Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Episode 100: How to Lose 6 Figures the Easy Way

This entry was posted in Podcasts on January 15, 2021 by Kathy Zant   0 Replies

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that almost cost a homebuyer a significant amount. We review the warning signs seen in this …
Read More

Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on January 12, 2021 by Chloe Chamberland   1 Reply

On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites. One of these flaws made it possible for attackers with contributor level access or above to escalate their privileges to those of an administrator and potentially take over a WordPress …
Read More

Who Attacked SolarWinds and Why WordPress Users Need to Know

This entry was posted in General Security, Research, WordPress Security on December 24, 2020 by Chloe Chamberland   18 Replies

Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on …
Read More

SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

This entry was posted in General Security, WordPress Security on December 23, 2020 by Ram Gall   1 Reply

The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On December 13th the US Treasury Department announced that it had also been compromised. At …
Read More

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

This entry was posted in Podcasts on December 18, 2020 by Kathy Zant   0 Replies

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update …
Read More

A Challenging Exploit: The Contact Form 7 File Upload Vulnerability

This entry was posted in Vulnerabilities, WordPress Security on December 17, 2020 by Ram Gall   1 Reply

Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower. The WordPress plugin directory lists 5+ million sites using Contact Form 7, but we estimate that it has at least 10 million installations. One of the important features of …
Read More

The NoneNone Brute Force Attacks: Even Hackers Need QA

This entry was posted in Research, WordPress Security on December 17, 2020 by Ram Gall   33 Replies

For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. These attacks attempt to guess the password of an authorized user on a site, and some of …
Read More

Episode 98: How Application Passwords Work in WordPress 5.6

This entry was posted in Podcasts on December 11, 2020 by Ram Gall   0 Replies

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card …
Read More

Reflected XSS in PageLayer Plugin Affects Over 200,000 WordPress Sites

This entry was posted in Research, Vulnerabilities, WordPress Security on December 10, 2020 by Ram Gall   2 Replies

On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites. These vulnerabilities could lead to an attacker executing malicious Javascript in an administrator’s browser, which could lead to takeover of a vulnerable WordPress site. We contacted the plugin’s publisher, …
Read More

WordPress 5.6 Introduces a New Risk to Your Site: What to Do

This entry was posted in WordPress Security on December 08, 2020 by Ram Gall   36 Replies

WordPress 5.6, the final major release planned for 2020, comes out today, on December 8, 2020. It includes a few major features and updates, as well as a huge number of minor enhancements and bug fixes. A few changes have immediate implications for security and compatibility which we’ve highlighted in this post for WordPress users. …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates