Patchstack printed a case research that examined how properly Cloudflare and different basic firewall and malware options protected WordPress web sites from frequent vulnerability threats and assault vectors. The analysis confirmed that whereas basic options stopped threats like SQL injection or cross-site scripting, a devoted WordPress safety answer persistently stopped WordPress-specific exploits at a considerably increased fee.
WordPress Vulnerabilities
As a result of recognition of the WordPress platform, WordPress plugins and themes are a standard focus for hackers, and vulnerabilities can shortly be exploited within the wild. As soon as proof-of-concept code is public, attackers usually act inside hours, leaving web site homeowners little time to react.
Because of this it’s essential to pay attention to the safety supplied by an internet host and of how efficient these options are in a WordPress surroundings.
Methodology
Patchstack defined their methodology:
“As a baseline, we have now determined to host “honeypot” websites (websites towards which we are going to carry out managed pentesting with a set of 11 WordPress-specific vulnerabilities) with 5 distinct internet hosting suppliers, a few of which have ingrained options presuming to assist with blocking WordPress vulnerabilities and/or general safety.
Along with the internet hosting supplier’s safety measures and third-party suppliers for extra measures like strong WAFs or different patching suppliers, we have now additionally put in Patchstack on each web site, with our take a look at query being:
- What number of of those threats will bypass firewalls and different patching suppliers to in the end attain Patchstack?
- And can Patchstack be capable of block all of them efficiently?”
Testing course of
Every web site was arrange the identical method, with an identical plugins, variations, and settings. Patchstack used a “exploitation testing toolkit” to run the identical exploit assessments in the identical order on each web site. Outcomes have been checked robotically and by hand to see if assaults have been stopped, and whether or not the block got here from the host’s defenses or from Patchstack.
Normal Overview: Internet hosting Suppliers Versus Vulnerabilities
The Patchstack case research examined 5 totally different configurations of safety defenses, plus Patchstack.
1. Internet hosting Supplier A Plus Cloudflare WAF
2. Internet hosting Supplier B + Firewall + Monarx Server and Web site Safety
3. Internet hosting Supplier C + Firewall + Imunify Net Server Safety
4. Internet hosting Supplier D + ConfigServer Firewall
5. Internet hosting Supplier E + Firewall
The results of the testing confirmed that the varied internet hosting infrastructure defenses failed to guard nearly all of WordPress-specific threats, catching solely 12.2% of the exploits. Patchstack caught 100% of all exploits.
Patchstack shared:
“2 out of the 5 hosts and their options failed to dam any vulnerabilities on the community and server ranges.
1 host blocked 1 vulnerability out of 11.
1 host blocked 2 vulnerabilities out of 11.
1 host blocked 4 vulnerabilities out of 11.”
Cloudflare And Different Options Failed
Options like Cloudflare WAF or bundled companies reminiscent of Monarx or Imunify didn’t persistently handle WordPress particular vulnerabilities.
Cloudflare’s WAF stopped 4 of 11 exploits, Monarx blocked none, and Imunify didn’t forestall any WordPress-specific exploits. Firewalls reminiscent of ConfigServer, that are extensively utilized in shared internet hosting environments, additionally failed each take a look at.
These outcomes present that whereas these sorts of merchandise work moderately properly towards broad assault sorts, they aren’t tuned to the particular safety points frequent to WordPress plugins and themes.
Patchstack is created to particularly cease WordPress plugin and theme vulnerabilities in actual time. As a substitute of counting on static signatures or generic guidelines, it applies focused mitigation by means of digital patches as quickly as vulnerabilities are disclosed, earlier than attackers can act.
Digital patches are mitigation for a selected WordPress vulnerability. This presents safety to customers whereas a plugin or theme developer can create a patch for the flaw. This strategy addresses WordPress flaws in a method internet hosting firms and generic instruments can’t as a result of they not often match generic assault patterns, in order that they slip previous conventional defenses and expose publishers to privilege escalation, authentication bypasses, and web site takeovers.
Takeaways
- Commonplace internet hosting defenses fail towards most WordPress plugin vulnerabilities (87.8% bypass fee).
- Many suppliers claiming “digital patching” (like Monarx and Imunify) didn’t cease WordPress-specific exploits.
- Generic firewalls and WAFs caught some broad assaults (SQLi, XSS) however not WordPress-specific flaws tied to plugins and themes.
- Patchstack persistently blocked vulnerabilities in actual time, filling the hole left by community and server defenses.
- WordPress’s plugin-heavy ecosystem makes it an particularly engaging goal for attackers, making efficient vulnerability safety important.
The case research by Patchstack reveals that conventional internet hosting defenses and generic “digital patching” options go away WordPress websites weak, with practically 88% of assaults bypassing firewalls and server-layer protections.
Whereas suppliers like Cloudflare blocked some broad exploits, plugin-specific threats reminiscent of privilege escalation and authentication bypasses slipped by means of.
Patchstack was the one answer to persistently block these assaults in actual time, giving web site homeowners a reliable option to shield WordPress websites towards the sorts of vulnerabilities which are most frequently focused by attackers.
In accordance with Patchstack:
“Don’t depend on generic defenses for WordPress. Patchstack is constructed to detect and block these threats in real-time, making use of mitigation guidelines earlier than attackers can exploit them.”
Learn the outcomes of the case research by Patchstack right here.
Featured Picture by Shutterstock/tavizta
