SudoWP is a community-focused initiative that takes over abandoned WordPress plugins to secure and maintain them. The project patches high-severity vulnerabilities to ensure the code remains safe and functional for the community. It also integrates large language model (LLM) capabilities to support plugin management.
The initiative was launched by WP Republic and AmIHacked.
The Beginning
SudoWP traces its beginnings to Zurich, where the team was working on code for what it described as its “first-ever patch attempt.”
During that process, the team recognized a massive gap in the WordPress ecosystem regarding abandoned plugins, as stated, “there is a massive gap in the WordPress ecosystem for abandoned plugins that people still genuinely need.” That realization marked the shift from “a random thought” to “a real mission.”
The first effort focused on the deprecated ClickFunnels Classic plugin (v3.1.1), addressing two vulnerabilities: a Stored XSS flaw and a CSRF issue.
The team forked the deprecated plugin, applied security fixes, and renamed the project “SudoWP Zurich for ClickFunnels,” describing the “Zurich” designation as “a tribute to the place where this project was born.” The hardened fork was published on GitHub as an open-source, GPL-licensed project.
In addition to its ClickFunnels fork, SudoWP has released several other security-focused projects:
- SudoWP PostGallery is a fork of the abandoned PostGallery plugin.
- SudoWP Hooks Visualizer is a fork of the abandoned Simply Show Hooks plugin.
- SudoWP DropZone for Elementor is a community-maintained fork of the abandoned Startklar Elementor Addons plugin (v1.7.15).
They have also released an LLM Connector for WordPress, which is a secure WordPress-to-LLM connector for AI-powered site management.