via pluginvulnerabilities.com => original post link
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities being exploited before the developer or others know about them, that our plugin offers isn’t broken as we make changes to the plugin. Once we started developing that, we realized that could be repurposed to test to see if other firewall plugins provide protection in the same situations. In May of last year, we started doing a monthly run of that against other firewall plugins, so we could get a better understanding of how the WordPress security landscape is changing over time.
With over a year’s worth of results, it seemed like a good time to review how things are going. We will focus on the top four plugins, as those are the only plugins that have better results from the first test. The results for those in May of last year were not great: [Read more]