Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

New Attacker Scanning for SSH Private Keys on Websites

This entry was posted in General Security, WordPress Security on October 18, 2017 by Mark Maunder   16 Replies

Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem....read more

PSA: Severe Vulnerability in All Wi-Fi Devices

This entry was posted in General Security on October 16, 2017 by Mark Maunder   77 Replies

This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact....read more

12.8% of Sites Have Sensitive File Disclosure Vulnerabilities

This entry was posted in Vulnerabilities, WordPress Security on October 12, 2017 by Dan Moen   3 Replies

As you probably know we launched Gravityscan this May. Gravityscan is a security scanner for any website that serves as a great complement to Wordfence. Yesterday we were analyzing aggregate scan result data from Gravityscan, and we noticed data that surprised us: 12.8% of sites we scan have at least one sensitive file visible to anyone on the internet....read more

Ask Wordfence Episode 2: How to Secure an Old Version of WordPress

This entry was posted in Videos on October 10, 2017 by Mark Maunder   5 Replies

Today we are publishing episode 2 of our "Ask Wordfence" series. Today's question comes from Ilko in Bulgaria who would like to know how to secure an old outdated WordPress installation....read more

Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on October 6, 2017 by Dan Moen   24 Replies

We have received a number of questions regarding the Postman SMTP plugin which was removed from the WordPress.org directory this week. According to an archived snapshot, the plugin is installed on over 100,000 websites. We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed. Both Wordfence Free and Premium users who have the firewall enabled have been protected against attempts to exploit this vulnerability from day one. In addition, we alerted all Wordfence users who have the plugin installed when it was removed from the plugin directory....read more

The September 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on October 6, 2017 by Dan Moen   5 Replies

This edition of the WordPress Attack Report is a continuation of the monthly series we've been publishing since December 2016. Reports from the previous months can be found here....read more

Gravityscan Lowers Price and Adds Free Trial

This entry was posted in General Security on October 5, 2017 by Mark Maunder   6 Replies

We have an exciting announcement today regarding the Gravityscan project. As you know the Wordfence team launched Gravityscan on May 16th of this year. Gravityscan is designed to provide malware and vulnerability scanning for any website....read more

Ask Wordfence Episode 1: Setting Up Minimum Viable WordPress Security

This entry was posted in Videos, WordPress Security on October 3, 2017 by Mark Maunder   28 Replies

Last week we emailed a small group of our customers asking them to contribute questions for a series of videos we will be running. We received questions from many of you, so thank you very much for participating!...read more

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on October 2, 2017 by Brad Haas   6 Replies

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of nowhere, and even sites with access logs only showed a POST request to /wp-admin/admin-ajax.php at the time the file was created. But we captured the attacks in our threat data, and our lead developer Matt Barry was able to reconstruct the exploits. We quickly pushed new WAF rules to block these exploits. Premium customers received the new rules and were protected immediately. We also notified the plugin authors; all three have published updates to fix the vulnerabilities....read more

9 WordPress Plugins Targeted in Coordinated 4.5-Year Spam Campaign

This entry was posted in WordPress Security on September 20, 2017 by Mark Maunder   70 Replies

On Tuesday last week we published a post that described how someone had released an update to the Display Widgets plugin which contained a backdoor that allowed them to publish content to any site using the plugin. We also described how they exploited that backdoor to publish spam....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.