Best Security WordPress Plugins

137 indexed plugins

Plugins

137

Active Installs

27m+

Average Score

Audited

133

Best Scored

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Dam Spam	100		1	1k+	today	unexpected markdown file
#2	Login Security Captcha	100		0	10k+	22 days ago	No open findings
#3	Stop XML-RPC Attacks	100		1	6k+	29 days ago	Non Prefixed Class Found
#4	Remove XML-RPC Methods	100		0	1k+	3 months ago	No open findings
#5	BotBlocker Security – Firewall & Bot Protection	99		5	3k+	4 days ago	Non Prefixed Constant Found
#6	Protect Uploads	99	2	1	40k+	10 days ago	missing direct file access protection
#7	Stop User Enumeration	99	1	1	50k+	6 months ago	Dynamic Hookname Found
#8	WPMasterToolKit (WPMTK) – All in one plugin	99	1	4	4k+	2 months ago	trademarked term
#9	App for Cloudflare®	98	10	1	1k+	2 months ago	wp function not compatible with requires wp
#10	Manage XML-RPC	98	3	1	6k+	2 years ago	file system operations is writable
#11	Prevent XSS Vulnerability	98	10	1	6k+	11 months ago	Missing Arg Domain
#12	Safe SVG	98	7	4	1m+	2 months ago	Missing Arg Domain
#13	WP Author Slug	96	16	6	2k+	24 days ago	Text Domain Mismatch
#14	WPVulnerability	96		4	10k+	19 days ago	trademarked term
#15	MilesWeb Tools	95	4	49	10k+	11 months ago	Non Prefixed Variable Found
#16	Malcure Malware Shield — Removal, Repair, Monitor	95	75	6	10k+	22 days ago	wp function not compatible with requires wp
#17	Stop Spammers Classic	94	185	1	30k+	28 days ago	wp function not compatible with requires wp
#18	Sucuri Security – Auditing, Malware Scanner and Security Hardening	94	52	5	600k+	18 days ago	missing direct file access protection
#19	XO Security	94	5	3	30k+	2 months ago	wp function not compatible with requires wp
#20	Restricted Site Access	91	14	11	10k+	1 month ago	Missing Arg Domain
#21	WebAuthn Provider for Two Factor	91	6	14	1k+	3 months ago	Missing Arg Domain
#22	Password Strength Settings for WooCommerce	89	17	6	10k+	3 years ago	Missing Arg Domain
#23	WP Admin Basic Auth	87	5	6	2k+	13 years ago	Input Not Sanitized
#24	AntiSpam for Contact Form 7	86	14	8	10k+	2 months ago	Text Domain Mismatch
#25	WP Ghost (Hide My WP Ghost) – Security & Firewall	85	6	373	100k+	19 days ago	Non Prefixed Variable Found
#26	HSTS Ready	85	3	11	3k+	1 month ago	Input Not Validated
#27	Salt Shaker	85	15	13	6k+	7 months ago	Interpolated Not Prepared
#28	Simple Automatic Updates	85	18	1	2k+	7 years ago	Missing Translators Comment
#29	WP Fail2Ban Redux	82	1	10	7k+	1 year ago	trademarked term
#30	Hostinger Tools	81	14	22	3m+	5 days ago	wp function not compatible with requires wp
#31	Smart Passworded Pages	80	11	8	2k+	9 years ago	wp function not compatible with requires wp
#32	Melapress File Monitor	80	16	90	6k+	1 month ago	Non Prefixed Variable Found
#33	OpenID Connect Generic Client	73	9	59	10k+	4 months ago	Non Prefixed Hookname Found
#34	Simple Login Captcha	70	20	19	10k+	26 days ago	date date
#35	Simple Login Lockdown	69	13	6	4k+	9 years ago	Output Not Escaped
#36	Content Security Policy Manager	68	19	2	2k+	4 years ago	Output Not Escaped
#37	Protection Against DDoS	68	22	5	3k+	6 years ago	Output Not Escaped
#38	Forget Spam Comment	67	5	10	9k+	1 year ago	Input Not Sanitized
#39	WP Anti-Clickjack	66	4	42	4k+	5 months ago	Recommended
#40	Inactive Logout	64	30	71	10k+	17 days ago	Non Prefixed Variable Found
#41	Meta Generator and Version Info Remover	52	20	28	10k+	9 months ago	Non Prefixed Function Found
#42	TrustedSite	50	29	14	20k+	10 months ago	Output Not Escaped
#43	LWS Hide Login	45	5	58	20k+	6 days ago	Missing Unslash
#44	Passwords Evolved	45	26	17	1k+	1 year ago	Output Not Escaped
#45	BBQ Firewall – Fast & Powerful Firewall Security	44	17	17	100k+	2 months ago	Output Not Escaped
#46	User Role Editor	43	117	145	700k+	1 month ago	Output Not Escaped
#47	Lock Down Admin	42	30	20	3k+	7 years ago	Unsafe Printing Function
#48	Login No Captcha reCAPTCHA	42	45	24	60k+	26 days ago	Unsafe Printing Function
#49	Proxy & VPN Blocker	42	10	72	1k+	1 month ago	Recommended
#50	Two Factor	42	18	70	100k+	3 months ago	Recommended