Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: General Security

Cloudflare Data Leak: How to Secure Your Site

This entry was posted in General Security, WordPress Security on February 23, 2017 by Mark Maunder   44 Replies

Cloudflare has experienced a data leak over a 5 month period that mixed sensitive data between websites and visitors. A visitor to one website using Cloudflare may have seen data from another website using Cloudflare that was being sent to a completely different site visitor....read more

Rapid Growth in Defacements, Who was Hit, Who is Attacking

This entry was posted in General Security, Vulnerabilities, Wordfence, WordPress Security on February 10, 2017 by Mark Maunder   22 Replies

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2. If you have not updated to 4.7.2 already on all sites you operate, do so immediately. If you are using Wordfence Premium, you are already protected....read more

A Feeding Frenzy to Deface WordPress Sites

This entry was posted in General Security, Research, Vulnerabilities, WordPress Security on February 9, 2017 by Mark Maunder   49 Replies

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more

Staying Safe: The Wordfence Cyber Security Survival Guide

This entry was posted in General Security, Learning on February 7, 2017 by Mark Maunder   8 Replies

Occasionally at Wordfence we publish posts that are public service announcements that help the broader online community including your team, friends and relatives. Today I'm publishing a guide that will help improve your overall personal cyber security. This guide focuses on the basics: How to reduce the truly important life altering risks that we face from the cyber realm....read more

The January 2017 WordPress Attack Activity Report

This entry was posted in General Security, Monthly Attack Activity Report, Wordfence, WordPress Security on February 3, 2017 by Mark Maunder   23 Replies

Last month we introduced a monthly attack activity report. This report gives you an indication of attack trends during the past month and how they have changed. Today we are releasing the January WordPress attack activity report which covers the period from January 1st until January 31st....read more

Do You Need a WordPress Security Plugin?

This entry was posted in General Security, Wordfence, WordPress Security on January 25, 2017 by Mark Maunder   14 Replies

At Wordfence we are a big team these days with millions of customers, and we think about security all day long. Sometimes we can get deep down the proverbial rabbit hole and forget about the basics....read more

Analysis: Methods and Monetization of a Botnet Attacking WordPress

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 24, 2017 by Mark Maunder   29 Replies

At Wordfence we see a huge range of infection types every day as we help our customers repair hacked websites. We also find new kinds of malware as we analyze the forensic data we gather from a range of sources. Our normal day involves turning that forensic data into firewall rules and scan signatures which we deploy to your Wordfence firewall and malware scan via our Threat Defense Feed....read more

Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

This entry was posted in General Security, WordPress Security on January 17, 2017 by Mark Maunder   90 Replies

On approximately January 31st, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it....read more

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

This entry was posted in General Security, Miscellaneous on January 12, 2017 by Mark Maunder   172 Replies

Update on February 24th: Chrome has resolved this issue to my satisfaction. Earlier this month they released Chrome 56.0.2924 which changes the location bar behavior. If you now view a data URL, the location bar shows a "Not Secure" message which should help users realize that they should not trust forms presented to them via a data URL. It will help prevent this specific phishing technique....read more

The December 2016 WordPress Attack Activity Report

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 5, 2017 by Mark Maunder   52 Replies

This week we are introducing something new. At the beginning of each month we will be doing a monthly WordPress security report. We will look at the attack data for the previous month from the 1st to the end of the month and provide a report and analysis on the attack activity we have seen on WordPress websites....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.