Author Archive: Dan Moen
This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen 6 Replies
In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites. Part of hacker culture is the art of lock picking, which …
Read More
This entry was posted in Wordfence on September 25, 2018 by Dan Moen 13 Replies
In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team. While we were there we completed a fun project. We created a video with footage …
Read More
This entry was posted in Videos, WordPress Security on August 24, 2018 by Dan Moen 12 Replies
This year we’ve attended and sponsored quite a few WordCamps, and have had members of our team speak at some as well. If you haven’t attended one recently we highly recommend it. They’re a great opportunity to learn and connect with other members of the WordPress community. WPCampus Highlights While not strictly a WordCamp, in …
Read More
This entry was posted in Wordfence on August 22, 2018 by Dan Moen 6 Replies
This year we have been very focused on the needs of agencies and other organizations with lots of sites to protect. We’ve spoken with many of you and have a clear picture of what we can do to make Wordfence work even better for you. To start things off, in June we released a feature …
Read More
This entry was posted in Miscellaneous on August 08, 2018 by Dan Moen 10 Replies
Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses. In the …
Read More
This entry was posted in WordPress Security on July 31, 2018 by Dan Moen 0 Replies
In early June we published an article and accompanying white paper detailing an interesting malware infection which we’ve internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups …
Read More
This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen 8 Replies
When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally …
Read More
This entry was posted in Wordfence on April 05, 2018 by Dan Moen 15 Replies
In Summer 2016, we began offering a site cleaning service for people with hacked websites. In Spring 2017, we added a second service: site security audits. The popularity of both services has grown tremendously since then. We now service hundreds of sites every month. Our approach to cleaning or auditing a website requires a highly …
Read More
This entry was posted in General Security on March 29, 2018 by Dan Moen 6 Replies
Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected – about 9% of …
Read More
This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen 9 Replies
This question came in from Keith, a Premium Wordfence customer. We’ve dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in! At a high level, an attacker views a vulnerable website as a juicy collection of resources that they …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 90 million downloads