| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | | Output Not Escaped |
| #2 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | Output Not Escaped |
| #3 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | | Text Domain Mismatch |
| #4 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | Exception Not Escaped |
| #5 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | | Non Prefixed Variable Found |
| #6 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | | Non Prefixed Variable Found |
| #7 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | | Missing Translators Comment |
| #8 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 788 | 30k+ | | Output Not Escaped |
| #9 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | | Echo Found |
| #10 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | Non Prefixed Variable Found |
| #11 | Anti-Malware Security and Brute-Force Firewall | 22 | 544 | 965 | 100k+ | | Output Not Escaped |
| #12 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | | Exception Not Escaped |
| #13 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | | Missing Translators Comment |
| #14 | Loginizer | 25 | 814 | 504 | 1m+ | | Output Not Escaped |
| #15 | Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention | 25 | 621 | 602 | 1m+ | | Unsafe Printing Function |
| #16 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | | Non Prefixed Variable Found |
| #17 | Login With Ajax – Fast Logins, 2FA, Redirects | 23 | 623 | 520 | 10k+ | | Output Not Escaped |
| #18 | Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms | 24 | 563 | 548 | 4k+ | | Text Domain Mismatch |
| #19 | SP Move Login | 26 | 881 | 215 | 6k+ | | Text Domain Mismatch |
| #20 | RSFirewall! | 24 | 563 | 521 | 4k+ | | Output Not Escaped |
| #21 | ManageWP Worker | 22 | 507 | 565 | 1m+ | | Non Prefixed Class Found |
| #22 | IP Geo Block | 23 | 399 | 589 | 9k+ | | Output Not Escaped |
| #23 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | | Missing Translators Comment |
| #24 | WPS Cleaner | 30 | 430 | 491 | 20k+ | | Output Not Escaped |
| #25 | Advanced Access Manager – Access Governance for WordPress | 32 | 849 | 62 | 100k+ | | Output Not Escaped |
| #26 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | | Output Not Escaped |
| #27 | Nexter Extension – Security, Performance, Code Snippets & Site Toolkit | 25 | 198 | 710 | 10k+ | | Recommended |
| #28 | Jetpack Protect | 30 | 657 | 217 | 100k+ | | Text Domain Mismatch |
| #29 | Defender Security – Malware Scanner, Login Security & Firewall | 24 | 306 | 518 | 80k+ | | Non Prefixed Namespace Found |
| #30 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 272 | 531 | 6k+ | | Missing Unslash |
| #31 | WPScan – WordPress Security Scanner | 21 | 527 | 265 | 8k+ | | Text Domain Mismatch |
| #32 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | | Text Domain Mismatch |
| #33 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | | Unsafe Printing Function |
| #34 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | | Text Domain Mismatch |
| #35 | Wordfence Login Security | 25 | 248 | 418 | 70k+ | | Output Not Escaped |
| #36 | SiteGuard WP Plugin | 24 | 329 | 333 | 500k+ | | Output Not Escaped |
| #37 | My Private Site | 31 | 425 | 190 | 20k+ | | Text Domain Mismatch |
| #38 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | | Not Prepared |
| #39 | Simply Static – The Static Site Generator | 25 | 163 | 446 | 30k+ | | Non Prefixed Hookname Found |
| #40 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | | Missing |
| #41 | WP EXtra – One Click Optimize | 33 | 414 | 101 | 7k+ | | Missing Arg Domain |
| #42 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | | Input Not Sanitized |
| #43 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | | Direct Query |
| #44 | Zero Spam for WordPress | 34 | 79 | 393 | 20k+ | | Non Prefixed Variable Found |
| #45 | Companion Auto Update | 33 | 159 | 298 | 50k+ | | Direct Query |
| #46 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | | Missing |
| #47 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | | Missing Unslash |
| #48 | MainWP Dashboard: Self-hosted WordPress Management for Agencies | 31 | 95 | 317 | 20k+ | | Interpolated Not Prepared |
| #49 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | | Non Prefixed Variable Found |
| #50 | Login by Auth0 | 37 | 307 | 82 | 10k+ | | Text Domain Mismatch |
