6 Nov 2024

Plugin Security Scorecard October Results

October was the third full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 176 plugins were checked last month. With 9 of those plugins being security plugins.

As can be seen below, the results for security plugins were not good. With all but two of those plugins getting a D+ or below. That comes from a combination of different issues. Some of those plugins have security issues. Some come from developers that have had repeated issues with vulnerabilities and are not addressing the underlying problems. Most security plugins are failing to implement best practices for security. Then there is the issue of the plugin developers making security claims that are at least not supported with evidence (and often couldn’t be supported with evidence, since they are not true).

The overall results were better than those for just security plugins, but not great. No plugins got an A+ A, B+ this month. Those grades require the developer is taking proactive measures with security. 30 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.

October Security Scorecard Grades for  Security Plugins

October Security Scorecard Grades for Other Plugins

Leave a Reply

Your email address will not be published.