The Wordfence Security plugin is promoted with the claim that its firewall stops websites from getting hacked:
Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. [Read more]
On Februrary 28, we publicly warned that the WordPress plugin Mistape had what appeared to have a backdoor added in its latest release. Part of the code would contact the developer’s website and let them know if the plugin was installed. Another part would allow anyone to gain access to an account on the website with the Administrator role. The response from WordPress was to close the plugin in their plugin directory:
One way we help to improve the security of WordPress plugins, not just for our customers of our service, but for everyone using them, isĀ our proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through that, we caught what looks to be an even more serious issue, what appears to be a malicious backdoor being added to the plugin Mistape, which has 3,000+ installs.
We now are also running all the plugins used by customers through that on a weekly basis to provide additional protection for our customers. [Read more]
