Wordfence Research and News

Blog icon
Category: General Security

You’ve Found a Vulnerability! Now What? A Guide to Responsible Disclosure.

Information security researchers make a valuable contribution to our online security by finding vulnerabilities and facilitating getting them fixed.

Nulled WordPress Plugins – Dangers and Downsides

In our 2020 Threat Report, the Wordfence Threat Intelligence Team identified malware distributed via nulled, pirated, or counterfeit plugins and themes as one of the largest threats facing the WordPress ecosystem.

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites.

Wordfence is now a CVE Numbering Authority (CNA)

Today, we are excited to announce that Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority.

Ten Password Mistakes That Could Get Your WordPress Site Hacked

A few months ago on Wordfence Live, we reviewed some of the worst website hacks we’ve ever seen.

PHP Compromised: What WordPress Users Need to Know

Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository.
Wordfence 2020 threat report feature image

The Wordfence 2020 WordPress Threat Report

Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples gathered by our Site Cleaning team.

Who Attacked SolarWinds and Why WordPress Users Need to Know

Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team.
SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

SolarWinds and Supply Chain Attacks: Could it happen to WordPress?

The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations.

Common Ways Attackers Are Stealing Credentials

A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.