Category Archive: General Security
This entry was posted in General Security, PSA on October 15, 2021 by Mark Maunder 17 Replies
A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But I’m a cybersecurity professional, I run a …
Read More
This entry was posted in General Security, WordPress Security on July 28, 2021 by Chloe Chamberland 0 Replies
Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed. Wordfence has been finding and disclosing vulnerabilities in WordPress core, WordPress plugins, and WordPress themes since 2011. Our research has exposed vulnerabilities in the core infrastructure that powers WordPress, organized crime exploiting plugins for profit, and …
Read More
This entry was posted in General Security, WordPress Security on July 21, 2021 by Ram Gall 12 Replies
In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem. Many site owners are unaware of the risks associated with using nulled plugins, and in many cases, they may not even be aware that …
Read More
This entry was posted in General Security, Vulnerabilities, WordPress Security on July 13, 2021 by Chloe Chamberland 4 Replies
WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins available outside of the repository, along with …
Read More
This entry was posted in General Security, WordPress Security on June 10, 2021 by Chloe Chamberland 5 Replies
Today, we are excited to announce that Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. WordPress powers over 40% of the World Wide Web in …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on April 07, 2021 by Chloe Chamberland 2 Replies
A few months ago on Wordfence Live, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. From these common hacks, we have many cautionary tales of site security that could have been prevented by …
Read More
This entry was posted in General Security, Research, WordPress Security on March 29, 2021 by Chloe Chamberland 16 Replies
Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. Remote …
Read More
This entry was posted in General Security, Research, Wordfence, WordPress Security on January 27, 2021 by Ram Gall 4 Replies
Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team. Attacks on WordPress can be categorized in three …
Read More
This entry was posted in General Security, Research, WordPress Security on December 24, 2020 by Chloe Chamberland 18 Replies
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on …
Read More
This entry was posted in General Security, WordPress Security on December 23, 2020 by Ram Gall 2 Replies
The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On December 13th the US Treasury Department announced that it had also been compromised. At …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 200 million downloads