Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Wordfence

Wordfence Blog

Malware Detection: Measuring Recall to Catch Them All

This entry was posted in General Security, Wordfence, WordPress Security on June 24, 2020 by Ram Gall   2 Replies

At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted to share some of the metrics we use and what they …
Read More

Defiant Participating in Privacy Shield Framework

This entry was posted in Wordfence on June 22, 2020 by Kathy Zant   0 Replies

Defiant, dba Wordfence, is now listed on the Privacy Shield certification list participating in both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. The purpose of these frameworks is to allow for the lawful transfer of personal data from the European Union and Switzerland to the United States. Two years ago when the General Data Protection …
Read More

Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on May 11, 2020 by Chloe Chamberland   5 Replies

On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a WordPress plugin actively installed on over 1,000,000 sites. Both of these flaws allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to …
Read More

Wordfence Helping Our Friends in Australia Fight Bush Fires

This entry was posted in Wordfence on April 20, 2020 by Kathy Zant   0 Replies

Last fall as wildfires ravaged much of Australia, we were deeply affected by the stories of destruction coming out of numerous communities. As a global company with customers and friends in the region affected by these events, we looked for opportunities to help, much like we did with the WordCamp Asia Cancellation Fee Assistance program. …
Read More

Vulnerability Patched in Import Export WordPress Users

This entry was posted in Vulnerabilities, Wordfence on March 11, 2020 by Chloe Chamberland   0 Replies

On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who responded …
Read More

COVID-19 and WordPress Community Engagement in 2020

This entry was posted in Wordfence on March 01, 2020 by Mark Maunder   1 Reply

This is an update regarding Wordfence’s community engagement in 2020 along with a recommendation for WordCamps globally and for the global WordPress community. As always, I’m taking a data-driven approach to this post. I present an update from the WHO regarding the containment of COVID-19 in China and what has worked. I then discuss what …
Read More

Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin

This entry was posted in Vulnerabilities, Wordfence on February 25, 2020 by Chloe Chamberland   2 Replies

On January 17th, our Threat Intelligence Team discovered several vulnerabilities in Pricing Table by Supsystic, a WordPress plugin installed on over 40,000 sites. These flaws allowed an unauthenticated user to execute several AJAX actions due to an insecure permissions weakness. Attackers were also able to inject malicious Javascript due to a Cross-Site Scripting (XSS) vulnerability, …
Read More

Wordcamp Asia Cancellation Fee Assistance Package from Wordfence

This entry was posted in Wordfence on February 11, 2020 by Mark Maunder   2 Replies

A few minutes ago it was announced that Wordcamp Asia has been cancelled due to the recent COVID-19 concerns in the region. This was a very tough call, but I believe the right one. To give you some context, I’m going to include an extract from the final part of the World Health Organization Director …
Read More

Wordfence Now Works on WP Engine and with Load Balancers

This entry was posted in Wordfence on August 21, 2019 by Matt Barry   15 Replies

Today we are launching a version of Wordfence containing a new feature for sites on hosting providers with read-only file systems such as WP Engine or for environments where multiple web servers are behind a load balancer. This new feature uses a MySQL storage engine for firewall attack data to protect WordPress sites in complex …
Read More

Major Central Release: Alerts, Security Events and Slack Integration

This entry was posted in Wordfence on June 18, 2019 by Dan Moen   4 Replies

In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 150 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates