Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 31: Securing Sensitive Data in the Cloud with Chris Teitzel

This entry was posted in Podcasts on July 19, 2019 by Kathy Zant   0 Replies

 At WordCamp Europe, Mark chats with Chris Teitzel, CEO and founder of Lockr. Lockr is a key management system for websites using CMSs like WordPress and Drupal. Chris talks about the challenges of securing sensitive information and how Lockr makes secure key management affordable. Chris speaks on security topics at WordCamps and DrupalCons around …
Read More

Podcast Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

This entry was posted in Podcasts on July 17, 2019 by Kathy Zant   0 Replies

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA, …
Read More

Critical Vulnerability Patched in Ad Inserter Plugin

This entry was posted in Research, Vulnerabilities, WordPress Security on July 15, 2019 by Sean Murphy   3 Replies

Description: Authenticated Remote Code Execution Affected Plugin: Ad Inserter Affected Versions: <= 2.4.21 CVSS Score: 9.9 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H On Friday, July 12th, our Threat Intelligence team discovered a vulnerability present in Ad Inserter, a WordPress plugin installed on over 200,000 websites. The weakness allowed authenticated users (Subscribers and above) to execute arbitrary PHP …
Read More

Podcast Episode 29: iThemes Security Creator Chris Wiegman on Flying, Plugins & Developer Tools

This entry was posted in Podcasts on July 12, 2019 by Kathy Zant   0 Replies

At WordCamp Atlanta, Mark sat down with Chris Wiegman, the creator of Better WP Security. Now known as iThemes Security, it is installed on over 900,000 WordPress sites. Chris talks about his experiences as a flight captain flying over the Hawaiian islands and what happened when an earthquake occurred shortly after takeoff. He also talks …
Read More

Podcast Episode 28: Zoom Zero-Day Vulnerability, WP Engine Buys Flywheel, and Other News

This entry was posted in Podcasts on July 09, 2019 by Kathy Zant   0 Replies

A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid]  with the process ID: $> lsof -i :19421 $> kill -9 [pid] $> rm -rf ~/.zoomus $> …
Read More

Podcast Episode 27: Liquid Web COO Carrie Wheeler talks Leadership and Transitioning from Tech

This entry was posted in Podcasts on July 05, 2019 by Kathy Zant   0 Replies

Liquid Web COO Carrie Wheeler chatted with Mark at WordCamp Atlanta about her path from developer to leadership in the tech field. She talks about the three things all people look for in their jobs and how to provide context so they feel connected to an organization’s mission. She also talks about the competitive hosting …
Read More

Podcast Episode 26: How Hackers Find Vulnerabilities in WordPress with Ryan Dewhurst

This entry was posted in Podcasts on June 27, 2019 by Kathy Zant   1 Reply

Ryan Dewhurst is an ethical hacker and penetration tester who has developed a number of tools that make finding vulnerabilities in WordPress much easier. Penetration testers are professional ethical hackers that find vulnerabilities so they can be patched before they are exploited. Ryan is one of three contributors to WPScan, a command line tool that …
Read More

Podcast Episode 25: WordCamp EU Wraps Up and WordPress Security News

This entry was posted in Podcasts on June 24, 2019 by Kathy Zant   0 Replies

From Berlin we talk about our experience attending the largest WordCamp in the world and then dive into the news. We discuss 2,600 hacked WordPress sites being used for a free proxy service, Iranian cyber attacks, an attack at JPL affecting NASA and a WeTransfer security incident. We also cover a phishing breach at Oregon …
Read More

Podcast Episode 24: How Focusing on a Single Vertical Helps an Agency Succeed with Frank Robinson

This entry was posted in Podcasts on June 21, 2019 by Kathy Zant   2 Replies

Mark sat down with Frank Robinson at WordCamp Atlanta a few weeks ago. Frank started Salon Media 22 in 2008, an agency focused on building sites and digital media in the beauty industry. Frank is a software designer and entrepreneur growing his business. We talk about why he focused on the beauty industry and how …
Read More

Podcast Episode 23: Security News from WCEU in Berlin

This entry was posted in Podcasts on June 20, 2019 by Kathy Zant   0 Replies

This week, we’re at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what’s new in WordPress version 5.2.2, vulnerabilities in two of Facebook’s WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates