Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Three Incident Response Preparations You Should Be Making

This entry was posted in General Security, Learning on July 10, 2018 by Mikey Veenstra   7 Replies

In the context of cybersecurity, the adage "An ounce of prevention is worth a pound of cure" is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time spent implementing them is nominal compared to the time that would be spent responding in the aftermath of a successful attack....read more

Details of an Additional File Deletion Vulnerability – Patched in WordPress 4.9.7

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 5, 2018 by Matt Barry   4 Replies

Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges. Some details can be found on the WordPress.org blog....read more

Optimizing Wordfence Security Settings: Brute Force Protection

This entry was posted in Wordfence, WordPress Security on July 5, 2018 by Kathy Zant   15 Replies

As a part of the Wordfence Client Partner initiative, we’ve recently had some in depth conversations with organizations using Wordfence at scale. These conversations have been enlightening, and we wanted to share some of the stories we’ve heard about how different organizations use Wordfence....read more

Arbitrary File Deletion Flaw Present in WordPress Core

This entry was posted in Vulnerabilities, WordPress Security on June 27, 2018 by Mikey Veenstra   41 Replies

The security community has been abuzz this week following the disclosure of a vulnerability present in all current versions of WordPress. The flaw, published in a detailed report by RIPS Technologies, allows any logged-in user with an Author role or higher to delete files on the server....read more

Top Tools for Security Analysts in 2018

This entry was posted in General Security, Research, WordPress Security on June 26, 2018 by Mikey Veenstra   4 Replies

Last spring, after discussing the tools and tech used by our team, we published a list of 51 Tools for Security Analysts. The article was well-received, and the comments offered some great suggestions to top it all off....read more

New Feature: Custom Premium Development Subdomains

This entry was posted in Wordfence on June 21, 2018 by Kathy Zant   5 Replies

Two weeks ago we announced the release of a new Wordfence feature that automatically allows Wordfence Premium customers to use their premium license key to secure a specific list of staging, development or test subdomains. This week we've taken that a step further, releasing a feature to allow your Wordfence Premium license to secure custom staging, development and staging domains....read more

BabaYaga: The WordPress Malware That Eats Other Malware

This entry was posted in Research, WordPress Security on June 6, 2018 by Mikey Veenstra   15 Replies

Recently, Defiant's analysts have been tracking a particularly sophisticated malware infection responsible for generating spam links and redirection, while still remaining relatively difficult for victims to detect....read more

New Feature: Premium Development Subdomains

This entry was posted in Wordfence on June 5, 2018 by Kathy Zant   28 Replies

For our premium customers using staging, development, or test subdomains for managing their site’s updates and development, we are happy to announce the ability to utilize premium licenses across subdomains for a premium installation of Wordfence....read more

Wordfence Is GDPR Compliant

This entry was posted in Wordfence on May 22, 2018 by Mark Maunder   65 Replies

Today the team at Defiant completed the required steps to make our organization and services GDPR compliant....read more

Hijacked WordPress.com Accounts Being Used To Infect Sites

This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas   25 Replies

Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement:...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.