Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

WSO Shell: The Hack Is Coming From Inside The House!

This entry was posted in Vulnerabilities, WordPress Security on June 22, 2017 by Andie La-Rosa   11 Replies

Imagine that one day you discover that a burglar has broken into your home and attempted to make off with your big-screen TV. Fearing for your safety, you immediately contact local law enforcement, and they promptly apprehend the criminal. But to your horror, as they drag the burglar away in handcuffs, they have an additional shocking revelation: the burglar has not only been living in the basement of your home for months, entirely undetected by you, but he's also converted your basement into an elaborate base for all of his criminal operations. ...read more

New in Wordfence 6.3.11: Abandoned and Removed Plugin Alerts

This entry was posted in Wordfence, WordPress Security on June 20, 2017 by Dan Moen   22 Replies

On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory. In this post, we explain how each of these new alerts work and why they're so important to the security of your website....read more

Home Router Botnet Resumes Attacks

This entry was posted in Research, WordPress Security on June 15, 2017 by Dan Moen   18 Replies

Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled....read more

WordPress Backups Are Critical to Your Security Strategy

This entry was posted in WordPress Security on June 8, 2017 by Dan Moen   10 Replies

On this blog, we often talk about employing a "defense in depth" approach to WordPress security. The majority of our focus is on the prevention and detection features offered by the Wordfence plugin. Today we turn our attention to WordPress backups, an incredibly important remediation topic....read more

The May 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on June 6, 2017 by Dan Moen   8 Replies

Today's post is a continuation of the WordPress Attack Report series we've been publishing since December 2016. Previous versions can be found here: April 2017, March 2017February 2017January 2017 and December 2016....read more

PSA: OneLogin Breached. Here’s What You Need to Do.

This entry was posted in General Security on June 1, 2017 by Mark Maunder   19 Replies

This is a public service announcement from Wordfence. We are sending this notice to the WordPress community due to the widespread nature and potential severity of this security issue. It has a high likelihood of impacting some of our readers and requires immediate action on their part....read more

7 Popular WordPress Security Myths

This entry was posted in WordPress Security on May 31, 2017 by Andie La-Rosa   45 Replies

Because of its incredible popularity as a platform, WordPress enjoys a sizable, generous community of users that spend their time sharing information, resources, tips and insights with other WordPress users online. Understandably, online security is at the forefront of concerns for many site owners, and a lot of the online conversation about WordPress centers around the best ways to keep your site safe from hackers and security breaches. Despite the best of intentions from most users, there are a few myths surrounding WordPress security that persist and spread like wildfire, even if the recommendations they make don't do anything to keep your site safe....read more

Wordfence Launches WordPress Security Audit Service

This entry was posted in General Security, Wordfence, WordPress Security on May 23, 2017 by Mark Maunder   42 Replies

This morning I am very excited to announce that Wordfence is officially launching a WordPress Security Audit service. Many of our customers have asked us for a service like this and it has finally arrived....read more

WordPress 4.7.5 Security Release – Immediate Update Recommended

This entry was posted in WordPress Security on May 17, 2017 by Mark Maunder   10 Replies

A few hours ago WordPress abruptly released 4.7.5 which is a security release. It fixes six vulnerabilities which are detailed on the wordpress.org blog....read more

Announcing Gravityscan

This entry was posted in General Security on May 16, 2017 by Mark Maunder   58 Replies

Today the Wordfence team has a big announcement. We are launching Gravityscan.com, a completely free vulnerability and malware scanner. You can use Gravityscan to find out if your website has been hacked and if you have any security problems that may lead to a hack in future....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.