When it comes to security journalism, things are not in very good shape, which has a decided negative impact on improving security, whether with WordPress plugins or otherwise. Part of that seems to stem from the fact that many of the people doing security journalism don’t seem to have the skills necessary to do that. As an example of that, take something we ran across earlier this year when we were looking over someone’s Twitter account for more information related to a claim of a vulnerability in a WordPress plugin and ran across this tweet that they had retweeted:
Wordfence is a WordPress security company that we have found on multiple occasions misleading the public. It is our belief that a lot of that is due to their lacking even basic security knowledge. That makes it bit hard to tell with a recent claim whether they are being incredibly irresponsible or just trying to mislead people in to believing their products provides a level of protection far beyond what it does.