via pluginvulnerabilities.com => original post link
One reality when it comes to WordPress security plugins is that if a developer claims their plugin will provide some sort of protection, people will repeat the claim without actually knowing if it is true.
That came up recently in our monitoring of the WordPress’ support forum for topics about vulnerabilities in plugins, with the plugin Hide My WP Ghost. Two recent reviews for the plugin, which came during a marketing promotion for it, claimed that it protects against SQL injection (emphasis ours): [Read more]