Last week, our own WordPress firewall plugin blocked an attempt to exploit a vulnerability in another security plugin, Shield Security. On the one hand, that should be shocking. A security plugin with a security vulnerability serious enough that a hacker would try to exploit it. On the other hand, the developers of most WordPress security plugins have little concern with security. The developer of this plugin, for example, didn’t care enough to make sure it’s firewall actually works at all. If the firewall worked well, the issue couldn’t even be exploited.
Here is what was logged when the hacking attempt was blocked: [Read more]