Best Security WordPress Plugins
137 indexed plugins
Plugins
137
Active Installs
27m+
Average Score
48
Audited
137
Best Scored
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | ||
| #2 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | ||
| #3 | Stop XML-RPC Attacks | 100 | 1 | 6k+ | Non-prefixed class | ||
| #4 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings | ||
| #5 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | ||
| #6 | Protect Uploads | 99 | 2 | 1 | 40k+ | Missing direct file access protection | |
| #7 | Stop User Enumeration | 99 | 1 | 1 | 50k+ | Dynamic hook name | |
| #8 | WPMasterToolKit (WPMTK) – All in one plugin | 99 | 1 | 4 | 4k+ | trademarked term | |
| #9 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | |
| #10 | Manage XML-RPC | 98 | 3 | 1 | 6k+ | file system operations is writable | |
| #11 | Prevent XSS Vulnerability | 98 | 10 | 1 | 6k+ | Missing Arg Domain | |
| #12 | Safe SVG | 98 | 7 | 4 | 1m+ | Missing Arg Domain | |
| #13 | WP Author Slug | 96 | 16 | 6 | 2k+ | Text Domain Mismatch | |
| #14 | WPVulnerability | 96 | 4 | 10k+ | trademarked term | ||
| #15 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | Non-prefixed global variable | |
| #16 | Malcure Malware Shield — Removal, Repair, Monitor | 95 | 75 | 6 | 10k+ | wp function not compatible with requires wp | |
| #17 | Stop Spammers Classic | 94 | 185 | 1 | 30k+ | wp function not compatible with requires wp | |
| #18 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 94 | 52 | 5 | 600k+ | Missing direct file access protection | |
| #19 | XO Security | 94 | 5 | 3 | 30k+ | wp function not compatible with requires wp | |
| #20 | Restricted Site Access | 91 | 14 | 11 | 10k+ | Missing Arg Domain | |
| #21 | WebAuthn Provider for Two Factor | 91 | 6 | 14 | 1k+ | Missing Arg Domain | |
| #22 | Password Strength Settings for WooCommerce | 89 | 17 | 6 | 10k+ | Missing Arg Domain | |
| #23 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | |
| #24 | AntiSpam for Contact Form 7 | 86 | 14 | 8 | 10k+ | Text Domain Mismatch | |
| #25 | WP Ghost (Hide My WP Ghost) – Security & Firewall | 85 | 6 | 373 | 100k+ | Non-prefixed global variable | |
| #26 | HSTS Ready | 85 | 3 | 11 | 3k+ | Input is not validated | |
| #27 | Salt Shaker | 85 | 15 | 13 | 6k+ | Interpolated SQL is not prepared | |
| #28 | Simple Automatic Updates | 85 | 18 | 1 | 2k+ | Missing Translators Comment | |
| #29 | WP Fail2Ban Redux | 82 | 1 | 10 | 7k+ | trademarked term | |
| #30 | Hostinger Tools | 81 | 14 | 22 | 3m+ | wp function not compatible with requires wp | |
| #31 | Smart Passworded Pages | 80 | 11 | 8 | 2k+ | wp function not compatible with requires wp | |
| #32 | Melapress File Monitor | 80 | 16 | 90 | 6k+ | Non-prefixed global variable | |
| #33 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | |
| #34 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non-prefixed hook name | |
| #35 | Simple Login Captcha | 70 | 20 | 19 | 10k+ | date date | |
| #36 | Simple Login Lockdown | 69 | 13 | 6 | 4k+ | Output is not escaped | |
| #37 | Content Security Policy Manager | 68 | 19 | 2 | 2k+ | Output is not escaped | |
| #38 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | |
| #39 | Forget Spam Comment | 67 | 5 | 10 | 9k+ | Input is not sanitized | |
| #40 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Nonce verification recommended | |
| #41 | Inactive Logout | 64 | 30 | 71 | 10k+ | Non-prefixed global variable | |
| #42 | Meta Generator and Version Info Remover | 52 | 20 | 28 | 10k+ | Non-prefixed function | |
| #43 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | Request data is not unslashed | |
| #44 | TrustedSite | 50 | 29 | 14 | 20k+ | Output is not escaped | |
| #45 | LWS Hide Login | 45 | 5 | 58 | 20k+ | Request data is not unslashed | |
| #46 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | |
| #47 | BBQ Firewall – Fast & Powerful Firewall Security | 44 | 17 | 17 | 100k+ | Output is not escaped | |
| #48 | User Role Editor | 43 | 117 | 145 | 700k+ | Output is not escaped | |
| #49 | Lock Down Admin | 42 | 30 | 20 | 3k+ | Unsafe printing function | |
| #50 | Login No Captcha reCAPTCHA | 42 | 45 | 24 | 60k+ | Unsafe printing function |
