Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

Gravityscan Lowers Price and Adds Free Trial

This entry was posted in General Security on October 5, 2017 by Mark Maunder   6 Replies

We have an exciting announcement today regarding the Gravityscan project. As you know the Wordfence team launched Gravityscan on May 16th of this year. Gravityscan is designed to provide malware and vulnerability scanning for any website....read more

The Man Behind Plugin Spam: Mason Soiza

This entry was posted in General Security, WordPress Security on September 13, 2017 by Mark Maunder   161 Replies

This post is part of a series. This is the second post and a follow-up to our first story titled "Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites". There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period....read more

Cyber Insurance: Should You Get It?

This entry was posted in General Security on September 5, 2017 by Mark Maunder   3 Replies

You have probably noticed the gradual increase in the number of ads over the past two years selling "cyber insurance," or insurance that covers a hack. The market for this kind of insurance has been growing....read more

Dreamhost is Under DDoS Attack

This entry was posted in General Security, WordPress Security on August 24, 2017 by Mark Maunder   32 Replies

Dreamhost is currently experiencing a DDoS attack. I am updating this post in real-time as the situation unfolds. Last update was at 10:46am PST. ~Mark Maunder...read more

PSA: 4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

This entry was posted in General Security on August 17, 2017 by Mark Maunder   27 Replies

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads....read more

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack

This entry was posted in General Security, Research on July 7, 2017 by Mark Maunder   5 Replies

Author's note: This is a technical blog post which I'm hoping server administrators and web hosting providers will find helpful. It also includes malware history and video footage which I hope you enjoy. ~Mark Maunder...read more

PSA: Petya Ransomware Affecting Critical Systems Globally: Here’s What to Do.

This entry was posted in General Security on June 27, 2017 by Mark Maunder   37 Replies

Updated 3:19PM Pacific Time: A method to 'vaccinate' yourself against this ransomware variant has been found. I have posted details towards the end of the post along with a batch file you can run. It is as simple as creating the file C:\Windows\perfc and marking it read-only....read more

PSA: OneLogin Breached. Here’s What You Need to Do.

This entry was posted in General Security on June 1, 2017 by Mark Maunder   19 Replies

This is a public service announcement from Wordfence. We are sending this notice to the WordPress community due to the widespread nature and potential severity of this security issue. It has a high likelihood of impacting some of our readers and requires immediate action on their part....read more

Wordfence Launches WordPress Security Audit Service

This entry was posted in General Security, Wordfence, WordPress Security on May 23, 2017 by Mark Maunder   42 Replies

This morning I am very excited to announce that Wordfence is officially launching a WordPress Security Audit service. Many of our customers have asked us for a service like this and it has finally arrived....read more

Announcing Gravityscan

This entry was posted in General Security on May 16, 2017 by Mark Maunder   58 Replies

Today the Wordfence team has a big announcement. We are launching Gravityscan.com, a completely free vulnerability and malware scanner. You can use Gravityscan to find out if your website has been hacked and if you have any security problems that may lead to a hack in future....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.