Login

Tag Archives: iThemes Security Pro

22 Jun 2023

iThemes Security (Solid Security) and iThemes Security Pro Won’t Protect Against Zero-Days Contrary to Their Marketing

A zero-day is a vulnerability being exploited before the developer is aware of it. One of the implications of that is that keeping software up to date won’t protect against it. So for WordPress websites, a WordPress security plugin can possibly provide protection beyond doing security basics like updating software. That is, if the plugin actually provides that type of protection. iThemes Security (which is being rebranded to Solid Security) is marketed as being just such a plugin. Here is how the developer starts marketing the plugin on the WordPress Plugin Directory (emphasis theirs):

The Best WordPress Security Plugin to Secure & Protect WordPress [Read more]

19 Oct 2022

iThemes Security Pro is Providing Customers Inaccurate Information on Vulnerabilities in WordPress Plugins

A reoccurring issue we see with information on vulnerabilities in WordPress plugins is that inaccurate information is being provided to webmaster’s and then the sources of that inaccurate information are not the ones having to deal with the fallout of that. Take this recent forum topic for the plugin Advanced Contact Form 7 DB (Advanced CF7 DB) , which included a message coming from the paid iThemes Security Pro service claiming that there was a “known” vulnerability in the latest version of the plugin, version 1.9.1. Here is the message:

SEPT 30: Known issues in Advanced Contact form 7 DB v1.9.1 [Read more]