If you are looking to find out about vulnerabilities in Limit Login Attempts or another plugin you use or are looking to use, you won't find most of our data on our blog. Instead you should sign up for our service so that you get access to all of the data we have gathered, which is much more data than other sources out there will provide you. You can start using the service for free when you sign up now.
If you have a hacked website then trying to find vulnerabilities in the plugins you use is not the way to determine how the website has been backed, instead the evidence from the hack and the relevant logging should be scrutinized. Our hack cleanup service for WordPress websites includes doing that, as well as a lifetime subscription to this service.
If you are a paying customer of our service, you also have the ability to suggest/vote to have the plugin get a security review from us if it is in the Plugin Directory. You can also order a security review of the plugin done by us.
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during March (and what you have been missing out on if you haven’t signed up yet): [Read more]
One of the issues we have run into with the web security industry that seems to be rather telling as to its poor state, is the number of people that think that it isn’t a problem that companies are misleading, lying, and outright scamming people, but it is a problem to point out that companies are doing those things. There have been plenty instances where people have told us that we shouldn’t be pointing out that companies are engaged in those types of practices. Keeping quiet about those things though is harmful as can be seen in what we recently found when looking at one of the ten most popular WordPress plugins, which has over 2+ million active installations according to wordpress.org.
When it comes to the WordPress security, one of the most repeated claims is that there are lots of brute force attacks against WordPress admin passwords. We have seen many security companies making that claim and then claiming that their plugin or service is the solution. The problem with this is that based on security companies own data, brute force attacks are not happening. For a type of attack that is happening, dictionary attacks, WordPress does a good job of helping to protect against them. That might be one reason why security companies are misleading people, since if they told the truth, it wouldn’t be reason for people to use their plugins and services. [Read more]