WordPress Plugin

Security scores
inside your admin.

See CVE data, risk ratings, and unpatched vulnerability warnings for every installed plugin — without leaving WordPress.

Download free plugin How it works

Free forever

One-click setup

GPL-2.0

Plugins

WooCommerce

A powerful, extendable eCommerce plugin

v9.4.2

87Good3 CVEs (all patched)View report →

Contact Form 7

Just another contact form plugin

v6.0.2

68Caution5 CVEsView report →

Starter Templates

Ready-to-use starter templates

v3.1.6

31Critical2 CVEs (1 unpatched)View report →

wp-admin/plugins.php

Yoast SEO

91Good

WooCommerce

87Good

Elementor

62Caution

Contact Form 7

68Caution

LiteSpeed Cache

45Warning

Starter Templates

31Critical

Color-Coded Plugin List

Every row tells
you the risk.

Your entire plugin list gets color-coded by security score. Red rows with unpatched CVEs jump out immediately. Green rows give you confidence. No clicking, no searching — the risk is right there.

Good

80 – 100

Caution

60 – 79

Warning

40 – 59

Critical

0 – 39

Add Plugins Page

Check the score
before you install.

Browsing for new plugins? WP-Safety injects security badges into every plugin card on the Add Plugins page. You'll see the score, CVE count, and unpatched warnings before you ever hit "Install Now."

Pre-install scoring

See the security score on every plugin card before you install it.

Unpatched CVE warnings

Red badges highlight plugins with unpatched vulnerabilities.

Full report links

One click to the full WP-Safety.org security report for any plugin.

Akismet

Spam protection for your WordPress site.

92Good

Jetpack

Security, performance, and marketing tools.

74Caution8 CVEs

All-in-One WP Migration

Export your WordPress site with one click.

58Warning3 CVEs

ThemeGrill Demo Importer

Import theme demo content.

24Critical1 unpatched

Settings → WP-Safety

Connection Status

StatusConnected

Linked emailadmin@example.com

Site domainexample.com

API tokenwps_a3f8c1e9...

Actions

Re-provision account

Clear score cache

Data & Privacy

Only plugin slugs, versions, admin email, and site domain are sent to wp-safety.org. No page content or credentials are transmitted.

Zero-Config Setup

One click to
connect.

No sign-up form. No API keys to copy-paste. Activate the plugin, click "Connect to WP-Safety" in the admin notice, and you're done. Your site is linked, scores start flowing — and nothing is sent until you say so.

Upload and activate the plugin

Click "Connect to WP-Safety" in the admin notice

Security scores appear on your plugin list

Want to claim your auto-provisioned account? Visit wp-safety.org and use "forgot password" with your admin email. You'll get full dashboard access with your monitored sites.

Plugin specs

Lightweight, privacy-respecting, and built for WordPress standards.

WordPress 5.8+

Compatible with WordPress 5.8 and above. Tested up to 6.7.

PHP 7.4+

Works on PHP 7.4 or later. Zero external PHP dependencies.

6-hour cache

Scores are cached locally using WordPress transients. Minimal API calls.

GPL-2.0

Fully open-source. Inspect the code, contribute, or fork it.

What data does the plugin send?

Admin email

Used once to provision your account. Not shared with third parties.

Site domain

Identifies your site for linking and dashboard display.

Plugin slugs & versions

Sent to look up security scores. No other plugin data is included.

No page content, user data, database information, or credentials are ever transmitted.

Read the full privacy policy

Start seeing the risks you're ignoring.

Install the free plugin, activate it, and get security scores for every plugin on your site in under a minute.

Download from WordPress.org Browse the directory

Security scoresinside your admin.

Every row tellsyou the risk.

Check the scorebefore you install.