[RawInfoSec]

At best, this article is amateur hour for WordFence. It's focused on the topmost layers of the OSI model in an ecosystem requiring attention at all layers, from the wire -> up. Don't sell your product as anything more than consumer grade snake oil.

At the top, whether WordPress is secure or not has zero impact on a properly designed network. If a company is dumb enough to use WordPress on internal hosts, they have bigger problems. Add to this, that a properly designed network should have mitigated the chance that a web server be compromised and at least segregate the network and provide access control to sensitive data.

In short, the network was doomed regardless if WordFence was in place or not and it's damned irresponsible for WordFence to suggest they could protect clients from the kind of attack which played out here.

WordFence are a typical WordPress development company, in that they're web developers first, security / network experts when they need to make a sale.... It's consumer grade crap, which is why this article needs to be treated as such.

I should also mention that just because a web server has an outside IP in the same subnet as the mail server pool, doesn't mean it's on the same physical network. It could be on it's own completely separate physical network or segmented via vlans with full access controls in place. If you understood network security you would know how NAT works.

These guys got hacked because they failed on every level of network best practice or even the fundamentals. Taking advantage of this to sell a product which is equally as naive, is as I said, irresponsible if not negligent.

[RawInfoSec]

Forgot to mention, the RevSlider exploit used on your demo video will not give full access to the system as you stated. It'll give only access which the web server is currently executing as; www-data has no access beyond the webroot.

So your engaging in FUD as well.

I'm not sure why you've decided that they had no firewall in place before. You're not offering any data to support this other than the clear change in hosting which recently took place. This shows a reaction which is perfectly normal, it shows nothing in terms of firewalls.

All I am seeing is speculation after speculation in your article, with absolutely zero forensic evidence of your claim. You're not even addressing the fact that their Exchange server running an older OWA was running an improperly configured SSL certificate which left SSLv3 enabled, leaving it wide open to DROWN.

I'm also seeing many thanks in your comments, and seeing folks mention buying into your product. What I don't see though is you setting these people straight that WordFence is only a tiny part of a much larger solution and that WordFence would have done absolutely nothing to prevent this breach. I'm also not seeing my comment either, but that's okay.