Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Mark Maunder

20 Minutes to a Secure WordPress Website

This entry was posted in Wordfence, WordPress Security on April 25, 2017 by Mark Maunder   15 Replies

Securing WordPress has become easy thanks to the amazing work the WordPress team continuously do to fix vulnerabilities and improve the security of the platform. With the addition of Wordfence, it is possible to run a secure WordPress site and sleep well at night knowing your investment is safe....read more

51 Tools for Security Analysts

This entry was posted in General Security, Research, WordPress Security on April 20, 2017 by Mark Maunder   17 Replies

Yesterday at Wordfence we had an "all welcome" technology sharing meeting with the entire company - or at least everyone that was available at the time. The meeting became so popular with our team that we had to upgrade the license we use for our real-time collaboration service to accommodate everyone. It is the largest team meeting we have had to date....read more

Wordfence Site Cleaning Customer Reviews

This entry was posted in Wordfence, WordPress Security on April 18, 2017 by Mark Maunder   0 Replies

In June last year we officially launched the Wordfence site cleaning service. Our senior analysts Brad and Colette had worked hard to put the processes in place we needed to provide an excellent site cleaning service to our customers that was fast, effective and safe. Since then the site cleaning team and the level of service has evolved tremendously. Today I want to share some of that progress with you....read more

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

This entry was posted in General Security on April 14, 2017 by Mark Maunder   146 Replies

Update on April 19th at noon Pacific time: Chrome has just released version 58.0.3029.81. We have confirmed that this resolves the issue and that our 'epic.com' test domain no longer shows as 'epic.com' and displays the raw punycode instead, which is 'www.xn--e1awd7f.com', making it clear that the domain is not 'epic.com'. We encourage all Chrome users to immediately update to the above version of Chrome to resolve the issue. The original post follows:...read more

IP Blacklist Update: The Launch and Evolution of The Wordfence IP Blacklist

This entry was posted in Wordfence, WordPress Security on April 13, 2017 by Mark Maunder   9 Replies

One of our passion projects at Wordfence has been to find a way to create and run an IP blacklist. We have known for a long time which IPs are attacking the sites we protect and that if we can block those IPs outright, it would be a powerful way to improve the security we provide to our customers....read more

Check if Your Home Router is Vulnerable

This entry was posted in General Security on April 11, 2017 by Mark Maunder   101 Replies

At Wordfence, we make a firewall and malware scanner that protects over 2 million WordPress websites. We also monitor attacks on those sites to determine which IPs are attacking them and we block those IPs in real-time through a blacklist....read more

Thousands of Hacked Home Routers are Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on April 11, 2017 by Mark Maunder   64 Replies

Update: By popular request, we have created a tool that lets you check if your own home router is vulnerable to the problems discussed in this post. Visit this page to check if your home router has port 7547 open or if it's running a vulnerable version of RomPager....read more

The March 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on April 6, 2017 by Mark Maunder   30 Replies

Today we are releasing the WordPress Attack Report for March, 2017. You can also find the following previous attack reports on our blog: December 2016, January 2017 and February 2017....read more

‘Secure’ in Chrome Browser Does Not Mean ‘Safe’

This entry was posted in General Security on March 28, 2017 by Mark Maunder   60 Replies

Google's Chrome web browser is used by over 50% of users on the web. When you visit a website that is using SSL, otherwise known as HTTPS or TLS, you see a green message in your browser location bar that says "Secure"....read more

5 Security Questions For Your Hosting Company

This entry was posted in General Security, WordPress Security on March 21, 2017 by Mark Maunder   71 Replies

In the past month, our forensic analysts ran into two situations where we saw a significant number of site cleaning customers, all from the same hosting companies, all with the same malware. In both cases the sites were infected due to a hosting company security issue....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.