Login

Tag Archives: Snicco Fortress

11 Aug 2023

Snicco Quickly Admits They Are Lying About Their Guarantee of Protection From Their Fortress Security Plugin

The marketing strategy of a new WordPress security provider, Snicco, is largely built around pretending to not understand how security actually works. It is a strategy that works pretty well, since people who are interested in security, but not yet very knowledgeable, often won’t understand that they are being misled.

In the latest incident, Snicco is pretending to not understand why information, including API keys, has to be available in plaintext. They claim to have a new feature of their Fortress plugin, which solves that. [Read more]

12 Jul 2023

Snicco Falsely Claiming Competing WordPress Security Plugins Contain Vulnerabilities

Yesterday, the WPTavern ran a story with the headline “MalCare, Blogvault, and WPRemote Plugins Patch Vulnerabilities Allowing Site Takeover Through Stolen API Credentials” despite there not being a vulnerability. Instead, a competitor named Snicco had been successful in getting themselves press coverage with a false claim of a vulnerability in competing WordPress security plugins. Making the whole situation more unseemly, Snicco cites a situation that in reality highlights that not only does their very expensive plugin not deliver the claimed results but also that they appear to lack basic security knowledge.

WordPress Firewall Plugins Can Provide Unique Protection

That situation cited by Snicco involved a authenticated option update vulnerability that was widely exploited earlier this year, which had been in the WordPress plugin Elementor Pro. That vulnerability, like previously disclosed vulnerabilities of that type, was exploited to create new WordPress accounts with the Administrator role. There were a number of key takeaways from that situation that highlight issue with the security of WordPress websites and how that can be improved. [Read more]