Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Dan Moen

Video: WordCamp Atlanta Security Panel with Wordfence

This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen   0 Replies

In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites....read more

Meet the Defiant Team

This entry was posted in Wordfence on September 25, 2018 by Dan Moen   13 Replies

In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team....read more

Wordfence: Live On Tour In A City Near You

This entry was posted in Videos, WordPress Security on August 24, 2018 by Dan Moen   12 Replies

This year we've attended and sponsored quite a few WordCamps, and have had members of our team speak at some as well. If you haven’t attended one recently we highly recommend it. They're a great opportunity to learn and connect with other members of the WordPress community....read more

Announcing Revamped Volume Pricing for Premium Licenses

This entry was posted in Wordfence on August 22, 2018 by Dan Moen   6 Replies

This year we have been very focused on the needs of agencies and other organizations with lots of sites to protect. We’ve spoken with many of you and have a clear picture of what we can do to make Wordfence work even better for you....read more

Known WordPress Threat Actor Under Investigation For Prescription-Free Online Pharmacy

This entry was posted in Miscellaneous on August 8, 2018 by Dan Moen   10 Replies

Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses....read more

Brad Haas Discusses BabaYaga Malware on the CyberWire Podcast

This entry was posted in WordPress Security on July 31, 2018 by Dan Moen   0 Replies

In early June we published an article and accompanying white paper detailing an interesting malware infection which we've internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups and even scans for and removes malware....read more

How the Wordfence Scanner Protects Your Site

This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen   8 Replies

When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally important role, alerting you to myriad of security findings that help you keep your site secure and respond quickly if you get hacked....read more

Introducing High Demand Pricing for Security Services

This entry was posted in Wordfence on April 5, 2018 by Dan Moen   15 Replies

In Summer 2016,  we began offering a site cleaning service for people with hacked websites. In Spring 2017, we added a second service: site security audits. The popularity of both services has grown tremendously since then. We now service hundreds of sites every month....read more

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected - about 9% of Drupal sites. They also reported that, to their knowledge, it was not being actively exploited....read more

Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked?

This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen   9 Replies

This question came in from Keith, a Premium Wordfence customer. We've dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in!...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.