Where WordPress firewall plugins are really useful is for providing protection before a vulnerability is known about, as at that point they can offer protection that other solutions can’t. That was on display with a recent widely exploited zero-day that Continue reading Wordfence Doesn’t Admit That WordPress Had Already Provided Protection for “Massive Exploit Campaign” Before Them
The most popular WordPress security-only plugin, Wordfence Security, appears to in part be as popular as it is because a lot of people believe it provides a level of protection it doesn’t come close to providing (and in some cases, Continue reading WordFence Security’s Firewall Won’t Actually Address Any Known Vulnerability
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Some WordPress Firewall Plugins Provide No Zero-Day Protection Without Additional Configuration
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading WordPress Firewall Plugins Are Barely Improving the Zero-Day Protection They Offer
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Returns to Third Place in May Test of WordPress Security Plugins’ Zero-Day Protection
When considering WordPress firewall plugins, it is important to consider not only the protection they can provide, but also whether they cause unnecessary problems. On both counts, the most popular security-only WordPress plugin, Wordfence Security, does worse than other options. Continue reading Wordfence Security Improperly Blocks WordPress Users From Uploading Files
In our testing, the most popular security-only WordPress security plugin Wordfence Security fails to provide as much protection as other much less popular security plugins. Making the situation worse is that it introduces a significant performance penalty over security plugins Continue reading Wordfence’s Solution to Their Firewall Incorrectly Blocking Legitimate Request is to Disable Needed Protection
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Falls to Fifth Place in February Test of WordPress Security Plugins’ Zero-Day Protection
As we have documented multiple times before, Wordfence is providing highly inaccurate information on vulnerabilities in WordPress plugins. We keep running into more examples of that. Earlier this week someone contacted the developer of a plugin about Wordfence’s claim that Continue reading Wordfence Isn’t Telling the Truth About the Sourcing and Reliability of Their Plugin Vulnerability Data
The Wordfence Security plugin is promoted with the claim that its firewall stops websites from getting hacked: Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. [Read more] ShareTweetSharePostSharePin It!
While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Falls to Fourth Place in December Test of WordPress Security Plugins’ Zero-Day Protection
Currently, in our dataset of vulnerabilities in WordPress plugins, there are plugins with at least 8.16 million active installs that are still available through the WordPress Plugin Directory despite the plugins being known to contain security vulnerabilities. That is a Continue reading WordPress Plugin Returns to Plugin Directory Without Vulnerability Being Resolved
During the weekend, third-party data we monitor recorded what appeared to be a hacker probing for usage of the WordPress plugin ContentStudio. The requests are looking for the plugin’s readme.txt file: /wp-content/plugins/contentstudio/readme.txt [Read more] ShareTweetSharePostSharePin It!
Recently, we have covered multiple instances where the WordPress security provider Wordfence was falsely claiming that WordPress plugins contain “critical” vulnerabilities, despite there being no vulnerability. That is despite them marketing one of their services, Wordfence Intelligence, partly based on Continue reading Wordfence Falsely Claims WordPress Plugin Contains a “Critical” Vulnerability Because It Confused it With Another Plugin
Less than a month ago, we noted that one provider of data on vulnerabilities in WordPress plugins, Automattic’s WPScan, was copying information from competing providers, including Wordfence, without credit. It turns out that Wordfence is doing the same with another Continue reading Wordfence Isn’t Disclosing They Are Copying (Possibly Inaccurate) Plugin Vulnerability Information From Competitor Patchstack