Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 45: Securing and Scaling eCommerce with Zach Stepek

This entry was posted in Podcasts on September 20, 2019 by Kathy Zant   0 Replies

This week, our lead customer service engineer Tim Cantrell interviews Zach Stepek, CEO of MindSize, a digital agency focused on helping customers scale and succeed with eCommerce. Zach talks about how he got started with WordPress and WooCommerce, new features in JetPack that add functionality to WooCommerce, and how critical security is to site owners …
Read More

Podcast Episode 44: Unpacking the WordPress 5.2.3 Security Release

This entry was posted in Podcasts on September 10, 2019 by Kathy Zant   6 Replies

WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been …
Read More

Episode 43: Wordfence Research on Malvertising Campaign Makes the News

This entry was posted in Podcasts on September 05, 2019 by Kathy Zant   0 Replies

This week, we chat about the plan for WordPress 5.3 and some of the new features we will see added to WordPress in November, including many improvements to the editor. We will also see a switch from robots.txt files to meta tags for better control over search engine indexing. We also cover the latest developments …
Read More

The WordPress 5.2.3 Security Release Unpacked

This entry was posted in Vulnerabilities, WordPress Security on September 05, 2019 by Mark Maunder   2 Replies

WordPress core version 5.2.3 has just been released. This is a security release which contains several fixes. I’m going to detail each of them below and unpack what each fix means and add any additional info that may be relevant. Seven of the eight vulnerabilities fixed in this release are cross site scripting (XSS) vulnerabilities. Wordfence …
Read More

Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins

This entry was posted in Research, WordPress Security on August 30, 2019 by Mikey Veenstra   10 Replies

In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More

Podcast Episode 42: Building WordPress Websites that Convert with Bill Rice

This entry was posted in Podcasts on August 29, 2019 by Kathy Zant   0 Replies

 Bill Rice is the CEO of Kaleidico, a digital agency in Michigan. We chatted at WordCamp Minneapolis about WordPress and the community, and his work creating websites that convert. Bill spoke at WordCamp Minneapolis about trends in WordPress website design that allow businesses to deeply engage with site visitors. Mobile browsing has changed the …
Read More

Malicious WordPress Redirect Campaign Attacking Several Plugins

This entry was posted in Research, WordPress Security on August 23, 2019 by Mikey Veenstra   23 Replies

Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations. Each of the vulnerabilities targeted by this campaign have been public for …
Read More

Podcast Episode 41: KidsCamp and the Next Generation of WordPress Users with Sandy Edwards

This entry was posted in Podcasts on August 22, 2019 by Kathy Zant   0 Replies

 As of WordCamp Boston 2019, Sandy Edwards has organized 26 KidsCamps across the US. We talk about what kids do at a WordPress KidsCamp, the success these kids have had publishing with WordPress, and how Sandy teaches basic internet safety and security to the next generation of WordPress users. Sandy is an organizer at …
Read More

Wordfence Now Works on WP Engine and with Load Balancers

This entry was posted in Wordfence on August 21, 2019 by Matt Barry   15 Replies

Today we are launching a version of Wordfence containing a new feature for sites on hosting providers with read-only file systems such as WP Engine or for environments where multiple web servers are behind a load balancer. This new feature uses a MySQL storage engine for firewall attack data to protect WordPress sites in complex …
Read More

Podcast Episode 40: WordPress Considers Ditching Signed Core Updates

This entry was posted in Podcasts on August 20, 2019 by Kathy Zant   0 Replies

A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week’s episode we chat about the history behind …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates