Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Dan Moen

New in Wordfence 6.3.11: Abandoned and Removed Plugin Alerts

This entry was posted in Wordfence, WordPress Security on June 20, 2017 by Dan Moen   22 Replies

On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory. In this post, we explain how each of these new alerts work and why they're so important to the security of your website....read more

Home Router Botnet Resumes Attacks

This entry was posted in Research, WordPress Security on June 15, 2017 by Dan Moen   18 Replies

Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled....read more

WordPress Backups Are Critical to Your Security Strategy

This entry was posted in WordPress Security on June 8, 2017 by Dan Moen   10 Replies

On this blog, we often talk about employing a "defense in depth" approach to WordPress security. The majority of our focus is on the prevention and detection features offered by the Wordfence plugin. Today we turn our attention to WordPress backups, an incredibly important remediation topic....read more

The May 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on June 6, 2017 by Dan Moen   8 Replies

Today's post is a continuation of the WordPress Attack Report series we've been publishing since December 2016. Previous versions can be found here: April 2017, March 2017February 2017January 2017 and December 2016....read more

Massive Global Ransomware Attack Underway, Patch Available

This entry was posted in General Security on May 12, 2017 by Dan Moen   30 Replies

UPDATE on Sunday at 1:40PM PST: New variants of WannaCrypt are now emerging. We have posted an updated blog post that includes instructions on how to protect yourself. ...read more

Vulnerability in Easy Forms for MailChimp 6.1.2 and older

This entry was posted in Vulnerabilities, WordPress Security on July 28, 2016 by Dan Moen   1 Reply

Panagiotis Vagenas, a Wordfence Security Researcher, has discovered a reflected cross site scripting vulnerability in the Easy Forms for MailChimp plugin for WordPress. There are over 40,000 active installations according to wordpress.org. We shared the details of the vulnerability with the author on Monday and they released version 6.1.3 on Tuesday, which includes a fix for the vulnerability....read more

New Vulnerability in All in One SEO Pack Plugin 2.3.7 and earlier

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 13, 2016 by Dan Moen   13 Replies

Yesterday morning Panagiotis Vagenas, a Wordfence Security Researcher, discovered a new vulnerability in the All in One SEO Pack WordPress plugin. This is in addition to another serious vulnerability we wrote about yesterday morning in the same plugin....read more

2 Vulnerabilities in Squirrly SEO plugin 6.1.4 and older

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 11, 2016 by Dan Moen   2 Replies

Today the Squirrly SEO team released version 6.1.5 of their WordPress plugin, fixing two security vulnerabilities. They have over 20,000 active users according to wordpress.org. Panagiotis Vagenas, Security Analyst here at Wordfence discovered the vulnerabilities. Details were shared with the author and firewall rules were added to the Wordfence Threat Defense Feed on Friday. The path traversal and privilege escalation vulnerabilities impact versions 6.1.4 and older....read more

Vulnerability in Profile Builder plugin 2.4.0 and older

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 7, 2016 by Dan Moen   3 Replies

Wordfence Security Researcher Panagiotis Vagenas recently discovered a privilege escalation vulnerability in the Profile Builder WordPress plugin, which has over 40,000 active installs according to wordpress.org. We shared the details of the vulnerability with the author yesterday and added a firewall rule to our Threat Defense Feed. The author released version 2.4.1 today which fixes the vulnerability....read more

3 Vulnerabilities in WP Maintenance Mode plugin 2.0.6 and older

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 6, 2016 by Dan Moen   1 Reply

This morning an update to the WP Maintenance Mode plugin, version 2.0.7, was released which included fixes for 3 security vulnerabilities. According to wordpress.org the plugin is very popular, with over 400,000 active users.  The vulnerabilities were discovered by Sean Murphy, Sr. Developer at Wordfence, and we notified the plugin author last week. A firewall rule was added to the Threat Defense Feed at the time of author notification....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.