For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
The WordPress Flexible Checkout Fields for WooCommerce plugin, which has 20,000+ active installations, fixed a critical zero-day vulnerability affecting version 2.3.1 and below.
The WordPress GDPR Cookie Consent plugin, which has 700,000+ active installations, fixed a vulnerability affecting version 1.8.2 and below that could lead to authenticated stored XSS and privilege escalation.
The WordPress WPS Hide Login plugin (500,000 active installations) fixed a vulnerability in version 126.96.36.199 and below that could allow an attacker to bypass its security and access the secret login page.
The WordPress 2J SlideShow plugin, which has 3,000+ active installations, fixed an authenticated arbitrary plugin deactivation vulnerability affecting version 1.3.31 and below.
The WordPress Ape Gallery plugin, which has 6,000+ active installations, fixed an authenticated arbitrary plugin deactivation vulnerability affecting version 2.0.6 and below.