Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Research

1.4 Million Attacks in 24 Hours: 32% Blocked by the New Blacklist

This entry was posted in Research, Wordfence, WordPress Security on March 16, 2017 by Mark Maunder   23 Replies

Last Friday we quietly launched a new Premium feature in Wordfence: A real-time IP blacklist that completely blocks known malicious IPs from accessing your website. On Monday we did a second release with a few improvements. Then we announced the blacklist on Tuesday this week....read more

In-Depth Analysis of a Criminal Organization Targeting WordPress Websites

This entry was posted in Research, WordPress Security on March 1, 2017 by Mark Maunder   72 Replies

Today we are posting an in-depth analysis of a prolific brute force attacker. We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. We describe the threat actor's tactics, techniques and procedures. Finally, we follow a financial trail to uncover individuals who are behind the campaign and prove that they are connected to each other and are likely part of a criminal organization. We have code-named this organization JerseyShore....read more

Wordfence In Depth: How Malware Becomes Scan Signatures

This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder   7 Replies

One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the 'Threat Defense Feed'. This is a combination of people, software, business processes and data. It's an incredibly effective way to keep hackers out and provide our customers with early detection....read more

WordPress Used as Command and Control Server in 2016 Election Hack

This entry was posted in Research, WordPress Security on February 13, 2017 by Mark Maunder   23 Replies

On Friday evening the Department of Homeland Security released a report [PDF link] containing updated and broader analysis of Russian civilian and military intelligence organization's attempts to interfere with the 2016 US election....read more

A Feeding Frenzy to Deface WordPress Sites

This entry was posted in General Security, Research, Vulnerabilities, WordPress Security on February 9, 2017 by Mark Maunder   47 Replies

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more

XMLRPC or WP-Login: Which do Brute Force Attackers Prefer

This entry was posted in Research, Wordfence, WordPress Security on January 31, 2017 by Mark Maunder   54 Replies

At Wordfence we constantly analyze attack patterns to improve the protection our firewall and malware scan provides. We recently took a closer look at brute force attack targets, specifically XMLRPC and wp-login, to gain a deeper understanding of how attackers behave....read more

Analysis: Methods and Monetization of a Botnet Attacking WordPress

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 24, 2017 by Mark Maunder   29 Replies

At Wordfence we see a huge range of infection types every day as we help our customers repair hacked websites. We also find new kinds of malware as we analyze the forensic data we gather from a range of sources. Our normal day involves turning that forensic data into firewall rules and scan signatures which we deploy to your Wordfence firewall and malware scan via our Threat Defense Feed....read more

The December 2016 WordPress Attack Activity Report

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 5, 2017 by Mark Maunder   52 Replies

This week we are introducing something new. At the beginning of each month we will be doing a monthly WordPress security report. We will look at the attack data for the previous month from the 1st to the end of the month and provide a report and analysis on the attack activity we have seen on WordPress websites....read more

Election Hack Report FAQ: What You Need to Know

This entry was posted in General Security, Miscellaneous, Research, Wordfence, WordPress Security on January 2, 2017 by Mark Maunder   13 Replies

On Friday we published an analysis of the FBI and DHS Grizzly Steppe report. The report was widely seen as proof that Russian intelligence operatives hacked the US 2016 election. We showed that the PHP malware in the report is old, freely available from a Ukrainian hacker group and is an administrative tool for hackers....read more

US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware

This entry was posted in General Security, Miscellaneous, Research, WordPress Security on December 30, 2016 by Mark Maunder   137 Replies

Update at 1am Pacific Time, Monday morning Jan 2nd: Please note that we have published a FAQ that accompanies this report. It contains a summary of our findings and answers several other questions our readers have had. It also provides some background on our methodology. You can read it either before or after reading this report. The original report follows:...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.