Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Wordfence

Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature

This entry was posted in Wordfence, WordPress Security on December 28, 2017 by Matt Barry   7 Replies

Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion clear text credentials. No one had seen 14% of the exposed username/password pairs before, making this a ripe opportunity for hackers to attempt to break into WordPress sites....read more

New Service Vulnerability Disclosure Policy

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on December 13, 2017 by Dan Moen   49 Replies

The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk. In some cases, the issue is quite severe, putting thousands of websites at risk simultaneously. In these instances, our standard approach has been to contact the service provider directly, provide them with the details and work with them toward resolution. Lately these issues have become more common, so we've decided to formalize our approach going forward, updating our Vulnerability Disclosure Policy to specifically address these scenarios....read more

Wordfence Is Now Defiant

This entry was posted in Wordfence on November 21, 2017 by Mark Maunder   12 Replies

Today we are announcing that our company name is changing to Defiant Inc. Over the past 5 years we have grown significantly and have expanded beyond WordPress. As a security organization, we now have a stable of products and services to offer our customers. To reflect this change, we are changing the name of the company that produces Wordfence to Defiant Inc....read more

Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on October 6, 2017 by Dan Moen   24 Replies

We have received a number of questions regarding the Postman SMTP plugin which was removed from the WordPress.org directory this week. According to an archived snapshot, the plugin is installed on over 100,000 websites. We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed. Both Wordfence Free and Premium users who have the firewall enabled have been protected against attempts to exploit this vulnerability from day one. In addition, we alerted all Wordfence users who have the plugin installed when it was removed from the plugin directory....read more

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

This entry was posted in Wordfence, WordPress Security on September 19, 2017 by Dan Moen   12 Replies

WordPress sites are under constant attack by criminals around the world. It is unnerving to see them at work, looking for security vulnerabilities to exploit and trying thousands of passwords. And when they are successful, they inflict pain in the form of lost revenue, damaged reputation and clean-up expenses. It's no wonder that Wordfence users love our blocking features. There's nothing more satisfying than taking direct action against an evil adversary....read more

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites

This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder   71 Replies

Note: This post is the first part of a series. The series has a secondĀ detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam. Then there is a third in the series which explains how the same spammer influenced a total of 9 plugins over 4.5 years....read more

Just How Good Is Wordfence Customer Service?

This entry was posted in Wordfence on September 7, 2017 by Mark Maunder   13 Replies

When my co-founder, Kerry and I started scaling Wordfence as a business, our first hire was in customer service. We had both been taking shifts answering customer service tickets and forum posts along with doing engineering, QA, finance and everything else. We knew customer service was labor-intensive, but we also knew that the kind of business we wanted to create in Wordfence would need to have great customer service....read more

Wordfence Launches Short-Circuit Scan Signatures – Up to 6X Performance Increase

This entry was posted in Wordfence on August 30, 2017 by Mark Maunder   11 Replies

In October 2016, the Wordfence team started chatting about a way to radically boost the speed of scans once we grow beyond a certain number of scan signatures. As a reminder, a scan signature is a pattern that recognizes a certain kind of malware....read more

The Benefits of Wordfence Premium

This entry was posted in Wordfence, WordPress Security on August 29, 2017 by Mark Maunder   11 Replies

On April 21 this year, Wordfence celebrated our fifth year making the world's best firewall and malware scan for WordPress. The date came and went as we continued to focus on innovating and securing our customers. Today Wordfence has been downloaded over 45 million times and maintains a 4.8 star rating out of 5 stars, from over 3000 reviews on the official WordPress plugin repository....read more

Which Wordfence Firewall Rules Are Most Effective?

This entry was posted in Wordfence, WordPress Security on August 24, 2017 by Mark Maunder   10 Replies

Part of the threat intelligence work we do at Wordfence is to constantly analyze the performance of our own firewall rules to determine what is effective and to identify existing and emerging attack trends. Today I'd like to share with you some of the data that we are seeing. If you are curious which attacks our firewall most commonly blocks, and which firewall rules are most effective, you're going to enjoy this blog post....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.