Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Dan Moen

Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking?

This entry was posted in Ask Wordfence, WordPress Security on November 15, 2017 by Dan Moen   19 Replies

This is the fifth installment in a new series we started last month called Ask Wordfence. You can access previous posts here....read more

Ask Wordfence: How to Limit Security Risks From Plugins

This entry was posted in Ask Wordfence, WordPress Security on November 8, 2017 by Dan Moen   11 Replies

This is the fourth installment in a new series we started last month. You can access previous posts here....read more

The October 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on November 6, 2017 by Dan Moen   3 Replies

This month's WordPress Attack Report is a continuation of a series we have been publishing since December 2016. Reports from the previous months can be found here....read more

12.8% of Sites Have Sensitive File Disclosure Vulnerabilities

This entry was posted in Vulnerabilities, WordPress Security on October 12, 2017 by Dan Moen   5 Replies

As you probably know we launched Gravityscan this May. Gravityscan is a security scanner for any website that serves as a great complement to Wordfence. Yesterday we were analyzing aggregate scan result data from Gravityscan, and we noticed data that surprised us: 12.8% of sites we scan have at least one sensitive file visible to anyone on the internet....read more

Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on October 6, 2017 by Dan Moen   24 Replies

We have received a number of questions regarding the Postman SMTP plugin which was removed from the WordPress.org directory this week. According to an archived snapshot, the plugin is installed on over 100,000 websites. We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed. Both Wordfence Free and Premium users who have the firewall enabled have been protected against attempts to exploit this vulnerability from day one. In addition, we alerted all Wordfence users who have the plugin installed when it was removed from the plugin directory....read more

The September 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on October 6, 2017 by Dan Moen   5 Replies

This edition of the WordPress Attack Report is a continuation of the monthly series we've been publishing since December 2016. Reports from the previous months can be found here....read more

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

This entry was posted in Wordfence, WordPress Security on September 19, 2017 by Dan Moen   12 Replies

WordPress sites are under constant attack by criminals around the world. It is unnerving to see them at work, looking for security vulnerabilities to exploit and trying thousands of passwords. And when they are successful, they inflict pain in the form of lost revenue, damaged reputation and clean-up expenses. It's no wonder that Wordfence users love our blocking features. There's nothing more satisfying than taking direct action against an evil adversary....read more

The August 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on September 15, 2017 by Dan Moen   6 Replies

This is the ninth edition of the WordPress Attack Report series we've been publishing since December 2016. You can find reports from the previous months here:...read more

The July 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on August 10, 2017 by Dan Moen   8 Replies

This post is a continuation of the WordPress Attack Report series we've been publishing since December 2016. Reports from previous months can be found here:...read more

The June 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on July 12, 2017 by Dan Moen   5 Replies

Today's post is a continuation of the WordPress Attack Report series we've been publishing since December 2016. Previous months' reports can be found here:...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.