Our service helps keep your website protected from security vulnerabilities in WordPress plugins.
Numerous WordPress plugins contain known vulnerabilities in their current versions, some of them can lead to the average WordPress website being hacked, and many more are a threat for high profile websites that would are likely to be targeted by hackers. In many cases the plugins remain in the WordPress Plugin Directory even though they contain vulnerabilities, by our count those plugins have 1,737,000+ active installs (we used to be about the only ones was making sure they were removed, but we temporarily stopped doing that until WordPress fixes some of the problems with their handling of security). When the plugins do get removed, if you are already using them, you won’t get warned that you are at risk. With our service you don’t have to scour numerous source try to keep track of vulnerabilities in plugins you use, we do that for you.
You can check if you are currently using vulnerable plugins for free, when you take advantage of our first month free promotion.
Our data comes from monitoring of hacking attempts, checking plugins for additional vulnerabilities, and monitoring numerous sources of public disclosures of plugin vulnerabilities. For many vulnerabilities we include in our data, you won’t find them anywhere else because no one else does monitoring to the extent we do. We test out each vulnerability to determine whether it has been fixed and to determine what versions are vulnerable, so if a vulnerability is found in the version of a plugin you are using you get an email alert warning you about it. That way you can take quick action to limit your exposure, if you need help in deciding how to deal with that we are always available to assist in that. In some cases a small workaround can be crafted to allow you continue to use the plugin while a fuller fix is being developed.
With vulnerabilities that haven’t been fixed when we come across them we try to work with the developers to get them fixed, which limits the exposure you and everyone else using the plugins has to the vulnerability.
When you are paying customer for the service you can also get help choose what plugins will have a security review done on them by us (you can see the results of the previous review here).
To make better decisions on what plugins you use, you can see historical data on what vulnerabilities have been in past versions of the plugins you use or plan to use.
If you are thinking that security plugins will protect against these vulnerabilities, think again, as our testing of them against real vulnerabilities in other plugins has shown they provide little to no protection. The developer of one popular security plugin actually believes that it outside their scope to protect against these vulnerabilities. Far too often we have found that security plugins actually have security vulnerabilities of their own, for example we spotted a vulnerability that looks to have been exploited for at least five months in one security plugin before we took action to get it fixed.