19 Nov

The Data in the WPScan Vulnerability Database Is Definitely Not Confirmed/Validated

Among the many lies told by the company behind the very popular WordPress security plugin Wordfence Security, Defiant, one that really stands out to us personally is a lie they told that relates to something that as far as we are aware we uniquely do when it comes to collecting data on vulnerabilities in WordPress [Read more]

16 Nov

No Ninja Forms, Wordfence Security is Not Trustworthy and Blacklisting IP Addresses Doesn’t Provide Effective Protection

When it comes to choosing security products and services what is lacking is nearly any evidence that they are effective, while at the same time there is plenty that shows that many of them are not. For example, over at our main business we regularly have people asking if we offer one that will really [Read more]

09 Nov

Wordfence Security and Wordfence Premium Fail To Protect Websites, But Defiant Is Happy to Lie and Tell You Otherwise

Over at our main business we have a steady stream of people contacting us to ask if we offer a service that will stop their websites from being hacked, a not insignificant number of them mention that they are currently using a service that claimed to do that and there website got hacked anyway. That [Read more]

08 Nov

Unlike Wordfence and Other Security Providers We Warned About WP GDPR Compliance Before Websites Started to Get Hacked

When it comes to protecting WordPress websites against vulnerabilities in plugins we provide a level of protection that others don’t for the simple reason that we do the work they don’t (but that they absolutely should be doing). The result can be seen with the plugin WP GDPR Compliance, which had multiple vulnerabilities fixed in version [Read more]

19 Oct

You Shouldn’t Assume That Wordfence Security or Other Security Tools Actually Provide Effective Protection

When it comes to explaining how so much money is spent on security while the results of that spending don’t seem to be appearing, a lot of the explanation seems like it can be found in the almost complete lack of evidence that those products and services marketed as providing protection provide effective protection. Considering [Read more]

07 Sep

Wordfence Security Doesn’t Protect Against Exploited Vulnerability (or Finding a Balance When it Comes To Detailing Vulnerabilities)

One of the ways we work to make sure we have the best information on vulnerabilities in WordPress plugins for our customers is to monitor the WordPress Support Forum. Through that we came across a couple of threads yesterday that involved exploitation of a vulnerability connected to the plugin Duplicator (and yet another example of the [Read more]

02 May

Wordfence Falsely Claims Their Data Source on WordPress Plugin Vulnerabilities is “Official” and “Confirmed/Validated”

When it comes to getting data on vulnerabilities in WordPress plugins there appear to be a lot of sources, but in reality most of the time it is really comes from the WPScan Vulnerability Database. While we think that that data source is a good option for a lot of people since it is available [Read more]

27 Apr

Wordfence Security Didn’t Actually Stop Exploitation of Vulnerability That Isn’t Really a Vulnerability

When it comes to security products and services one of the many problems is that the public often is making claims about them that are not true. Oftentimes people will claim that a product or service has successfully protected a website when they don’t know that is true. Instead they are assuming that is true [Read more]