Wordfence Research and News

Blog icon

Service Vulnerability: Four Popular Hosting Companies Fix NFS Permissions and Information Disclosure Problems

Last year, we published two disclosures of service vulnerabilities on hosting platforms. The first one included a trio of brands: Hostway, Momentous, and Paragon Group. The second was for MelbourneIT. In all cases, we were happy to report that the affected companies took our disclosures seriously and moved quickly to fix the problems. Today we’re …
Read More

Hijacked WordPress.com Accounts Being Used To Infect Sites

Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement: There has been some misinformation making the rounds, so to clarify, there has been no security breach for user accounts at WordPress.com. But if someone else has your WordPress.com account credentials, they could log in and modify …
Read More

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers’ site visitors. During the past month we noticed the same kind …
Read More

New Feature Protects Against Password Leak Attacks

To better protect our users’ websites, we work with a lot of data from sources like our Security Services Team and the Wordfence network. We try to understand not just what attackers are doing, but also how and why. Our research into a recent campaign revealed an interesting method of attack, and contributed to the …
Read More

Service Vulnerabilities: 3 Hosting Companies Fix NFS Permissions Problem

In mid-December we updated our Vulnerability Disclosure Policy to include Service Vulnerabilities. A service vulnerability is any issue with a technology service that represents an exploitable security risk for its users. We made this update in response to a growing trend of security issues we’ve been discovering in commercial services, most often WordPress hosting providers. …
Read More

Massive Cryptomining Campaign Targeting WordPress Sites

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able to isolate the IP addresses from the botnet and then …
Read More

Cryptocurrency Miners Exploiting WordPress Sites

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected. In this post, you’ll learn what cryptocurrency mining …
Read More

Zero Day Vulnerability Fixed in Ultimate Form Builder Lite

Last month, we identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. We deployed new and improved firewall rules to block that kind of exploit. While analyzing our attack data, we recently discovered that hackers were actively exploiting a similar vulnerability in the Contact Form for WordPress – Ultimate Form Builder …
Read More

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of …
Read More