What Happened With WordPress Plugin Vulnerabilities in June 2017
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
30
Jun
Tag Archives: Brute Force Login Protection
If you are looking to find out about vulnerabilities in Brute Force Login Protection or another plugin you use or are looking to use, you won't find most of our data on our blog. Instead you should sign up for our service so that you get access to all of the data we have gathered, which is much more data than other sources out there will provide you. You can start using the service for free when you sign up now.
If you have a hacked website then trying to find vulnerabilities in the plugins you use is not the way to determine how the website has been backed, instead the evidence from the hack and the relevant logging should be scrutinized. Our hack cleanup service for WordPress websites includes doing that, as well as a lifetime subscription to this service.
If you are a paying customer of our service, you also have the ability to suggest/vote to have the plugin get a security review from us if it is in the Plugin Directory. You can also order a security review of the plugin done by us.
29
Jun
Reflected Cross-Site Scripting (XSS) Vulnerability in Brute Force Login Protection
Far too often we have found that security companies are spreading false information related to the security of WordPress. One of the most popular falsehoods they spread is that there are a lot of brute force attacks against WordPress admin users, despite their own evidence showing that those attacks are not happening. The cause of those false claims seems to be some mix of lack of security knowledge and using it to promote their products (it’s much easy for them to protect against something that isn’t happening then to protect against real threats). There are a number of consequences of doing that, from people believing that WordPress is insecure in a way it isn’t, to people not focusing on real problems, and causing people to introduce additional vulnerabilities on to their websites.