Choose WordPress plugin available in the Plugin Directory to check by searching on its name or slug:

Choose a category to see a comparison of all the WordPress plugins already graded from that category:

Choose ClassicPress plugin to check by searching on its name or slug:

Check Plugin Not in WordPress Plugin Directory

Subscribers of our service can submit ZIP files of plugins that are not in the WordPress Plugin Directory to have them checked. (Not all issues can be checked for with uploaded plugins, as they require data not available with just the plugin's files.) You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

The results of these gradings will not be stored.

About the Scorecard

Looking to get a better handle on the security of WordPress plugins? This scorecard tool grades plugins' handling of security based on data coming from the Plugin Vulnerabilities service, checking over the contents of the plugin, the WordPress.org API, and data generated specifically for the tool. It provides a useful, but incomplete, understanding of the security posture of the plugin and its developer.

Grades are calculated based on issues with any of the following:

• Plugins known to be vulnerable
• Plugin developers with track records of improperly handling security problems
• Security issues in the plugin that can be detected in an automated fashion
• Issues with the developer's development processes that suggest that there could be problems with security
• Plugins making unsupported, misleading, and false claims about their handling of security and the handling of security with WordPress

We are working to expand and refine the tools' ability to provide a good measure of plugins' security status. If you are aware of an additional security concern with a plugin that isn't represented in our grading, please contact us. Other feedback on the tool is also welcome.

If you want a comprehensive understanding of the security of the plugin, a well-done security review is really needed to provide that.

Plugin Security Scorecard API

Looking to incorporate the grades that WordPress plugins have received from the Plugin Security Scorecard in to your own solution? We have you covered with a JSON based API.

Latest WordPress Plugin Security Scorecard Grades

• Admin and Site Enhancements (ASE)     C+
• WP About Author     C
• User Profile Picture     C
• Seriously Simple Podcasting     F
• AutoWP     F
• miniOrange Malware Protection     C
• Malcure Malware Scanner     B
• Tutor LMS     C
• Masteriyo LMS     D+
• FluentSMTP     D+

See More Recent Grades

You can follow the recent results of the Plugin Security Scorecard through the tool's Bluesky account.

Latest Security Scorecard Grades for WordPress Security Plugins

• miniOrange Malware Protection     C
• Malcure Malware Scanner     B
• Solid Security     F
• Jetpack VaultPress     C+
• NinjaFirewall (WP Edition)     D
• Wordfence Security     F
• Shield Security     F
• Stop User Enumeration     D
• BBQ Firewall     D+
• WP Ghost (Hide My WP Ghost)     D

Latest WordPress Plugin Security Scorecard A Grades

• The SEO Framework     A
• MC4WP: Mailchimp for WordPress     A
• All-in-One WP Migration and Backup     A
• WP Fastest Cache     A
• BERTHA AI     A
• Redis Object Cache     A
• GTranslate     A
• Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)     A
• Database for Contact Form 7     A
• Classic Editor     A

Latest WordPress Plugin Security Scorecard F Grades

• Seriously Simple Podcasting     F
• AutoWP     F
• Easy Digital Downloads     F
• Solid Security     F
• Quentn WP     F
• EDD List File Names     F
• Aspose Contact Form     F
• EDD Coming Soon     F
• ZeroWP OneClick Presets     F
• Autocomplete for Calculated Fields Form     F

WordPress Plugin Security Scorecard Grades by Category

• Accessibility Plugins
• Activity Log Plugins
• Admin Dashboard Plugins
• Admin Menu Plugins
• Advanced Custom Fields Plugins
• Advertising Plugins
• Affiliate Plugins
• AI Plugins
• All-In-One Security Plugins
• Amazon Simple Email Service (SES) Plugins
• Anti-spam Plugins
• Article Feedback Plugins
• Audio Plugins
• Author Plugins
• Automation Plugins
• Backup Plugins
• bbPress Plugins
• Beaver Builder Plugins
• Behavioral Analytics Plugins
• Blocks Plugins
• Bluesky Plugins
• Breadcrumb Plugins
• Bricks Plugins
• Brute Force Protection Plugins
• BuddyPress Plugins
• Business Hours Plugins
• Cache Plugins
• Calendar Plugins
• Captcha Plugins
• Charts Plugins
• CiviCRM Plugins
• Classifieds Plugins
• Cloudflare Turnstile Plugins
• Code Snippets Plugins
• Coming Soon Plugins
• Contact Form Plugins
• Contact Form 7 Plugins
• Content Copy Protection Plugins
• Content Embedding Plugins
• Content Restriction Plugins
• Content Security Policy (CSP) Plugins
• Cookie Consent Plugins
• Countdown Timer Plugins
• Custom Admin Plugins
• Custom Fields Plugins
• Custom login Plugins
• Custom Post Type Plugins
• Database Cleaner Plugins
• Directory Plugins
• Download Plugins
• Duplicate Post Plugins
• E-Commerce Plugins
• Easy Digital Downloads Plugins
• Elementor Plugins
• Email Marketing Plugins
• Embed PDF Plugins
• Export Plugins
• Facebook Plugins
• Featured Plugins
• Fields Plugins
• File Manager Plugins
• File Upload Plugins
• Firewall Plugins
• Font Plugins
• Form Plugins
• 404 Plugins
• Frequently Asked Questions (FAQ) Plugins
• Genesis Plugins
• Google Analytics Plugins
• Graphs Plugins
• Gravity Forms Plugins
• Header Footer Plugins
• Hosting Provider Plugins
• HubSpot Plugins
• Icecast Plugins
• Image Gallery Plugins
• Image Optimization Plugins
• Import Plugins
• IndieWeb Plugins
• Instagram Plugins
• jQuery Plugins
• Lazy Load Plugins
• Leaflet Maps Plugins
• Learning Management System (LMS) Plugins
• Lightbox Plugins
• Link Tracking Plugins
• Maintenance Mode Plugins
• Malware Scanner Plugins
• Media Cleaner Plugins
• Media Offload Plugins
• Membership Plugins
• Menu Plugins
• Migration Plugins
• Million+ Install Plugins
• Minecraft Plugins
• Minify Plugins
• Newsletter Plugins
• Notification Bar Plugins
• Open Graph Plugins
• Page Builder Plugins
• Pagination Plugins
• Panorama Viewer Plugins
• Passwordless Login Plugins
• Payment Plugins
• Permalink Plugins
• Photo Gallery Plugins
• Podcasting Plugins
• Popup Plugins
• Post Order Plugins
• Post Requirements Plugins
• Post Series Plugins
• Public Post Preview Plugins
• QR Code Plugins
• Quiz Plugins
• Redirection Plugins
• Redis Plugins
• Regenerate Thumbnails Plugins
• Responsive Menu Plugins
• Role Editor Plugins
• Search Plugins
• Search and Replace Plugins
• Search Engine Optimization (SEO) Plugins
• Security Plugins
• Security Headers Plugins
• Shortcode Plugins
• Shoutcast Plugins
• Site Health Plugins
• Slider Plugins
• SMTP Plugins
• Snow Plugins
• Social Sharing Plugins
• Speed Optimization Plugins
• Survey Plugins
• SVG Upload Plugins
• Tables Plugins
• Tag Plugins
• Taxonomy Plugins
• Testimonial Plugins
• Toolbar Plugins
• Translation Plugins
• Two Factor (2FA) Authentication Plugins
• User Profile Plugins
• User Registration Plugins
• User Switching Plugins
• Video Player Plugins
• Weather Plugins
• Weaver Theme Plugins
• Web Push Notifications Plugins
• WebP Conversion Plugins
• Website Analytics Plugins
• White Label Plugins
• Widget Plugins
• WooCommerce Plugins
• WordPress Plugin Vulnerability Data Plugins
• WP Consent API Plugins
• WPGraphql Plugins
• WPML Plugins
• XML Sitemap Plugins
• YouTube Plugins
• Automattic Plugins
• Awesome Motive Plugins
• CleanTalk Plugins
• SiteGround Plugins
• StellarWP Plugins
• 10up Plugins
• WordPress.org Plugins
• WP Rocket Plugins
• WP Engine Plugins
• WPManageNinja Plugins
• Plugins With OpenSSF Scorecard
• Plugins Redirecting Vulnerabilty Reports to the Patchstack Vulnerability Disclosure Program (VDP)
• Security Vs.