Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Mark Maunder

Wordfence In Depth: How Malware Becomes Scan Signatures

This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder   6 Replies

One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the 'Threat Defense Feed'. This is a combination of people, software, business processes and data. It's an incredibly effective way to keep hackers out and provide our customers with early detection....read more

WordPress Used as Command and Control Server in 2016 Election Hack

This entry was posted in Research, WordPress Security on February 13, 2017 by Mark Maunder   20 Replies

On Friday evening the Department of Homeland Security released a report [PDF link] containing updated and broader analysis of Russian civilian and military intelligence organization's attempts to interfere with the 2016 US election....read more

Rapid Growth in Defacements, Who was Hit, Who is Attacking

This entry was posted in General Security, Vulnerabilities, Wordfence, WordPress Security on February 10, 2017 by Mark Maunder   22 Replies

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2. If you have not updated to 4.7.2 already on all sites you operate, do so immediately. If you are using Wordfence Premium, you are already protected....read more

A Feeding Frenzy to Deface WordPress Sites

This entry was posted in General Security, Research, Vulnerabilities, WordPress Security on February 9, 2017 by Mark Maunder   47 Replies

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more

Staying Safe: The Wordfence Cyber Security Survival Guide

This entry was posted in General Security, Learning on February 7, 2017 by Mark Maunder   8 Replies

Occasionally at Wordfence we publish posts that are public service announcements that help the broader online community including your team, friends and relatives. Today I'm publishing a guide that will help improve your overall personal cyber security. This guide focuses on the basics: How to reduce the truly important life altering risks that we face from the cyber realm....read more

The January 2017 WordPress Attack Activity Report

This entry was posted in General Security, Monthly Attack Activity Report, Wordfence, WordPress Security on February 3, 2017 by Mark Maunder   23 Replies

Last month we introduced a monthly attack activity report. This report gives you an indication of attack trends during the past month and how they have changed. Today we are releasing the January WordPress attack activity report which covers the period from January 1st until January 31st....read more

Reminder to Update to WordPress 4.7.2 and Check Your Site

This entry was posted in WordPress Security on February 2, 2017 by Mark Maunder   0 Replies

During the past few weeks we have seen two WordPress core security updates. WordPress 4.7.1 was released on January 11th which was a security update. Then WordPress 4.7.2 was released a few days ago on January 26th....read more

XMLRPC or WP-Login: Which do Brute Force Attackers Prefer

This entry was posted in Research, Wordfence, WordPress Security on January 31, 2017 by Mark Maunder   54 Replies

At Wordfence we constantly analyze attack patterns to improve the protection our firewall and malware scan provides. We recently took a closer look at brute force attack targets, specifically XMLRPC and wp-login, to gain a deeper understanding of how attackers behave....read more

Announcing Wordfence 6.3.0 – Exciting Improvements

This entry was posted in Wordfence, WordPress Security on January 26, 2017 by Mark Maunder   51 Replies

This morning I'm very excited to announce the release of Wordfence 6.3.0. This is one of our bigger releases and it includes a few exciting changes to the user interface and the way Wordfence helps you secure your site....read more

Do You Need a WordPress Security Plugin?

This entry was posted in General Security, Wordfence, WordPress Security on January 25, 2017 by Mark Maunder   13 Replies

At Wordfence we are a big team these days with millions of customers, and we think about security all day long. Sometimes we can get deep down the proverbial rabbit hole and forget about the basics....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.