmin_menuwpcom_migration.php:85
filterplugin_action_linkswpcom_migration.php:87
actionadmin_headwpcom_migration.php:88
actionadmin_enqueue_scriptswpcom_migration.php:91
actionwp_loadedwpcom_migration.php:146
actionlogin_headwp_login_whitelabel.php:24
filterlogin_messagewp_login_whitelabel.php:25
Maintenance & Trust

Migrate to WordPress.com Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version5.6.0
Downloads38K

Community Trust

Rating98/100
Number of ratings7
Active installs1K
Alternatives

Migrate to WordPress.com Alternatives

Transferito: WP Migration

Transferito: WP Migration

transferito

A
100

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 No CVEs
Migrate Guru – Site Migration & Cloning

Migrate Guru – Site Migration & Cloning

migrate-guru

A
100

Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.

200K No CVEs
W2S – Migrate WooCommerce to Shopify

W2S – Migrate WooCommerce to Shopify

w2s-migrate-woo-to-shopify

A
99

Migrate all products and categories from WooCommerce to Shopify

1K 1 CVE
SitePush

SitePush

sitepush

A
85

Easily move content and code between WordPress sites. Pull your site's DB to a dev site, push new code to a staging site, etc.

30 No CVEs
Migratico Lite

Migratico Lite

migratico-lite

A
100

The simple and reliable WordPress migration plugin. Quickly backup, migrate, copy, move, or clone your site from one location to another.

0 No CVEs
Developer Profile

Migrate to WordPress.com Developer Profile

Automattic

213 plugins · 19.2M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1384 days
View full developer profile
Detection Fingerprints

How We Detect Migrate to WordPress.com

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpcom-migration/asset/js/wpcom-migration-admin.js/wp-content/plugins/wpcom-migration/asset/css/wpcom-migration-admin.css
Script Paths
/wp-content/plugins/wpcom-migration/asset/js/wpcom-migration-admin.js
Version Parameters
wpcom-migration/asset/js/wpcom-migration-admin.js?ver=wpcom-migration/asset/css/wpcom-migration-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpcom-migration-admin-wrapperwpcom-migration-admin-page
HTML Comments
Copyright 2017 Migrate to WordPress.com (email : support@blogvault.net)This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License+3 more
Data Attributes
data-wpcom-migration-nonce
JS Globals
window.wpcomMigrationAdminConfigvar WPCOM_MIGRATION_AJAX_URLvar WPCOM_MIGRATION_NONCE
REST Endpoints
/wp-json/wpcom-migration/v1/migrate
FAQ

Frequently Asked Questions about Migrate to WordPress.com