I’m with you!!
So I picked up the latest 50 vulnerabilities from WPScan DB, and dig into each attack vector one by one to investigate which can be prevented or not by WP-ZEP.
IP Location Block is the only plugin which has an ability to prevent zero-day attack even if some of the plugins in a WordPress site have unveiled vulnerability. I call it “Zero-day Exploit Prevention for WordPress” (WP-ZEP).
In this article, I’ll explain its mechanism and also its limitations. Before that, I’ll mention the best practice of plugin actions.
The above graph shows recent statistics of WordPress vulnerability from WPScan Vulnerability Database summarized by Sucuri which is a worldwide security company especially famous for analyzing vulnerability in WordPress.
Why so many vulnerabilities are there in WP plugins?
After reading the Sucuri Blog deeply and widely, I came to the conclusion that there is some kind of disuse and misuse of WordPress core functions.
I’d like to verify each vulnerability from this point of view.
I started to develop IP Location Block as a security purpose plugin so as to protect the back-end of the site. And since version 3.0.0, it has been equipped with the functionality of front-end protection based on this suggestion at the support forum.
This helped to greatly improve the protection ability of this plugin against attacks via the front-end of the site.