WordFence Under The Hood

Découvrez les plus grandes forces et faiblesses de WordFence en comparaison directe avec le marché

Présentation de WordFence

Created in 2011 as the first security plugin for WordPress, WordFence has steadily grown in popularity with time. WordFence's core security solution is to discover newly published, or actively exploited security vulnerabilities, investigate them, create custom "virtual patches" to block exploitation of the vulnerabilities and push them to paying customers. Their free customers then receive the patches 30 days later.

The WordFence approach is a black-list or block-list approach. WordFence block's everything that looks like SQL injection or Scripts intersites (XSS) and anything they have a specific signature for and then allow everything else. This creates a data problem for WordFence as they can only block things that they previously know about and have developed rules and patches for, leaving websites vulnerable while patches are developed.

Aperçu de BitFire

Recently funded in Januray 2023, BitFire is a new startup in the security space and is the first Runtime Application Self Protection (RASP) solution for WordPess. . The BitFire solution is to white-list or allow-list good traffic and block everything else. This creates the inverse data problem of WordFence as they must know what all "good traffic" is to block everything else.

BitFire has 2 unique features, bot blocking and RASP, in addition to the standard WAF (SQLi, XSS, XXE, CRSF, etc) most security solutions provide. Effective Bot Blocking is crucial since 99.9% of hacks are completely automated. This is because web tools like ZMap can scan the entire Internet looking for vulnerable web-sites in under a day.

To stop automated tools like ZMap and ZGrab, BitFire maintains a list of over 600 known good bots like search engines and seo tools and can verify them with network authentication. This means that an attacker would have to both impersonate GoogleBot AND launch the attack from google's campus in Silicon Valley to bypass the Bot Blocking. In addition to authenticating robots, BitFire authenticates human's as well with a JavaScript challenge that verifies a request claiming to be a web browser, is really a web browser and not an automated attack tool.

Finally BitFire's RASP layer integrates directly with the PHP runtime monitoring all database, network and filesystem access. This allows BitFire to prevent any security vulnerability from uploading malware, adding backdoor accounts to the database or using the network to attack other systems (SSRF).

Performance: ajoute 44% au temps de création de la page

685 416 sur 2 197 485 microsecondes de temps de chargement pour WordPress
Mémoire: ajoute 125% à l'utilisation de la mémoire

4,884KB sur 8,671KB de mémoire requise pour WordPress. 128MB minimum
Analyse des logiciels malveillants: passe souvent à côté des logiciels malveillants personnalisés

processus à forte intensité de mémoire et de CPU
Bloquer les faux robots / les robots d'attaque

WordFence n'a pas de contrôle des robots
Scripts intersites

Bloque toutes les formes connues de XSS réfléchi
Injection SQL

Bloque de nombreuses injections (commentaires imbriqués, contournement de Regex)
Injection d'objets dé-sérialisés en PHP

Bloque les injections d'objets précédemment connus
Sécurité de la connexion

Authentification à 2 facteurs, audit de connexion, verrouillage par force brute
Gestion centralisée

Permet de surveiller plusieurs sites Web à partir de wordfence.com
Corrections de vulnérabilités spécifiques

WordFence bloque ~200 vulnérabilités de sécurité spécifiques connues
Fichier : Autoprotection de l'application en cours d'exécution

WordFence ne peut pas bloquer la modification des fichiers PHP
Base de données : Autoprotection de l'application en cours d'exécution

WordFence n'a pas de contrôle d'accès à la base de données
Réseau : Autoprotection des applications en cours d'exécution

WordFence n'inspecte pas le trafic réseau
Contrôles de sécurité du navigateur

WordFence ne prend pas en charge la politique de sécurité du contenu des navigateurs

BitFire 3.6.1

Performance: ajoute 1% au temps de création de la page

16 016 sur 1 528 085 microsecondes de temps de chargement pour WordPress
Mémoire: ajoute 0.01% à l'utilisation de la mémoire

58K des 3,798KB de mémoire requise pour WordPress. 1MB minimum
Analyse des logiciels malveillants: trouver toutes les redirections et les exécutions de code dynamique

10 000 fichiers par minute, faible utilisation de la mémoire, 2,5 millions de domaines malveillants
Bloquer les faux robots / les robots d'attaque

Identifier et valider 600+ bons bots avec authentification réseau, bloquer tout le reste
Scripts intersites:

Bloque toutes les formes connues de XSS réfléchi
Injection SQL

Bloque toutes les injections (l'analyse des requêtes SQL permet de détecter davantage d'attaques)
Injection d'objets dé-sérialisés en PHP

Bloque toutes les injections d'objets PHP
Sécurité de la connexion

Authentification à 2 facteurs, audit de connexion
Gestion centralisée

Chaque site ne peut être géré que par des utilisateurs locaux authentifiés.
Corrections de vulnérabilités spécifiques

BitFire n'autorise que le bon trafic connu et n'utilise pas de listes noires.
Autoprotection de l'application d'exécution des fichiers

Verrouillez tous vos fichiers PHP contre les pirates et les logiciels malveillants
Autoprotection de l'application d'exécution de la base de données

Protégez les informations d'identification de votre base de données contre les pirates et les logiciels malveillants.
Autoprotection des applications d'exécution du réseau

Prévention de la falsification des requêtes côté serveur et des vulnérabilités TOUTOC
Contrôles de sécurité du navigateur

Élaborer des politiques de sécurité du contenu automatisées pour protéger les navigateurs des clients

WordFence est l'outil de sécurité le plus populaire pour WordPress. Que fait-il réellement ?

WordFence boasts over 4,000,000 installs as the most popular security plugin on the planet. This is largely due to the fact as users have no real way to evaluate security quality, they tend to go along with what's popular. And so WordFence, being the first security plugin available; became the dominant force in the industry.

WordFence has 4 versions it ships to customers. The commercial version which retails for $120 USD / year is their primary product. The firewall ships with about 200 unique rules and 40,000 IPS that block specific plugin exploits of known security vulnerabilities and known or suspected attack IPS.

If your website is being attacked by one of these IP addresses or you are running a vulnerable version of a plugin they have a virtual patch for, WordFence can prevent your website from being hacked in those cases.

Qu'en est-il des vulnérabilités inconnues ou des autres adresses IP ?

There are over 6,500 known WordPress plugin and theme vulnerabilities, WordFence can protect you from the 200 most recent vulnerabilities or about 3.0% of known vulnerabilities and 40,000 or 0.00009% of the 4,228,250,625 IPv4 addresses.

To WordFence's credit they do a lot of security research and often discover these vulnerabilities themselves. Also, the 200 or so vulnerabilities that they block tend to be the most current actively exploited vulnerabilities. But they are playing a losing game, no matter how fast they research and develop custom rules for newly discovered vulnerabilities they often only discover the issue after customer exploitation has occurred and malware is infecting client systems.

Until a new custom rule is created and push to their customers, your site is vulnerable. This is why WordFence upcharges clients $500 or $1,000 to clean malware that the WordFence software allowed to infect the site.

By contrast, BitFire garanties the security of the RASP system and will not only clean any malware infecting a RASP protected system free of charge, but fully refund the purchase price of the 1 year license.

Le prix de 120 USD de WordFence en vaut-il la peine ?

If you plan to use WordFence for your website security, we HIGHLY recommend you use the paid version. The free version of WordFence only pushes new rules to free customers after 30 days, and free customers do not benefit from their IP block list, greatly reducing the benefit of the software.

By the time 30 days has past, a vulnerable website has already been exploited. This is because web scanners like ZGrab and others can scan the entire Internet looking for vulnerable systems to exploit in under a day from a single machine. That's right 4,228,250,625 web sites scanned per day from a single machine.

Le temps que les nouvelles règles soient appliquées à votre site web, vous avez déjà été piraté.

Le BitFire à 132 USD en vaut-il la peine ?

Properly configured BitFire Bot Control is enough to protect most WordPress websites. Customers looking for guaranteed protection and peace of mind while not worrying about possibly spending an additional $1,000 - $500 USD to clean up a malware infection in the event their security software fails, should consider purchasing a BitFire RASP license to protect their websites.

Vous avez besoin d'aide pour sécuriser un site web ?

The only thing we love more than security is helping people. Send a message to our chat room with the form below and someone will reach out shortly to help with any security challenge you may face.