Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Episode 113: An Unprecedented FBI Operation Removes Webshells from Infected Exchange Servers

This entry was posted in Podcasts on April 16, 2021 by Ram Gall   0 Replies

An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor plugin; these additional plugin vulnerabilities affected over 3.5 million sites with over 100 vulnerable endpoints. …
Read More

Recent Patches Rock the Elementor Ecosystem

This entry was posted in Research, Vulnerabilities, WordPress Security on April 13, 2021 by Ram Gall   6 Replies

This post has been updated with additional plugins that have been patched since its original publication. We will continue to add plugins as they are patched. Over the last few weeks, the Wordfence Threat Intelligence team has responsibly disclosed vulnerabilities in more than 15 of the most popular addon plugins for Elementor, which are collectively …
Read More

Episode 112: Wix Takes Aim at WordPress With New Ad Campaign

This entry was posted in Podcasts on April 09, 2021 by Ram Gall   0 Replies

A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the dark web, and Have I Been Pwned adds a phone number check to help users …
Read More

Vulnerabilities Patched in WP Page Builder

This entry was posted in Research, Vulnerabilities, WordPress Security on April 08, 2021 by Ram Gall   0 Replies

On February 15, 2021, the Wordfence Threat Intelligence team began the responsible disclosure process for several vulnerabilities in WP Page Builder, a plugin installed on over 10,000 sites. These vulnerabilities allowed any logged-in user, including subscribers, to access the page builder’s editor and make changes to existing posts on the site by default. Additionally, any …
Read More

Ten Password Mistakes That Could Get Your WordPress Site Hacked

This entry was posted in General Security, Wordfence, WordPress Security on April 07, 2021 by Chloe Chamberland   2 Replies

A few months ago on Wordfence Live, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. From these common hacks, we have many cautionary tales of site security that could have been prevented by …
Read More

Episode 111: PHP Git Repository Compromised

This entry was posted in Podcasts on April 02, 2021 by Kathy Zant   0 Replies

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of …
Read More

PHP Compromised: What WordPress Users Need to Know

This entry was posted in General Security, Research, WordPress Security on March 29, 2021 by Chloe Chamberland   16 Replies

Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. Remote …
Read More

Episode 110: Active Exploitation Continues on Unpatched Thrive Themes

This entry was posted in Podcasts on March 26, 2021 by Ram Gall   2 Replies

Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences …
Read More

Two Vulnerabilities Patched in Facebook for WordPress Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on March 25, 2021 by Chloe Chamberland   2 Replies

On December 22, 2020, our Threat Intelligence team responsibly disclosed a vulnerability in Facebook for WordPress, formerly known as Official Facebook Pixel, a WordPress plugin installed on over 500,000 sites. This flaw made it possible for unauthenticated attackers with access to a site’s secret salts and keys to achieve remote code execution through a deserialization …
Read More

Recently Patched Vulnerability in Thrive Themes Actively Exploited in the Wild

This entry was posted in Research, Vulnerabilities, WordPress Security on March 24, 2021 by Chloe Chamberland   6 Replies

On March 23, 2021, the Wordfence Threat Intelligence Team discovered two recently patched vulnerabilities being actively exploited in Thrive Theme’s “Legacy” Themes and Thrive Theme plugins that were chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites. We estimate that more than 100,000 WordPress sites are using Thrive Theme products …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates