Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Dan Moen

How the Wordfence Scanner Protects Your Site

This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen   8 Replies

When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally important role, alerting you to myriad of security findings that help you keep your site secure and respond quickly if you get hacked....read more

Introducing High Demand Pricing for Security Services

This entry was posted in Wordfence on April 5, 2018 by Dan Moen   15 Replies

In Summer 2016,  we began offering a site cleaning service for people with hacked websites. In Spring 2017, we added a second service: site security audits. The popularity of both services has grown tremendously since then. We now service hundreds of sites every month....read more

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected - about 9% of Drupal sites. They also reported that, to their knowledge, it was not being actively exploited....read more

Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked?

This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen   9 Replies

This question came in from Keith, a Premium Wordfence customer. We've dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in!...read more

Wordfence 7 Update

This entry was posted in Wordfence on February 16, 2018 by Dan Moen   29 Replies

It has now been a few weeks since we launched Wordfence 7. Overall we are confident that the change was a good one. The product is now cleaner, more modern and is much easier for a new user to navigate....read more

Introducing Wordfence 7

This entry was posted in Wordfence on January 24, 2018 by Dan Moen   72 Replies

Wordfence is the most popular WordPress security software in the world for good reason. The protection offered by the endpoint firewall outperforms alternatives. The scanner delivers the best detection in the industry. A long list of other features like country blocking, two-factor authentication and password auditing make Wordfence the best and most comprehensive security solution available for WordPress....read more

WordPress Supply Chain Attacks: An Emerging Threat

This entry was posted in WordPress Security on January 3, 2018 by Dan Moen   22 Replies

In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site....read more

Three Plugins Backdoored in Supply Chain Attack

This entry was posted in Research, WordPress Security on December 27, 2017 by Dan Moen   54 Replies

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. "Closing" a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins....read more

New Service Vulnerability Disclosure Policy

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on December 13, 2017 by Dan Moen   49 Replies

The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk. In some cases, the issue is quite severe, putting thousands of websites at risk simultaneously. In these instances, our standard approach has been to contact the service provider directly, provide them with the details and work with them toward resolution. Lately these issues have become more common, so we've decided to formalize our approach going forward, updating our Vulnerability Disclosure Policy to specifically address these scenarios....read more

Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking?

This entry was posted in Ask Wordfence, WordPress Security on November 15, 2017 by Dan Moen   19 Replies

This is the fifth installment in a new series we started last month called Ask Wordfence. You can access previous posts here....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.