February was the seventh full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 86 plugins were checked last month. With 4 of those plugins being security plugins.

The overall results were not great. No plugins got an A+,  A or B+. Those three grades require the developer is taking proactive measures with security, so most plugin developers are not taking measures to provide the best security. 19 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.

During the month, we continued our work to expand the range of third-party libraries that the tool can detect inclusion of. That is helping to identify plugins using vulnerable versions of libraries, including a plugin that started including a vulnerable version of a library years after it was known to be vulnerable and all the most popular file manager plugins including the same vulnerable library.

February Security Scorecard Grades for  Security Plugins

• Malcure Malware Scanner     B
• miniOrange Malware Protection     C
• NinjaFirewall (WP Edition)     D
• Wordfence Security     F

February Security Scorecard Grades for Other Plugins

• Pinned Feed Notices for BuddyPress     B
• Conditional Fields for Contact Form 7     B
• Honeypot for Contact Form 7     B
• Flow-Flow Social Feed Stream     B
• Header and Footer Scripts     B
• WP Armour     B
• Recipe Card Blocks     B
• Restricted Site Access     B
• Simple Banner     B
• SMTP2GO     B
• Social Icons Widget & Block by WPZOOM     B
• Social Integration for BlueSky     B
• WC Price History     B
• Weglot Translate     B
• Discount Rules for WooCommerce     B
• Germanized for WooCommerce     B
• WP Fastest Cache     B
• WPZOOM Forms     B
• Livemesh Addons for Elementor     C+
• Admin and Site Enhancements (ASE)     C+
• Advanced Accordion Gutenberg Block     C+
• Easy Affiliate Links     C+
• ElementsKit Elementor addons     C+
• Icegram Express     C+
• Highlighting Code Block     C+
• instant.page     C+
• SAML Single Sign On     C+
• My Calendar     C+
• Restrict User Access     C+
• Second Street     C+
• Vendor Templates for Dokan     C+
• Menu Cart for WooCommerce     C+
• WP Booking System     C+
• Solid Mail     C+
• WPO365 | LOGIN     C+
• WPO365 | MS GRAPH MAILER     C+
• Related Products     C+
• YayMail     C+
• Academy LMS     C
• Design for Contact Form 7 Style WordPress Plugin     C
• Content Blocks Builder     C
• Duplicate Post     C
• Design Upgrade for LearnDash     C
• EWWW Image Optimizer     C
• Smallchat for WordPress     C
• User Profile Picture     C
• Optimole     C
• s2Member     C
• Select and Multi-Select Field for Contact Form 7     C
• Hubbub Lite     C
• Tutor LMS     C
• WCFM     C
• WebP Express     C
• WHMCS Price     C
• WP About Author     C
• Analytify     C
• WP ULike     C
• AI Moderator for BuddyPress     D+
• Better Notifications for WP     D+
• Contact List     D+
• FluentSMTP     D+
• Masteriyo LMS     D+
• Oganro     D+
• Restrict     D+
• User Activity Log     D+
• WP-Archives     D+
• WP Compress     D+
• WP Event Manager     D+
• Cibul plugin     D
• Advanced File Manager     D
• myCred     D
• Activity Logs     F
• Activity Log     F
• AutoWP     F
• Backup Migration     F
• Filester     F
• WP Forum Server     F
• MonsterInsights     F
• Password Protected     F
• Seriously Simple Podcasting     F
• WP File Manager     F
• WP User Manager     F