Most Downloaded Security WordPress Plugins
190 indexed plugins
Plugins
190
Active Installs
27m+
Average Score
53
Audited
190
Most Downloaded
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped | ||
| #152 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | Request data is not unslashed | ||
| #153 | Prevent Concurrent Logins | 97 | 2 | 10 | 900 | Non-prefixed function | ||
| #154 | Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… | 100 | 1 | 1k+ | mismatched plugin name | |||
| #155 | Media Vault | 34 | 115 | 150 | 800 | Output is not escaped | ||
| #156 | Maestro Connector | 97 | 7 | 4 | 500 | Missing direct file access protection | ||
| #157 | Comment Form CSRF Protection | 70 | 7 | 10 | 500 | Request data is not unslashed | ||
| #158 | WEDOS | Protection & Cache Performance | 100 | 1 | 800 | trademarked term | |||
| #159 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | |||
| #160 | Advanced Country Blocker | 40 | 23 | 77 | 2k+ | Exception output is not escaped | ||
| #161 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings | |||
| #162 | Hide WordPress Version | 96 | 5 | 4 | 400 | trademarked term | ||
| #163 | Easy Basic Authentication – Add basic auth to site or admin area | 46 | 14 | 28 | 600 | Input is not sanitized | ||
| #164 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | ||
| #165 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #166 | REST XML-RPC Data Checker | 54 | 14 | 45 | 900 | Input is not sanitized | ||
| #167 | htaccess protect | 39 | 28 | 33 | 800 | Input is not validated | ||
| #168 | User Session Control | 43 | 31 | 21 | 700 | Output is not escaped | ||
| #169 | .htaccess Site Access Control | 37 | 54 | 67 | 800 | Input is not sanitized | ||
| #170 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | Missing nonce verification | ||
| #171 | WP fail2ban Add-on for Contact Form 7 | 85 | 10 | 18 | 800 | Non-prefixed constant | ||
| #172 | Logout Clear Cookies | 98 | 3 | 1 | 500 | Missing direct file access protection | ||
| #173 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | |||
| #174 | WP Logout Redirect | 67 | 20 | 5 | 400 | Unsafe printing function | ||
| #175 | Security.txt Manager | 35 | 1 | 0 | 500 | Hidden files included | ||
| #176 | WP fail2ban Add-on for Gravity Forms | 85 | 10 | 18 | 600 | Non-prefixed constant | ||
| #177 | WP Author Security | 42 | 40 | 13 | 500 | Output is not escaped | ||
| #178 | yubikey-plugin | 40 | 64 | 33 | 400 | Text Domain Mismatch | ||
| #179 | NETSENSAI Shield | 83 | 10 | 16 | 1k+ | Nonce verification recommended | ||
| #180 | Disable File Editor | 97 | 3 | 2 | 500 | outdated tested upto header | ||
| #181 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | ||
| #182 | Generate Security.txt | 99 | 1 | 5 | 500 | Non-prefixed class | ||
| #183 | Edit Lock | 41 | 47 | 22 | 500 | Non Singular String Literal Domain | ||
| #184 | WP Login Door | 64 | 19 | 11 | 400 | Output is not escaped | ||
| #185 | WP Disable Site Health | 93 | 4 | 4 | 1k+ | trademarked term | ||
| #186 | Disable Registration Page | 88 | 4 | 6 | 400 | Text Domain Mismatch | ||
| #187 | Give – Cloudflare Turnstile | 35 | 3 | 2 | 500 | Hidden files included | ||
| #188 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #189 | Auto SRI | 92 | 4 | 1 | 500 | wp function not compatible with requires wp | ||
| #190 | Atomic Edge Security – Firewall, Malware Scan and Login Security | 40 | 12 | 184 | 700 | Non-prefixed global variable |