You can follow the recent results of the Plugin Security Scorecard through the tool's Bluesky account.

• Best Youtube Video LazyLoad     C+
• Lazy Embed     C+
• YouTube Embed     C
• Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades     D+
• WPCode     F
• Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)     C+
• Powered Cache     C
• FunnelKit Automations     D+
• Payment Plugins for PayPal WooCommerce     B
• Widget Options     C+
• Sliding Cart for WooCommerce by FunnelKit     C
• WPForms Lite     F
• Logo Slider and Showcase     C
• NinjaFirewall (WP Edition)     D
• iZooto     D
• Rate My Post     B
• SureTriggers     F
• Menu Icons by ThemeIsle     C
• Cross Domain Tracker for AffiliateWP     F
• ThumbPress     C+
• 3D FlipBook     B
• Bold Page Builder     C
• ShareASale WooCommerce Tracker     D+
• All in One SEO     F
• Speed Optimizer     C+
• Merge + Minify + Refresh     C+
• Current Year Shortcode VICT     B
• Independent Analytics     C
• Ninja Forms     F
• WP SSL Redirect     C+
• Disable WP REST API     B
• Gmap     B
• Blocks Export Import     C+
• Bulk Post Update Date     C
• GA Google Analytics     B
• Top 10     D+
• BetterLinks     C+
• Termageddon     B
• Kraken.io Image Optimizer     C
• Simple Custom CSS and JS     C+
• Date Time Picker for Contact Form 7     C+
• Drag and Drop Multiple File Upload for Contact Form 7     B
• Marquee image crawler     C
• Spam Protect for Contact Form 7     C
• W3 Total Cache     C
• ReachShip WooCommerce Multi-Carrier & Conditional Shipping     C+
• Site Kit by Google     C+
• WP Meteor Website Speed Optimization Addon     B
• GN Publisher     C+
• Web Push Notifications     C+
• Firelight Lightbox     B
• BBQ Firewall     D+
• Neptune Real Estate     D+
• Wordfence Security     F
• Advanced Custom Fields (ACF)     C+
• NitroPack     F
• Search & Replace     C
• Spectra     F
• Campaign Monitor for WordPress     F
• Header Footer Code Manager     C+
• Structured Content     B
• Stackable     C+
• Gravity Forms CLI Add-On     B
• Plugin Notes Plus     B
• Fast Velocity Minify     B
• WPScan     F
• WP Media folders     C
• FileBird     B
• HT Easy GA4     B
• ExactMetrics     F
• Meta pixel for WordPress     B
• MC4WP: Mailchimp for WordPress     B
• WP Media File Type Manager     C+
• Easy Media Replace     C
• Enable Media Replace     C
• Simplistic page navi     C
• Limit Login Attempts Reloaded     C
• Beautiful Cookie Consent Banner     C+
• Perfect Images     B
• Breeze     C+
• Duplicator     F
• Cachify     B
• Menu Image, Icons made easy     C+
• Mailchimp for WooCommerce     B
• Advanced Coupons     F
• Classic Editor     C+
• LiteSpeed Cache     D+
• Contact Form 7: Accessible Defaults     C+
• AccessibleWP     C
• WCAG 2.0 form fields for Gravity Forms     C
• Equalweb Accessibility     C+
• Accessibility by AudioEye     C
• DJ-Accessibility     C
• Accessibility Widget     D+
• Accessibility New Window Warnings     B
• All in One Accessibility     B
• Accessibility by AllAccessible     B
• Accessibility     C
• Accessibility Lite     C+
• Equalize Digital Accessibility Checker     C+

Check Another Plugin

Choose WordPress plugin available in the Plugin Directory to check by searching on its name or slug:

Choose a category to see a comparison of all the WordPress plugins already graded from that category:

Choose ClassicPress plugin to check by searching on its name or slug:

Check Plugin Not in WordPress Plugin Directory

Subscribers of our service can submit ZIP files of plugins that are not in the WordPress Plugin Directory to have them checked. (Not all issues can be checked for with uploaded plugins, as they require data not available with just the plugin's files.) You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

The results of these gradings will not be stored.

About the Scorecard

The Plugin Security Scorecard grades plugins' handling of security based on data coming from the Plugin Vulnerabilities service, checking over the contents of the plugin, the WordPress.org API, and data generated specifically for the tool. It provides a useful, but incomplete, understanding of the security posture of the plugin and its developer. All the issues identified are ones that the developer of the plugin has the ability to address to get the grade of the plugin up to an A+.

Grades are calculated based on issues with any of the following:

• Plugins known to be vulnerable
• Plugin developers with track records of improperly handling security problems
• Security issues in the plugin that can be detected in an automated fashion
• Issues with the developer's developerment processes that suggest that their could be problems with security
• Plugins making unsupported, misleading, and false claims about their handling of security and the handling of security with WordPress

We are working to expand and refine the tools' ability to provide a good measure of plugins' security status. If you are aware of an additional security concern with this plugin that isn't represented here, please contact us. Other feedback on the tool is also welcome.

If you want a comprehensive understanding of the security of the plugin, a well-done security review is really needed to provide that.