Category Archive: General Security
This entry was posted in General Security, Wordfence, WordPress Security on June 24, 2020 by Ram Gall 2 Replies
At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted to share some of the metrics we use and what they …
Read More
This entry was posted in General Security, Research, WordPress Security on June 03, 2020 by Ram Gall 24 Replies
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of …
Read More
This entry was posted in General Security, WordPress Security on May 05, 2020 by Ram Gall 23 Replies
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat …
Read More
This entry was posted in General Security on April 02, 2020 by Kathy Zant 26 Replies
With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected. Zoom has come under fire in recent days due to security issues with …
Read More
This entry was posted in General Security, WordPress Security on March 03, 2020 by Kathy Zant 5 Replies
On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt. Let’s Encrypt has contacted all certificate holders affected by this bug, and they’ve created …
Read More
This entry was posted in General Security, Wordfence, WordPress Security on December 10, 2018 by Mark Maunder 3 Replies
This weekend I had a really fun conversation with Doc Pop from Torque Magazine. Torque is a great news source for WordPress news. They are part of WP Engine, but maintain editorial independence. I chatted with Doc in Nashville, in the Music City Center where WordCamp US was being held. Music City Center is an …
Read More
This entry was posted in General Security, WordPress Security on October 30, 2018 by Mark Maunder 0 Replies
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, …
Read More
This entry was posted in General Security, WordPress Security on October 02, 2018 by Mikey Veenstra 20 Replies
Considering the amount of malicious activity that takes place on the internet, it’s no surprise that successful attacks on WordPress sites are launched across a wide variety of vectors. Whether outdated plugin code is to blame, or password reuse, or any number of other security flaws, no site owner sets out to introduce a vulnerability …
Read More
This entry was posted in General Security, WordPress Security on September 18, 2018 by Mikey Veenstra 13 Replies
Last week’s article covering the decision to distrust Symantec-issued TLS certificates generated a great response from our readers. One common question we received, and one that pops up just about any time SSL/TLS comes up, is how to determine when a site does and does not need such a certificate. Spoiler: Your site should probably …
Read More
This entry was posted in General Security on September 13, 2018 by James 7 Replies
This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 150 million downloads