Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Dan Moen

Wordfence Blog

Introducing Wordfence Central

This entry was posted in Wordfence on February 06, 2019 by Dan Moen   19 Replies

Over the last several months, we have been focused on making Wordfence a better option for organizations with a large number of WordPress sites to protect. To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you haven’t already. …
Read More

Analyzing a Week of Blocked Attacks

This entry was posted in Wordfence, WordPress Security on January 22, 2019 by Dan Moen   13 Replies

If you’ve never taken a few minutes to look at the information available in the Wordfence Live Traffic feature, I strongly recommend it. It gives you a detailed look at what attackers are trying to do to break into your site, and how Wordfence is blocking them. For today’s post we analyzed all of the …
Read More

WordPress 5.0.1 Security Release – Immediate Update Recommended

This entry was posted in WordPress Security on December 13, 2018 by Dan Moen   12 Replies

WordPress 5.0.1 was released Wednesday night, less than a week after the much anticipated release of WordPress 5.0. This security release fixes seven security vulnerabilities, a few of which are quite serious. Sites running versions in the 4.x branch of WordPress core are also impacted by some of the issues. WordPress 4.9.9 was released along …
Read More

Video: WordCamp Atlanta Security Panel with Wordfence

This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen   6 Replies

In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites. Part of hacker culture is the art of lock picking, which …
Read More

Meet the Defiant Team

This entry was posted in Wordfence on September 25, 2018 by Dan Moen   13 Replies

In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team. While we were there we completed a fun project. We created a video with footage …
Read More

Wordfence: Live On Tour In A City Near You

This entry was posted in Videos, WordPress Security on August 24, 2018 by Dan Moen   12 Replies

This year we’ve attended and sponsored quite a few WordCamps, and have had members of our team speak at some as well. If you haven’t attended one recently we highly recommend it. They’re a great opportunity to learn and connect with other members of the WordPress community. WPCampus Highlights While not strictly a WordCamp, in …
Read More

Announcing Revamped Volume Pricing for Premium Licenses

This entry was posted in Wordfence on August 22, 2018 by Dan Moen   6 Replies

This year we have been very focused on the needs of agencies and other organizations with lots of sites to protect. We’ve spoken with many of you and have a clear picture of what we can do to make Wordfence work even better for you. To start things off, in June we released a feature …
Read More

Known WordPress Threat Actor Under Investigation For Prescription-Free Online Pharmacy

This entry was posted in Miscellaneous on August 08, 2018 by Dan Moen   10 Replies

Last September we published a series of three blog posts exposing a threat actor who had purchased a number of WordPress plugins as part of an elaborate supply chain attack. This ownership enabled him to inject SEO spam into hundreds of thousands of websites, boosting search engine rankings for various illicit online businesses. In the …
Read More

Brad Haas Discusses BabaYaga Malware on the CyberWire Podcast

This entry was posted in WordPress Security on July 31, 2018 by Dan Moen   0 Replies

In early June we published an article and accompanying white paper detailing an interesting malware infection which we’ve internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups …
Read More

How the Wordfence Scanner Protects Your Site

This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen   8 Replies

When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally …
Read More


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates