Most Downloaded Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
53
Audited
188
Most Downloaded
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | Simple Login Captcha | 70 | 20 | 19 | 10k+ | date date | ||
| #102 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #103 | Plugin Security Scanner | 84 | 9 | 9 | 800 | Output is not escaped | ||
| #104 | Smart Passworded Pages | 80 | 11 | 8 | 2k+ | wp function not compatible with requires wp | ||
| #105 | Manage XML-RPC | 98 | 3 | 1 | 6k+ | file system operations is writable | ||
| #106 | WPMasterToolKit (WPMTK) – All in one plugin | 99 | 1 | 4 | 4k+ | trademarked term | ||
| #107 | Simple Login Lockdown | 69 | 13 | 6 | 4k+ | Output is not escaped | ||
| #108 | CrowdSec | 35 | 130 | 119 | 2k+ | Output is not escaped | ||
| #109 | Expire User Passwords | 35 | 3 | 15 | 3k+ | Nonce verification recommended | ||
| #110 | Advanced IP Blocker | 40 | 94 | 44 | 2k+ | Exception output is not escaped | ||
| #111 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #112 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output is not escaped | ||
| #113 | Logbook | 40 | 33 | 59 | 2k+ | Nonce verification recommended | ||
| #114 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | ||
| #115 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Nonce verification recommended | ||
| #116 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | Output is not escaped | ||
| #117 | WebAuthn Provider for Two Factor | 91 | 6 | 14 | 1k+ | Missing Arg Domain | ||
| #118 | WP Author Slug | 96 | 16 | 6 | 2k+ | Text Domain Mismatch | ||
| #119 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe printing function | ||
| #120 | Virusdie | One-click website security | 39 | 149 | 66 | 2k+ | Output is not escaped | ||
| #121 | WP Fingerprint | 42 | 34 | 47 | 9k+ | Direct Query | ||
| #122 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #123 | Content Security Policy Manager | 68 | 19 | 2 | 2k+ | Output is not escaped | ||
| #124 | HSTS Ready | 85 | 3 | 11 | 3k+ | Input is not validated | ||
| #125 | Injection Guard | 36 | 87 | 45 | 1k+ | Unsafe printing function | ||
| #126 | GD Security Headers | 25 | 407 | 521 | 1k+ | Output is not escaped | ||
| #127 | Access Areas for WordPress | 35 | 17 | 95 | 400 | Direct Query | ||
| #128 | RSFirewall! | 24 | 563 | 521 | 4k+ | Output is not escaped | ||
| #129 | SMNTCS Disable REST API User Endpoints | 35 | 8 | 0 | 6k+ | Hidden files included | ||
| #130 | CloudGuard | 41 | 41 | 13 | 1k+ | Output is not escaped | ||
| #131 | Stop XML-RPC Attacks | 100 | 1 | 6k+ | Non-prefixed class | |||
| #132 | WP fail2ban Blocklist | 36 | 61 | 63 | 3k+ | SQL query is not prepared | ||
| #133 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #134 | Password Strength for WooCommerce | 98 | 3 | 0 | 1k+ | Missing direct file access protection | ||
| #135 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #136 | Security Header Generator | 87 | 10 | 20 | 500 | Non Singular String Literal Text | ||
| #137 | Lock Down Admin | 42 | 30 | 20 | 3k+ | Unsafe printing function | ||
| #138 | WP PGP Encrypted Emails | 35 | 63 | 39 | 400 | Output is not escaped | ||
| #139 | Host Header Injection Fix | 70 | 9 | 8 | 400 | Output is not escaped | ||
| #140 | SameSite Cookies | 98 | 3 | 2 | 800 | Missing direct file access protection | ||
| #141 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | Non-prefixed global variable | ||
| #142 | Simple Automatic Updates | 85 | 18 | 1 | 2k+ | Missing Translators Comment | ||
| #143 | Whitelist IP For Limit Login Attempts | 48 | 18 | 12 | 600 | Output is not escaped | ||
| #144 | Control XML-RPC publishing | 92 | 7 | 0 | 400 | Text Domain Mismatch | ||
| #145 | Block wp-login | 98 | 16 | 3 | 600 | wp function not compatible with requires wp | ||
| #146 | Protect Login | 95 | 26 | 19 | 600 | Missing direct file access protection | ||
| #147 | SX User Name Security | 46 | 42 | 9 | 900 | Output is not escaped | ||
| #148 | Security Ninja For MainWP | 47 | 246 | 71 | 500 | Text Domain Mismatch | ||
| #149 | Subresource Integrity (SRI) Manager | 35 | 26 | 94 | 900 | Request data is not unslashed | ||
| #150 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped |
