Recently Scanned Security WordPress Plugins
189 indexed plugins
Plugins
189
Active Installs
27m+
Average Score
53
Audited
189
Recently Scanned
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #52 | WEDOS | Protection & Cache Performance | 98 | 2 | 3 | 800 | ABSPATHDetected | ||
| #53 | htaccess protect | 39 | 28 | 33 | 800 | Input is not validated | ||
| #54 | Prevent Concurrent Logins | 97 | 2 | 10 | 900 | Non-prefixed function | ||
| #55 | WebTotem Security | 21 | 1,110 | 213 | 900 | Text Domain Mismatch | ||
| #56 | SX User Name Security | 46 | 42 | 9 | 900 | Output is not escaped | ||
| #57 | Subresource Integrity (SRI) Manager | 35 | 26 | 94 | 900 | Request data is not unslashed | ||
| #58 | WP Disable Site Health | 93 | 4 | 4 | 1k+ | trademarked term | ||
| #59 | Login Security Captcha | 100 | 0 | 10k+ | No open findings | |||
| #60 | WebDefender Security – Protection & AntiSpam | 70 | 176 | 61 | 1k+ | wp function not compatible with requires wp | ||
| #61 | Injection Guard | 36 | 87 | 45 | 1k+ | Unsafe printing function | ||
| #62 | iControlWP | 47 | 45 | 59 | 1k+ | Missing direct file access protection | ||
| #63 | NETSENSAI Shield | 83 | 10 | 16 | 1k+ | Nonce verification recommended | ||
| #64 | CloudGuard | 41 | 41 | 13 | 1k+ | Output is not escaped | ||
| #65 | Password Strength for WooCommerce | 98 | 3 | 0 | 1k+ | Missing direct file access protection | ||
| #66 | Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention | 25 | 618 | 605 | 1m+ | Unsafe printing function | ||
| #67 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 271 | 568 | 6k+ | Request data is not unslashed | ||
| #68 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | Output is not escaped | ||
| #69 | MainWP Dashboard: Self-hosted WordPress Management for Agencies | 31 | 95 | 317 | 20k+ | Interpolated SQL is not prepared | ||
| #70 | GD Security Headers | 25 | 407 | 521 | 1k+ | Output is not escaped | ||
| #71 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | Request data is not unslashed | ||
| #72 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #73 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | ||
| #74 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output is not escaped | ||
| #75 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #76 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Nonce verification recommended | ||
| #77 | WebAuthn Provider for Two Factor | 91 | 6 | 14 | 1k+ | Missing Arg Domain | ||
| #78 | App for Cloudflare® | 98 | 10 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #79 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | Output is not escaped | ||
| #80 | Dam Spam | 100 | 1 | 1k+ | unexpected markdown file | |||
| #81 | Remove XML-RPC Methods | 100 | 0 | 1k+ | No open findings | |||
| #82 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | Missing nonce verification | ||
| #83 | Logbook | 40 | 33 | 59 | 2k+ | Nonce verification recommended | ||
| #84 | Virusdie | One-click website security | 39 | 149 | 66 | 2k+ | Output is not escaped | ||
| #85 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe printing function | ||
| #86 | Simple Automatic Updates | 85 | 18 | 1 | 2k+ | Missing Translators Comment | ||
| #87 | WP Admin Basic Auth | 87 | 5 | 6 | 2k+ | Input is not sanitized | ||
| #88 | Content Security Policy Manager | 68 | 19 | 2 | 2k+ | Output is not escaped | ||
| #89 | Smart Passworded Pages | 80 | 11 | 8 | 2k+ | wp function not compatible with requires wp | ||
| #90 | Advanced Country Blocker | 40 | 23 | 77 | 2k+ | Exception output is not escaped | ||
| #91 | CrowdSec | 35 | 130 | 119 | 2k+ | Output is not escaped | ||
| #92 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #93 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #94 | WP Author Slug | 96 | 16 | 6 | 2k+ | Text Domain Mismatch | ||
| #95 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #96 | Lock Down Admin | 42 | 30 | 20 | 3k+ | Unsafe printing function | ||
| #97 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #98 | BotBlocker Security – Firewall & Bot Protection | 99 | 5 | 3k+ | Non-prefixed constant | |||
| #99 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | ||
| #100 | Expire User Passwords | 35 | 3 | 15 | 3k+ | Nonce verification recommended |