Don't Use WordFence!

Hi everyone,

We’ve been receiving a couple of reports from our customers that WordFence has marked our Festinger Vault plugin as malicious. So I went ahead and installed the FV plugin on one of our demo websites and I noticed that they are marking our plugin as malicious without any valid reasons (I’ll explain to you in a bit).

You might see a warning like this:

:warning: THIS IS A FALSE POSITIVE – READ HERE WHY!

We got shocked when we read this message and directly contacted the customer support of WordFence to see why our domain was listed as malicious.

Here is the email conversation with our initial question about why our domain was blacklisted:

And here is the reply from WordFence:


TLDR: we’re not providing any malicious plugins or themes and our Festinger Vault plugin is 100% safe to use, but a shady company such as WordFence decided to class non-malware as malware because they don’t like our business model.

You should consider removing WordFence as it’s marking legitimate business as malware. A very shady move if you personally ask me.

Just my 2 cents, as our Festinger Vault plugin, is 100% safe to use.

And our code is 100% open source; so you can see our entire process.

I’m really sorry to see that such a wonderful company that keeps thousands of WP instances safe decided to class non-malware as malware when that’s not true.

I’m leaving this topic open for any discussion, but I wanted to post this to make people aware.

Have a good weekend,
Martin (CEO Festinger Vault)

7 Likes

:thinking: so if they can mark the Festinger Vault plugin as malicious, I wonder how many actual malicious plugins were marked as safe, for any reasons, like bribery?

1 Like

It is still very scary, why isn’t it fixable?

2 Likes

I throwed that fckn plugin out years ago,. no need for a resource eating plugin like that. Loginizer and BBQ Pro is all you need to secure your “normal” site. Tell them to EAT SHT and remove their plugin from the Vault, don´t give them more advertising for free.

1 Like

Dear CEO,

Don’t Be Angry, As a Kind Move From Me,

I WILL RATE THEM 1 ON WORDPRESS Plugins place :slight_smile:

Hope All of us do same

Thanks

3 Likes

image

3 Likes

I wonder how much money he took to sell the principle

if he accuses an innocent person, I am sure he harbors many thieves.

So How many (malicious plugins) did he pass safely to the users, hmm

1 Like

I use Defender. Free and 10x better.

1 Like

OK, let’s analyse Wordfence’s core arguments:

  1. Use of trademark logo - OK, I understood that. They got the point. That’s the whole point of the trademark. But you do not infringe it by saying the Wordfence is yours. It’s a different use case.

  2. Distribute nulled plugin - for God’s sake, it’s GPL - if it’s not allowed, they should also remove their plugin from the WordPress repo. They know they cannot fight in legality because GPL is a viral license, and everything published under it is licensed as such - we can distribute it.
    I remember ERPNext = a GPL ERP system, allowing us to do whatever we want with it, except saying it’s ours or using the ERPnext name.

True, very true!

@roibox → I am checking BBQ Pro as I haven’t used that personally.

Is it better compared to a firewall like CloudFlare?

1 Like

@Festinger Using an external firewall is always better, but I want my stuff as secure as possible so I use BBQ Pro on all my sites even the ones that I use an external one from the hosting. Jeff that built the BBQ plugin is an old time legend when it comes to WordPress security. Try it, it blocks whatever you want … =)

Cheers @roibox, I will defo try it out =)

2 Likes

Will wait for your next guide on implementing BBQ then! :slight_smile:

1 Like

Coming here after reading up on the wordfence shenanigans…

@Festinger this is why you should look to implement something like a community powered, category based plugin toplist. I never heard about this BBQ plugin and it seems like a good alternative… I am sure there are a lot of gems for certain use cases that fly under the radar but are known to someone in the community.

100% agreed. We’re considering something like that to implement after the new update on our main website.