via pluginvulnerabilities.com => original post link
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started developing that is that we could also use that to do automated testing to get a sense of how much protection other WordPress security plugins provided against zero-days, which are vulnerabilities being exploited before the developer knows about them. In May, we started doing a monthly run of that against a wide range of plugins to start tracking how their protection changed over time. So far there haven’t been many notable changes, but this month had a significant change that follows on a change from December.
In December, the Wordfence Security plugin fell to fourth place with the Pareto Security plugin moving above it based on adding more protection. That month we also had tried to add the BitFire plugin to the testing, but the latest version of the plugin broke WordPress. By this month BitFire has gotten in to better shape, so we could include it in the testing. The result of that is that Wordfence Security has fallen yet another spot, as BitFire provided protection against 25.8% of exploit attempts versus only 20.0% for Wordfence. That also put BitFire in third place behind only our plugin and NinjaFirewall. [Read more]