In a recent post on the WordPress security provider Wordfence’s blog, they were claiming their “mission is to Secure the Web.” If you understand their business model this rings hollows, as what they offer is built around trying to address the after affects of not securing the web. That very blog post also disputes that, as they confronted a well-known problem with better securing plugins and simply ignored the problem. They are not alone, as the situation detailed in the blog post also directly involves another security provider, StellarWP. StellarWP is the developer of Solid Security.
The blog post discusses a situation where Wordfence bought a vulnerability in another plugin from StellarWP, GiveWP. Twice in the post, they note that they failed to successfully communicate with StellarWP about that. First, they wrote this: [Read more]