This entry was posted in Vulnerabilities, WordPress Security on June 22, 2017 by Andie 12 Replies
Imagine that one day you discover that a burglar has broken into your home and attempted to make off with your big-screen TV. Fearing for your safety, you immediately contact local law enforcement, and they promptly apprehend the criminal. But to your horror, as they drag the burglar away in handcuffs, they have an additional shocking revelation: the burglar has not only been living in the basement of your home for months, entirely undetected by you, but he's also converted your basement into an elaborate base for all of his criminal operations. ...read more
WordPress 4.7.3 has just been released. It is the third in a series of recent security releases for WordPress core....read more
Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2. If you have not updated to 4.7.2 already on all sites you operate, do so immediately. If you are using Wordfence Premium, you are already protected....read more
In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking....read more
WordPress 4.7.1 was released on Wednesday. It contains 8 security fixes including a fix for the PHPMailer issue, which we reported on in late December....read more
A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included....read more
In this post I'm going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue....read more
Last week we shared the top 20 most attacked WordPress themes and an explanation of why many of them are targeted. This week we've dug deep into the data and we are publishing the top 50 most attacked WordPress plugins during the past 7 days....read more
Today we're publishing statistics on the attacks we are seeing on themes across the WordPress ecosystem. The Wordfence Firewall provides us with attack telemetry across a large number of sites that we protect. The data we're sharing today is based on the following high level metrics:...read more
At Wordfence we track attacks across all our customer sites, both free and paid to learn more about attacker tactics, techniques and procedures (TTP's). Mining this data helps us improve Wordfence Firewall, Wordfence's Scan and our other features and to do a better job of keeping you safe....read more
