Author Archive: Mark Maunder
This entry was posted in Miscellaneous on May 03, 2018 by Mark Maunder 12 Replies
The Wordfence team recently sponsored and attended WordCamp Atlanta. Instead of doing the usual boring corporate thing with our booth, we decided to host a capture the flag, or CTF contest. A CTF is essentially a hacking contest. It is a series of puzzles that the contestant needs to solve. They might include decrypting an …
Read More
This entry was posted in WordPress Security on May 02, 2018 by Mark Maunder 11 Replies
We’ve received quite a few questions about this in the past 24 hours, either via forums, email or twitter. Roughly 14 hours ago we started seeing reports that WordPress site owners running Jetpack were receiving emails that stated the following: You recently requested to have the administration email address on your site changed. If this …
Read More
This entry was posted in General Security, WordPress Security on April 03, 2018 by Mark Maunder 31 Replies
I recently got a call from a friend I haven’t seen for a while asking me if I’d like to grab a coffee. He had a few questions about whether WordPress is secure. I’m always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. …
Read More
This entry was posted in Learning, Wordfence, WordPress Security on March 27, 2018 by Mark Maunder 11 Replies
In the past few days the City of Atlanta has been hit with a ransomware attack. Several major computer systems that provide city services have been encrypted by an attacker. The attacker is demanding $51,000 worth of bitcoin to decrypt the systems, and the city has not yet ruled out paying the ransom. The attack …
Read More
This entry was posted in General Security, WordPress Security on March 12, 2018 by Mark Maunder 28 Replies
This is a public service announcement and a reminder to site owners. Google’s Chrome browser has already started the process of ending support for Symantec SSL/TLS certificates. This includes companies owned by Symantec including Thawte, Verisign, Equifax, GeoTrust and RapidSSL. Chrome 66 is ending support for Symantec certificates issued before June 1, 2016 on the …
Read More
This entry was posted in General Security, WordPress Security on March 08, 2018 by Mark Maunder 7 Replies
At Wordfence, one of our goals is to empower you as much as possible to be self-sufficient, at no additional cost. To do that, we provide Wordfence as a free security plugin. Over the years we have also developed a comprehensive WordPress Security Learning Center that provides readers with a complete understanding of WordPress Security …
Read More
This entry was posted in General Security, WordPress Security on February 11, 2018 by Mark Maunder 17 Replies
In the past 24 hours, Security researcher Scott Helme discovered that a third party accessibility plugin called ‘Browsealoud’ had their servers compromised. The plugin relies on a website including Javascript in their content in order to work. This compromise resulted in over 4,000 websites serving up cryptomining malware. The malware uses site visitor CPUs to …
Read More
This entry was posted in WordPress Security on February 08, 2018 by Mark Maunder 49 Replies
[Update at 10:50am PST: Based on the comments we’ve received below, it sounds like this problem only affects certain sites. We have received several reports of successful updates, although some of these may be the hosting provider updating WordPress installs manually. Overall this looks like good news for the WordPress team who reported this as …
Read More
This entry was posted in WordPress Security on December 18, 2017 by Mark Maunder 50 Replies
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign …
Read More
This entry was posted in Wordfence on November 21, 2017 by Mark Maunder 12 Replies
Today we are announcing that our company name is changing to Defiant Inc. Over the past 5 years we have grown significantly and have expanded beyond WordPress. As a security organization, we now have a stable of products and services to offer our customers. To reflect this change, we are changing the name of the …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 100 million downloads