Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: General Security

Wordfence Blog

Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In October

This entry was posted in General Security on September 13, 2018 by James   7 Replies

This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox¬†beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More

PSA: Multiple Vulnerabilities Present In Firefox 61

This entry was posted in General Security, Vulnerabilities on September 06, 2018 by Mikey Veenstra   2 Replies

In an advisory published yesterday, Mozilla disclosed the presence of nine security flaws in Firefox 61 which have been patched in the latest release of the browser. Some of the bugs are severe, but at this time do not appear to be receiving attacks in the wild. To protect yourself as a Firefox user, ensure …
Read More

Three Incident Response Preparations You Should Be Making

This entry was posted in General Security, Learning on July 10, 2018 by Mikey Veenstra   7 Replies

In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time …
Read More

Top Tools for Security Analysts in 2018

This entry was posted in General Security, Research, WordPress Security on June 26, 2018 by Mikey Veenstra   4 Replies

Last spring, after discussing the tools and tech used by our team, we published a list of 51 Tools for Security Analysts. The article was well-received, and the comments offered some great suggestions to top it all off. In the spirit of that list we’d like to offer our updated 2018 edition, featuring the Defiant …
Read More

Is WordPress Secure?

This entry was posted in General Security, WordPress Security on April 03, 2018 by Mark Maunder   31 Replies

I recently got a call from a friend I haven’t seen for a while asking me if I’d like to grab a coffee. He had a few questions about whether WordPress is secure. I’m always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. …
Read More

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected – about 9% of …
Read More

PSA: Replace Your SSL/TLS Certs by Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL

This entry was posted in General Security, WordPress Security on March 12, 2018 by Mark Maunder   28 Replies

This is a public service announcement and a reminder to site owners. Google’s Chrome browser has already started the process of ending support for Symantec SSL/TLS certificates. This includes companies owned by Symantec including Thawte, Verisign, Equifax, GeoTrust and RapidSSL. Chrome 66 is ending support for Symantec certificates issued before June 1, 2016 on the …
Read More

New Guides From Wordfence To Help Clean a Hacked Website

This entry was posted in General Security, WordPress Security on March 08, 2018 by Mark Maunder   7 Replies

At Wordfence, one of our goals is to empower you as much as possible to be self-sufficient, at no additional cost. To do that, we provide Wordfence as a free security plugin. Over the years we have also developed a comprehensive WordPress Security Learning Center that provides readers with a complete understanding of WordPress Security …
Read More

Cryptomining Supply Chain Attack Hits Government Websites

This entry was posted in General Security, WordPress Security on February 11, 2018 by Mark Maunder   17 Replies

In the past 24 hours, Security researcher Scott Helme discovered that a third party accessibility plugin called ‘Browsealoud’ had their servers compromised. The plugin relies on a website including Javascript in their content in order to work. This compromise resulted in over 4,000 websites serving up cryptomining malware. The malware uses site visitor CPUs to …
Read More

Your Site Reputation Makes You a Target

This entry was posted in General Security, WordPress Security on November 10, 2017 by Mark Maunder   12 Replies

I’ve mentioned Troy Hunt a few times on this blog. He’s one of the good guys in our industry and runs a website called haveibeenpwned.com. If you want to scare your friends and family at a get together, send them to¬†haveibeenpwned.com and get them to type in their email address. You’ll discover that we’ve all …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates