I’m Francesco, and over the last six months, I’ve found over 300 bugs in WordPress plugins. Some are small, while others are in plugins that lots of people use.
When I’m not bug hunting, I manage the security for high-traffic WordPress sites running custom code. This is my first attempt at doing an AMA, so feel free to ask me anything related to WordPress security, whether you’re a developer, site owner, or just a regular user.
Arlen said:
Why are there so many repeated comments on this post? Looks weird.
Also, what’s your take on virtual patches? Do you think they’re effective?
Yeah, I noticed the repeated comments too. Maybe something went wrong when the post was uploaded.
About virtual patches, they’re basically managed firewall rules. They can be really effective for some types of vulnerabilities like SQL injection or XSS. But for others, like IDORs, they might not be enough. They’re great as a temporary fix, but addressing the core issue is always better.
Lex said: @Leighton
Interesting! Can you share an example of one of those scripts?
Sure! One example: I look for hooks like wp_ajax_nopriv that can be accessed by unauthenticated users. A simple grep command like this can do the trick:
@Leighton
A great tip! I also recommend using the -B and -A options with grep to see the lines before and after the match. It gives you context and makes it easier to review without opening the file in an editor.