Wordfence Research and News

Blog icon
Category: Learning
Newest

Live Event: Wordfence Central Official Launch and Demo

Today we are very excited to announce the launch of Wordfence Central. Our team has been working hard for almost a year on this ground-breaking project. Wordfence Central gives you the power of a security events and information manager for WordPress. Join me for a live event starting at 8am Pacific time, 11am EST where …
Read More

Three Incident Response Preparations You Should Be Making

In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time …
Read More

PSA: Lessons From The Atlanta Ransomware Situation

In the past few days the City of Atlanta has been hit with a ransomware attack. Several major computer systems that provide city services have been encrypted by an attacker. The attacker is demanding $51,000 worth of bitcoin to decrypt the systems, and the city has not yet ruled out paying the ransom. The attack …
Read More

Staying Safe: The Wordfence Cyber Security Survival Guide

Occasionally at Wordfence we publish posts that are public service announcements that help the broader online community including your team, friends and relatives. Today I’m publishing a guide that will help improve your overall personal cyber security. This guide focuses on the basics: How to reduce the truly important life altering risks that we face from …
Read More

Gravatar Advisory: How to Protect Your Email Address and Identity

Update: We’ve added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII. Gravatar is a service that provides users with a profile image that can appear on many sites across the Net. It is integrated with …
Read More

Avoid Malware Scanners That Use Insecure Hashing

In this post I’m going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue. For brevity, I’m going to refer to this as the “weak hash scanner” issue. This …
Read More

What Hackers Do With Compromised WordPress Sites

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized …
Read More

How Attackers Gain Access to WordPress Sites

On this blog we write a lot about different vulnerabilities that could lead to site compromise. In our Learning Center we go deep on a myriad of important topics related to WordPress security. Our handy checklist, for example, includes 42 items you really should be paying attention to. But surely not all 42 items are …
Read More

Hacked Sites Suffer Long Term Search Ranking Penalties

During our research into what the WordPress community knows about hacked websites, we discovered that there is very little data available on the subject. We decided to conduct a survey, inviting a portion of our community to participate. We received responses from 1,605 people who reported having a website they manage hacked in the last year. We …
Read More

WordPress Security for Beginners – Where to Start

One of the reasons that WordPress is so popular, powering 25% of all websites, is how easy it is use. This is encouraging a lot of beginners to build their own websites. In fact, according to our recent WordPress Security Survey, 17.4% of respondents self-identify as novices or having little to no website security expertise. …
Read More