Top Security WordPress Plugins
172 indexed plugins
Plugins
172
Active Installs
27m+
Average Score
51
Audited
172
Top Scores
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | Output is not escaped | ||
| #152 | SiteGuard WP Plugin | 24 | 362 | 345 | 500k+ | Output is not escaped | ||
| #153 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #154 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | Short PHP open tag found | ||
| #155 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #156 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #157 | Login With Ajax – Fast Logins, 2FA, Redirects | 23 | 623 | 520 | 10k+ | Output is not escaped | ||
| #158 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | Missing nonce verification | ||
| #159 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | Non-prefixed global variable | ||
| #160 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | Missing Translators Comment | ||
| #161 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | Text Domain Mismatch | ||
| #162 | Anti-Malware Security and Brute-Force Firewall | 22 | 544 | 965 | 100k+ | Output is not escaped | ||
| #163 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #164 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | Non-prefixed global variable | ||
| #165 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | Non-prefixed global variable | ||
| #166 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non-prefixed class | ||
| #167 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #168 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | Exception output is not escaped | ||
| #169 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | Output is not escaped | ||
| #170 | WPScan – WordPress Security Scanner | 21 | 527 | 265 | 8k+ | Text Domain Mismatch | ||
| #171 | WebTotem Security | 21 | 1,110 | 213 | 900 | Text Domain Mismatch | ||
| #172 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | Missing Translators Comment | ||
| #173 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | Output is not escaped | ||
| #174 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception output is not escaped |
