Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Mark Maunder

New Attacker Scanning for SSH Private Keys on Websites

This entry was posted in General Security, WordPress Security on October 18, 2017 by Mark Maunder   19 Replies

Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem....read more

PSA: Severe Vulnerability in All Wi-Fi Devices

This entry was posted in General Security on October 16, 2017 by Mark Maunder   80 Replies

This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact....read more

Ask Wordfence Episode 2: How to Secure an Old Version of WordPress

This entry was posted in Videos on October 10, 2017 by Mark Maunder   5 Replies

Today we are publishing episode 2 of our "Ask Wordfence" series. Today's question comes from Ilko in Bulgaria who would like to know how to secure an old outdated WordPress installation....read more

Gravityscan Lowers Price and Adds Free Trial

This entry was posted in General Security on October 5, 2017 by Mark Maunder   6 Replies

We have an exciting announcement today regarding the Gravityscan project. As you know the Wordfence team launched Gravityscan on May 16th of this year. Gravityscan is designed to provide malware and vulnerability scanning for any website....read more

Ask Wordfence Episode 1: Setting Up Minimum Viable WordPress Security

This entry was posted in Videos, WordPress Security on October 3, 2017 by Mark Maunder   28 Replies

Last week we emailed a small group of our customers asking them to contribute questions for a series of videos we will be running. We received questions from many of you, so thank you very much for participating!...read more

9 WordPress Plugins Targeted in Coordinated 4.5-Year Spam Campaign

This entry was posted in WordPress Security on September 20, 2017 by Mark Maunder   70 Replies

On Tuesday last week we published a post that described how someone had released an update to the Display Widgets plugin which contained a backdoor that allowed them to publish content to any site using the plugin. We also described how they exploited that backdoor to publish spam....read more

WordPress Security Update 4.8.2 – Update Immediately

This entry was posted in WordPress Security on September 19, 2017 by Mark Maunder   9 Replies

WordPress Core version 4.8.2 has just been released. This is a minor update and a security release which means that your sites will update automatically within the next 24 hours unless you have disabled auto updates....read more

The Man Behind Plugin Spam: Mason Soiza

This entry was posted in General Security, WordPress Security on September 13, 2017 by Mark Maunder   161 Replies

This post is part of a series. This is the second post and a follow-up to our first story titled "Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites". There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period....read more

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites

This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder   71 Replies

Note: This post is the first part of a series. The series has a second detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam. Then there is a third in the series which explains how the same spammer influenced a total of 9 plugins over 4.5 years....read more

Just How Good Is Wordfence Customer Service?

This entry was posted in Wordfence on September 7, 2017 by Mark Maunder   13 Replies

When my co-founder, Kerry and I started scaling Wordfence as a business, our first hire was in customer service. We had both been taking shifts answering customer service tickets and forum posts along with doing engineering, QA, finance and everything else. We knew customer service was labor-intensive, but we also knew that the kind of business we wanted to create in Wordfence would need to have great customer service....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.