We at SiteGround monitor popular plugins and when and if possible we apply protection rules in our Web Application Firewalls. However, it’s not up to the hosting provider to patch and fix security problems withing plugins.
I would recommend that if you’re aware of the vulnerability to contact privately the plugin developers providing them with the necesary information so they can patch it. If they do not react, I would say that you just start using a different plugin.
True, it’s not up to the host to patch and fix security problems with plugins. I don’t think that was the point of my post. Hence why I recommend using Sucuri (SiteGround recommends them as well) for security protection on your WordPress site. WPEngine, however, doesn’t allow plugins with vulnerabilities to be added to your site in the first place, which SiteGround doesn’t do, which is why I recommend WPEngine first, SiteGround second.
The plugin developers of the two vulnerabilities (twentyseventeen theme by WORDPRESS, and Ultimate Member plugin by UltimateMember) had already provided a patch, but it was AFTER infections occurred, and there was no offer from them to fix the problems that their vulnerability issues caused. This started back in 2017, and that SiteGround couldn’t even find the malware the first time I asked for assistance says a lot about the lack of security SiteGround has. It doesn’t mean SiteGround is the worst, but if you want a secure environment for your WordPress site, WPEngine is the only host I am aware of that protects WordPress sites by not allowing vulnerable plugins to be uploaded to their servers.
Thanks for your feedback.
