Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Author Archive: Kathy Zant

Wordfence Blog

Episode 111: PHP Git Repository Compromised

This entry was posted in Podcasts on April 02, 2021 by Kathy Zant   0 Replies

The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of …
Read More

Episode 109: This Attack Will Make You Want to Stop Using SMS 2FA

This entry was posted in Podcasts on March 19, 2021 by Kathy Zant   0 Replies

An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire …
Read More

Episode 105: The Hottest Trend in WordPress

This entry was posted in Podcasts on February 19, 2021 by Kathy Zant   2 Replies

An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated themes and plugins are prohibited on the repository. And a supply chain attack affects users …
Read More

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools

This entry was posted in Podcasts on February 05, 2021 by Kathy Zant   0 Replies

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system …
Read More

Episode 102: Disruption Presents Opportunity

This entry was posted in Podcasts on January 29, 2021 by Kathy Zant   0 Replies

After a disruptive year in 2020, there are new challenges in 2021, but also immense opportunities in numerous fields. In a deep and wide-ranging conversation, Mark Maunder and Kathy Zant discuss artificial intelligence, whether or not we’re living in simulation, cryptocurrencies and the opportunities of blockchain technology, open source communities and publishing, avoiding scams and …
Read More

Announcing Free Site Cleaning & Site Security Audits for K-12 Public Schools

This entry was posted in Wordfence on January 21, 2021 by Kathy Zant   6 Replies

Update February 2, 2021: We are now expanding this program worldwide to include all public/state-funded schools serving students in K-12 programs (or the like) around the world. Wordfence, the leading provider of WordPress security software and services, is announcing today that we are, effective immediately, offering free site cleaning and site security audit services to …
Read More

Episode 100: How to Lose 6 Figures the Easy Way

This entry was posted in Podcasts on January 15, 2021 by Kathy Zant   0 Replies

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing attack that almost cost a homebuyer a significant amount. We review the warning signs seen in this …
Read More

Episode 99: SolarWinds Supply Chain Attack Affects Government and Fortune 500 Businesses

This entry was posted in Podcasts on December 18, 2020 by Kathy Zant   0 Replies

Earlier this week, we learned that SolarWinds, the largest provider of network management tools for government and enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers installed malware that was digitally signed by a valid certificate as part of an update …
Read More

Episode 97: The Future of WordPress with PHP 8 and WordPress 5.6

This entry was posted in Podcasts on December 04, 2020 by Kathy Zant   0 Replies

With WordPress 5.6’s imminent release and the recent release of PHP 8, we talk about the rapid changes affecting the future of WordPress with new security features and new functionality available to both WordPress users and developers. We also review a recent vulnerability found by Google Project Zero researchers in iPhones. A social engineering attack …
Read More

Wordfence Site Cleaning Guarantee Extended to 1 Year

This entry was posted in Wordfence, WordPress Security on November 19, 2020 by Kathy Zant   0 Replies

Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an 1-year clean site guarantee. If your site is compromised again after our team has cleaned and secured your WordPress site, we’ll clean it again for free. Additionally, we’re expanding our Security Services Team coverage to 24/7 effective immediately. The Wordfence …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates