Login
30 Apr 2024

One of the Best Performing WordPress Firewall Plugins is No More

The results of our testing to see how much of the protection our WordPress firewall plugin provides that other WordPress security plugins also offer shows how little connection there is between the popularity of WordPress security plugins and security they offer. A good example of that is the plugin Web Application Firewall, which as of last month provided the 7th most protection, but had only 300+ installs. By comparison, other plugins with hundreds of thousands or millions installs fail to provide any protection, even when marketed as if they do provide robust protection. In the case of one such plugin, WordPress allows them to market it as if the plugin contains a firewall despite not having one (while the developer sponsors one of the heads of the team running the WordPress’ plugin directory).

In this month’s testing, Web Application Firewall failed to provide any protection. That stood out in our reviewing the results of the testing. The changes made to the plugin since last month didn’t seem to provide a reasonable explanation for that, as the changelog suggested only vulnerabilities had been fixed:

2.1.3

vulnerability fixes
2.1.2

vulnerability fixes

Looking at the plugin’s settings page, we found that there was now a notice that plugin was going to be removed from WordPress:

It’s unclear what that means, possibly it refers to removal from WordPress’ plugin directory.

Making the situation odder still, the listing on the plugin directory includes no similar warning:

April Results

Using regression testing software designed to make sure the default protection against zero-days in our own WordPress firewall plugin continue to work, we can get a measure of how much protection other WordPress security plugins provide.

Here are the top 10 plugins in the latest testing round and the percentage of the exploit tests they blocked:

1. Plugin Vulnerabilities Firewall – 100.0%

2. NinjaFirewall – 40.9%

3. Wordfence Security – 23.1%

4. Pareto Security – 19.3%

5. All-In-One Security (AIOS) – 14.5%

6. Hide My WP – 10.8%

7. Hide My WP Ghost – 8.1%

8. Bulletproof Security – 7.5%

9. Anti-Malware Security and Brute-Force Firewall – 3.8%

10. BBQ Firewall – 3.2%

Notably missing there are popular plugins, including Security Optimizer, Solid Security, and Sucuri Security.

No related posts.

Leave a Reply

Your email address will not be published.