We help to keep your website protected from security vulnerabilities in WordPress plugins.
From cleaning up hacked WordPress websites on a regular basis we have found that most security plugins and security services provide little to no protection against real threats that WordPress websites face. In fact we often find that multiple security plugins were installed on those hacked websites.
To large extent it looks like the companies behind those plugins and services simply lack an understanding of the basic of security. That sometimes leads them to making up threats and then claiming their plugins or services will protect against them. For example, security companies have successfully spread a a falsehood that there are numerous attempts to brute force WordPress admin passwords, despite the evidence actually showing that those attacks are not happening at all.
One real threat that those security plugins and security plugins to a large extent fail to protect against are vulnerabilities that exist in WordPress plugins. The developer of one popular security plugin actually believes that it outside their scope to protect against these vulnerabilities. Far to often we have found that security plugins actually have security vulnerabilities of their own, for example we spotted a vulnerability that looks to have been exploited for at least five months in one security plugin before we took action to get it fixed.
With our service we provide you access to what we think is the best plugin vulnerability data out there. Our data comes from monitoring of hacking attempts, checking plugins for additional vulnerabilities, and monitoring numerous sources of public disclosures of plugin vulnerabilities. We test out each vulnerability to determine whether it has been fixed and to determine what versions are vulnerable, so if a vulnerability is found in the version of a plugin you are using you get an email alert warning you about it. That way you can take quick action to limit your exposure, if you need help in deciding how to deal with that we are always available to assist in that. In some cases a small workaround can be crafted to allow you continue to use the plugin while a fuller fix is being developed.
With vulnerabilities that haven’t been fixed when we come across them we try to work with the developers and the Plugin Directory to get them fixed, which limits the exposure you and everyone else using the plugins has to the vulnerability.
Even if you don’t use our service, the companion plugin for the service will warn you when you are using versions of plugins that are being exploited by hackers.
We also work to improve the security of plugins by doing security reviews of individual plugins that have been selected by customers of the service.
To make better decisions on what plugins you use, you can see historical data on what vulnerabilities have been in past versions of the plugins you use or plan to use.
To improve the security of WordPress plugins we are also do our own checks of plugins for additional vulnerabilities and have a bug bounty program to try to make sure more serious vulnerabilities are being found.