WordPress Security Optimizer Firewall Review: It Doesn’t Actually Contain One
Recently SiteGround rebranded their SiteGround Security plugin as Security Optimizer. Along with that new name came new marketing. While the new marketing text for it on the WordPress Plugin Directory doesn’t mention that it contains a firewall, it wouldn’t be possible to offer the claimed protection without one. It is claimed that with it you can “bulletproof your website security in a few clicks” and that it provides “Advanced XSS Protection to fortify your website against malicious attacks.” As we found last week, that Advanced XSS Protection doesn’t even provide protection, much less does it provide the level of XSS protection provided by various plugins that contain firewalls. It also claims that it will “proactively monitor your site’s security to detect any suspicious activity,” which would also require a firewall if it truly detected any suspicious activity.
In testing going back years, the plugin has failed to provide protection against any vulnerabilities in other plugins, despite other options providing protection in at least some of the tests. The reason for that is simple: it doesn’t actually contain a firewall. Despite that, on the WordPress Plugin Directory SiteGround tagged it as a “firewall” and a “web application firewall.”
Our own Plugin Vulnerabilities Firewall does provide a high-level of protection against zero-days in other plugins. Which is where a firewall plugin can provide protection that security basics can’t offer, as zero-days are vulnerabilities that are being exploited before the developer even knows about them, much less has released a fix. Our plugin won’t bulletproof your security, as no plugin could, but testing shows it provides protection that other firewall plugins don’t offer.
Based on our interaction with SiteGround about what was really being provided by their Advanced XSS Protection, it seems they lack a basic grasp of security. So we would recommend not using their plugin. But you can combine our firewall plugin with it, if you still want to use their plugin.