Top 10 Wordpress Security tools

2026. Avada Builder plugin for WordPress has a critical flaw



Wordfence has discovered a dangerous vulnerability in the WordPress plugin Avada Builder, which has approximately 1 million active installations. This vulnerability is an SQL injection vulnerability that can be exploited without authentication to steal sensitive data. Patches are scheduled for release in May 2026; users are advised to update to version 3.15.3+. Avada Builder is a visual, drag-and-drop page builder for WordPress. It allows users to create websites without writing code. The researcher who discovered the vulnerability, Rafi Muhammad, received a reward of approximately $4,500.


2021. Antivirus for websites Virusdie released plugin for WordPress



Virusdie has released a plugin for WordPress websites. The free version includes a WAF firewall with basic protection, monthly malware scanning (redirects, Trojans, backdoors, shell scripts, malicious code and URLs, SEO spam, hacks, injected code, cryptocurrency miners), database scanning, automatic site checks against over 60 blacklists (plus one-click removal). The paid version includes daily scanning, automatic malware removal, a file editor with malicious code highlighting, file backup before cleaning, WAF protection against XSS and SQL injections, DoS attacks, brute-force attacks, content scraping protection, IP whitelisting/blacklisting, and country blocking.


2021. In WordPress 5.8.1 developers fixed three security issues



The WordPress open-source team has announced the release of version 5.8.1. In this update, the developers addressed a number of security issues in the REST API, the Gutenberg block editor, and the Lodash JavaScript library. Additionally, 60 bugs were fixed. All three security issues are quite serious, so the WordPress team recommends updating sites to the latest version.


2020. Brute-force attacks against WordPress



Akamai security expert Larry Cashdollar published research on the Stealthworker malware, which is actively used for brute-force attacks on popular online platforms. The malware exploits WordPress installations with weak passwords and attempts to brute-force other content management systems and network services. Potential targets include WordPress, cPanel, Drupal, Bitrix, OpenCart, Magento, and MySQL, PostgreSQL, SSH, and FTP services.


2015. CleanTalk updated its anti-spam plugin for WordPress

Cloud-based antispam service CleanTalk has released a new version of its antispam plugin for WordPress. The new version features a unique feature for automatically checking existing comments for spam. This allows website administrators to automatically check and identify comments written by spambots that weren't detected by standard antispam tools. The new feature is currently available only for WordPress and will be gradually rolled out to other CMSs. Spambot messages (comments) often disguise themselves as messages from regular users, but contain advertising links or text. The main goals of such messages are to redirect users to malicious resources, place advertisements, or boost a site's rankings through links. This compromises a site and can damage its reputation, leading to a decrease in search engine rankings. Therefore, reliable protection against spambots is the only way to prevent the undesirable consequences of such cyberattacks.

2014. CleanTalk launched mobile app for monitoring comments and registrations

CleanTalk has unveiled mobile app for webmasters and WordPress website administrators. Now, iPhone/iPad users can monitor all messages, comments, and visitor registrations, which are checked by CleanTalk's cloud-based anti-spam service. According to the developers, the app works in conjunction with CleanTalk's anti-spam service. All data on comments and visitor registrations is immediately transferred to the app. Therefore, users no longer need to log into their website or email to view incoming messages—the app will automatically notify them of new information, the company claims. For example, the app is indispensable for online stores because it allows them to receive notifications about incoming orders at any time.