Security WordPress Plugins That Need Review
190 indexed plugins
Plugins
190
Active Installs
27m+
Average Score
53
Audited
190
Needs Review
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Update Notifier | 86 | 8 | 1 | 700 | Output is not escaped | ||
| #152 | Security Header Generator | 87 | 10 | 20 | 500 | Non Singular String Literal Text | ||
| #153 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | ||
| #154 | Disable Registration Page | 88 | 4 | 6 | 400 | Text Domain Mismatch | ||
| #155 | Password Strength Settings for WooCommerce | 89 | 17 | 6 | 10k+ | Missing Arg Domain | ||
| #156 | Restricted Site Access | 91 | 14 | 11 | 10k+ | Missing Arg Domain | ||
| #157 | WebAuthn Provider for Two Factor | 91 | 6 | 14 | 1k+ | Missing Arg Domain | ||
| #158 | Auto SRI | 92 | 4 | 1 | 500 | wp function not compatible with requires wp | ||
| #159 | Control XML-RPC publishing | 92 | 7 | 0 | 400 | Text Domain Mismatch | ||
| #160 | WP Disable Site Health | 93 | 4 | 4 | 1k+ | trademarked term | ||
| #161 | Stop Spammers Classic | 94 | 185 | 1 | 30k+ | wp function not compatible with requires wp | ||
| #162 | XO Security | 94 | 5 | 3 | 30k+ | wp function not compatible with requires wp | ||
| #163 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | Non-prefixed global variable | ||
| #164 | Hide WordPress Version | 96 | 5 | 4 | 400 | trademarked term | ||
| #165 | WP Author Slug | 96 | 16 | 6 | 2k+ | Text Domain Mismatch | ||
| #166 | WPVulnerability | 96 | 4 | 10k+ | trademarked term | |||
| #167 | Disable File Editor | 97 | 3 | 2 | 500 | outdated tested upto header | ||
| #168 | Maestro Connector | 97 | 7 | 4 | 500 | Missing direct file access protection | ||
| #169 | Prevent Concurrent Logins | 97 | 2 | 10 | 900 | Non-prefixed function | ||
| #170 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #171 | Block wp-login | 98 | 16 | 3 | 600 | wp function not compatible with requires wp | ||
| #172 | Logout Clear Cookies | 98 | 3 | 1 | 500 | Missing direct file access protection | ||
| #173 | Manage XML-RPC | 98 | 3 | 1 | 5k+ | file system operations is writable | ||
| #174 | Password Strength for WooCommerce | 98 | 3 | 0 | 1k+ | Missing direct file access protection | ||
| #175 | Prevent XSS Vulnerability | 98 | 10 | 1 | 6k+ | Missing Arg Domain | ||
| #176 | Safe SVG | 98 | 7 | 4 | 1m+ | Missing Arg Domain | ||
| #177 | SameSite Cookies | 98 | 3 | 2 | 800 | Missing direct file access protection | ||
| #178 | Malcure Malware Shield — Removal, Repair, Monitor | 98 | 8 | 10k+ | upgrade notice limit | |||
| #179 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | |||
| #180 | Generate Security.txt | 99 | 1 | 5 | 500 | Non-prefixed class | ||
| #181 | Protect Uploads | 99 | 2 | 1 | 30k+ | Missing direct file access protection | ||
| #182 | Stop User Enumeration | 99 | 1 | 1 | 50k+ | Dynamic hook name | ||
| #183 | WPMasterToolKit (WPMTK) – All in one plugin | 99 | 1 | 4 | 4k+ | trademarked term | ||
| #184 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | |||
| #185 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | |||
| #186 | Protect Login | 100 | 0 | 600 | No open findings | |||
| #187 | Stop XML-RPC Attacks | 100 | 1 | 6k+ | Non-prefixed class | |||
| #188 | Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner… | 100 | 1 | 1k+ | mismatched plugin name | |||
| #189 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings | |||
| #190 | WEDOS | Protection & Cache Performance | 100 | 1 | 800 | trademarked term |