Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Author Archive: Brad Haas

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

This entry was posted in Research, Vulnerabilities on March 30, 2018 by Brad Haas   0 Replies

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers' site visitors....read more

New Feature Protects Against Password Leak Attacks

This entry was posted in Wordfence, WordPress Security on March 1, 2018 by Brad Haas   9 Replies

To better protect our users' websites, we work with a lot of data from sources like our Security Services Team and the Wordfence network. We try to understand not just what attackers are doing, but also how and why. Our research into a recent campaign revealed an interesting method of attack, and contributed to the development of a new feature....read more

Service Vulnerabilities: 3 Hosting Companies Fix NFS Permissions Problem

This entry was posted in Vulnerabilities, WordPress Security on February 8, 2018 by Brad Haas   37 Replies

In mid-December we updated our Vulnerability Disclosure Policy to include Service Vulnerabilities. A service vulnerability is any issue with a technology service that represents an exploitable security risk for its users. We made this update in response to a growing trend of security issues we've been discovering in commercial services, most often WordPress hosting providers....read more

Massive Cryptomining Campaign Targeting WordPress Sites

This entry was posted in Research, WordPress Security on December 19, 2017 by Brad Haas   31 Replies

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks....read more

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected....read more

Zero Day Vulnerability Fixed in Ultimate Form Builder Lite

This entry was posted in Vulnerabilities, WordPress Security on October 23, 2017 by Brad Haas   2 Replies

Last month, we identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. We deployed new and improved firewall rules to block that kind of exploit....read more

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

This entry was posted in Vulnerabilities, WordPress Security on October 2, 2017 by Brad Haas   6 Replies

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site. Often this involves quite a bit of investigative work, and recently it led us to find 0-day exploits in three separate plugins. The exploits were elusive: a malicious file seemed to appear out of nowhere, and even sites with access logs only showed a POST request to /wp-admin/admin-ajax.php at the time the file was created. But we captured the attacks in our threat data, and our lead developer Matt Barry was able to reconstruct the exploits. We quickly pushed new WAF rules to block these exploits. Premium customers received the new rules and were protected immediately. We also notified the plugin authors; all three have published updates to fix the vulnerabilities....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.