Patchstack printed a case research that examined how properly Cloudflare and different common firewall and malware options protected WordPress web sites from frequent vulnerability threats and assault vectors. The analysis confirmed that whereas common options stopped threats like SQL injection or cross-site scripting, a devoted WordPress safety answer constantly stopped WordPress-specific exploits at a considerably larger charge.
WordPress Vulnerabilities
As a result of recognition of the WordPress platform, WordPress plugins and themes are a standard focus for hackers, and vulnerabilities can shortly be exploited within the wild. As soon as proof-of-concept code is public, attackers usually act inside hours, leaving web site homeowners little time to react.
That is why it’s essential to pay attention to the safety offered by an internet host and of how efficient these options are in a WordPress atmosphere.
Methodology
Patchstack defined their methodology:
“As a baseline, we have now determined to host “honeypot” websites (websites in opposition to which we’ll carry out managed pentesting with a set of 11 WordPress-specific vulnerabilities) with 5 distinct internet hosting suppliers, a few of which have ingrained options presuming to assist with blocking WordPress vulnerabilities and/or general safety.
Along with the internet hosting supplier’s safety measures and third-party suppliers for extra measures like strong WAFs or different patching suppliers, we have now additionally put in Patchstack on each web site, with our take a look at query being:
- What number of of those threats will bypass firewalls and different patching suppliers to in the end attain Patchstack?
- And can Patchstack have the ability to block all of them efficiently?”
Testing course of
Every web site was arrange the identical manner, with similar plugins, variations, and settings. Patchstack used a “exploitation testing toolkit” to run the identical exploit exams in the identical order on each web site. Outcomes have been checked routinely and by hand to see if assaults have been stopped, and whether or not the block got here from the host’s defenses or from Patchstack.
Normal Overview: Internet hosting Suppliers Versus Vulnerabilities
The Patchstack case research examined 5 totally different configurations of safety defenses, plus Patchstack.
1. Internet hosting Supplier A Plus Cloudflare WAF
2. Internet hosting Supplier B + Firewall + Monarx Server and Web site Safety
3. Internet hosting Supplier C + Firewall + Imunify Net Server Safety
4. Internet hosting Supplier D + ConfigServer Firewall
5. Internet hosting Supplier E + Firewall
The results of the testing confirmed that the varied internet hosting infrastructure defenses failed to guard the vast majority of WordPress-specific threats, catching solely 12.2% of the exploits. Patchstack caught 100% of all exploits.
Patchstack shared:
“2 out of the 5 hosts and their options failed to dam any vulnerabilities on the community and server ranges.
1 host blocked 1 vulnerability out of 11.
1 host blocked 2 vulnerabilities out of 11.
1 host blocked 4 vulnerabilities out of 11.”
Cloudflare And Different Options Failed
Options like Cloudflare WAF or bundled companies resembling Monarx or Imunify did not constantly deal with WordPress particular vulnerabilities.
Cloudflare’s WAF stopped 4 of 11 exploits, Monarx blocked none, and Imunify didn’t forestall any WordPress-specific exploits. Firewalls resembling ConfigServer, that are extensively utilized in shared internet hosting environments, additionally failed each take a look at.
These outcomes present that whereas these sorts of merchandise work moderately properly in opposition to broad assault varieties, they aren’t tuned to the particular safety points frequent to WordPress plugins and themes.
Patchstack is created to particularly cease WordPress plugin and theme vulnerabilities in actual time. As a substitute of counting on static signatures or generic guidelines, it applies focused mitigation by digital patches as quickly as vulnerabilities are disclosed, earlier than attackers can act.
Digital patches are mitigation for a particular WordPress vulnerability. This affords safety to customers whereas a plugin or theme developer can create a patch for the flaw. This strategy addresses WordPress flaws in a manner internet hosting firms and generic instruments can’t as a result of they hardly ever match generic assault patterns, so that they slip previous conventional defenses and expose publishers to privilege escalation, authentication bypasses, and web site takeovers.
Takeaways
- Commonplace internet hosting defenses fail in opposition to most WordPress plugin vulnerabilities (87.8% bypass charge).
- Many suppliers claiming “digital patching” (like Monarx and Imunify) didn’t cease WordPress-specific exploits.
- Generic firewalls and WAFs caught some broad assaults (SQLi, XSS) however not WordPress-specific flaws tied to plugins and themes.
- Patchstack constantly blocked vulnerabilities in actual time, filling the hole left by community and server defenses.
- WordPress’s plugin-heavy ecosystem makes it an particularly engaging goal for attackers, making efficient vulnerability safety important.
The case research by Patchstack exhibits that conventional internet hosting defenses and generic “digital patching” options go away WordPress websites susceptible, with practically 88% of assaults bypassing firewalls and server-layer protections.
Whereas suppliers like Cloudflare blocked some broad exploits, plugin-specific threats resembling privilege escalation and authentication bypasses slipped by.
Patchstack was the one answer to constantly block these assaults in actual time, giving web site homeowners a reliable technique to defend WordPress websites in opposition to the forms of vulnerabilities which are most frequently focused by attackers.
In line with Patchstack:
“Don’t depend on generic defenses for WordPress. Patchstack is constructed to detect and block these threats in real-time, making use of mitigation guidelines earlier than attackers can exploit them.”
Learn the outcomes of the case research by Patchstack right here.
Featured Picture by Shutterstock/tavizta
