In the past, we have looked at the performance impact and memory usage increase caused by WordPress firewall plugins that provide real protection. We recently ran across a website called WP Hive that provides claimed measurements of the performance impact Continue reading WP Hive’s Memory Usage Measurement Math Doesn’t Add Up
Earlier in the week, we detailed what looks to be going on with the closure of the popular WordPress security plugin WP Cerber on WordPress’ plugin directory. What seems like it could have started the closure was a claim made Continue reading WP Cerber Competitors Automattic and Patchstack Also Spread False Claim of Vulnerability in the Plugin
In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of September 30
The news outlet Fast Company has been in the news for the past couple of days over obscene push notifications sent out through Apple News and an apparently relating hacking of their WordPress powered website. The hacker posted on Fast Continue reading The Simple Way to Avoid Your WordPress Website From Being Hacked Like Fast Company’s Was
When it comes to try to better understand the security risks that WordPress websites face, one big problem is that security companies and security journalists are often spreading inaccurate and far too often outright false information related to that. In Continue reading Kaspersky Looks to Have Shuttered the Threatpost, the Security News Outlet They Secretly Own
The WordPress security plugin WP Cerber is marketed as if it protects websites from being hacked: Defends WordPress against hacker attacks, spam, trojans, and malware. [Read more] ShareTweetSharePostSharePin It!
Last week Bloomberg’s Katrina Manson covered a recommendation from the US Cybersecurity and Infrastructure Security Agency that urged companies to automate threat testing. The story touched on one of the realities of the poor state of security that doesn’t get Continue reading How to Replace Overpriced and Ineffective WPScan Based Penetration Testing of WordPress Websites With Cheaper and Better Automated Testing
Last week numerous news outlets ran scary sounding stories about a claimed security issue in a WordPress plugin. Here are some of the headlines of stories that were included in Google News: WordPress zero-day vulnerability compromised more than 280000 websites: Continue reading Wordfence and Security Journalists Are Again Creating FUD About the Security of WordPress Websites
One of the things we do to be able to provide customers of our service with the best information about known vulnerabilities in WordPress plugins is by monitoring the WordPress Support Forum for possibly relevant topics. Along with the information Continue reading Unlike WP Sec, Our Service Actually Determines if Your Site is Using a Known Vulnerable WordPress Plugin
Last November GoDaddy, which heavily markets themselves to the WordPress community, disclosed a massive breach of the data on customers using the managed WordPress hosting service. A stunning element of that was that they were still storing customers’ passwords in Continue reading Cloudways is Still Storing Non-Hashed Passwords
When it comes to WordPress security plugins, the developers are often much better at marketing them than they are with security. Hence, these plugins are widely used despite failing to provide much, if any, protection. The developer of the Shield Continue reading Shield Security’s Firewall Has Now Been Broken for 3 Months
When we do testing of WordPress security plugins to see what protection, if any, they provide against vulnerabilities in other plugins; we try to enable any options that will cause them to provide all the protection they could possibly offer. Continue reading The All In One WP Security & Firewall Plugin Provides Little Firewall Protection With Recommended Settings
Recently someone posted on Reddit looking for a better alternative to the Wordfence Security plugin: For years I used Wordfence and it was okay(ish), but I would like to try something different with better security. [Read more] ShareTweetSharePostSharePin It!
Yesterday, we compared the claims the developer of WordPress security plugin BBQ Firewall makes about its protection to the reality of the very limited protection in provides. The developer of the plugin is also the developer of a set of Continue reading 7G Firewall Tested: It Doesn’t Provide “Powerful” or “Super Strong” Protection
One of the most recent reviews for the BBQ firewall plugin for WordPress is titled “Not a real firewall..” and the author makes this claim: I had the PRO version and it doesn’t stop the real hacks. [Read more] ShareTweetSharePostSharePin Continue reading The BBQ Firewall Plugin for WordPress Isn’t a “Powerful WAF”
One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when Continue reading WordPress Plugin Developer Security Advisory: Artbees
For our 39th security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin SearchWP Live Ajax Search. If you are not yet a customer of the service, once you sign up for the service Continue reading WordPress Plugin Security Review: SearchWP Live Ajax Search
It isn’t hard to find people citing the Cloudflare service as a good security solution for WordPress websites. What is lacking is any of those people citing evidence that Cloudflare provides effective protection for WordPress websites. If it was an Continue reading Cloudflare Isn’t Adding New Firewall Rules to Protect Against Vulnerabilities in WordPress Plugins