Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Learning

Gravatar Advisory: How to Protect Your Email Address and Identity

This entry was posted in General Security, Learning, Research, WordPress Security on December 8, 2016 by Mark Maunder   47 Replies   

Update: We've added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII....read more

Avoid Malware Scanners That Use Insecure Hashing

This entry was posted in General Security, Learning, Vulnerabilities, Wordfence, WordPress Security on December 6, 2016 by Mark Maunder   37 Replies   

In this post I'm going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue....read more

What Hackers Do With Compromised WordPress Sites

This entry was posted in Learning, Research, WordPress Security on April 19, 2016 by Dan Moen   29 Replies   

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn't any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site's visitors can be monetized in various malicious ways.  The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged....read more

How Attackers Gain Access to WordPress Sites

This entry was posted in General Security, Learning, Research on March 23, 2016 by Dan Moen   78 Replies   

On this blog we write a lot about different vulnerabilities that could lead to site compromise. In our Learning Center we go deep on a myriad of important topics related to WordPress security. Our handy checklist, for example, includes 42 items you really should be paying attention to. But surely not all 42 items are equally important, right? In today’s post we dive into some very interesting data we gathered a couple of weeks ago in a survey, letting the facts tell us what matters most....read more

Hacked Sites Suffer Long Term Search Ranking Penalties

This entry was posted in Learning, Research, SEO, WordPress Security on March 16, 2016 by Dan Moen   14 Replies   

During our research into what the WordPress community knows about hacked websites, we discovered that there is very little data available on the subject. We decided to conduct a survey, inviting a portion of our community to participate....read more

WordPress Security for Beginners – Where to Start

This entry was posted in Learning, WordPress Security on January 20, 2016 by danmoen   0 Replies   

One of the reasons that WordPress is so popular, powering 25% of all websites, is how easy it is use. This is encouraging a lot of beginners to build their own websites. In fact, according to our recent WordPress Security Survey, 17.4% of respondents self-identify as novices or having little to no website security expertise....read more

Security Concepts: Half of all WordPress Plugin Vulnerabilities are XSS and Securing FTP

This entry was posted in Learning, WordPress Security on December 21, 2015 by Mark Maunder   10 Replies   

We had a lot of fun creating our WordPress Security Learning Center. One of the coolest experiences was being able to share with WordPress site administrators how attackers actually gain entry to their sites....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.