This entry was posted in Wordfence, WordPress Security on August 24, 2017 by Mark Maunder 10 Replies
Part of the threat intelligence work we do at Wordfence is to constantly analyze the performance of our own firewall rules to determine what is effective and to identify existing and emerging attack trends. Today I'd like to share with you some of the data that we are seeing. If you are curious which attacks our firewall most commonly blocks, and which firewall rules are most effective, you're going to enjoy this blog post....read more
This entry was posted in General Security on August 17, 2017 by Mark Maunder 27 Replies
This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads....read more
This entry was posted in Wordfence, WordPress Security on August 15, 2017 by Mark Maunder 47 Replies
Recently, the Wordfence team has seen ransomware being used in attacks targeting WordPress. We are currently tracking a ransomware variant we are calling "EV ransomware." The following post describes what this ransomware does and how to protect yourself from being hit by this attack....read more
We have seen a significant increase in the number of websites affected by malware we refer to as 'TrafficTrade'. This malware is a piece of javascript that an attacker drops into your website content once they have compromised it. Your visitors are then redirected to websites that install malicious browser plugins or serve up spam advertising....read more
This entry was posted in Wordfence, WordPress Security on August 3, 2017 by Mark Maunder 15 Replies
When choosing a firewall for your WordPress website to protect it against attacks, you have a handful of choices. Wordfence is one of the only effective "endpoint" firewalls available. The alternative is a "cloud" firewall from vendors like Sucuri (now owned by GoDaddy) and Cloudflare....read more
This entry was posted in WordPress Security on July 31, 2017 by Mark Maunder 50 Replies
Last week our team attended Black Hat and DefCon in Las Vegas, two of the biggest information security conferences on earth. DefCon alone attracts approximately 20,000 information security professionals, researchers, government employees and fans. To say it is very busy is an understatement....read more
This entry was posted in WordPress Security on July 25, 2017 by Mark Maunder 48 Replies
Hacking Made Easy
Several years ago, web publishing company Interconnect/IT released a handy tool for finding and replacing text in a website's database. This tool, a stand-alone file published as searchreplacedb2.php, includes built-in WordPress compatibility that makes working with WordPress databases a breeze....read more
This entry was posted in WordPress Security on July 24, 2017 by Mark Maunder 0 Replies
Today our team is launching a very exciting program at Gravityscan: a free trust badge program for your website that comes with daily security monitoring. You can find the full announcement on the Gravityscan blog....read more
This entry was posted in Wordfence on July 19, 2017 by Mark Maunder 0 Replies
Wordfence is highly effective at securing your website in part because it is tightly integrated with the WordPress API. We know your visitor identity information, so we can make smart decisions about who gets access and who gets blocked. It's very different from the way generic firewalls work....read more
This entry was posted in WordPress Security on July 11, 2017 by Mark Maunder 52 Replies
At Wordfence, we track millions of attacks from a wide variety of sources every day. From this data we create a list of the worst-of-the-worst attackers and add those to our IP blacklist to protect our Premium customers. We also carefully monitor the activity that those known bad IP addresses engage in....read more
