This entry was posted in General Security, Research, Wordfence, WordPress Security on January 27, 2021 by Ram Gall 4 Replies
Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team. Attacks on WordPress can be categorized in three …
Read More
This entry was posted in General Security, Research, WordPress Security on December 24, 2020 by Chloe Chamberland 18 Replies
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on …
Read More
This entry was posted in General Security, WordPress Security on December 23, 2020 by Ram Gall 2 Replies
The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On December 13th the US Treasury Department announced that it had also been compromised. At …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on October 02, 2020 by Chloe Chamberland 2 Replies
A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense. On September 29, 2020, the Wordfence Live team …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on September 16, 2020 by Chloe Chamberland 6 Replies
Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site. This companion blog post reviews the motives we discussed live during Wordfence Live and dives deeper into the minds of attackers. You can watch the video of Wordfence Live below. Timestamps You can click on …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on August 19, 2020 by Chloe Chamberland 15 Replies
Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. You can watch the video of Wordfence Live below. Timestamps You can click on these timestamps to jump around …
Read More
This entry was posted in General Security, Vulnerabilities, WordPress Security on July 28, 2020 by Chloe Chamberland 3 Replies
On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. We initially reached out to the plugin’s developer …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on June 24, 2020 by Ram Gall 2 Replies
At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted to share some of the metrics we use and what they …
Read More
This entry was posted in General Security, Research, WordPress Security on June 03, 2020 by Ram Gall 24 Replies
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of …
Read More
This entry was posted in General Security, WordPress Security on May 05, 2020 by Ram Gall 23 Replies
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat …
Read More
