Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Research

WordPress Plugin Banned for Crypto Mining

This entry was posted in Research on November 8, 2017 by Mark Maunder   30 Replies

The WordPress plugin repository recently removed a plugin known as "Animated Weather Widget by weatherfor.us." We dug a little deeper, and it appears that the plugin was removed for including JavaScript code that would mine cryptocurrency using the CPU resources of site visitors....read more

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected....read more

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack

This entry was posted in General Security, Research on July 7, 2017 by Mark Maunder   5 Replies

Author's note: This is a technical blog post which I'm hoping server administrators and web hosting providers will find helpful. It also includes malware history and video footage which I hope you enjoy. ~Mark Maunder...read more

Home Router Botnet Resumes Attacks

This entry was posted in Research, WordPress Security on June 15, 2017 by Dan Moen   18 Replies

Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled....read more

Home Router Botnet Shut Down in Past 72 Hours. Who did it?

This entry was posted in Research, Wordfence, WordPress Security on May 2, 2017 by Mark Maunder   19 Replies

On April 11th, 3 weeks ago, we published a story discussing routers at a specific set of ISPs that have been hacked. These routers have been used to launch attacks on WordPress websites. The ISPs with compromised routers included Telecom Algeria, BSNL in India, PLDT in the Philippines and many more large ISPs around the world....read more

51 Tools for Security Analysts

This entry was posted in General Security, Research, WordPress Security on April 20, 2017 by Mark Maunder   17 Replies

Yesterday at Wordfence we had an "all welcome" technology sharing meeting with the entire company - or at least everyone that was available at the time. The meeting became so popular with our team that we had to upgrade the license we use for our real-time collaboration service to accommodate everyone. It is the largest team meeting we have had to date....read more

Thousands of Hacked Home Routers are Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on April 11, 2017 by Mark Maunder   64 Replies

Update: By popular request, we have created a tool that lets you check if your own home router is vulnerable to the problems discussed in this post. Visit this page to check if your home router has port 7547 open or if it's running a vulnerable version of RomPager....read more

1.4 Million Attacks in 24 Hours: 32% Blocked by the New Blacklist

This entry was posted in Research, Wordfence, WordPress Security on March 16, 2017 by Mark Maunder   26 Replies

Last Friday we quietly launched a new Premium feature in Wordfence: A real-time IP blacklist that completely blocks known malicious IPs from accessing your website. On Monday we did a second release with a few improvements. Then we announced the blacklist on Tuesday this week....read more

In-Depth Analysis of a Criminal Organization Targeting WordPress Websites

This entry was posted in Research, WordPress Security on March 1, 2017 by Mark Maunder   73 Replies

Today we are posting an in-depth analysis of a prolific brute force attacker. We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. We describe the threat actor's tactics, techniques and procedures. Finally, we follow a financial trail to uncover individuals who are behind the campaign and prove that they are connected to each other and are likely part of a criminal organization. We have code-named this organization JerseyShore....read more

Wordfence In Depth: How Malware Becomes Scan Signatures

This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder   7 Replies

One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the 'Threat Defense Feed'. This is a combination of people, software, business processes and data. It's an incredibly effective way to keep hackers out and provide our customers with early detection....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.