This entry was posted in Vulnerabilities, WordPress Security on April 10, 2019 by Dan Moen 27 Replies
The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day. The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild. These …
Read More
This entry was posted in Wordfence on February 06, 2019 by Dan Moen 19 Replies
Over the last several months, we have been focused on making Wordfence a better option for organizations with a large number of WordPress sites to protect. To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you haven’t already. …
Read More
This entry was posted in Wordfence, WordPress Security on January 22, 2019 by Dan Moen 13 Replies
If you’ve never taken a few minutes to look at the information available in the Wordfence Live Traffic feature, I strongly recommend it. It gives you a detailed look at what attackers are trying to do to break into your site, and how Wordfence is blocking them. For today’s post we analyzed all of the …
Read More
This entry was posted in WordPress Security on December 13, 2018 by Dan Moen 12 Replies
WordPress 5.0.1 was released Wednesday night, less than a week after the much anticipated release of WordPress 5.0. This security release fixes seven security vulnerabilities, a few of which are quite serious. Sites running versions in the 4.x branch of WordPress core are also impacted by some of the issues. WordPress 4.9.9 was released along …
Read More
This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen 6 Replies
In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites. Part of hacker culture is the art of lock picking, which …
Read More
This entry was posted in Wordfence on September 25, 2018 by Dan Moen 13 Replies
In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team. While we were there we completed a fun project. We created a video with footage …
Read More
This entry was posted in Videos, WordPress Security on August 24, 2018 by Dan Moen 12 Replies
This year we’ve attended and sponsored quite a few WordCamps, and have had members of our team speak at some as well. If you haven’t attended one recently we highly recommend it. They’re a great opportunity to learn and connect with other members of the WordPress community. WPCampus Highlights While not strictly a WordCamp, in …
Read More
This entry was posted in Wordfence on August 22, 2018 by Dan Moen 6 Replies
This year we have been very focused on the needs of agencies and other organizations with lots of sites to protect. We’ve spoken with many of you and have a clear picture of what we can do to make Wordfence work even better for you. To start things off, in June we released a feature …
Read More
This entry was posted in Miscellaneous on August 08, 2018 by Dan Moen 10 Replies
Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses. In the …
Read More
This entry was posted in WordPress Security on July 31, 2018 by Dan Moen 0 Replies
In early June we published an article and accompanying white paper detailing an interesting malware infection which we’ve internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups …
Read More
