Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: General Security

Wordfence Blog

Malware Detection: Measuring Recall to Catch Them All

This entry was posted in General Security, Wordfence, WordPress Security on June 24, 2020 by Ram Gall   2 Replies

At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted to share some of the metrics we use and what they …
Read More

Large Scale Attack Campaign Targets Database Credentials

This entry was posted in General Security, Research, WordPress Security on June 03, 2020 by Ram Gall   24 Replies

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of …
Read More

Nearly a Million WP Sites Targeted in Large-Scale Attacks

This entry was posted in General Security, WordPress Security on May 05, 2020 by Ram Gall   23 Replies

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat …
Read More

Safety and Security While Video Conferencing with Zoom

This entry was posted in General Security on April 02, 2020 by Kathy Zant   26 Replies

With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected. Zoom has come under fire in recent days due to security issues with …
Read More

Happening Now: Over 2 Percent of Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings

This entry was posted in General Security, WordPress Security on March 03, 2020 by Kathy Zant   5 Replies

On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt. Let’s Encrypt has contacted all certificate holders affected by this bug, and they’ve created …
Read More

How We Think About WordPress Security and Research

This entry was posted in General Security, Wordfence, WordPress Security on December 10, 2018 by Mark Maunder   3 Replies

This weekend I had a really fun conversation with Doc Pop from Torque Magazine. Torque is a great news source for WordPress news. They are part of WP Engine, but maintain editorial independence. I chatted with Doc in Nashville, in the Music City Center where WordCamp US was being held. Music City Center is an …
Read More

Using PHP 5 Becomes Dangerous in 2 Months

This entry was posted in General Security, WordPress Security on October 30, 2018 by Mark Maunder   0 Replies

WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, …
Read More

Three WordPress Security Mistakes You Didn’t Realize You Made

This entry was posted in General Security, WordPress Security on October 02, 2018 by Mikey Veenstra   20 Replies

Considering the amount of malicious activity that takes place on the internet, it’s no surprise that successful attacks on WordPress sites are launched across a wide variety of vectors. Whether outdated plugin code is to blame, or password reuse, or any number of other security flaws, no site owner sets out to introduce a vulnerability …
Read More

Yes, You Should Probably Have A TLS Certificate

This entry was posted in General Security, WordPress Security on September 18, 2018 by Mikey Veenstra   13 Replies

Last week’s article covering the decision to distrust Symantec-issued TLS certificates generated a great response from our readers. One common question we received, and one that pops up just about any time SSL/TLS comes up, is how to determine when a site does and does not need such a certificate. Spoiler: Your site should probably …
Read More

Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In October

This entry was posted in General Security on September 13, 2018 by James   7 Replies

This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates