via pluginvulnerabilities.com => original post link
It isn’t hard to find people citing the Cloudflare service as a good security solution for WordPress websites. What is lacking is any of those people citing evidence that Cloudflare provides effective protection for WordPress websites. If it was an effective solution, you would expect that Cloudflare would be the ones disclosing zero-day vulnerabilities, which are vulnerabilities being exploited before the developer is aware of them, in WordPress plugins, as there are plenty of those to be caught. Last week, for example, we disclosed serious unfixed vulnerabilities we found in two plugins based on seeing what looked to be hacker probing for them. We are not aware of Cloudflare disclosing any of those in recent years.
In March, Cloudflare announced they were “providing a Cloudflare WAF (Web Application Firewall) Managed Ruleset to all Cloudflare plans, free of charge”. In their announcement, they singled out including rules for WordPress in that: [Read more]