Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Kathy Zant

Wordfence Blog

Episode 100: How to Lose 6 Figures the Easy Way

This entry was posted in Podcasts on January 15, 2021 by Kathy Zant   0 Replies

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that almost cost a homebuyer a significant amount. We review the warning signs seen in this …
Read More

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

This entry was posted in Podcasts on December 18, 2020 by Kathy Zant   0 Replies

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update …
Read More

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6

This entry was posted in Podcasts on December 04, 2020 by Kathy Zant   0 Replies

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers. We also review a recent vulnerability found by Google Project Zero researchers in iPhones. A social engineering attack …
Read More

Wordfence Site Cleaning Guarantee Extended to 1 Year

This entry was posted in Wordfence, WordPress Security on November 19, 2020 by Kathy Zant   0 Replies

Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an 1-year clean site guarantee. If your site is compromised again after our team has cleaned and secured your WordPress site, we’ll clean it again for free. Additionally, we’re expanding our Security Services Team coverage to 24/7 effective immediately. The Wordfence …
Read More

Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites

This entry was posted in Podcasts on November 13, 2020 by Kathy Zant   0 Replies

Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this means for WordPress sites using page builders or Gutenberg. Microsoft warns against using telephone/SMS-based multi-factor …
Read More

Episode 93: Nitro Documents on the Dark Web and Botnets Targeting Older Vulnerabilities

This entry was posted in Podcasts on October 31, 2020 by Kathy Zant   1 Reply

We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of the Trump Campaign website, and how 2-Factor Authentication could have prevented this. We also look …
Read More

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

This entry was posted in Podcasts on October 17, 2020 by Kathy Zant   0 Replies

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. With WordPress …
Read More

Episode 79: High Profile Twitter Accounts Compromised in Coordinated Attack

This entry was posted in Podcasts on July 17, 2020 by Kathy Zant   0 Replies

A number of high profile Twitter accounts including those of Elon Musk, Apple, Uber, Bill Gates, Joe Biden and others were compromised as a part of a coordinated bitcoin scam attack. The attack lasted a few hours and netted the attackers about $100,000 worth of bitcoin. We talk about how this attack could have possibly …
Read More

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record

This entry was posted in Podcasts on June 22, 2020 by Kathy Zant   0 Replies

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and …
Read More

Defiant Participating in Privacy Shield Framework

This entry was posted in Wordfence on June 22, 2020 by Kathy Zant   0 Replies

Defiant, dba Wordfence, is now listed on the Privacy Shield certification list participating in both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. The purpose of these frameworks is to allow for the lawful transfer of personal data from the European Union and Switzerland to the United States. Two years ago when the General Data Protection …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates