Patchstack published a case study that examined how well Cloudflare and other general firewall and malware solutions protected WordPress websites from common vulnerability threats and attack vectors. The research showed that while general solutions stopped threats like SQL injection or cross-site scripting, a dedicated WordPress security solution consistently stopped WordPress-specific exploits at a significantly higher rate.
WordPress Vulnerabilities
Due to the popularity of the WordPress platform, WordPress plugins and themes are a common focus for hackers, and vulnerabilities can quickly be exploited in the wild. Once proof-of-concept code is public, attackers often act within hours, leaving website owners little time to react.
This is why it is critical to be aware of the security provided by a web host and of how effective those solutions are in a WordPress environment.
Methodology
Patchstack explained their methodology:
“As a baseline, we have decided to host “honeypot” sites (sites against which we will perform controlled pentesting with a set of 11 WordPress-specific vulnerabilities) with 5 distinct hosting providers, some of which have ingrained features presuming to help with blocking WordPress vulnerabilities and/or overall security.
In addition to the hosting provider’s security measures and third-party providers for additional measures like robust WAFs or other patching providers, we have also installed Patchstack on every site, with our test question being:
- How many of these threats will bypass firewalls and other patching providers to ultimately reach Patchstack?
- And will Patchstack be able to block them all successfully?”
Testing process
Each website was set up the same way, with identical plugins, versions, and settings. Patchstack used a “exploitation testing toolkit” to run the same exploit tests in the same order on every site. Results were checked automatically and by hand to see if attacks were stopped, and whether the block came from the host’s defenses or from Patchstack.
General Overview: Hosting Providers Versus Vulnerabilities
The Patchstack case study tested five different configurations of security defenses, plus Patchstack.
1. Hosting Provider A Plus Cloudflare WAF
2. Hosting Provider B + Firewall + Monarx Server and Website Security
3. Hosting Provider C + Firewall + Imunify Web Server Security
4. Hosting Provider D + ConfigServer Firewall
5. Hosting Provider E + Firewall
The result of the testing showed that the various hosting infrastructure defenses failed to protect the majority of WordPress-specific threats, catching only 12.2% of the exploits. Patchstack caught 100% of all exploits.
Patchstack shared:
“2 out of the 5 hosts and their solutions failed to block any vulnerabilities at the network and server levels.
1 host blocked 1 vulnerability out of 11.
1 host blocked 2 vulnerabilities out of 11.
1 host blocked 4 vulnerabilities out of 11.”
Cloudflare And Other Solutions…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
