Login

Tag Archives: Snicco

11 Aug 2023

Snicco Quickly Admits They Are Lying About Their Guarantee of Protection From Their Fortress Security Plugin

The marketing strategy of a new WordPress security provider, Snicco, is largely built around pretending to not understand how security actually works. It is a strategy that works pretty well, since people who are interested in security, but not yet very knowledgeable, often won’t understand that they are being misled.

In the latest incident, Snicco is pretending to not understand why information, including API keys, has to be available in plaintext. They claim to have a new feature of their Fortress plugin, which solves that. [Read more]

24 Jul 2023

You Might Not Be Getting Enterprise-Grade Security With Enterprise WordPress Hosting

While doing research for some recent posts, we ran into what we found to be an odd situation, which highlights that the security being provided by enterprise WordPress web hosting can be lacking despite the high price of the service.

In announcing an investment that Automattic made in web host GridPane, GridPane highlighted one of their clients: [Read more]

14 Jul 2023

GridPane Heavily Involved in Snicco’s Misinformation Campaign Against Competing WordPress Security Solutions

Recently, we have been seeing a fair amount of instances of people trying to be security conscious with their WordPress websites who have been misled by misinformation coming from a newer WordPress security provider named Snicco. The vector for them coming across Snicco has repeatedly been a WordPress focused web host named GridPane. Here was someone citing GridPane providing legitimacy to Snicco (and Automattic in turn providing them legitimacy):

However, the thoroughness of Snicco’s posts overall and their demonstrated expertise on the issue (not to mention their close partnership with the Automattic-backed enterprise-level WordPress hosting platform, GridPane) lends them a lot of legitimacy. [Read more]

12 Jul 2023

Snicco Falsely Claiming Competing WordPress Security Plugins Contain Vulnerabilities

Yesterday, the WPTavern ran a story with the headline “MalCare, Blogvault, and WPRemote Plugins Patch Vulnerabilities Allowing Site Takeover Through Stolen API Credentials” despite there not being a vulnerability. Instead, a competitor named Snicco had been successful in getting themselves press coverage with a false claim of a vulnerability in competing WordPress security plugins. Making the whole situation more unseemly, Snicco cites a situation that in reality highlights that not only does their very expensive plugin not deliver the claimed results but also that they appear to lack basic security knowledge.

WordPress Firewall Plugins Can Provide Unique Protection

That situation cited by Snicco involved a authenticated option update vulnerability that was widely exploited earlier this year, which had been in the WordPress plugin Elementor Pro. That vulnerability, like previously disclosed vulnerabilities of that type, was exploited to create new WordPress accounts with the Administrator role. There were a number of key takeaways from that situation that highlight issue with the security of WordPress websites and how that can be improved. [Read more]

29 Jun 2023

Inaccurate Claims About Security Impact of Changing WordPress Database Prefix Highlighted With Exploited Zero Day

A basic rule of security is that if you know a lot, you don’t know much. Those knowledgeable about security try to be careful about what they say, as they realize they might not know everything. A lot of WordPress security providers don’t have much knowledge and therefore don’t understand how little they know, leading to unqualified and inaccurate security advice that gets repeated widely without much pushback.

One example of that is with claims that changing the WordPress database prefix has no impact on security. Here was how a new entrant in the WordPress security space, Snicco, put that, while criticizing other security providers: [Read more]