When it comes to the poor state web security a big culprit is security companies, who don’t seem to either know or care that that much about security in many cases. So it isn’t wasn’t that surprising that we found a security company would have a WordPress plugin with a security vulnerability due to failure to take a basic security measure the other day, but the situation is a good reminder that services you get from security companies are not also honestly sold.
We recently did a quick security check of security plugins that generate a log of activity in admin area of WordPress. One of the ones we found a security issue with is WP Security Audit Log, which is developed by WP White Security. [Read more]