Security WordPress Plugins with Most Issues
190 indexed plugins
Plugins
190
Active Installs
27m+
Average Score
53
Audited
190
Most Issues
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Host Header Injection Fix | 70 | 9 | 8 | 400 | Output is not escaped | ||
| #152 | Forget Spam Comment | 67 | 5 | 10 | 10k+ | Input is not sanitized | ||
| #153 | LH HSTS | 78 | 3 | 12 | 600 | Input is not sanitized | ||
| #154 | HSTS Ready | 85 | 3 | 11 | 3k+ | Input is not validated | ||
| #155 | Prevent Concurrent Logins | 97 | 2 | 10 | 900 | Non-prefixed function | ||
| #156 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #157 | Maestro Connector | 97 | 7 | 4 | 500 | Missing direct file access protection | ||
| #158 | Prevent XSS Vulnerability | 98 | 10 | 1 | 6k+ | Missing Arg Domain | ||
| #159 | Safe SVG | 98 | 7 | 4 | 1m+ | Missing Arg Domain | ||
| #160 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | ||
| #161 | WP Fail2Ban Redux | 82 | 1 | 10 | 7k+ | trademarked term | ||
| #162 | Disable Registration Page | 88 | 4 | 6 | 400 | Text Domain Mismatch | ||
| #163 | Hide WordPress Version | 96 | 5 | 4 | 400 | trademarked term | ||
| #164 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped | ||
| #165 | SMNTCS Disable REST API User Endpoints | 35 | 8 | 0 | 7k+ | Hidden files included | ||
| #166 | WP Disable Site Health | 93 | 4 | 4 | 1k+ | trademarked term | ||
| #167 | Malcure Malware Shield — Removal, Repair, Monitor | 98 | 8 | 10k+ | upgrade notice limit | |||
| #168 | XO Security | 94 | 5 | 3 | 30k+ | wp function not compatible with requires wp | ||
| #169 | Control XML-RPC publishing | 92 | 7 | 0 | 400 | Text Domain Mismatch | ||
| #170 | Generate Security.txt | 99 | 1 | 5 | 500 | Non-prefixed class | ||
| #171 | Auto SRI | 92 | 4 | 1 | 500 | wp function not compatible with requires wp | ||
| #172 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | |||
| #173 | Disable File Editor | 97 | 3 | 2 | 500 | outdated tested upto header | ||
| #174 | Give – Cloudflare Turnstile | 35 | 3 | 2 | 500 | Hidden files included | ||
| #175 | SameSite Cookies | 98 | 3 | 2 | 800 | Missing direct file access protection | ||
| #176 | WPMasterToolKit (WPMTK) – All in one plugin | 99 | 1 | 4 | 4k+ | trademarked term | ||
| #177 | Logout Clear Cookies | 98 | 3 | 1 | 500 | Missing direct file access protection | ||
| #178 | Manage XML-RPC | 98 | 3 | 1 | 5k+ | file system operations is writable | ||
| #179 | WPVulnerability | 96 | 4 | 10k+ | trademarked term | |||
| #180 | Password Strength for WooCommerce | 98 | 3 | 0 | 1k+ | Missing direct file access protection | ||
| #181 | Protect Uploads | 99 | 2 | 1 | 30k+ | Missing direct file access protection | ||
| #182 | Stop User Enumeration | 99 | 1 | 1 | 50k+ | Dynamic hook name | ||
| #183 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | |||
| #184 | Security.txt Manager | 35 | 1 | 0 | 500 | Hidden files included | ||
| #185 | Stop XML-RPC Attacks | 100 | 1 | 6k+ | Non-prefixed class | |||
| #186 | Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… | 100 | 1 | 1k+ | mismatched plugin name | |||
| #187 | WEDOS | Protection & Cache Performance | 100 | 1 | 800 | trademarked term | |||
| #188 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | |||
| #189 | Protect Login | 100 | 0 | 600 | No open findings | |||
| #190 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings |