The following Million+ Install plugins have been graded with the Plugin Security Scorecard:
Loco Translate B+
Redirection B+
CookieYes B
Cookie Notice & Compliance for GDPR / CCPA B
Disable Comments B
Hostinger Tools B
MC4WP: Mailchimp for WordPress B
Maintenance B
Safe SVG B
WP Fastest Cache B
WPS Hide Login B
Advanced Custom Fields (ACF®) C+
Akismet Anti-spam C+
Autoptimize C+
Classic Editor C+
Classic Widgets C+
Contact Form 7 C+
Custom Post Type UI C+
Yoast Duplicate Post C+
ElementsKit Lite C+
Envato Elements C+
Site Kit by Google C+
Redux Framework C+
Speed Optimizer C+
Yoast SEO C+
WP Mail SMTP C+
WP Super Cache C+
All-in-One WP Migration and Backup C
Better Search Replace C
Code Snippets C
Essential Addons for Elementor C
EWWW Image Optimizer C
Limit Login Attempts Reloaded C
OptinMonster C
Regenerate Thumbnails C
SVG Support C
Advanced Editor Tools C
W3 Total Cache C
WordPress Importer C
Complianz D+
LiteSpeed Cache D+
Rank Math SEO D+
Loginizer D
Really Simple Security D
All in One SEO F
All-In-One Security (AIOS) F
Starter Templates F
Duplicate Page F
Duplicator F
Elementor F
MonsterInsights F
XML Sitemap Generator for Google F
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) F
Image Optimizer F
WPCode F
Smash Balloon Social Photo Feed F
Jetpack F
Security Optimizer F
Spectra Gutenberg Blocks F
UpdraftPlus F
WooCommerce F
Wordfence Security F
WP File Manager F
WP-Optimize F
Smush Image Optimization F
WPForms Lite F
Latest Grade From June 12, 2025
Plugin Missing?Is a plugin missing from the list? If the plugin hasn't been graded yet, it can't be listed. You can check it below. Once plugins have been graded, we manually categorize them. If a plugin that hasn't just been graded isn't listed, please let us know that it is missing from the category.
Check Another Plugin
Check Plugin Not in WordPress Plugin Directory
Subscribers of our service can submit ZIP files of plugins that are not in the WordPress Plugin Directory to have them checked. (Not all issues can be checked for with uploaded plugins, as they require data not available with just the plugin's files.) You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.
The results of these gradings will not be stored.
About the Scorecard
The Plugin Security Scorecard grades plugins' handling of security based on data coming from the Plugin Vulnerabilities service, checking over the contents of the plugin, the WordPress.org API, and data generated specifically for the tool. It provides a useful, but incomplete, understanding of the security posture of the plugin and its developer. All the issues identified are ones that the developer of the plugin has the ability to address to get the grade of the plugin up to an A+.
Grades are calculated based on issues with any of the following:
- Plugins known to be vulnerable
- Plugin developers with track records of improperly handling security problems
- Security issues in the plugin that can be detected in an automated fashion
- Issues with the developer's developerment processes that suggest that their could be problems with security
- Plugins making unsupported, misleading, and false claims about their handling of security and the handling of security with WordPress
We are working to expand and refine the tools' ability to provide a good measure of plugins' security status. If you are aware of an additional security concern with this plugin that isn't represented here, please contact us. Other feedback on the tool is also welcome.
If you want a comprehensive understanding of the security of the plugin, a well-done security review is really needed to provide that.