Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

Is WordPress Secure?

This entry was posted in General Security, WordPress Security on April 3, 2018 by Mark Maunder   31 Replies

I recently got a call from a friend I haven't seen for a while asking me if I'd like to grab a coffee. He had a few questions about whether WordPress is secure. I'm always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. Plus Chris is an all-round awesome guy who works for a well-known social media startup, so I wanted an update!...read more

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected - about 9% of Drupal sites. They also reported that, to their knowledge, it was not being actively exploited....read more

PSA: Replace Your SSL/TLS Certs by Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL

This entry was posted in General Security, WordPress Security on March 12, 2018 by Mark Maunder   28 Replies

This is a public service announcement and a reminder to site owners. Google's Chrome browser has already started the process of ending support for Symantec SSL/TLS certificates. This includes companies owned by Symantec including Thawte, Verisign, Equifax, GeoTrust and RapidSSL....read more

New Guides From Wordfence To Help Clean a Hacked Website

This entry was posted in General Security, WordPress Security on March 8, 2018 by Mark Maunder   7 Replies

At Wordfence, one of our goals is to empower you as much as possible to be self-sufficient, at no additional cost. To do that, we provide Wordfence as a free security plugin. Over the years we have also developed a comprehensive WordPress Security Learning Center that provides readers with a complete understanding of WordPress Security and how to run a secure website. We have also published a number of articles explaining how to recover from a hack, should that worst-case scenario ever arise....read more

Cryptomining Supply Chain Attack Hits Government Websites

This entry was posted in General Security, WordPress Security on February 11, 2018 by Mark Maunder   17 Replies

In the past 24 hours, Security researcher Scott Helme discovered that a third party accessibility plugin called 'Browsealoud' had their servers compromised. The plugin relies on a website including Javascript in their content in order to work. This compromise resulted in over 4,000 websites serving up cryptomining malware....read more

Your Site Reputation Makes You a Target

This entry was posted in General Security, WordPress Security on November 10, 2017 by Mark Maunder   12 Replies

I've mentioned Troy Hunt a few times on this blog. He's one of the good guys in our industry and runs a website called haveibeenpwned.com. If you want to scare your friends and family at a get together, send them to haveibeenpwned.com and get them to type in their email address. You'll discover that we've all been hacked at some point in the past decade and your data is already out there. The site will tell you which breaches you have been affected by....read more

New Attacker Scanning for SSH Private Keys on Websites

This entry was posted in General Security, WordPress Security on October 18, 2017 by Mark Maunder   21 Replies

Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem....read more

PSA: Severe Vulnerability in All Wi-Fi Devices

This entry was posted in General Security on October 16, 2017 by Mark Maunder   81 Replies

This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact....read more

Gravityscan Lowers Price and Adds Free Trial

This entry was posted in General Security on October 5, 2017 by Mark Maunder   6 Replies

We have an exciting announcement today regarding the Gravityscan project. As you know the Wordfence team launched Gravityscan on May 16th of this year. Gravityscan is designed to provide malware and vulnerability scanning for any website....read more

The Man Behind Plugin Spam: Mason Soiza

This entry was posted in General Security, WordPress Security on September 13, 2017 by Mark Maunder   161 Replies

This post is part of a series. This is the second post and a follow-up to our first story titled "Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites". There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.