Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: General Security

Wordfence Blog

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

This entry was posted in General Security, PSA, WordPress Security on November 23, 2021 by Ram Gall   9 Replies

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg Domain Factory Heart Internet Host Europe According to Dan Rice, VP of Corporate Communications at GoDaddy, “The GoDaddy brands …
Read More

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

This entry was posted in General Security, PSA, WordPress Security on November 22, 2021 by Mark Maunder   38 Replies

There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this …
Read More

PSA: Widespread Remote Working Scam Underway

This entry was posted in General Security, PSA on October 28, 2021 by Mark Maunder   57 Replies

I’ve just gotten off the phone with a victim of the scam that I’m about to describe. This is impacting a lot of folks, so please do spread the word. It’s infuriating. I’ll be around to reply to your comments below, but please do not engage in victim-blaming, because until you’ve actually been hit by …
Read More

It’s Not You. It’s Them. On Hacking and Responsible Disclosure.

This entry was posted in General Security, PSA on October 15, 2021 by Mark Maunder   17 Replies

A story was recently posted to Hacker News celebrating a hack of IoT devices at a school that let a student and their friends rickroll the school via a video system. On the one hand, this guy is my personal hero and I want to be them. But I’m a cybersecurity professional, I run a …
Read More

You’ve Found a Vulnerability! Now What? A Guide to Responsible Disclosure.

This entry was posted in General Security, WordPress Security on July 28, 2021 by Chloe Chamberland   0 Replies

Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed. Wordfence has been finding and disclosing vulnerabilities in WordPress core, WordPress plugins, and WordPress themes since 2011. Our research has exposed vulnerabilities in the core infrastructure that powers WordPress, organized crime exploiting plugins for profit, and …
Read More

Nulled WordPress Plugins – Dangers and Downsides

This entry was posted in General Security, WordPress Security on July 21, 2021 by Ram Gall   12 Replies

In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem. Many site owners are unaware of the risks associated with using nulled plugins, and in many cases, they may not even be aware that …
Read More

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

This entry was posted in General Security, Vulnerabilities, WordPress Security on July 13, 2021 by Chloe Chamberland   4 Replies

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins available outside of the repository, along with …
Read More

Wordfence is now a CVE Numbering Authority (CNA)

This entry was posted in General Security, WordPress Security on June 10, 2021 by Chloe Chamberland   5 Replies

Today, we are excited to announce that Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. WordPress powers over 40% of the World Wide Web in …
Read More

Ten Password Mistakes That Could Get Your WordPress Site Hacked

This entry was posted in General Security, Wordfence, WordPress Security on April 07, 2021 by Chloe Chamberland   2 Replies

A few months ago on Wordfence Live, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. From these common hacks, we have many cautionary tales of site security that could have been prevented by …
Read More

PHP Compromised: What WordPress Users Need to Know

This entry was posted in General Security, Research, WordPress Security on March 29, 2021 by Chloe Chamberland   16 Replies

Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. Remote …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates