Plugin Security Scorecard November Results
November was the fourth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 78 plugins were checked last month. With 17 of those plugins being security plugins.
As can be seen below, the results for security plugins were not good. With only five of those plugins getting a C or above. That comes from a combination of different issues. Some of those plugins have security issues. Some come from developers that have had repeated issues with vulnerabilities and are not addressing the underlying problems. Most security plugins are failing to implement best practices for security. Then there is the issue of the plugin developers making security claims that are at least not supported with evidence (and often couldn’t be supported with evidence, since they are not true).
The overall results were better than those for just security plugins, but not great. Only one plugin, The SEO Framework, got an A this month. No plugins got an A+ or B+. Those three grades require the developer is taking proactive measures with security, so most plugin developers are not taking measures to provide the best security. 16 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.
November Security Scorecard Grades for Security Plugins
- HTTP Headers B
- Blackhole for Bad Bots C+
- Headers Security Advanced & HSTS WP C
- Sucuri Security C
- WP fail2ban C
- Patchstack D+
- WPVulnerability D+
- Anti-Malware Security and Brute-Force Firewall D
- Hide My WP Ghost D
- NinjaFirewall (WP Edition) D
- Really Simple Security D
- All-In-One Security (AIOS) F
- BulletProof Security F
- Defender Security F
- Jetpack F
- MalCare WordPress Security Plugin F
- Wordfence Security F
November Security Scorecard Grades for Other Plugins
- The SEO Framework A
- AddToAny Share Buttons B
- Bricksable B
- Bulk NoIndex & NoFollow Toolkit B
- Cookie Notice & Compliance for GDPR / CCPA B
- Embed Consent B
- LoginPress B
- MailerLite B
- Preload Fullpage Cache B
- Pressidium Cookie Consent B
- Product Sales Report for WooCommerce B
- TinyPNG B
- Mobile Detect B
- Two Factor (2FA) Authentication via Email B
- Widget Context B
- WooCommerce Stripe Payment Gateway B
- WP-Sweep B
- Advanced Ads C+
- Akismet Anti-spam C+
- Autoptimize C+
- Gutenberg Block Editor Toolkit C+
- Client Portal C+
- WordPress Comments Import & Export C+
- Fabrica Dashboard C+
- Force Regenerate Thumbnails C+
- Menu Swapper C+
- Netcash WooCommerce Payment Gateway C+
- Object Cache 4 everyone C+
- Redux Framework C+
- ShortPixel Image Optimizer C+
- SiteGround Migrator C+
- Ultimate Member C+
- Print Invoice & Delivery Notes for WooCommerce C+
- WooCommerce PayPal Payments C+
- WP Mail SMTP by WPForms C+
- WP-PageNavi C+
- WPvivid C+
- All-in-One WP Migration and Backup C
- Beehive C
- elink C
- MailPoet C
- Newspaper Columns C
- Order Export & Order Import for WooCommerce C
- SecuPress SSL Fixer C
- Appointment Booking Calendar C
- Advanced Editor Tools C
- WC Product Bundles C
- Wordfence Login Security C
- WP 2FA C
- WP-Paginate C
- Pods D+
- Quick Adsense D+
- WP Cloud D
- Beaver Builder F
- Duplicate Page F
- Forminator Forms F
- Royal Elementor Addons and Templates F
- Ultimate Addons for Beaver Builder F
- UpdraftPlus F
- WP-Optimize F
- Smush Image Optimization F