Our plugin tells you if the installed version of a plugin contains a vulnerability that we have seen hackers trying to exploit, not that “something is bad”. The best way to protect against those vulnerabilities is for plugins to be updated to a version that fixes the vulnerability. We have helped to get many of the vulnerabilities listed in this data fixed and in many cases we were also the ones that spotted that hackers had discovered and were exploiting them as well. That means we have helped a lot of people without them ever knowing it. If the vulnerabilities haven’t been fixed, then removing the plugins is going to provide as good or, based on our testing, much better protection than any claimed active protection provided by plugins and services.
The other company you seem to be a fan of, is instead focused on making websites reliant on their plugin and service, which is probably why you are not aware that we have done a lot more to improve the security of the WordPress ecosystem than them. In the past they have even intentionally not credited us when posting about a vulnerability we discovered and disclosed.
If you had actually visited our blog you would have seen that one of the most recent posts detailed how our contacting the developer of a plugin with a publicly disclosed vulnerability helped to get it fixed in less than four hours later. That is the kind of thing we are doing all the time, but it isn’t something that gets much coverage.
If you are aware of evidence that there is another company that does more than we do when it comes to improving security of the WordPress ecosystem we would love to see it, because we haven’t seen anything that indicates that even much bigger companies are doing more.
