Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Brad Haas

Wordfence Blog

Hijacked WordPress.com Accounts Being Used To Infect Sites

This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas   25 Replies

Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement: There has been some misinformation making the rounds, so to clarify, there has been no security breach for user accounts at WordPress.com. But if someone else has your WordPress.com account credentials, they could log in and modify …
Read More

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

This entry was posted in Research, Vulnerabilities on March 30, 2018 by Brad Haas   0 Replies

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers’ site visitors. During the past month we noticed the same kind …
Read More

New Feature Protects Against Password Leak Attacks

This entry was posted in Wordfence, WordPress Security on March 01, 2018 by Brad Haas   9 Replies

To better protect our users’ websites, we work with a lot of data from sources like our Security Services Team and the Wordfence network. We try to understand not just what attackers are doing, but also how and why. Our research into a recent campaign revealed an interesting method of attack, and contributed to the …
Read More

Service Vulnerabilities: 3 Hosting Companies Fix NFS Permissions Problem

This entry was posted in Vulnerabilities, WordPress Security on February 08, 2018 by Brad Haas   37 Replies

In mid-December we updated our Vulnerability Disclosure Policy to include Service Vulnerabilities. A service vulnerability is any issue with a technology service that represents an exploitable security risk for its users. We made this update in response to a growing trend of security issues we’ve been discovering in commercial services, most often WordPress hosting providers. …
Read More

Massive Cryptomining Campaign Targeting WordPress Sites

This entry was posted in Research, WordPress Security on December 19, 2017 by Brad Haas   31 Replies

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able to isolate the IP addresses from the botnet and then …
Read More

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected. In this post, you’ll learn what cryptocurrency mining …
Read More

Zero Day Vulnerability Fixed in Ultimate Form Builder Lite

This entry was posted in Vulnerabilities, WordPress Security on October 23, 2017 by Brad Haas   2 Replies

Last month, we identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. We deployed new and improved firewall rules to block that kind of exploit. While analyzing our attack data, we recently discovered that hackers were actively exploiting a similar vulnerability in the Contact Form for WordPress – Ultimate Form Builder …
Read More

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on October 02, 2017 by Brad Haas   6 Replies

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates