PLUGIN SECURITY
Is Sg Security safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Sg Security WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
sg-security - Requires PHP: 7.0+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Security Optimizer – The All-In-One Protection Plugin [sg-security] < 1.2.6 [CVE-2022-0993, WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability, SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass, SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes]
- Security Optimizer – The All-In-One Protection Plugin [sg-security] < 1.2.6 [CVE-2022-0992, WordPress SiteGround Security plugin <= 1.2.5 - Authentication Bypass via 2-Factor Authentication Setup vulnerability, SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup, SiteGround Security < 1.2.6 - Authentication Bypass via 2-FA Authentication Setup]
- Security Optimizer – The All-In-One Protection Plugin [sg-security] < 1.3.1 [CVE-2023-0234, WordPress SiteGround Security Plugin < 1.3.1 is vulnerable to SQL Injection, SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection, SiteGround Security < 1.3.1 - Admin+ SQLi]
- Security Optimizer – The All-In-One Protection Plugin [sg-security] < 1.5.1 [CVE-2024-38774, WordPress SiteGround Security Plugin <= 1.5.0 is vulnerable to Broken Access Control, Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 - Missing Authorization via hide_notice()]
- Security Optimizer – The All-In-One Protection Plugin [sg-security] < 1.5.9 [CVE-2025-66121, SiteGround Security <= 1.5.8 - Missing Authorization]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Wordfence Security – Firewall, Malware Scan, and Login Security — 5000000+ active installs — max PHP 8.4
- WPS Hide Login — 2000000+ active installs — max PHP 8.4
- Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention — 1000000+ active installs — max PHP 8.4
- All-In-One Security (AIOS) – Security and Firewall — 1000000+ active installs
- Loginizer — 1000000+ active installs — max PHP <8.0
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.