via pluginvulnerabilities.com => original post link
In October 2021, we found that the Wordfence Security plugin for WordPress more than double the peak memory usage over WordPress by itself. That compared to a minimal memory increase by the two WordPress firewall plugins that provided more protection than it. Those two plugins also had a significantly smaller performance penalty than Wordfence Security. It obviously is a bad tradeoff to get less protection for more memory usage and a higher performance penalty.
In discussing that memory usage, we quoted a Wordfence employee that had claimed that they are “constantly working on making the plugin” “use less resources”. That certainly sounds impressive, but Wordfence has a long track record of impressive claims that turn out to not be true. It also doesn’t make sense. You can’t constantly do that. You should hit a point where you can’t do anymore. The changelog for the plugin doesn’t have entries that suggest that is true either. [Read more]