Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Mark Maunder

Wordfence Launches Short-Circuit Scan Signatures – Up to 6X Performance Increase

This entry was posted in Wordfence on August 30, 2017 by Mark Maunder   11 Replies

In October 2016, the Wordfence team started chatting about a way to radically boost the speed of scans once we grow beyond a certain number of scan signatures. As a reminder, a scan signature is a pattern that recognizes a certain kind of malware....read more

The Benefits of Wordfence Premium

This entry was posted in Wordfence, WordPress Security on August 29, 2017 by Mark Maunder   11 Replies

On April 21 this year, Wordfence celebrated our fifth year making the world's best firewall and malware scan for WordPress. The date came and went as we continued to focus on innovating and securing our customers. Today Wordfence has been downloaded over 45 million times and maintains a 4.8 star rating out of 5 stars, from over 3000 reviews on the official WordPress plugin repository....read more

Dreamhost is Under DDoS Attack

This entry was posted in General Security, WordPress Security on August 24, 2017 by Mark Maunder   32 Replies

Dreamhost is currently experiencing a DDoS attack. I am updating this post in real-time as the situation unfolds. Last update was at 10:46am PST. ~Mark Maunder...read more

Which Wordfence Firewall Rules Are Most Effective?

This entry was posted in Wordfence, WordPress Security on August 24, 2017 by Mark Maunder   10 Replies

Part of the threat intelligence work we do at Wordfence is to constantly analyze the performance of our own firewall rules to determine what is effective and to identify existing and emerging attack trends. Today I'd like to share with you some of the data that we are seeing. If you are curious which attacks our firewall most commonly blocks, and which firewall rules are most effective, you're going to enjoy this blog post....read more

PSA: 4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

This entry was posted in General Security on August 17, 2017 by Mark Maunder   27 Replies

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads....read more

Ransomware Targeting WordPress – An Emerging Threat

This entry was posted in Wordfence, WordPress Security on August 15, 2017 by Mark Maunder   47 Replies

Recently, the Wordfence team has seen ransomware being used in attacks targeting WordPress. We are currently tracking a ransomware variant we are calling "EV ransomware." The following post describes what this ransomware does and how to protect yourself from being hit by this attack....read more

TrafficTrade Infection Spreading – How to Protect Yourself and Detect TrafficTrade

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on August 8, 2017 by Mark Maunder   37 Replies

We have seen a significant increase in the number of websites affected by malware we refer to as 'TrafficTrade'. This malware is a piece of javascript that an attacker drops into your website content once they have compromised it. Your visitors are then redirected to websites that install malicious browser plugins or serve up spam advertising....read more

Why Choose An Endpoint Firewall Like Wordfence

This entry was posted in Wordfence, WordPress Security on August 3, 2017 by Mark Maunder   15 Replies

When choosing a firewall for your WordPress website to protect it against attacks, you have a handful of choices. Wordfence is one of the only effective "endpoint" firewalls available. The alternative is a "cloud" firewall from vendors like Sucuri (now owned by GoDaddy) and Cloudflare....read more

Hackers Find Fresh WordPress Sites Within 30 Minutes

This entry was posted in WordPress Security on July 31, 2017 by Mark Maunder   50 Replies

Last week our team attended Black Hat and DefCon in Las Vegas, two of the biggest information security conferences on earth. DefCon alone attracts approximately 20,000 information security professionals, researchers, government employees and fans. To say it is very busy is an understatement....read more

If You Use This Script, You’ve Probably Already Been Hacked

This entry was posted in WordPress Security on July 25, 2017 by Mark Maunder   48 Replies

Hacking Made Easy Several years ago, web publishing company Interconnect/IT released a handy tool for finding and replacing text in a website's database. This tool, a stand-alone file published as searchreplacedb2.php, includes built-in WordPress compatibility that makes working with WordPress databases a breeze....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.