Security WordPress Plugins with Most Issues
137 indexed plugins
Plugins
137
Active Installs
27m+
Average Score
48
Audited
137
Most Issues
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #51 | MainWP Dashboard: Self-hosted WordPress Management for Agencies | 31 | 95 | 317 | 20k+ | Interpolated Not Prepared | |
| #52 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | Non Prefixed Variable Found | |
| #53 | Login by Auth0 | 37 | 307 | 82 | 10k+ | Text Domain Mismatch | |
| #54 | WP Ghost (Hide My WP Ghost) – Security & Firewall | 85 | 6 | 373 | 100k+ | Non Prefixed Variable Found | |
| #55 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output Not Escaped | |
| #56 | User Role Editor | 43 | 117 | 145 | 700k+ | Output Not Escaped | |
| #57 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception Not Escaped | |
| #58 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Recommended | |
| #59 | CrowdSec | 35 | 130 | 119 | 2k+ | Output Not Escaped | |
| #60 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | Exception Not Escaped | |
| #61 | LWS Tools | 31 | 104 | 134 | 10k+ | Missing Unslash | |
| #62 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | Recommended | |
| #63 | WP fail2ban – Advanced Security | 32 | 75 | 153 | 60k+ | Dynamic Hookname Found | |
| #64 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output Not Escaped | |
| #65 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non Prefixed Variable Found | |
| #66 | Virusdie | One-click website security | 39 | 149 | 66 | 2k+ | Output Not Escaped | |
| #67 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output Not Escaped | |
| #68 | Stop Spammers Classic | 94 | 185 | 1 | 30k+ | wp function not compatible with requires wp | |
| #69 | underConstruction | 36 | 98 | 60 | 40k+ | Unsafe Printing Function | |
| #70 | Exploit Scanner | 37 | 25 | 130 | 8k+ | Non Prefixed Variable Found | |
| #71 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe Printing Function | |
| #72 | MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites | 38 | 3 | 136 | 700k+ | Non Prefixed Hookname Found | |
| #73 | Advanced IP Blocker | 40 | 94 | 44 | 2k+ | Exception Not Escaped | |
| #74 | No CAPTCHA reCAPTCHA | 40 | 112 | 26 | 4k+ | Text Domain Mismatch | |
| #75 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 10k+ | Output Not Escaped | |
| #76 | WP fail2ban Blocklist | 36 | 61 | 63 | 3k+ | Not Prepared | |
| #77 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | Missing Unslash | |
| #78 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | Output Not Escaped | |
| #79 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | Missing | |
| #80 | Log cleaner for Solid Security | 41 | 65 | 47 | 8k+ | Text Domain Mismatch | |
| #81 | Melapress File Monitor | 80 | 16 | 90 | 6k+ | Non Prefixed Variable Found | |
| #82 | Google Authenticator | 41 | 39 | 65 | 20k+ | Output Not Escaped | |
| #83 | Inactive Logout | 64 | 30 | 71 | 10k+ | Non Prefixed Variable Found | |
| #84 | Advanced Country Blocker | 40 | 23 | 77 | 2k+ | Exception Not Escaped | |
| #85 | Logbook | 40 | 33 | 59 | 2k+ | Recommended | |
| #86 | Two Factor | 42 | 18 | 70 | 100k+ | Recommended | |
| #87 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Recommended | |
| #88 | WP Fingerprint | 42 | 34 | 47 | 9k+ | Direct Query | |
| #89 | Malcure Malware Shield — Removal, Repair, Monitor | 95 | 75 | 6 | 10k+ | wp function not compatible with requires wp | |
| #90 | Lockdown WP Admin | 41 | 20 | 50 | 10k+ | Missing Unslash | |
| #91 | Login No Captcha reCAPTCHA | 42 | 45 | 24 | 60k+ | Unsafe Printing Function | |
| #92 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non Prefixed Hookname Found | |
| #93 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 9k+ | Missing Unslash | |
| #94 | LWS Hide Login | 45 | 5 | 58 | 20k+ | Missing Unslash | |
| #95 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 94 | 52 | 5 | 600k+ | missing direct file access protection | |
| #96 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | Non Prefixed Variable Found | |
| #97 | Lock Down Admin | 42 | 30 | 20 | 3k+ | Unsafe Printing Function | |
| #98 | Meta Generator and Version Info Remover | 52 | 20 | 28 | 10k+ | Non Prefixed Function Found | |
| #99 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Recommended | |
| #100 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | Missing Unslash |
