via pluginvulnerabilities.com => original post link
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started developing that is that we could also use that to do automated testing to get a sense of how much protection other WordPress security plugins provided against zero-days, which are vulnerabilities being exploited before the developer knows about them. In May of last year, we started doing a monthly run of that against a wide range of plugins to start tracking how their protection changed over time. So far there have been a limited number of changes in the results and changes in the ranking of how much protection the plugins provide. This month we did see a change in the rankings involving the most popular plugin tested.
Up through November, the most popular security-only WordPress plugin Wordfence Security had been coming in third in terms of how much protection it offered in the tests. The next month it slipped to fourth and had remained there except in February when it dropped to fifth. This month it returned to third place. It still lags far behind our plugin and NinjaFirewall, which provided protection against 37.28% of the tests versus Wordfence security’s 21.89%. That is a stark difference, especially when you consider that NinjaFirewall only has 90,000+ installs according to WordPress stats versus Wordfence Security’s 4+ million. [Read more]