April was the ninth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 77 plugins were checked last month. With 5 of those plugins being security plugins.

The overall results were not great. Only one plugin got an A. No plugins got an A+ or B+. Those three grades require the developer of the plugin to be taking proactive measures with security, so most plugin developers are not taking measures to provide the best security. 16 of the plugins did get a B, which requires that they are avoiding unnecessary security issues.

7 plugins got an F grade. Those plugins have a collective 3.81 million installs. One of those plugins is known to be vulnerable, and another still contains a known vulnerable library that we warned the developer about months ago. (The developer of another did update flagged vulnerable libraries in the plugin after we notified they were detected by the tool.)

Latest Security Scorecard Grades for WordPress Security Plugins

• HTTP Headers     B
• NinjaFirewall (WP Edition)     D
• Security Ninja     F
• Security Optimizer     F
• WPScan     F

Latest WordPress Plugin Security Scorecard Grades

• The SEO Framework     A
• bunny.net     B
• Content Slider Block     B
• Content Views     B
• Embed Any Document     B
• Font Awesome     B
• JavaScript Obfuscator     B
• Klarna for WooCommerce     B
• Media Sync     B
• Price Changer For WooCommerce     B
• Scouting OpenID Connect     B
• Termageddon     B
• Ultimate Searchable Accordion Lite     B
• Ultimate Member – reCAPTCHA     B
• Widgets for Google Reviews     B
• WPFront Scroll Top     B
• Code Syntax Block     C+
• Complianz – Terms and Conditions     C+
• Responsive Pricing Table     C+
• Easy Accordion     C+
• GoodBarber     C+
• reCaptcha by BestWebSoft     C+
• Kilroy was here     C+
• kk Star Ratings     C+
• Roles & Capabilities     C+
• LottieFiles     C+
• Manage Notification E-mails     C+
• Podlove Web Player     C+
• Speed Optimizer     C+
• String locator     C+
• Strong Testimonials     C+
• WP Google Review Slider     C+
• WPFront User Role Editor     C+
• Xagio SEO     C+
• YourChannel     C+
• Advanced Custom Fields: Gravity Forms Add-on     C
• WPBakery Page Builder Addons by Livemesh     C
• Better Click To Tweet     C
• Buying Buddy IDX CRM     C
• CC-Syntax-Highlight     C
• Column Shortcodes     C
• Event Tickets and Registration     C
• FeedCache Pipes     C
• GDPR Cookie Compliance     C
• Ignore Code     C
• WP Mobile Menu     C
• Post Editor Zen Coding     C
• PowerPack Lite for Elementor     C
• Replace Google Fonts with Bunny Fonts     C
• REST API support for Crayon Syntax Highlighter     C
• Syntax Highlight     C
• Syntax Highlighter++     C
• WC Block User     C
• WP Editarea     C
• Ajax Search Lite     D+
• autometa’s CATAG     D+
• Code Snippets in Comments     D+
• Genesis Blocks     D+
• Invisible reCaptcha     D+
• Lazy Load     D+
• Podlove Podcast Publisher     D+
• Twiogle Twitter Commenter     D+
• WC Expired Products     D+
• DarkOnyx Plugin for WordPress     D
• Genesis Custom Blocks     D
• MP3 Audio Player     D
• WP-SynHighlight     D
• WP User Frontend     D
• Ad Inserter     F
• Starter Templates     F
• Filester     F
• ExactMetrics     F