Are you saying that someone can never make an accurate statement about a competitor? That’s just silly.
All you need to do is evaluate each of the statements made there for yourself. Is any of them untrue?
The answer is that they are all accurate. (You’ll note that I voiced my own criticism on this thread months before the blog post to which I linked was posted.)
Maybe you don’t feel you have the expertise to judge whether those statements are true. That’s exactly what Wordfence’s PR relies on.
Here’s a classic example. Wordfence either doesn’t know the difference between a brute force attack and a dictionary attack or (more likely) it does but claims that the latter is the former because a bit of a scare is great PR to get people to buy their wares. So if someone installs Wordfence, which says that the site is experiencing a brute force attack, but that Wordfence is keeping the site safe, then users feel that the plugin is doing a great job and is worth every penny. But the plugin isn’t really doing anything useful at all because the hack attempt is a dictionary attack, and that will never work if you have a strong password. So Wordfence essentially makes itself sound good by lying.
That’s actually similar to how I came to try it, though it wasn’t a site I own.There had been a massive hack from Eastern Europe, and the advice I received was to install Wordfence both to help clean everything up and to prevent future such hacks. But Wordfence then gave me false positives all over the place and provided advice that didn’t address the issues at all. It wasted days of my time for no reason.
So I got rid of it, and did my own security mitigations instead. That site is still regularly targeted by hackers in Russia and Ukraine – sometimes for days on end. But they are using dictionary attacks, so have no chance of getting in, and I know I don’t have to go in and fiddle uselessly with meaningless settings to achieve nothing at all.