Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Mark Maunder

5 Security Questions For Your Hosting Company

This entry was posted in General Security, WordPress Security on March 21, 2017 by Mark Maunder   57 Replies

In the past month, our forensic analysts ran into two situations where we saw a significant number of site cleaning customers, all from the same hosting companies, all with the same malware. In both cases the sites were infected due to a hosting company security issue....read more

Support End-to-End Encryption on the Web

This entry was posted in WordPress Security on March 17, 2017 by Mark Maunder   44 Replies

The Wordfence Team would like to encourage website owners and Internet users to support end-to-end encryption on the Web. Today we are announcing that our official position is the following:...read more

1.4 Million Attacks in 24 Hours: 32% Blocked by the New Blacklist

This entry was posted in Research, Wordfence, WordPress Security on March 16, 2017 by Mark Maunder   23 Replies

Last Friday we quietly launched a new Premium feature in Wordfence: A real-time IP blacklist that completely blocks known malicious IPs from accessing your website. On Monday we did a second release with a few improvements. Then we announced the blacklist on Tuesday this week....read more

Wordfence Launches Real-Time IP Blacklist for Premium Customers

This entry was posted in WordPress Security on March 14, 2017 by Mark Maunder   28 Replies

Today we are very excited to announce that we have launched a real-time IP blacklist for Wordfence Premium customers. This is something we have wanted to do for a long time because the benefits to our site owners are enormous....read more

WordPress 4.7.3 Security Release – Upgrade ASAP

This entry was posted in Vulnerabilities, WordPress Security on March 6, 2017 by Mark Maunder   5 Replies

WordPress 4.7.3 has just been released. It is the third in a series of recent security releases for WordPress core....read more

Clef Two Factor Authentication is Shutting Down

This entry was posted in WordPress Security on March 6, 2017 by Mark Maunder   13 Replies

This morning, two-factor authentication plugin Clef, also known as GetClef, announced that they are shutting down. They currently have more than 1 million active WordPress websites using their two-factor authentication plugin....read more

The February 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on March 2, 2017 by Mark Maunder   22 Replies

Today we are releasing the WordPress attack report for February 2017. You can also find our January 2017 and December 2016 attack reports on the blog....read more

In-Depth Analysis of a Criminal Organization Targeting WordPress Websites

This entry was posted in Research, WordPress Security on March 1, 2017 by Mark Maunder   72 Replies

Today we are posting an in-depth analysis of a prolific brute force attacker. We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. We describe the threat actor's tactics, techniques and procedures. Finally, we follow a financial trail to uncover individuals who are behind the campaign and prove that they are connected to each other and are likely part of a criminal organization. We have code-named this organization JerseyShore....read more

Cloudflare Data Leak: How to Secure Your Site

This entry was posted in General Security, WordPress Security on February 23, 2017 by Mark Maunder   43 Replies

Cloudflare has experienced a data leak over a 5 month period that mixed sensitive data between websites and visitors. A visitor to one website using Cloudflare may have seen data from another website using Cloudflare that was being sent to a completely different site visitor....read more

Remote Working: No Bad Hair Days at Wordfence

This entry was posted in Miscellaneous, Wordfence on February 23, 2017 by Mark Maunder   6 Replies

The core team at Wordfence is now 13 full-time employees, and with contractors we are a team of 29. We are still at that really fun size where you can have a full team meeting and everyone has a chance to have their say. Every day feels like a hacker conference where everyone knows everyone else, and we are here to help our customers be more secure....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.