Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

PSA: OneLogin Breached. Here’s What You Need to Do.

This entry was posted in General Security on June 1, 2017 by Mark Maunder   19 Replies

This is a public service announcement from Wordfence. We are sending this notice to the WordPress community due to the widespread nature and potential severity of this security issue. It has a high likelihood of impacting some of our readers and requires immediate action on their part....read more

Wordfence Launches WordPress Security Audit Service

This entry was posted in General Security, Wordfence, WordPress Security on May 23, 2017 by Mark Maunder   42 Replies

This morning I am very excited to announce that Wordfence is officially launching a WordPress Security Audit service. Many of our customers have asked us for a service like this and it has finally arrived....read more

Announcing Gravityscan

This entry was posted in General Security on May 16, 2017 by Mark Maunder   58 Replies

Today the Wordfence team has a big announcement. We are launching Gravityscan.com, a completely free vulnerability and malware scanner. You can use Gravityscan to find out if your website has been hacked and if you have any security problems that may lead to a hack in future....read more

New WannaCry Ransomware and How to Protect Yourself

This entry was posted in General Security on May 14, 2017 by Mark Maunder   72 Replies

This is another Wordfence public service announcement (PSA) that describes new WannaCry ransomware variants that have emerged in the past few hours and describes how to protect yourself against the WannaCry ransomware, also known as the WannaCrypt ransomware. We occasionally send out alerts that are outside the WordPress space when we feel that they are in the interests of our WordPress publishers and the broader global community. This is, unfortunately, one of those alerts....read more

Massive Global Ransomware Attack Underway, Patch Available

This entry was posted in General Security on May 12, 2017 by Dan Moen   30 Replies

UPDATE on Sunday at 1:40PM PST: New variants of WannaCrypt are now emerging. We have posted an updated blog post that includes instructions on how to protect yourself. ...read more

51 Tools for Security Analysts

This entry was posted in General Security, Research, WordPress Security on April 20, 2017 by Mark Maunder   17 Replies

Yesterday at Wordfence we had an "all welcome" technology sharing meeting with the entire company - or at least everyone that was available at the time. The meeting became so popular with our team that we had to upgrade the license we use for our real-time collaboration service to accommodate everyone. It is the largest team meeting we have had to date....read more

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

This entry was posted in General Security on April 14, 2017 by Mark Maunder   150 Replies

Update on April 19th at noon Pacific time: Chrome has just released version 58.0.3029.81. We have confirmed that this resolves the issue and that our 'epic.com' test domain no longer shows as 'epic.com' and displays the raw punycode instead, which is 'www.xn--e1awd7f.com', making it clear that the domain is not 'epic.com'. We encourage all Chrome users to immediately update to the above version of Chrome to resolve the issue. The original post follows:...read more

Check if Your Home Router is Vulnerable

This entry was posted in General Security on April 11, 2017 by Mark Maunder   103 Replies

At Wordfence, we make a firewall and malware scanner that protects over 2 million WordPress websites. We also monitor attacks on those sites to determine which IPs are attacking them and we block those IPs in real-time through a blacklist....read more

‘Secure’ in Chrome Browser Does Not Mean ‘Safe’

This entry was posted in General Security on March 28, 2017 by Mark Maunder   60 Replies

Google's Chrome web browser is used by over 50% of users on the web. When you visit a website that is using SSL, otherwise known as HTTPS or TLS, you see a green message in your browser location bar that says "Secure"....read more

5 Security Questions For Your Hosting Company

This entry was posted in General Security, WordPress Security on March 21, 2017 by Mark Maunder   72 Replies

In the past month, our forensic analysts ran into two situations where we saw a significant number of site cleaning customers, all from the same hosting companies, all with the same malware. In both cases the sites were infected due to a hosting company security issue....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.