Plugin Vulnerabilities Firewall

The only WordPress firewall plugin backed with testing that shows that it delivers protection that other WordPress security plugins should, but fail to, provide.

Our Plugin Vulnerabilities Firewall plugin for WordPress is built around providing protection against zero-day vulnerabilities, which are vulnerabilities that are being exploited before the developer of the software is aware of them, in WordPress plugins and doing so before security companies are even aware of them either, so it provides protection when their products and services don’t. While still in development, testing showed that it already provided protection against those that existing WordPress security plugins fail to provide. Ongoing testing is showing that other security plugins are not providing protection for most of the malicious requests that our plugin will block. While other developers don’t release test results (and probably are not even doing testing), we have a dedicated Bluesky account that shows its successes and failures, as we test it against new disclosed vulnerabilities.

Unlike many other WordPress security plugins, our is a Certified WP Security product, so you can be assured that it delivers the promised results. Also, unlike other security plugins, it has had an extensive security review done of it.

Unlike web application firewalls (WAFs), the plugin is tightly coupled to the WordPress website it is installed on, so that it can better understand what does and doesn’t need to be stopped. That expands the number of attacks that can be stopped by being able to stop them inside WordPress as well outside of it, while also reducing the number of legitimate requests being blocked.

In addition to providing protection that other plugins don’t, the plugin is designed to limit unnecessary complications with other plugins (which is a big issue with existing security plugins) and to be both easy to set up, but also provide detailed information and control over what it does for those that need that (which existing WordPress security plugins fail to accomplish).

The plugin also doesn’t create the significant performance penalty that comes with relying on the Wordfence Security plugin, while providing better protection against the vulnerabilities that a firewall plugin is really needed to protect against.

The plugin currently contains protection against some instances of the following types of vulnerabilities (with more in development):

  • Arbitrary file deletion
  • Arbitrary file upload
  • Arbitrary file viewing
  • Arbitrary media deletion
  • Arbitrary plugin deactivation
  • Arbitrary plugin installation
  • Arbitrary post deletion
  • Arbitrary user deletion
  • Local file inclusion (LFI)
  • Open redirect
  • Option update
  • PHAR Deserialization
  • PHP object injection
  • Persistent cross-site scripting (XSS)
  • Reflected cross-site scripting (XSS)
  • Role change
  • Shortcode execution

We are continually testing it against newly discovered vulnerabilities to ensure that the plugin continues to provide the most robust protection available.

Getting the Plugin

You can start protecting your website with the Plugin Vulnerabilities Firewall, when you sign up for free for our service.