One of the many ways that security companies try to sell people on using poor to useless security services is by selling people on the idea that their websites are under constant attack. They then promote their service as being a solution, but don’t actually present any evidence that there services are actually effective at protecting websites (and there is plenty of evidence that they are  not effective). The reality is while there is in fact a pretty constant stream of hacking attempts, that is quite meaningless since the success rate is incredibly small. If these security companies actually knew and then told people how many successful attacks there were it would make people a lot less likely to purchase these types of services without evidence they can work well against the real threats. That in turn would likely improve security for everyone because of the work needed to provide effective services is likely to lead to catching and fixing issues sooner, which would in turn lessen the need for such services (it is unclear to us if these companies are doing things poorly intentionally to avoid that or not).

As an example of why the success rate is so small, a few days ago we had a request to this website probing for usage of the plugin Comment Extra Fields by way of a request for the readme.txt file in the directory the plugin would exist in if we had it installed. According to wordpress.org that plugin “has less than 10” active installations: [Read more]