Most Improved Security WordPress Plugins
137 indexed plugins
Plugins
137
Active Installs
27m+
Average Score
48
Audited
137
Most Improved
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | Non-prefixed global variable | ||
| #2 | Advanced Access Manager – Access Governance for WordPress | 32 | 849 | 62 | 100k+ | Output is not escaped | ||
| #3 | Advanced Country Blocker | 40 | 23 | 77 | 2k+ | Exception output is not escaped | ||
| #4 | Advanced IP Blocker | 40 | 94 | 44 | 2k+ | Exception output is not escaped | ||
| #5 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | Non-prefixed global variable | ||
| #6 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Nonce verification recommended | ||
| #7 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #8 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | Nonce verification recommended | ||
| #9 | Login by Auth0 | 37 | 307 | 82 | 10k+ | Text Domain Mismatch | ||
| #10 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output is not escaped | ||
| #11 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #12 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output is not escaped | ||
| #13 | BBQ Firewall – Fast & Powerful Firewall Security | 44 | 17 | 17 | 100k+ | Output is not escaped | ||
| #14 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | |||
| #15 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 9k+ | Request data is not unslashed | ||
| #16 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | Output is not escaped | ||
| #17 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | Text Domain Mismatch | ||
| #18 | AntiSpam for Contact Form 7 | 86 | 14 | 8 | 10k+ | Text Domain Mismatch | ||
| #19 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #20 | Companion Auto Update | 33 | 159 | 298 | 50k+ | Direct Query | ||
| #21 | CrowdSec | 35 | 130 | 119 | 2k+ | Output is not escaped | ||
| #22 | Content Security Policy Manager | 68 | 19 | 2 | 2k+ | Output is not escaped | ||
| #23 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non-prefixed hook name | ||
| #24 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | |||
| #25 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #26 | Defender Security – Malware Scanner, Login Security & Firewall | 24 | 306 | 518 | 80k+ | Non-prefixed namespace | ||
| #27 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | ||
| #28 | Expire User Passwords | 35 | 3 | 15 | 3k+ | Nonce verification recommended | ||
| #29 | Exploit Scanner | 37 | 25 | 130 | 8k+ | Non-prefixed global variable | ||
| #30 | Forget Spam Comment | 67 | 5 | 10 | 10k+ | Input is not sanitized | ||
| #31 | Lock Down Admin | 42 | 30 | 20 | 3k+ | Unsafe printing function | ||
| #32 | GD Security Headers | 25 | 407 | 521 | 1k+ | Output is not escaped | ||
| #33 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | Short PHP open tag found | ||
| #34 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | Request data is not unslashed | ||
| #35 | Google Authenticator | 41 | 39 | 65 | 20k+ | Output is not escaped | ||
| #36 | Anti-Malware Security and Brute-Force Firewall | 22 | 544 | 965 | 100k+ | Output is not escaped | ||
| #37 | WP Ghost (Hide My WP Ghost) – Security & Firewall | 85 | 6 | 373 | 100k+ | Non-prefixed global variable | ||
| #38 | Hostinger Tools | 81 | 14 | 22 | 3m+ | wp function not compatible with requires wp | ||
| #39 | HSTS Ready | 85 | 3 | 11 | 3k+ | Input is not validated | ||
| #40 | Inactive Logout | 64 | 30 | 71 | 10k+ | Non-prefixed global variable | ||
| #41 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #42 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | Text Domain Mismatch | ||
| #43 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #44 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #45 | Jetpack Protect | 30 | 657 | 217 | 100k+ | Text Domain Mismatch | ||
| #46 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #47 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #48 | Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | 24 | 563 | 548 | 4k+ | Text Domain Mismatch | ||
| #49 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | Output is not escaped | ||
| #50 | Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention | 25 | 621 | 602 | 1m+ | Unsafe printing function |
