All-In-One Security (AIOS)

All-In-One Security (AIOS) Firewall Review: It Doesn’t Deliver Great Results

Posted on 25 January 2024 by

In 2022, the WordPress security plugin All In One WP Security & Firewall was rebranded as All-In-One Security (AIOS). The removal of emphasis on a firewall is probably fitting, as the plugin’s firewall capability is rather limited and the developers Continue reading All-In-One Security (AIOS) Firewall Review: It Doesn’t Deliver Great Results→

Confusion Over Proper Usage of esc_url_raw() Includes Developers of 1+ and 5+ Million Install WordPress Security Plugins

Posted on 5 January 2024 by

While working on a security review of a WordPress plugin, we ran across miss-usage of a WordPress security function, esc_url_raw(). While looking to see if this was a wider issue, we found that a 5+ million install security plugin is Continue reading Confusion Over Proper Usage of esc_url_raw() Includes Developers of 1+ and 5+ Million Install WordPress Security Plugins→

All-In-One Security (AIOS) vs Wordfence Security

Posted on 5 January 2024 by

When it comes to the developers of WordPress security plugins, they shouldn’t be creating the insecurity they are supposed to be protecting against. That unfortunately is true of the current and former developers of the very popular All-In-One Security (AIOS) Continue reading All-In-One Security (AIOS) vs Wordfence Security→

WordPress All-In-One Security (AIOS) Plugin Has Been Logging User Passwords for Nearly Two Months

Posted on 10 July 2023 by

We recommend against using all-in-one WordPress security plugins for a number of reasons. One of them is that they likely include a lot of functionality that you don’t need, which, among other issues, can create additional security risk when you Continue reading WordPress All-In-One Security (AIOS) Plugin Has Been Logging User Passwords for Nearly Two Months→

Some WordPress Firewall Plugins Provide No Zero-Day Protection Without Additional Configuration

Posted on 6 July 2023 by

One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Some WordPress Firewall Plugins Provide No Zero-Day Protection Without Additional Configuration→

NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day

Posted on 30 June 2023 by

Among the common, but inaccurate, security advice you will hear is that WordPress won’t get hacked if you take basic security measures, including keeping plugins up to date. While doing the basics is really important, the reality is that keeping Continue reading NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day→

6G Firewall Rules in All-In-One Security (AIOS) WordPress Plugin Don’t Provide Effective Protection

Posted on 26 June 2023 by

In version 5 of the WordPress security plugin All-In-One Security (AIOS) an update was made to its firewall functionality, which implemented “6G firewall rules in the new PHP-based firewall.” Someone posted on the support forum for the plugin requesting to Continue reading 6G Firewall Rules in All-In-One Security (AIOS) WordPress Plugin Don’t Provide Effective Protection→

WordPress Firewall Plugins Are Barely Improving the Zero-Day Protection They Offer

Posted on 16 June 2023 by

One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading WordPress Firewall Plugins Are Barely Improving the Zero-Day Protection They Offer→

WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities

Posted on 7 June 2023 by

Last week, we ran across a vulnerability in a WordPress plugin that would allow an attacker to delete all the website’s WordPress user accounts, which would be nasty if exploited by an attacker. The ability to easily exploit the vulnerability Continue reading WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities→

Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Posted on 13 March 2023 by

In late January, an unfixed vulnerability in a WordPress plugin with 40,000+ installs started to receive widespread exploitation attempts and many websites were hacked. The hacking was in part caused by multiple WordPress security providers, including Wordfence, WPScan, and Patchstack, Continue reading Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability→

Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

Posted on 6 March 2023 by

Last week, Wordfence disclosed the details of an authenticated persistent cross-site scripting (XSS) vulnerability they had found in a popular WordPress plugin with 3+ million installs (as well as something else that wasn’t really a vulnerability). There were some things Continue reading Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It→

WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability

Posted on 8 February 2023 by

A month ago, we saw a hacker looking to exploit a vulnerability that had recently been fixed in the WordPress plugin User Verification. That vulnerability discovered by Lana Codes involved the plugin’s functionality to email a one-time password for logging Continue reading WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability→

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31