Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Dan Moen

Known WordPress Threat Actor Under Investigation For Prescription-Free Online Pharmacy

This entry was posted in Miscellaneous on August 8, 2018 by Dan Moen   10 Replies

Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses....read more

Brad Haas Discusses BabaYaga Malware on the CyberWire Podcast

This entry was posted in WordPress Security on July 31, 2018 by Dan Moen   0 Replies

In early June we published an article and accompanying white paper detailing an interesting malware infection which we've internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups and even scans for and removes malware....read more

How the Wordfence Scanner Protects Your Site

This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen   8 Replies

When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally important role, alerting you to myriad of security findings that help you keep your site secure and respond quickly if you get hacked....read more

Introducing High Demand Pricing for Security Services

This entry was posted in Wordfence on April 5, 2018 by Dan Moen   15 Replies

In Summer 2016,  we began offering a site cleaning service for people with hacked websites. In Spring 2017, we added a second service: site security audits. The popularity of both services has grown tremendously since then. We now service hundreds of sites every month....read more

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected - about 9% of Drupal sites. They also reported that, to their knowledge, it was not being actively exploited....read more

Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked?

This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen   9 Replies

This question came in from Keith, a Premium Wordfence customer. We've dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in!...read more

Wordfence 7 Update

This entry was posted in Wordfence on February 16, 2018 by Dan Moen   29 Replies

It has now been a few weeks since we launched Wordfence 7. Overall we are confident that the change was a good one. The product is now cleaner, more modern and is much easier for a new user to navigate....read more

Introducing Wordfence 7

This entry was posted in Wordfence on January 24, 2018 by Dan Moen   72 Replies

Wordfence is the most popular WordPress security software in the world for good reason. The protection offered by the endpoint firewall outperforms alternatives. The scanner delivers the best detection in the industry. A long list of other features like country blocking, two-factor authentication and password auditing make Wordfence the best and most comprehensive security solution available for WordPress....read more

WordPress Supply Chain Attacks: An Emerging Threat

This entry was posted in WordPress Security on January 3, 2018 by Dan Moen   22 Replies

In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site....read more

Three Plugins Backdoored in Supply Chain Attack

This entry was posted in Research, WordPress Security on December 27, 2017 by Dan Moen   54 Replies

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. "Closing" a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.