Plugin Security Scorecard October Results
October was the third full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 176 plugins were checked last month. With 9 of those plugins being security plugins.
As can be seen below, the results for security plugins were not good. With all but two of those plugins getting a D+ or below. That comes from a combination of different issues. Some of those plugins have security issues. Some come from developers that have had repeated issues with vulnerabilities and are not addressing the underlying problems. Most security plugins are failing to implement best practices for security. Then there is the issue of the plugin developers making security claims that are at least not supported with evidence (and often couldn’t be supported with evidence, since they are not true).
The overall results were better than those for just security plugins, but not great. No plugins got an A+ A, B+ this month. Those grades require the developer is taking proactive measures with security. 30 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.
October Security Scorecard Grades for Security Plugins
- GD Security Headers B
- Headers Security Advanced & HSTS WP C
- BBQ Firewall D+
- Patchstack D+
- NinjaFirewall (WP Edition) D
- Really Simple SSL D
- All-In-One Security (AIOS) F
- BitFire Security F
- Wordfence Security F
October Security Scorecard Grades for Other Plugins
- WP Engine Smart Search B
- Prime Slider B
- Bottom Admin Toolbar B
- Convert to Blocks B
- Cookie banner plugin for WordPress B
- Disable Comments B
- Gravity Forms Zero Spam B
- Headless Mode B
- IndieWeb B
- Insert Special Characters B
- HubSpot B
- Max Mega Menu B
- NitroPack B
- No unsafe-inline B
- Plausible Analytics B
- Post Types Order B
- Safe SVG B
- ShareOpenly B
- SiteOrigin Widgets Bundle B
- Slider by Soliloquy B
- Big File Uploads B
- Termly B
- Ultimate FAQ Accordion Plugin B
- Weather Effect B
- Webmention B
- Converter for Media B
- Paystack WooCommerce Payment Gateway B
- Product Table by WBW B
- WP Dark Mode B
- WPFront Notification Bar B
- Web Accessibility By accessiBe C+
- ActivityPub C+
- FiboSearch C+
- Breadcrumb NavXT C+
- Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms C+
- Cloudflare C+
- CoBlocks C+
- Connections Business Directory C+
- Cozy Blocks C+
- Crazy Egg C+
- Custom Post Type UI C+
- Simpliest Social Share C+
- Daily Attendance C+
- Yoast Duplicate Post C+
- Email Before Download C+
- Events Made Easy Frontend Submit C+
- Widget for Social Page Feeds C+
- Flamingo C+
- Formidable Forms C+
- Fourteen Colors C+
- Genesis Simple Hooks C+
- IndieAuth C+
- Jeg Elementor Kit C+
- Members C+
- Metorik C+
- PHP Compatibility Checker C+
- Really Simple CAPTCHA C+
- Responsive Lightbox & Gallery C+
- LazyLoad Plugin C+
- Simple BMI Form C+
- Simple Cloudflare Turnstile C+
- Simple Plugin Selector C+
- Syndication Links C+
- Syntax-highlighting Code Block (with Server-side Rendering) C+
- Real Testimonials C+
- The Post Grid C+
- Themedy Toolbox C+
- Social Media Share Buttons & Social Sharing Icons C+
- Social Share Icons & Social Share Buttons C+
- WDV MailChimp Ajax C+
- WE C+
- Turnkey bbPress by WeaverTheme C+
- Advanced Order Export For WooCommerce C+
- WPGraphQL C+
- WP Mailto Links C+
- WP Recipe Maker C+
- WP-SCSS C+
- WPGraphQL Smart Cache C+
- Add From Server C
- Advanced Custom Fields (ACF) C
- Code Snippets C
- DSGVO Youtube C
- Exclusive Addons for Elementor C
- Flexible Shipping C
- InstaWP Connect C
- Jetpack Social C
- Master Slider C
- Memberful C
- Micropub C
- Patreon WordPress C
- User Profile Builder C
- Radio Player C
- Thrive Automator C
- WD3K Ajax Sliding Contact Form C
- WD3K Give Feedback C
- WD3K Go Top Down C
- WDP AJAX Comments C
- WDS Multisite Aggregate C
- WE Blocks C
- WE C
- WE C
- We The People C
- We Will Call You C
- Weart Category Posts Widget C
- Weather and Time C
- Weather Atlas Widget C
- Weather Forecast C
- Weather-Grabber C
- TechGasp Weather Master C
- Weather Postin’ C
- Weather Traveller C
- Weather Widget by Calcatraz C
- Weather Widget C
- WeatherWidget C
- Weaver Xtreme Theme Support C
- Web Developer’s Portfolio C
- Elementor Library Unlimited C
- Web Disrupt’s WP Assistant C
- Web en construccion IndianWebs C
- Web Fonts C
- Web Intent Tweet Button C
- Web Manifest C
- Web Maps for WordPress C
- Web Page Speed Checker C
- Web Payment Software Payment Gateway for WooCommerce C
- Web Push C
- Web Push Notification C
- Wallet for WooCommerce C
- WordPress Importer C
- WPGraphQL for ACF C
- WordPress.org Glossary C
- YITH WooCommerce Product Gallery & Image Zoom C
- Wp-Adv-Quiz D+
- Blocks Animation D+
- Export media with selected content D+
- Imagify D+
- WDES Responsive Popup D+
- WDES rtMedia Music D+
- WDES User Upload Restriction D+
- WDS Themes Manager D+
- WE D+
- weGallery D+
- schmie_Wetter D+
- Weather in Japan D+
- Weather Layer D+
- Weather Man D+
- Weather Slider D+
- Weather Widget D+
- Weaver II to Weaver Xtreme D+
- Weaver Options Merge D+
- Web Administrator User Role D+
- Web Hosting Plugin D+
- Web Music D+
- Push Notifications Lite D+
- WPGatsby D+
- WP Engine GeoTarget D+
- Really Simple Series D
- weather press D
- Weather Spider D
- Weaver Themes Shortcode Compatibility D
- Elementor Header & Footer Builder F
- Slider by 10Web F
- Easy Updates Manager F
- 10WebSocial F
- WDES Responsive Mobile Menu F
- WP-Optimize F
- WPGet API F