Plugin Author
Paul
(@paultgoodchild)
Well it’s negative-competitor-marketing really. Most of the security players out there do it for some reason. They feel if they can bring a competitor down, they can appear better themselves. Sucuri has done it to them, and they’re doing it too, and they’ve decided to throw us into the mix. 🙂
They make a perfectly legitimate point, but notice the line:
“It may soon be possible to create a malicious file that shares the same MD5 hash as a legitimate WordPress core file.”
So while it takes them a while, they finally state, to their credit, that this hasn’t been demonstrated yet. But why they put “soon” in there for this article, I don’t know – since they’re referencing information which is nearly 1 decade old. The only thing that’s changed today is not that it’s anything “new”, just that they’re talking about it and singling out vendors.
Our system still works perfectly well and serves the purpose quite effectively. But they’re absolutely right that using a better hashing algorithm just makes good sense.
We’ll definitely switch it to a better hashing algo at some point in the near future. So while I appreciate their public service announcement, our approach is still perfectly viable in the meantime.
Thanks for pointing me to this and asking my opinion 🙂
Cheers!
Thanks for your thoughts, Paul.
I like Wordfence, and use it in conjunction with Shield on many of my sites. And they do a lot of good things to help keep the community safe, so I don’t really want to rag on them. But, I’ve noticed they have a tendency to promote unnecessary alarmism at times.
Plugin Author
Paul
(@paultgoodchild)
Yep, alarmist marketing is rife out there. We’re trying to steer clear of it, as tempting as it is for sales.
I’m curious, what is in Wordfence that you don’t get in Shield? I’d love to hear more about areas you feel we’re falling short.
Thanks!
Shield doesn’t fall short at all. In fact, it has become a very solid security plugin and I love some of the features that extend well beyond what Wordfence provides. I’ve just trusted Wordfence for a very long time and don’t mind running 2 good plugins on my sites.
I will say, however, that I ran into an issue with Wordfence scans causing massive CPU spikes on one of my reseller accounts, which in turn caused my hosting company to suspend a client site. I’ve since removed Wordfence on that site and solely running Shield. Since then, everything has been running smoothly.
