Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Research

Wordfence Blog

WordPress Plugin Banned for Crypto Mining

This entry was posted in Research on November 08, 2017 by Mark Maunder   30 Replies

The WordPress plugin repository recently removed a plugin known as “Animated Weather Widget by weatherfor.us.” We dug a little deeper, and it appears that the plugin was removed for including JavaScript code that would mine cryptocurrency using the CPU resources of site visitors. It works as follows: A WordPress site owner installs the “Animated Weather” …
Read More

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected. In this post, you’ll learn what cryptocurrency mining …
Read More

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack

This entry was posted in General Security, Research on July 07, 2017 by Mark Maunder   5 Replies

Author’s note: This is a technical blog post which I’m hoping server administrators and web hosting providers will find helpful. It also includes malware history and video footage which I hope you enjoy. ~Mark Maunder Cisco’s Talos security group published an excellent blog post yesterday describing the recent ransomware campaign that goes by various names, …
Read More

Home Router Botnet Resumes Attacks

This entry was posted in Research, WordPress Security on June 15, 2017 by Dan Moen   18 Replies

Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled. The chart below shows the count of attacks per hour from June 12th onward. You can …
Read More

Home Router Botnet Shut Down in Past 72 Hours. Who did it?

This entry was posted in Research, Wordfence, WordPress Security on May 02, 2017 by Mark Maunder   19 Replies

On April 11th, 3 weeks ago, we published a story discussing routers at a specific set of ISPs that have been hacked. These routers have been used to launch attacks on WordPress websites. The ISPs with compromised routers included Telecom Algeria, BSNL in India, PLDT in the Philippines and many more large ISPs around the world. …
Read More

51 Tools for Security Analysts

This entry was posted in General Security, Research, WordPress Security on April 20, 2017 by Mark Maunder   17 Replies

Yesterday at Wordfence we had an “all welcome” technology sharing meeting with the entire company – or at least everyone that was available at the time. The meeting became so popular with our team that we had to upgrade the license we use for our real-time collaboration service to accommodate everyone. It is the largest team meeting …
Read More

Thousands of Hacked Home Routers are Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on April 11, 2017 by Mark Maunder   64 Replies

Update: By popular request, we have created a tool that lets you check if your own home router is vulnerable to the problems discussed in this post. Visit this page to check if your home router has port 7547 open or if it’s running a vulnerable version of RomPager. Last week, while creating the Wordfence monthly …
Read More

1.4 Million Attacks in 24 Hours: 32% Blocked by the New Blacklist

This entry was posted in Research, Wordfence, WordPress Security on March 16, 2017 by Mark Maunder   26 Replies

Last Friday we quietly launched a new Premium feature in Wordfence: A real-time IP blacklist that completely blocks known malicious IPs from accessing your website. On Monday we did a second release with a few improvements. Then we announced the blacklist on Tuesday this week. Today we took a first look at data showing how many …
Read More

In-Depth Analysis of a Criminal Organization Targeting WordPress Websites

This entry was posted in Research, WordPress Security on March 01, 2017 by Mark Maunder   73 Replies

Today we are posting an in-depth analysis of a prolific brute force attacker. We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. We describe the threat actor’s tactics, techniques and procedures. Finally, we follow a financial trail to uncover individuals who are behind the …
Read More

Wordfence In Depth: How Malware Becomes Scan Signatures

This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder   7 Replies

One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the ‘Threat Defense Feed’. This is a combination of people, software, business processes and data. It’s an incredibly effective way to keep hackers out and provide our customers with early detection. Today I’m going to …
Read More


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates