Most Improved Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
53
Audited
182
Most Improved
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | Protect Uploads | 99 | 2 | 1 | 40k+ | Missing direct file access protection | ||
| #102 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | ||
| #103 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Nonce verification recommended | ||
| #104 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | Missing Translators Comment | ||
| #105 | REST XML-RPC Data Checker | 54 | 14 | 45 | 1k+ | Input is not sanitized | ||
| #106 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | Output is not escaped | ||
| #107 | Restricted Site Access | 91 | 14 | 11 | 10k+ | Missing Arg Domain | ||
| #108 | RSFirewall! | 24 | 563 | 521 | 4k+ | Output is not escaped | ||
| #109 | Rublon Multi-Factor Authentication (MFA) | 30 | 216 | 160 | 500 | Output is not escaped | ||
| #110 | Safe SVG | 98 | 7 | 4 | 1m+ | Missing Arg Domain | ||
| #111 | Salt Shaker | 85 | 15 | 13 | 6k+ | Interpolated SQL is not prepared | ||
| #112 | SameSite Cookies | 98 | 3 | 2 | 800 | Missing direct file access protection | ||
| #113 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | Non-prefixed global variable | ||
| #114 | Security Header Generator | 87 | 10 | 20 | 500 | Non Singular String Literal Text | ||
| #115 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | Output is not escaped | ||
| #116 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | Direct Query | ||
| #117 | Security Ninja For MainWP | 47 | 246 | 71 | 500 | Text Domain Mismatch | ||
| #118 | Security.txt Manager | 35 | 1 | 0 | 500 | Hidden files included | ||
| #119 | SP Move Login | 26 | 881 | 215 | 6k+ | Text Domain Mismatch | ||
| #120 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | Request data is not unslashed | ||
| #121 | Simple Automatic Updates | 85 | 18 | 1 | 2k+ | Missing Translators Comment | ||
| #122 | Simple Login Captcha | 70 | 20 | 19 | 10k+ | date date | ||
| #123 | Simple Login Lockdown | 69 | 13 | 6 | 4k+ | Output is not escaped | ||
| #124 | Simply Static – The Static Site Generator | 25 | 163 | 448 | 30k+ | Non-prefixed hook name | ||
| #125 | SiteGuard WP Plugin | 24 | 362 | 345 | 500k+ | Output is not escaped | ||
| #126 | Smart Passworded Pages | 80 | 11 | 8 | 2k+ | wp function not compatible with requires wp | ||
| #127 | SMNTCS Disable REST API User Endpoints | 35 | 8 | 0 | 6k+ | Hidden files included | ||
| #128 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #129 | Stop Spammers Classic | 94 | 185 | 1 | 30k+ | wp function not compatible with requires wp | ||
| #130 | Stop User Enumeration | 99 | 1 | 1 | 50k+ | Dynamic hook name | ||
| #131 | Stop XML-RPC Attacks | 100 | 1 | 6k+ | Non-prefixed class | |||
| #132 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 94 | 52 | 5 | 600k+ | Missing direct file access protection | ||
| #133 | TrustedSite | 50 | 29 | 14 | 20k+ | Output is not escaped | ||
| #134 | Two Factor | 42 | 18 | 70 | 100k+ | Nonce verification recommended | ||
| #135 | WebAuthn Provider for Two Factor | 91 | 6 | 14 | 1k+ | Missing Arg Domain | ||
| #136 | underConstruction | 36 | 98 | 60 | 40k+ | Unsafe printing function | ||
| #137 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | Missing nonce verification | ||
| #138 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped | ||
| #139 | SX User Name Security | 46 | 42 | 9 | 900 | Output is not escaped | ||
| #140 | User Role Editor | 43 | 117 | 145 | 700k+ | Output is not escaped | ||
| #141 | User Session Control | 43 | 31 | 21 | 700 | Output is not escaped | ||
| #142 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing nonce verification | ||
| #143 | Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… | 100 | 1 | 1k+ | mismatched plugin name | |||
| #144 | Virusdie | One-click website security | 39 | 149 | 66 | 2k+ | Output is not escaped | ||
| #145 | Password Strength Settings for WooCommerce | 89 | 17 | 6 | 10k+ | Missing Arg Domain | ||
| #146 | Melapress File Monitor | 80 | 16 | 90 | 6k+ | Non-prefixed global variable | ||
| #147 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings | |||
| #148 | WEDOS | Protection & Cache Performance | 98 | 2 | 3 | 800 | ABSPATHDetected | ||
| #149 | Whitelist IP For Limit Login Attempts | 48 | 18 | 12 | 600 | Output is not escaped | ||
| #150 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | Output is not escaped |
