January was the sixth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 148 plugins were checked last month. With 7 of those plugins being security plugins.

As can be seen below, the results for security plugins were not good. With the best grade being a D+. That comes from a combination of different issues. Some of those plugins have security issues. Some come from developers that have had repeated issues with vulnerabilities and are not addressing the underlying problems. Most security plugins are failing to implement best practices for security. Then there is the issue of the plugin developers making security claims that are at least not supported with evidence (and often couldn’t be supported with evidence, since they are not true).

The overall results were better than those for just security plugins, but not great. No plugins got an A+,  A or B+. Those three grades require the developer is taking proactive measures with security, so most plugin developers are not taking measures to provide the best security. 35 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.

January Security Scorecard Grades for  Security Plugins

• BBQ Firewall     D+
• WP Ghost (Hide My WP Ghost)     D
• NinjaFirewall (WP Edition)     D
• Stop User Enumeration     D
• Solid Security     F
• Wordfence Security     F
• Shield Security     F

January Security Scorecard Grades for Other Plugins

• ACF OpenStreetMap Field     B
• Product Labels For Woocommerce (Sale Badges)     B
• Admin Menu Editor     B
• Connect WPForm to Any API     B
• Controlled Admin Access     B
• OpenID Connect Generic Client     B
• Database Cleaner     B
• GTM4WP     B
• Wp-Centrics Advanced Shipping Rates for WooCommerce     B
• Fixed Bottom Menu     B
• HD Quiz – Save Results Light     B
• The Icon Block     B
• Insert PHP Code Snippet     B
• InstallActivateGo Copyright Current Date Shortcodes     B
• Kaya QR Code Generator     B
• Klaviyo     B
• Media Cleaner     B
• Meta Box     B
• Microsoft Clarity     B
• Pdf Embed     B
• Public Post Preview     B
• RD Order Modifier for WooCommerce     B
• Resize Image After Upload     B
• Accordion FAQ     B
• RSS Includes Pages     B
• Search Exclude     B
• Secure Copy Content Protection and Content Locking     B
• Stackable     B
• Travel Map     B
• User Switching     B
• Was This Helpful?     B
• Weglot Translate     B
• White Label     B
• Payment Plugins for Stripe WooCommerce     B
• WP MapIt     B
• Block Visibility     C+
• Blocks CSS     C+
• Bricks Navigator     C+
• Brightcove Video Connect     C+
• Change Last Modified Date     C+
• Classic Widgets     C+
• Compact WP Audio Player     C+
• CopyCraft     C+
• Dashboard Commander     C+
• WebToffee eCommerce Marketing Automation     C+
• Dynamic QR Code     C+
• Enhanced Media Library     C+
• Facebook for WooCommerce     C+
• FluentBoards     C+
• FluentCRM     C+
• Reviews and Rating – Google Reviews     C+
• GamiPress     C+
• Help Dialog Chat     C+
• Hotjar     C+
• HT Mega     C+
• HTML Forms     C+
• Inactive Logout     C+
• Intuitive Custom Post Order     C+
• Koko Analytics     C+
• Kubio     C+
• Mammoth .docx converter     C+
• MapPress Google Maps and Leaflet Maps     C+
• Migrate Guru     C+
• Passwordless Login     C+
• Podcast Player     C+
• Presto Player     C+
• Query Monitor     C+
• Quiz Maker     C+
• Radio Buttons for Taxonomies     C+
• Require Post Category     C+
• Revision Buster     C+
• Search & Filter     C+
• Show Current Template     C+
• Simple Membership After Login Redirection     C+
• Simple Page Sidebars     C+
• TikTok     C+
• Under Construction     C+
• White Label CMS     C+
• Google Analytics for WooCommerce     C+
• Yoast SEO     C+
• WP-PageNavi     C+
• Parse.ly     C+
• X3P0     C+
• Yoast Test Helper     C+
• Zapier for WordPress     C+
• Dear Flipbook     C
• Advanced Config for S3 Uploads     C
• ARMember     C
• Better Search Replace     C
• Admin Columns     C
• Maspik     C
• Create Block Theme     C
• Custom Permalinks     C
• Draw Attention     C
• Gravity PDF     C
• Greenshift     C
• Launchpad Article Feedback     C
• Leaflet Map     C
• Native Lazyload     C
• Newsletter     C
• Ninja Mail     C
• Polylang Category Creator     C
• Property Hive     C
• Public Post Preview Configurator     C
• Quiz and Survey Master (QSM)     C
• ShiftNav     C
• Slider Revolution Search Replace     C
• SVG Support     C
• Theme My Login     C
• Adobe Fonts (formerly Typekit) for WordPress     C
• Uncanny Toolkit for LearnDash     C
• WP-CFM     C
• WP Fusion Lite     C
• WP Notification Bell     C
• WS Form LITE     C
• WP Offload Media Lite     D+
• Beaver Builder     D+
• Complianz     D+
• Content Control     D+
• Link Library     D+
• Post Content Shortcodes     D+
• Rank Math SEO     D+
• SKT Skill Bar     D+
• WooCommerce Legacy REST API     D+
• WP Migrate Lite     D+
• WordPress Native PHP Sessions     D+
• LifterLMS     D
• Spotlight Social Feeds     D
• Swift Performance Lite     D
• WooCommerce Multilingual & Multicurrency     D
• WooPayments     D
• WP Offload SES Lite     D
• Checkout Plugins – Stripe for WooCommerce     F
• Custom Twitter Feeds     F
• Easy Digital Downloads     F
• FluentSMTP     F
• Smash Balloon Social Photo Feed     F
• Kadence Blocks     F
• SureDash     F
• Uncanny Automator     F
• WPConsent     F