Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

WordPress Supply Chain Attacks: An Emerging Threat

This entry was posted in WordPress Security on January 3, 2018 by Dan Moen   22 Replies

In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site....read more

Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature

This entry was posted in Wordfence, WordPress Security on December 28, 2017 by Matt Barry   7 Replies

Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion clear text credentials. No one had seen 14% of the exposed username/password pairs before, making this a ripe opportunity for hackers to attempt to break into WordPress sites....read more

Three Plugins Backdoored in Supply Chain Attack

This entry was posted in Research, WordPress Security on December 27, 2017 by Dan Moen   54 Replies

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. "Closing" a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins....read more

Massive Cryptomining Campaign Targeting WordPress Sites

This entry was posted in Research, WordPress Security on December 19, 2017 by Brad Haas   31 Replies

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks....read more

Backdoor in Captcha Plugin Affects 300K WordPress Sites

This entry was posted in WordPress Security on December 19, 2017 by Matt Barry   105 Replies

The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using "WordPress" [Editors note: the original page has been removed, we're now linking to a screen shot.] in their brand name....read more

Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC

This entry was posted in WordPress Security on December 18, 2017 by Mark Maunder   50 Replies

A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour....read more

New Service Vulnerability Disclosure Policy

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on December 13, 2017 by Dan Moen   49 Replies

The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk. In some cases, the issue is quite severe, putting thousands of websites at risk simultaneously. In these instances, our standard approach has been to contact the service provider directly, provide them with the details and work with them toward resolution. Lately these issues have become more common, so we've decided to formalize our approach going forward, updating our Vulnerability Disclosure Policy to specifically address these scenarios....read more

Wordfence Is Now Defiant

This entry was posted in Wordfence on November 21, 2017 by Mark Maunder   12 Replies

Today we are announcing that our company name is changing to Defiant Inc. Over the past 5 years we have grown significantly and have expanded beyond WordPress. As a security organization, we now have a stable of products and services to offer our customers. To reflect this change, we are changing the name of the company that produces Wordfence to Defiant Inc....read more

Vulnerabilities in Formidable Forms, Duplicator and Yoast SEO Plugins

This entry was posted in Vulnerabilities, WordPress Security on November 16, 2017 by Mark Maunder   16 Replies

Vulnerabilities have been reported in the Formidable Forms, Duplicator and Yoast SEO WordPress plugins. The Premium version of Wordfence protects against all of these vulnerabilities, even if you have not updated your plugins yet. We do recommend that you update immediately, whether or not you are using the Premium version of Wordfence....read more

Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking?

This entry was posted in Ask Wordfence, WordPress Security on November 15, 2017 by Dan Moen   19 Replies

This is the fifth installment in a new series we started last month called Ask Wordfence. You can access previous posts here....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.