Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Wordfence

How We Think About WordPress Security and Research

This entry was posted in General Security, Wordfence, WordPress Security on December 10, 2018 by Mark Maunder   3 Replies

This weekend I had a really fun conversation with Doc Pop from Torque Magazine. Torque is a great news source for WordPress news. They are part of WP Engine, but maintain editorial independence. I chatted with Doc in Nashville, in the Music City Center where WordCamp US was being held. Music City Center is an …
Read More

Botnet of Infected WordPress Sites Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on December 05, 2018 by Mikey Veenstra   17 Replies

The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time …
Read More

Video: WordCamp Atlanta Security Panel with Wordfence

This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen   6 Replies

In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites. Part of hacker culture is the art of lock picking, which …
Read More

Introducing Wordfence Agency Solutions

This entry was posted in Wordfence, WordPress Security on October 16, 2018 by Kathy Zant   0 Replies

Throughout 2018, we have had many conversations with agencies and other organizations protecting a large number of WordPress sites with Wordfence. You’ve told us what you need to be more successful, and we’ve responded with many changes to both our licensing and our capabilities. To start, we added the ability to secure your staging and …
Read More

Meet the Defiant Team

This entry was posted in Wordfence on September 25, 2018 by Dan Moen   13 Replies

In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team. While we were there we completed a fun project. We created a video with footage …
Read More

Announcing Revamped Volume Pricing for Premium Licenses

This entry was posted in Wordfence on August 22, 2018 by Dan Moen   6 Replies

This year we have been very focused on the needs of agencies and other organizations with lots of sites to protect. We’ve spoken with many of you and have a clear picture of what we can do to make Wordfence work even better for you. To start things off, in June we released a feature …
Read More

Your Site Can Help Defend Millions Of Others

This entry was posted in Wordfence, WordPress Security on July 19, 2018 by Mikey Veenstra   4 Replies

As you’re probably aware, Wordfence’s Security Services Team (SST) provides world-class remediation services in the event that your site falls victim to malicious activity.  Our analysts combine their considerable expertise with the best threat intelligence in the industry to deliver results we’re consistently proud to stand behind. To be clear, the word “consistently” is used …
Read More

Details of an Additional File Deletion Vulnerability – Patched in WordPress 4.9.7

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on July 05, 2018 by Matt Barry   4 Replies

Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges. Some details can be found on the WordPress.org blog. The first arbitrary file deletion vulnerability was disclosed June 26, 2018 on the RIPS Tech blog with no official patch to WordPress in place. We released a …
Read More

Optimizing Wordfence Security Settings: Brute Force Protection

This entry was posted in Wordfence, WordPress Security on July 05, 2018 by Kathy Zant   15 Replies

As a part of the Wordfence Client Partner initiative, we’ve recently had some in depth conversations with organizations using Wordfence at scale. These conversations have been enlightening, and we wanted to share some of the stories we’ve heard about how different organizations use Wordfence. Wordfence is the most robust security solution available for WordPress site …
Read More

New Feature: Custom Premium Development Subdomains

This entry was posted in Wordfence on June 21, 2018 by Kathy Zant   5 Replies

Two weeks ago we announced the release of a new Wordfence feature that automatically allows Wordfence Premium customers to use their premium license key to secure a specific list of staging, development or test subdomains. This week we’ve taken that a step further, releasing a feature to allow your Wordfence Premium license to secure custom …
Read More


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 90 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates