Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

This entry was posted in General Security, WordPress Security on January 17, 2017 by Mark Maunder   64 Replies   

On approximately January 31st of this month, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it....read more

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

This entry was posted in General Security, Miscellaneous on January 12, 2017 by Mark Maunder   151 Replies   

Update at 11:30pm on Tuesday January 17th: I have received an official statement from Google regarding this issue. You can find the full update at the end of this post....read more

The December 2016 WordPress Attack Activity Report

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 5, 2017 by Mark Maunder   50 Replies   

This week we are introducing something new. At the beginning of each month we will be doing a monthly WordPress security report. We will look at the attack data for the previous month from the 1st to the end of the month and provide a report and analysis on the attack activity we have seen on WordPress websites....read more

Election Hack Report FAQ: What You Need to Know

This entry was posted in General Security, Miscellaneous, Research, Wordfence, WordPress Security on January 2, 2017 by Mark Maunder   13 Replies   

On Friday we published an analysis of the FBI and DHS Grizzly Steppe report. The report was widely seen as proof that Russian intelligence operatives hacked the US 2016 election. We showed that the PHP malware in the report is old, freely available from a Ukrainian hacker group and is an administrative tool for hackers....read more

US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

This entry was posted in General Security, Miscellaneous, Research, WordPress Security on December 30, 2016 by Mark Maunder   137 Replies   

Update at 1am Pacific Time, Monday morning Jan 2nd: Please note that we have published a FAQ that accompanies this report. It contains a summary of our findings and answers several other questions our readers have had. It also provides some background on our methodology. You can read it either before or after reading this report. The original report follows:...read more

Critical Vulnerability in PHPMailer. Affects WP Core.

This entry was posted in General Security, Vulnerabilities, WordPress Security on December 26, 2016 by Mark Maunder   68 Replies   

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included....read more

Who is Really Behind the Ukrainian Brute Force Attacks?

This entry was posted in General Security, Research, Wordfence, WordPress Security on December 19, 2016 by Mark Maunder   43 Replies   

Last Friday we published a report showing a significant increase in Brute Force Attacks. We showed that most of the attacks are originating in Ukraine and we shared the most active IP addresses with you....read more

Huge Increase in Brute Force Attacks in December and What to Do

This entry was posted in General Security, Wordfence, WordPress Security on December 16, 2016 by Mark Maunder   110 Replies   

Update: We posted a follow-up to this post on Monday December 19th which goes into more detail about the Ukraine IP block where these attacks originate from and we discuss possible Russia involvement....read more

5 Things to be Aware of When Buying WordPress Security

This entry was posted in General Security, Wordfence, WordPress Security on December 14, 2016 by Mark Maunder   14 Replies   

If you are new to WordPress or reevaluating your security strategy, you are overwhelmed by choice in today's market. The reality is that there are only a handful of tools that truly protect your WordPress website from a hack and help you detect an incident. With all of the claims that vendors are making, it can be tough to choose the most effective product to protect your investment and your customer data....read more

Gravatar Advisory: How to Protect Your Email Address and Identity

This entry was posted in General Security, Learning, Research, WordPress Security on December 8, 2016 by Mark Maunder   47 Replies   

Update: We've added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.