This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas 25 Replies
Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement: There has been some misinformation making the rounds, so to clarify, there has been no security breach for user accounts at WordPress.com. But if someone else has your WordPress.com account credentials, they could log in and modify …
Read More
This entry was posted in Research, Vulnerabilities on March 30, 2018 by Brad Haas 0 Replies
In February, we wrote about a vulnerability on three shared hosting services. Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers’ site visitors. During the past month we noticed the same kind …
Read More
This entry was posted in Wordfence, WordPress Security on March 01, 2018 by Brad Haas 9 Replies
To better protect our users’ websites, we work with a lot of data from sources like our Security Services Team and the Wordfence network. We try to understand not just what attackers are doing, but also how and why. Our research into a recent campaign revealed an interesting method of attack, and contributed to the …
Read More
This entry was posted in Vulnerabilities, WordPress Security on February 08, 2018 by Brad Haas 37 Replies
In mid-December we updated our Vulnerability Disclosure Policy to include Service Vulnerabilities. A service vulnerability is any issue with a technology service that represents an exploitable security risk for its users. We made this update in response to a growing trend of security issues we’ve been discovering in commercial services, most often WordPress hosting providers. …
Read More
This entry was posted in Research, WordPress Security on December 19, 2017 by Brad Haas 31 Replies
On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able to isolate the IP addresses from the botnet and then …
Read More
This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas 11 Replies
During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected. In this post, you’ll learn what cryptocurrency mining …
Read More
This entry was posted in Vulnerabilities, WordPress Security on October 23, 2017 by Brad Haas 2 Replies
Last month, we identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. We deployed new and improved firewall rules to block that kind of exploit. While analyzing our attack data, we recently discovered that hackers were actively exploiting a similar vulnerability in the Contact Form for WordPress – Ultimate Form Builder …
Read More
This entry was posted in Vulnerabilities, WordPress Security on October 02, 2017 by Brad Haas 6 Replies
As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of …
Read More
