Best WordPress Hosting
 

Tag Archives: BitFire

NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day

Posted on by

Among the common, but inaccurate, security advice you will hear is that WordPress won’t get hacked if you take basic security measures, including keeping plugins up to date. While doing the basics is really important, the reality is that keeping Continue reading NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day

WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities

Posted on by

Last week, we ran across a vulnerability in a WordPress plugin that would allow an attacker to delete all the website’s WordPress user accounts, which would be nasty if exploited by an attacker. The ability to easily exploit the vulnerability Continue reading WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities

Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Posted on by

In late January, an unfixed vulnerability in a WordPress plugin with 40,000+ installs started to receive widespread exploitation attempts and many websites were hacked. The hacking was in part caused by multiple WordPress security providers, including Wordfence, WPScan, and Patchstack, Continue reading Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

Posted on by

Last week, Wordfence disclosed the details of an authenticated persistent cross-site scripting (XSS) vulnerability they had found in a popular WordPress plugin with 3+ million installs (as well as something else that wasn’t really a vulnerability). There were some things Continue reading Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability

Posted on by

A month ago, we saw a hacker looking to exploit a vulnerability that had recently been fixed in the WordPress plugin User Verification. That vulnerability discovered by Lana Codes involved the plugin’s functionality to email a one-time password for logging Continue reading WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability

Wordfence Security Falls to Fifth Place in February Test of WordPress Security Plugins’ Zero-Day Protection

Posted on by

While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Falls to Fifth Place in February Test of WordPress Security Plugins’ Zero-Day Protection

Even Wordfence Competitor Has Been Fooled by Untruthful Marketing of Wordfence Premium

Posted on by

We recently tried to add a WordPress firewall plugin named BitFire in to our automated testing system of WordPress security plugins, but found that the plugin wasn’t working properly and then an update totally broke it. We also noticed that Continue reading Even Wordfence Competitor Has Been Fooled by Untruthful Marketing of Wordfence Premium

Wordfence Security Falls to Fourth Place in December Test of WordPress Security Plugins’ Zero-Day Protection

Posted on by

While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Falls to Fourth Place in December Test of WordPress Security Plugins’ Zero-Day Protection