Plugin Vulnerabilities

Home Forums BulletProof Security Pro Plugin Vulnerabilities

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • December 5, 2020 at 4:50 pm #39676
    Laurent
    Participant

    Hi Edward,

    I’m wondering if BPS Pro can protect us against zero-day vulnerabilities discovered in plugins.

    One of your competitors (W…fenc…) has a strong marketing argument in the fact that it provides real-time firewall rule updates to protect the website of its paying customers against new vulnerabilities (whereas free customers have to wait 30 days to get access to these new rules).

    So I have a few questions:

    1. As a WP security professional, do you get informed in near real time of such vulnerabilities?
    2. Can you usually quickly create new firewall rules to protect the website of your customers until the plugin releases an update?
    3. As for ordinary vulnerabilites, is it safe to assume that a serious company will email paid customers?
    4. What about free plugins from the WP repository? Are we supposed to check the changelog each and every time a plugin got an update released?

    Overall, I’m open to any best practice that you might advise me to follow.

    Best,

    Laurent

    December 5, 2020 at 4:58 pm #39677
    AITpro Admin
    Keymaster

    Without boring you with extensive technical details I’ll leave you with this BPS Pro track record statement:

    BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 9+ years and is installed on over 50,000 websites worldwide. Not a single one of those 50,000+ websites in 9+ years has been hacked (This track record does not include: control panel, FTP or server cracks/hacks or installing Nulled plugins or themes that contain hacker code). Sound too good to be true? Click to see what people are saying in WordPress.org Reviews.

    This is general info that might be helpful to you:
    The BPS Pro Plugin Firewall protects all plugins.  It is literally what that name says it is – A Firewall for your WordPress /plugins/ folder that protects all plugin files.  So there is no need to add anything or do anything additional to the Plugin Firewall on an ongoing basis – it is always On as long as you have it turned On/Activated.

    December 5, 2020 at 5:17 pm #39678
    AITpro Admin
    Keymaster

    I hope my reply did not appear to be rude or disinterested.  I work 15 hour days so I am always in “answer quick and move on” mode.  😉  BPS and BPS Pro are only some of the things I work on during those 15 hour days.  Got a lot of irons in the fire so I cannot afford to waste time if I can avoid that.

    December 5, 2020 at 7:28 pm #39679
    Laurent
    Participant

    15 hours a day 7 days a week? You’re incredible…

    I had already read your very enviable track record but I assumed that BPS can’t have the answer to all future vulnerabilities.

    But you seem very confident so I might have to change my mind and just say to myself that I am in really good hands (which I already knew by the way). 😀

    December 6, 2020 at 6:40 am #39682
    AITpro Admin
    Keymaster

    I do monitor what is happening daily with plugin vulnerabilities and other things/trends that hackers and spammers are doing.  If something additional is needed in BPS to protect against new vulnerabilities/threats then I would add that.  Luckily I came up with future-proof ideas/features in BPS Pro.  BPS Pro has far exceeded my expectations.

    December 6, 2020 at 11:49 am #39683
    Laurent
    Participant

    Thanks for clarifying and keep up the good work. 😉

    March 15, 2021 at 8:39 am #40150
    Terri Zx
    Participant

    I was going to ask if there was a way BPS Pro could check and notify if an installed plugin (free, from the WP repository) had been removed from the repository (due to a vulnerability or just abandoned). W***f***e has this feature in their free plugin. I’ve looked in vain for a stand-alone plugin that could add this functionality.

    OR…by the logic above, do I simply not need to worry about plugin vulnerabilities/abandonment because BPS Pro does such a super job (really, I mean that!) of blocking intrusions via the plugin firewall?

    Thanks,
    Terri Z

    March 15, 2021 at 10:21 am #40153
    AITpro Admin
    Keymaster

    @ Terri Zx – I’ll take a look at what is entailed in adding a check for a “closed” plugin.  As long as the WordPress.org Plugins Repository returns a value that can be checked against for a “closed” plugin then this kind of feature is worth adding in BPS Pro.  If a “closed” plugin does not return any sort of API value that can be checked against then I would not try to add that type of check/feature for obvious reasons.

    April 14, 2021 at 6:00 am #40233
    AITpro Admin
    Keymaster

    @ Terri Zx – Ironically some of the new code that I created for the MScan Rebuild (MScan 2.0) does check if a plugin is available for download from the WP Plugin Repository.  So if WP blocks downloading plugin zip files that have been closed then that new code in MScan 2.0 could be used in a new feature that checks for closed plugins.  The MScan Rebuild is the primary focus of BPS Pro 15.4 and has taken a lot more time than expected.  So I would not have the time do add a new feature that checks for closed plugins in BPS Pro 15.4 and would add that new feature in BPS 15.5.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.