Most Downloaded Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
53
Audited
188
Most Downloaded
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception output is not escaped | ||
| #52 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | Non-prefixed global variable | ||
| #53 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | Output is not escaped | ||
| #54 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #55 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output is not escaped | ||
| #56 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | Direct Query | ||
| #57 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #58 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #59 | Google Authenticator | 41 | 39 | 65 | 20k+ | Output is not escaped | ||
| #60 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | Short PHP open tag found | ||
| #61 | Inactive Logout | 64 | 30 | 71 | 10k+ | Non-prefixed global variable | ||
| #62 | Malcure Malware Shield — Removal, Repair, Monitor | 95 | 75 | 6 | 10k+ | wp function not compatible with requires wp | ||
| #63 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | Missing nonce verification | ||
| #64 | WPVulnerability | 96 | 4 | 10k+ | trademarked term | |||
| #65 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #66 | XO Security | 94 | 5 | 3 | 30k+ | wp function not compatible with requires wp | ||
| #67 | LH HSTS | 78 | 3 | 12 | 600 | Input is not sanitized | ||
| #68 | WPS Cleaner | 30 | 430 | 491 | 20k+ | Output is not escaped | ||
| #69 | Lockdown WP Admin | 41 | 20 | 50 | 10k+ | Request data is not unslashed | ||
| #70 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | |||
| #71 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 9k+ | Output is not escaped | ||
| #72 | iControlWP | 47 | 45 | 59 | 1k+ | Missing direct file access protection | ||
| #73 | WebDefender Security – Protection & AntiSpam | 70 | 176 | 61 | 1k+ | wp function not compatible with requires wp | ||
| #74 | WPScan – WordPress Security Scanner | 21 | 527 | 265 | 8k+ | Text Domain Mismatch | ||
| #75 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 271 | 568 | 6k+ | Request data is not unslashed | ||
| #76 | Login by Auth0 | 37 | 307 | 82 | 10k+ | Text Domain Mismatch | ||
| #77 | Nexter Extension – Security, Performance, Code Snippets & Site Toolkit | 25 | 198 | 710 | 10k+ | Nonce verification recommended | ||
| #78 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #79 | Salt Shaker | 85 | 15 | 13 | 6k+ | Interpolated SQL is not prepared | ||
| #80 | Meta Generator and Version Info Remover | 52 | 20 | 28 | 10k+ | Non-prefixed function | ||
| #81 | TrustedSite | 50 | 29 | 14 | 20k+ | Output is not escaped | ||
| #82 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | Text Domain Mismatch | ||
| #83 | LWS Hide Login | 45 | 5 | 58 | 20k+ | Request data is not unslashed | ||
| #84 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non-prefixed hook name | ||
| #85 | Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | 24 | 563 | 548 | 4k+ | Text Domain Mismatch | ||
| #86 | Password Strength Settings for WooCommerce | 89 | 17 | 6 | 10k+ | Missing Arg Domain | ||
| #87 | No CAPTCHA reCAPTCHA | 40 | 112 | 26 | 4k+ | Text Domain Mismatch | ||
| #88 | SP Move Login | 26 | 881 | 215 | 6k+ | Text Domain Mismatch | ||
| #89 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 10k+ | Request data is not unslashed | ||
| #90 | Melapress File Monitor | 80 | 16 | 90 | 6k+ | Non-prefixed global variable | ||
| #91 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Nonce verification recommended | ||
| #92 | Rublon Multi-Factor Authentication (MFA) | 30 | 216 | 160 | 500 | Output is not escaped | ||
| #93 | WP EXtra – One Click Optimize | 33 | 414 | 101 | 7k+ | Missing Arg Domain | ||
| #94 | AntiSpam for Contact Form 7 | 86 | 14 | 8 | 10k+ | Text Domain Mismatch | ||
| #95 | WP Fail2Ban Redux | 82 | 1 | 10 | 7k+ | trademarked term | ||
| #96 | Log cleaner for Solid Security | 41 | 65 | 47 | 8k+ | Text Domain Mismatch | ||
| #97 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #98 | WebTotem Security | 21 | 1,110 | 213 | 900 | Text Domain Mismatch | ||
| #99 | Prevent XSS Vulnerability | 98 | 10 | 1 | 6k+ | Missing Arg Domain | ||
| #100 | Forget Spam Comment | 67 | 5 | 10 | 10k+ | Input is not sanitized |
