via pluginvulnerabilities.com => original post link
When it comes to protecting WordPress based websites against the threat of plugin vulnerabilities, there are a lot of options available. Like security solutions in general, most of them are not going to do a very good job of what they are possibly capable of. If they did, then security would be in much better shape than it is. Making things worse, oftentimes security solutions are treated as if they are a solution for problems they are not. Recently we had someone mention to us that a client of theirs had chosen a proxy based WAF over using our service for protecting against WordPress plugin vulnerabilities, which is odd since the two things are quite different. A proxy based WAF isn’t a good alternative to a service like ours for a variety of reasons.
What is a proxy based WAF? WAF is short for web application firewall. Like a lot of security terminology, the term is often misused. An actual WAF is a security system that is separate from the software running on a website. So a WordPress firewall plugin wouldn’t be a WAF, though, those are often mislabeled as WAFs. A proxy based WAF means that website’s traffic runs through the WAF before reaching the website. That tries to stop attacks before they reach the website. These days when someone just says WAF, they are talking about a proxy based WAF. [Read more]