We recently noted that the developer of the 1+ million install WordPress security plugin Security Optimizer, SiteGround, was saying that you shouldn’t use the Wordfence Security plugin and instead use their plugin. They didn’t cite any evidence that their plugin Continue reading Security Optimizer vs Wordfence Security
Whether intentionally or not, part of the business model of the developer of the Wordfence Security plugin involves scaring people in to buying their services by overstating the risk posed by security issues. The overstated risk was on display in Continue reading Wordfence Is Warning That Vulnerabilities Are Critical When They Are Not
When it comes to the developers of WordPress security plugins, they shouldn’t be creating the insecurity they are supposed to be protecting against. That unfortunately is true of the current and former developers of the very popular All-In-One Security (AIOS) Continue reading All-In-One Security (AIOS) vs Wordfence Security
Like the developers of lots of WordPress security plugins, the developer of Wordfence Security makes a lot of impressive sounding claims about their plugin and the protection it offers, but notably doesn’t present any evidence to back the claims up. Continue reading Wordfence Security Firewall Review: Missing a Lot of Protection that Better Options Offer
It’s common for critics of the Wordfence Security plugin to claim it isn’t useful unless you are using the companion Wordfence Premium service because new rules for the firewall are only provided to paying customers for the first 30 days Continue reading Wordfence Premium Adding Firewall Rules for Vulnerabilities in Under 10 Plugins a Month
The most important thing to know about WordPress firewall plugins is the amount of protection they offer against real threats, but we are somehow the only ones that do testing that would measure that. A lot of the claimed threats Continue reading WP Cerber Security vs Wordfence Security
In October 2021, we found that the Wordfence Security plugin for WordPress more than double the peak memory usage over WordPress by itself. That compared to a minimal memory increase by the two WordPress firewall plugins that provided more protection Continue reading Wordfence Security Still More Than Doubles Peak Memory Usage Over WordPress By Itself
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary WordPress options (settings). The possibility of the vulnerability was flagged by proactive Continue reading Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed
The most important thing to know about WordPress firewall plugins is the amount of protection they offer against real threats, but we are somehow the only ones that do testing that would measure that. A lot of the claimed threats Continue reading Solid Security vs Wordfence
Last week, we noted that the marketing for the Wordfence Security plugin was promoting its firewall as being the industry leader, despite that not being supported by them with anything whatsoever and objective testing showing that being far from the Continue reading WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That
While looking into something for another post, we noticed that the developer of the Wordfence Security plugin is marketing their solution as having the “Industry Leading Firewall”: [Read more] ShareTweetSharePostSharePin It!
It isn’t uncommon to see people asking the developers of WordPress security plugins if they can be used alongside another security plugin. That often seems like an odd question, as the two plugins being asked about are all-in-one security plugins Continue reading Combining WordPress Security Plugins Doesn’t Provide Better Protection Than One Better Plugin
Last week, we wrote about one feature of the Wordfence Security plugin that doesn’t actually provide the protection that Wordfence has been able to convince people otherwise. Another feature that was brought up to us by the same person asking Continue reading Wordfence Security’s Country Blocking Isn’t an Effective Measure Against Hackers
We recently had a potential customer ask if our firewall plugin protected against brute force attacks as they believed the Wordfence Security plugin is doing. They also noted that using something different than what Wordfence Security provides would seem like Continue reading The Wordfence Security Plugin Isn’t Actually Protecting Against Brute Force Attacks
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn’t work when a hacker finds a vulnerability and starts exploiting it, otherwise known Continue reading How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Latest WordPress Plugin to Include Firewall Provides Almost No Protection Against Zero-Days
Last week there were a spate of largely unhelpful new stories run about websites getting hacked through an already fixed vulnerability in a WordPress plugin not available through the WordPress Plugin Directory, tagDiv Composer. There is a lot that could Continue reading 3 WordPress Firewall Plugins Stop Recent Widely Exploit Vulnerability in tagDiv Composer Plugin
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Wordfence Security Increases Protection in October Test of WordPress Security Plugins’ Zero-Day Protection
Yesterday and today we have been documenting an absolute mess in the WordPress security space. The developer of the Freemius library, which is widely used in WordPress plugins, was warned by us in February of last year of a security Continue reading Wordfence Has Also Been Falsely Claiming That WordPress Plugins Contain Vulnerabilities