Rating: 1 star
I downloaded this plugin for my site and it’s useless. I think a child wrote it. The concept is juvenile. Keep a list of bad plugins and warn if you install one? then they want a license for it? what a bunch of junk. What people will do to make a buck.
]]>Rating: 1 star
Installed and tested this plugin out. Wasn’t really impressed with what it does. I guess it may be ok for some people but I feel like it’s a waste of resources to install this on my wordpress site, it doesn’t actively provide any protection, just tells me that something is bad.
Maybe it’s just the authors continued bashing of every competitor in the security industry that turns me off. Why isn’t the author doing more to help with the security community instead of bashing everyone? I briefly visited the blog related to the plugin – Just not a very professional company to deal with if you ask me.
]]>Rating: 3 stars
There are some issues with this plugin:
1) Since the plugin must be updated in order for it to detect vulnerabilities, and there haven’t been any new vulnerabilities added in nearly 4 months, this isn’t currently very useful as a security plugin.
2) Since users must update the plugin for it to be able to detect new vulnerabilities, chances are that they’ve already installed the security fix to the vulnerable plugin by the time this plugin informs them of the issue. Essentially, this plugin is redundant.
3) The plugin includes the list of vulnerabilities directly in the plugin files, which causes some hosting providers falsely to flag the plugin itself as malicious.
For now, I’m finding a combination of Wordfence and Plugin Security Scanner to be more effective, since they both run scans automatically on a daily basis and send email notifications if issues are found.
Among many other security features, Wordfence scans plugin files and compares them to the original versions from the official WordPress repository. It generates alerts if any plugins are out of date, and it shows the changes to the files so site admins can easily see whether they were manually done, or whether they are indeed malicious. It also checks for signatures of known malicious files, and scans file contents as well as the database for backdoors, trojans, and suspicious code.
As for Plugin Security Scanner, it determines whether any plugins have security vulnerabilities by looking up details in the WPScan Vulnerability Database. I think this is more effective than including the list of vulnerabilities directly in the plugin files, as this plugin does, since the onus isn’t on site admins to update the plugin each time new vulnerabilities are added, and since issues can be found faster thanks to daily automatic scans.
]]>Rating: 4 stars
This is an absolutely essential plugin which should be built in to WordPress itself frankly to warn people that the plugins they are using contain exploits.
I own a hosting company and much of our work is helping customers recover from hacked installs of WordPress, Joomla, Magento or whatever software they’ve installed years previously but never updated. WordPress, being used by apparently 25% of the world’s websites is a particular target.
I’m giving it 4/5 only because the signatures of each vulnerable plugin this tracks in the plugin’s /vulnerabilities/ folder do themselves trigger false positive reports in server side exploit tools such as the very commonly used cxs by ConfigServer.com. If those were stored in such a way that cxs wouldn’t report them then this gets 5/5.
]]>Rating: 1 star
This is a great idea for a plugin but my experience with it has been negative. After google identified one my websites as malicious, I restored an old backup and screened the site for malware. I found nothing, but to be sure that none of my plugins were vulnerable I installed Plugin Vulnerabilities. It identified the plugin “Newsletter” as a security threat. I deleted this plugin and my hosting company tested my site again.
My hosting provider identified the following files as malicious:
'wp-content/plugins/plugin-vulnerabilities/vulnerabilities/c.php'
# Known exploit = [Fingerprint Match] [Hacker Signature Exploit [P0818]]
'wp-content/plugins/plugin-vulnerabilities/vulnerabilities/w.php'
# Known exploit = [Fingerprint Match] [Hacker Signature Exploit [P0818]]
'wp-content/plugins/plugin-vulnerabilities/vulnerabilities/e.php'
# Regular expression match = [1337day\.com]
'wp-content/plugins/plugin-vulnerabilities/vulnerabilities/r.php'
# Regular expression match = [1337day\.com]
I disinstalled this plugin immediately.
]]>Rating: 5 stars
Great Plugin
]]>Rating: 5 stars
simple and useful.
]]>Rating: 5 stars
Great idea and very handy plugin!
]]>Rating: 5 stars
Simple, straight forward and efficient, many thanks!
]]>Rating: 5 stars
Thank you for this plugin!
]]>Rating: 5 stars
good plugin
]]>Rating: 5 stars
Well, for the moment, I don’t need it… I hope !
]]>