Brute Force Attacks, Presidential Candidates and Plugin Vulnerabilities
This entry was posted in General Security, Wordfence, WordPress Security on October 27, 2015 by Mark Maunder 43 Replies
Early this week we are tracking an approximate doubling of brute force attacks (login guessing attacks) on WordPress sites. Our attacks per minute increased from 10,000 per minute to around 20,000 per minute on Monday evening. Historically this is far from the highest we’ve seen, but it’s a clear increase and worth mentioning.
In other news, Jonathan Lampe over at the Infosec Institute ran a few security tests on websites belonging to presidential candidates including Donald Trump, Jeb Bush, Bernie Sanders and many others. The only candidate that scored an A for security is Jim Webb and the reason he scored the A is because he is running Wordfence.
No matter which way you’re voting, it’s always nice to hear that Wordfence is helping secure a former Secretary of the Navy’s campaign website.
WordPress 4.4 Beta 1 was released a few days ago and the production release is slated for December 8th. We will of course alert you when it’s time to upgrade, but for planning purposes make sure you’re around to upgrade your site in early December as it may contain security fixes and these are generally not pre-announced.
There are a handful of plugin vulnerabilities you should be aware of this month:
If you are running any of these plugins, make sure you upgrade to the newest version as soon as possible. In some cases technical details of the vulnerabilities will be released later this month which would make the exploit available to hackers targeting your site if you are still running the older version of a vulnerable plugin.
A big thank you to our community for participating in our WordPress Security Survey. We had over 7,000 responses which is spectacular. Our team is hard at work parsing the results as I write this and we’re already seeing data that we think will benefit the community and help us all better understand the community’s security posture and needs. We will be sharing those results with you in the coming weeks.
That’s all for now. The Wordfence Team wishes you an awesome rest-of-the-week!