Better WP Security Vulnerabilities
The Better WP Security WordPress plugin has 5 known security vulnerabilities. The most recent was disclosed on April 22, 2021. Check whether your site runs an affected version below.
View Better WP Security on WordPress.orgSummary
Latest vulnerability disclosed on April 22, 2021.
Recommendation
WPSentry recommends installing with caution
Use Better WP Security only with care. This plugin has a history of high-severity vulnerabilities — always run the latest version and monitor it for newly disclosed issues.
Is your site affected?
Run a free external scan to detect Better WP Security and 35+ other WordPress security checks — no login or plugin required.
Known Better WP Security vulnerabilities
- medium
iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass
Affected versions: <7.9.1Disclosed April 22, 2021 - medium
iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response
Affected versions: <=5.6.1Disclosed September 27, 2016 - high
iThemes Security <= 5.3.5 - Missing Capabilities Check
Affected versions: <5.3.6Disclosed April 25, 2016 - high
Better WP Security <= 3.5.3 - Stored Cross-Site Scripting
Affected versions: <=3.5.3Disclosed August 1, 2014 - high
iThemes Security < 3.6.4 - Stored Cross-Site Scripting
Affected versions: <3.6.4Disclosed August 1, 2014
How to stay protected
Update promptly
Keep Better WP Security on its latest release — most vulnerabilities are fixed in newer versions.
Scan regularly
Run an external scan after every update to catch outdated or vulnerable software early.
Monitor continuously
Enable monitoring to get alerted the moment a new issue affects your stack.