via pluginvulnerabilities.com => original post link
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started developing that is that we could also use that to do automated testing to get a sense of how much protection other WordPress security plugins provided against zero-days, which are vulnerabilities being exploited before the developer knows about them. In May, we started doing a monthly run of that against a wide range of plugins to start tracking how their protection changed over time. So far there haven’t been many notable changes, but this month had a significant change.
Up until this month, the results have been that our plugin has provided the most protection, followed by NinjaFirewall providing protection in about a third of the exploit tests, and Wordfence Security coming third with protection for a fifth of the exploit tests. That seems like a good indication of the poor state of WordPress security plugins and a lack of understanding of how much protection they provide, as NinjaFirewall only has 80,000+ installs, while Wordfence security has 4,000,000+ installs. [Read more]