Patchstack revealed a case research that examined how properly Cloudflare and different normal firewall and malware options protected WordPress web sites from widespread vulnerability threats and assault vectors. The analysis confirmed that whereas normal options stopped threats like SQL injection or cross-site scripting, a devoted WordPress safety resolution constantly stopped WordPress-specific exploits at a considerably greater price.
WordPress Vulnerabilities
Because of the reputation of the WordPress platform, WordPress plugins and themes are a standard focus for hackers, and vulnerabilities can rapidly be exploited within the wild. As soon as proof-of-concept code is public, attackers typically act inside hours, leaving web site house owners little time to react.
That is why it’s vital to concentrate on the safety offered by an internet host and of how efficient these options are in a WordPress setting.
Methodology
Patchstack defined their methodology:
“As a baseline, now we have determined to host “honeypot” websites (websites towards which we’ll carry out managed pentesting with a set of 11 WordPress-specific vulnerabilities) with 5 distinct internet hosting suppliers, a few of which have ingrained options presuming to assist with blocking WordPress vulnerabilities and/or general safety.
Along with the internet hosting supplier’s safety measures and third-party suppliers for added measures like strong WAFs or different patching suppliers, now we have additionally put in Patchstack on each web site, with our check query being:
- What number of of those threats will bypass firewalls and different patching suppliers to finally attain Patchstack?
- And can Patchstack be capable of block all of them efficiently?”
Testing course of
Every web site was arrange the identical approach, with an identical plugins, variations, and settings. Patchstack used a “exploitation testing toolkit” to run the identical exploit checks in the identical order on each web site. Outcomes have been checked routinely and by hand to see if assaults have been stopped, and whether or not the block got here from the host’s defenses or from Patchstack.
Normal Overview: Internet hosting Suppliers Versus Vulnerabilities
The Patchstack case research examined 5 totally different configurations of safety defenses, plus Patchstack.
1. Internet hosting Supplier A Plus Cloudflare WAF
2. Internet hosting Supplier B + Firewall + Monarx Server and Web site Safety
3. Internet hosting Supplier C + Firewall + Imunify Net Server Safety
4. Internet hosting Supplier D + ConfigServer Firewall
5. Internet hosting Supplier E + Firewall
The results of the testing confirmed that the assorted internet hosting infrastructure defenses failed to guard the vast majority of WordPress-specific threats, catching solely 12.2% of the exploits. Patchstack caught 100% of all exploits.
Patchstack shared:
“2 out of the 5 hosts and their options failed to dam any vulnerabilities on the community and server ranges.
1 host blocked 1 vulnerability out of 11.
1 host blocked 2 vulnerabilities out of 11.
1 host blocked 4 vulnerabilities out of 11.”
Cloudflare And Different Options Failed
Options like Cloudflare WAF or bundled companies equivalent to Monarx or Imunify didn’t constantly handle WordPress particular vulnerabilities.
Cloudflare’s WAF stopped 4 of 11 exploits, Monarx blocked none, and Imunify didn’t forestall any WordPress-specific exploits. Firewalls equivalent to ConfigServer, that are broadly utilized in shared internet hosting environments, additionally failed each check.
These outcomes present that whereas these sorts of merchandise work moderately properly towards broad assault sorts, they don’t seem to be tuned to the particular safety points widespread to WordPress plugins and themes.
Patchstack is created to particularly cease WordPress plugin and theme vulnerabilities in actual time. As a substitute of counting on static signatures or generic guidelines, it applies focused mitigation via digital patches as quickly as vulnerabilities are disclosed, earlier than attackers can act.
Digital patches are mitigation for a selected WordPress vulnerability. This presents safety to customers whereas a plugin or theme developer can create a patch for the flaw. This strategy addresses WordPress flaws in a approach internet hosting firms and generic instruments can’t as a result of they hardly ever match generic assault patterns, so that they slip previous conventional defenses and expose publishers to privilege escalation, authentication bypasses, and web site takeovers.
Takeaways
- Commonplace internet hosting defenses fail towards most WordPress plugin vulnerabilities (87.8% bypass price).
- Many suppliers claiming “digital patching” (like Monarx and Imunify) didn’t cease WordPress-specific exploits.
- Generic firewalls and WAFs caught some broad assaults (SQLi, XSS) however not WordPress-specific flaws tied to plugins and themes.
- Patchstack constantly blocked vulnerabilities in actual time, filling the hole left by community and server defenses.
- WordPress’s plugin-heavy ecosystem makes it an particularly engaging goal for attackers, making efficient vulnerability safety important.
The case research by Patchstack exhibits that conventional internet hosting defenses and generic “digital patching” options go away WordPress websites weak, with almost 88% of assaults bypassing firewalls and server-layer protections.
Whereas suppliers like Cloudflare blocked some broad exploits, plugin-specific threats equivalent to privilege escalation and authentication bypasses slipped via.
Patchstack was the one resolution to constantly block these assaults in actual time, giving web site house owners a reliable strategy to defend WordPress websites towards the kinds of vulnerabilities which might be most frequently focused by attackers.
In accordance with Patchstack:
“Don’t depend on generic defenses for WordPress. Patchstack is constructed to detect and block these threats in real-time, making use of mitigation guidelines earlier than attackers can exploit them.”
Learn the outcomes of the case research by Patchstack right here.
Featured Picture by Shutterstock/tavizta
