Most Improved Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
53
Audited
185
Most Improved
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | Output is not escaped | ||
| #152 | Wordfence Login Security | 25 | 248 | 418 | 70k+ | Output is not escaped | ||
| #153 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non-prefixed class | ||
| #154 | iControlWP | 47 | 45 | 59 | 1k+ | Missing direct file access protection | ||
| #155 | Access Areas for WordPress | 35 | 17 | 95 | 400 | Direct Query | ||
| #156 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | ||
| #157 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Nonce verification recommended | ||
| #158 | WP Author Security | 42 | 40 | 13 | 500 | Output is not escaped | ||
| #159 | WP Author Slug | 96 | 16 | 6 | 2k+ | Text Domain Mismatch | ||
| #160 | WP Disable Site Health | 93 | 4 | 4 | 1k+ | trademarked term | ||
| #161 | WP EXtra – One Click Optimize | 33 | 414 | 101 | 7k+ | Missing Arg Domain | ||
| #162 | WP fail2ban – Advanced Security | 32 | 75 | 153 | 60k+ | Dynamic hook name | ||
| #163 | WP fail2ban Add-on for Contact Form 7 | 85 | 10 | 18 | 800 | Non-prefixed constant | ||
| #164 | WP fail2ban Add-on for Gravity Forms | 85 | 10 | 18 | 600 | Non-prefixed constant | ||
| #165 | WP Fail2Ban Redux | 82 | 1 | 10 | 7k+ | trademarked term | ||
| #166 | WP Fingerprint | 42 | 34 | 47 | 9k+ | Direct Query | ||
| #167 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | Input is not sanitized | ||
| #168 | WP Login Door | 64 | 19 | 11 | 400 | Output is not escaped | ||
| #169 | Malcure Malware Shield — Removal, Repair, Monitor | 95 | 75 | 6 | 10k+ | wp function not compatible with requires wp | ||
| #170 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 9k+ | Output is not escaped | ||
| #171 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | Missing Translators Comment | ||
| #172 | Subresource Integrity (SRI) Manager | 35 | 26 | 94 | 900 | Request data is not unslashed | ||
| #173 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #174 | WP fail2ban Blocklist | 36 | 61 | 63 | 3k+ | SQL query is not prepared | ||
| #175 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | Output is not escaped | ||
| #176 | WPMasterToolKit (WPMTK) – All in one plugin | 99 | 1 | 4 | 4k+ | trademarked term | ||
| #177 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #178 | WPS Cleaner | 30 | 430 | 491 | 20k+ | Output is not escaped | ||
| #179 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #180 | WPScan – WordPress Security Scanner | 21 | 527 | 265 | 8k+ | Text Domain Mismatch | ||
| #181 | WPVulnerability | 96 | 4 | 10k+ | trademarked term | |||
| #182 | WebTotem Security | 21 | 1,110 | 213 | 900 | Text Domain Mismatch | ||
| #183 | XO Security | 94 | 5 | 3 | 30k+ | wp function not compatible with requires wp | ||
| #184 | Zero Spam for WordPress | 34 | 79 | 393 | 20k+ | Non-prefixed global variable | ||
| #185 | htaccess protect | 39 | 28 | 33 | 800 | Input is not validated |
