Most Installed Security WordPress Plugins
188 indexed plugins
Plugins
188
Active Installs
27m+
Average Score
53
Audited
188
Most Installed
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | .htaccess Site Access Control | 37 | 54 | 67 | 800 | Input is not sanitized | ||
| #152 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #153 | Media Vault | 34 | 115 | 150 | 800 | Output is not escaped | ||
| #154 | Plugin Security Scanner | 84 | 9 | 9 | 800 | Output is not escaped | ||
| #155 | SameSite Cookies | 98 | 3 | 2 | 800 | Missing direct file access protection | ||
| #156 | WEDOS | Protection & Cache Performance | 98 | 2 | 3 | 800 | ABSPATHDetected | ||
| #157 | WP fail2ban Add-on for Contact Form 7 | 85 | 10 | 18 | 800 | Non-prefixed constant | ||
| #158 | htaccess protect | 39 | 28 | 33 | 800 | Input is not validated | ||
| #159 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped | ||
| #160 | User Session Control | 43 | 31 | 21 | 700 | Output is not escaped | ||
| #161 | Atomic Edge Security – Firewall, Malware Scan and Login Security | 40 | 12 | 184 | 600 | Non-prefixed global variable | ||
| #162 | Block wp-login | 98 | 16 | 3 | 600 | wp function not compatible with requires wp | ||
| #163 | Easy Basic Authentication – Add basic auth to site or admin area | 46 | 14 | 28 | 600 | Input is not sanitized | ||
| #164 | LH HSTS | 78 | 3 | 12 | 600 | Input is not sanitized | ||
| #165 | Protect Login | 95 | 26 | 19 | 600 | Missing direct file access protection | ||
| #166 | Whitelist IP For Limit Login Attempts | 48 | 18 | 12 | 600 | Output is not escaped | ||
| #167 | WP fail2ban Add-on for Gravity Forms | 85 | 10 | 18 | 600 | Non-prefixed constant | ||
| #168 | Auto SRI | 92 | 4 | 1 | 500 | wp function not compatible with requires wp | ||
| #169 | Comment Form CSRF Protection | 70 | 7 | 10 | 500 | Request data is not unslashed | ||
| #170 | Disable File Editor | 97 | 3 | 2 | 500 | outdated tested upto header | ||
| #171 | Edit Lock | 41 | 47 | 22 | 500 | Non Singular String Literal Domain | ||
| #172 | Give – Cloudflare Turnstile | 35 | 3 | 2 | 500 | Hidden files included | ||
| #173 | Logout Clear Cookies | 98 | 3 | 1 | 500 | Missing direct file access protection | ||
| #174 | Maestro Connector | 97 | 7 | 4 | 500 | Missing direct file access protection | ||
| #175 | Rublon Multi-Factor Authentication (MFA) | 30 | 216 | 160 | 500 | Output is not escaped | ||
| #176 | Security Header Generator | 87 | 10 | 20 | 500 | Non Singular String Literal Text | ||
| #177 | Security Ninja For MainWP | 47 | 246 | 71 | 500 | Text Domain Mismatch | ||
| #178 | Security.txt Manager | 35 | 1 | 0 | 500 | Hidden files included | ||
| #179 | WP Author Security | 42 | 40 | 13 | 500 | Output is not escaped | ||
| #180 | Control XML-RPC publishing | 92 | 7 | 0 | 400 | Text Domain Mismatch | ||
| #181 | Disable Registration Page | 88 | 4 | 6 | 400 | Text Domain Mismatch | ||
| #182 | Hide WordPress Version | 96 | 5 | 4 | 400 | trademarked term | ||
| #183 | Host Header Injection Fix | 70 | 9 | 8 | 400 | Output is not escaped | ||
| #184 | yubikey-plugin | 40 | 64 | 33 | 400 | Text Domain Mismatch | ||
| #185 | Access Areas for WordPress | 35 | 17 | 95 | 400 | Direct Query | ||
| #186 | WP Login Door | 64 | 19 | 11 | 400 | Output is not escaped | ||
| #187 | WP Logout Redirect | 67 | 20 | 5 | 400 | Unsafe printing function | ||
| #188 | WP PGP Encrypted Emails | 35 | 63 | 39 | 400 | Output is not escaped |
