Most Improved Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
52
Audited
175
Most Improved
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | Injection Guard | 36 | 87 | 45 | 1k+ | Unsafe printing function | ||
| #52 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #53 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | Text Domain Mismatch | ||
| #54 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #55 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #56 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #57 | Jetpack Protect | 30 | 657 | 217 | 100k+ | Text Domain Mismatch | ||
| #58 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #59 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #60 | LH HSTS | 78 | 3 | 12 | 600 | Input is not sanitized | ||
| #61 | Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | 24 | 563 | 548 | 4k+ | Text Domain Mismatch | ||
| #62 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | Output is not escaped | ||
| #63 | Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention | 25 | 618 | 605 | 1m+ | Unsafe printing function | ||
| #64 | Lockdown WP Admin | 41 | 20 | 50 | 10k+ | Request data is not unslashed | ||
| #65 | Log cleaner for Solid Security | 41 | 65 | 47 | 8k+ | Text Domain Mismatch | ||
| #66 | Logbook | 40 | 33 | 59 | 2k+ | Nonce verification recommended | ||
| #67 | Login No Captcha reCAPTCHA | 42 | 45 | 24 | 60k+ | Unsafe printing function | ||
| #68 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | |||
| #69 | Login With Ajax – Fast Logins, 2FA, Redirects | 23 | 623 | 520 | 10k+ | Output is not escaped | ||
| #70 | Loginizer | 25 | 814 | 504 | 1m+ | Output is not escaped | ||
| #71 | Logout Clear Cookies | 98 | 3 | 1 | 500 | Missing direct file access protection | ||
| #72 | LWS Hide Login | 45 | 5 | 58 | 20k+ | Request data is not unslashed | ||
| #73 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #74 | MainWP Dashboard: Self-hosted WordPress Management for Agencies | 31 | 95 | 317 | 20k+ | Interpolated SQL is not prepared | ||
| #75 | MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites | 38 | 3 | 136 | 700k+ | Non-prefixed hook name | ||
| #76 | Manage XML-RPC | 98 | 3 | 1 | 5k+ | file system operations is writable | ||
| #77 | Media Vault | 34 | 115 | 150 | 800 | Output is not escaped | ||
| #78 | Meta Generator and Version Info Remover | 52 | 20 | 28 | 10k+ | Non-prefixed function | ||
| #79 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | Non-prefixed global variable | ||
| #80 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | Exception output is not escaped | ||
| #81 | NETSENSAI Shield | 83 | 10 | 16 | 1k+ | Nonce verification recommended | ||
| #82 | Nexter Extension – Security, Performance, Code Snippets & Site Toolkit | 25 | 198 | 710 | 10k+ | Nonce verification recommended | ||
| #83 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | Non-prefixed global variable | ||
| #84 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | Non-prefixed global variable | ||
| #85 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe printing function | ||
| #86 | No CAPTCHA reCAPTCHA | 40 | 112 | 26 | 4k+ | Text Domain Mismatch | ||
| #87 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 271 | 568 | 6k+ | Request data is not unslashed | ||
| #88 | Password Strength for WooCommerce | 98 | 3 | 0 | 1k+ | Missing direct file access protection | ||
| #89 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #90 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | Missing nonce verification | ||
| #91 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception output is not escaped | ||
| #92 | Plugin Security Scanner | 84 | 9 | 9 | 800 | Output is not escaped | ||
| #93 | Prevent Concurrent Logins | 97 | 2 | 10 | 900 | Non-prefixed function | ||
| #94 | Prevent XSS Vulnerability | 98 | 10 | 1 | 6k+ | Missing Arg Domain | ||
| #95 | Protect Login | 95 | 26 | 19 | 600 | Missing direct file access protection | ||
| #96 | Protect Uploads | 99 | 2 | 1 | 40k+ | Missing direct file access protection | ||
| #97 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | ||
| #98 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Nonce verification recommended | ||
| #99 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | Missing Translators Comment | ||
| #100 | REST XML-RPC Data Checker | 54 | 14 | 45 | 1k+ | Input is not sanitized |
