YouTuber Falsely Claims You Can Easily Prevent WordPress Websites From Getting Hacked With Solid Security
When looking for security advice on WordPress websites, one of the problems you face is the number of affiliate marketers posing as your friend. One recent example we ran across of this involved a YouTuber, WPress Doctor. They released a 30 minute video that starts with the claim that “You can easily prevent your WordPress website from getting hacked.” A 30 minute video doesn’t exactly scream easy. Shortly after that they claim, if you watch the video you can make sure “your website is fully secured and you don’t have to worry again about hackers, ever again.” Easily preventing WordPress websites from getting hacked and being fully secure/never having to worry about hackers is not possible. There are some easy steps that can prevent a lot of hacks, but they won’t prevent all hacks, and even harder to do things won’t prevent all the hacks either.
What stood out more is that they were claiming that you can easily do that using the Solid Security plugin. As we noted in November, that is a plugin mainly focused on a non-existent threat. If you watch through the whole video, as we did, the host never shows the plugin actually stopping any hacks. Just this week, we released the results of our latest test to see if security plugins would protect against a vulnerability in another plugin, a major source of hacks. This time it involved a vulnerability of a type that hackers are known to exploit in of all things a security plugin. Five security plugins stopped the hack. Solid Security didn’t. In fact, it has never stopped an attack in our testing. That isn’t surprising since it doesn’t contain the capability to do that.
A lot of the video is focused on functionality that would only come it to play if your website is already hacked, which the YouTuber apparently doesn’t understand (or at least pretends to not understand).
So why is the YouTuber making a claim about Solid Security that not only isn’t possible, but it is less able to deliver than many other options? They are an affiliate marketer. They are trying to get you to use the paid version of Solid Security, so they can get paid. Lots of viewers don’t get that aspect of this, considering the number of thank you replies on the video. What makes that more obvious is that seven months before they put out a similar video claiming that the Wordfence Security plugin would “completely secure your WordPress website“, but in the comments of the new video, they are saying to use Solid Security instead.
What makes the whole thing worse is that if you get to the end of the video, they are telling people how to deal with the plugin locking you out of your own website. Other security plugins provide much more protection than Solid Security without that nasty byproduct.