Wordfence Research and News
Live Event: Wordfence Central Official Launch and Demo
Today we are very excited to announce the launch of Wordfence Central. Our team has been working hard for almost a year on this ground-breaking project. Wordfence Central gives you the power of a security events and information manager for WordPress. Join me for a live event starting at 8am Pacific time, 11am EST where …
Read More
Three Incident Response Preparations You Should Be Making
In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time …
Read More
PSA: Lessons From The Atlanta Ransomware Situation
In the past few days the City of Atlanta has been hit with a ransomware attack. Several major computer systems that provide city services have been encrypted by an attacker. The attacker is demanding $51,000 worth of bitcoin to decrypt the systems, and the city has not yet ruled out paying the ransom. The attack …
Read More
Staying Safe: The Wordfence Cyber Security Survival Guide
Occasionally at Wordfence we publish posts that are public service announcements that help the broader online community including your team, friends and relatives. Today I’m publishing a guide that will help improve your overall personal cyber security. This guide focuses on the basics: How to reduce the truly important life altering risks that we face from …
Read More
Gravatar Advisory: How to Protect Your Email Address and Identity
Update: We’ve added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII. Gravatar is a service that provides users with a profile image that can appear on many sites across the Net. It is integrated with …
Read More
Avoid Malware Scanners That Use Insecure Hashing
In this post I’m going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue. For brevity, I’m going to refer to this as the “weak hash scanner” issue. This …
Read More
What Hackers Do With Compromised WordPress Sites
We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized …
Read More
How Attackers Gain Access to WordPress Sites
On this blog we write a lot about different vulnerabilities that could lead to site compromise. In our Learning Center we go deep on a myriad of important topics related to WordPress security. Our handy checklist, for example, includes 42 items you really should be paying attention to. But surely not all 42 items are …
Read More
Hacked Sites Suffer Long Term Search Ranking Penalties
During our research into what the WordPress community knows about hacked websites, we discovered that there is very little data available on the subject. We decided to conduct a survey, inviting a portion of our community to participate. We received responses from 1,605 people who reported having a website they manage hacked in the last year. We …
Read More
WordPress Security for Beginners – Where to Start
One of the reasons that WordPress is so popular, powering 25% of all websites, is how easy it is use. This is encouraging a lot of beginners to build their own websites. In fact, according to our recent WordPress Security Survey, 17.4% of respondents self-identify as novices or having little to no website security expertise. …
Read More
Breaking WordPress Security Research in your inbox as it happens.
