Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Wordfence

How the Wordfence Firewall Works

This entry was posted in Wordfence, WordPress Security on January 10, 2017 by Mark Maunder   35 Replies   

In April of 2016 Wordfence launched a full featured WordPress firewall. Since then we have released improvements that make Wordfence faster and better at blocking attacks. If you're not a security professional it may not be clear what the Wordfence firewall does or how it works. In this post I'm going to describe exactly how the firewall works....read more

The December 2016 WordPress Attack Activity Report

This entry was posted in General Security, Research, Wordfence, WordPress Security on January 5, 2017 by Mark Maunder   50 Replies   

This week we are introducing something new. At the beginning of each month we will be doing a monthly WordPress security report. We will look at the attack data for the previous month from the 1st to the end of the month and provide a report and analysis on the attack activity we have seen on WordPress websites....read more

Election Hack Report FAQ: What You Need to Know

This entry was posted in General Security, Miscellaneous, Research, Wordfence, WordPress Security on January 2, 2017 by Mark Maunder   13 Replies   

On Friday we published an analysis of the FBI and DHS Grizzly Steppe report. The report was widely seen as proof that Russian intelligence operatives hacked the US 2016 election. We showed that the PHP malware in the report is old, freely available from a Ukrainian hacker group and is an administrative tool for hackers....read more

2016 for Wordfence: A Break-Through Year

This entry was posted in Wordfence on December 21, 2016 by Mark Maunder   21 Replies   

2016 is drawing to a close and has been a very busy year for us at Wordfence. In today's post I'd like to share some of the major events for Wordfence in 2016 and some interesting data....read more

Who is Really Behind the Ukrainian Brute Force Attacks?

This entry was posted in General Security, Research, Wordfence, WordPress Security on December 19, 2016 by Mark Maunder   43 Replies   

Last Friday we published a report showing a significant increase in Brute Force Attacks. We showed that most of the attacks are originating in Ukraine and we shared the most active IP addresses with you....read more

Huge Increase in Brute Force Attacks in December and What to Do

This entry was posted in General Security, Wordfence, WordPress Security on December 16, 2016 by Mark Maunder   110 Replies   

Update: We posted a follow-up to this post on Monday December 19th which goes into more detail about the Ukraine IP block where these attacks originate from and we discuss possible Russia involvement....read more

5 Things to be Aware of When Buying WordPress Security

This entry was posted in General Security, Wordfence, WordPress Security on December 14, 2016 by Mark Maunder   14 Replies   

If you are new to WordPress or reevaluating your security strategy, you are overwhelmed by choice in today's market. The reality is that there are only a handful of tools that truly protect your WordPress website from a hack and help you detect an incident. With all of the claims that vendors are making, it can be tough to choose the most effective product to protect your investment and your customer data....read more

Wordfence Blocks Username Harvesting via the New REST API in WP 4.7

This entry was posted in Wordfence, WordPress Security on December 12, 2016 by Mark Maunder   60 Replies   

WordPress 4.7 was released 6 days ago, on December 6th. It includes a REST API that will be used by many WordPress plugins, mobile apps, desktop applications, cloud services and even WordPress core in future. Every site that upgrades to WordPress 4.7 has this API enabled by default....read more

Avoid Malware Scanners That Use Insecure Hashing

This entry was posted in General Security, Learning, Vulnerabilities, Wordfence, WordPress Security on December 6, 2016 by Mark Maunder   37 Replies   

In this post I'm going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification. Some malware and antivirus scanners outside of WordPress suffer from this same issue....read more

Hacking 27% of the Web via WordPress Auto-Update

This entry was posted in General Security, Wordfence, WordPress Security on November 22, 2016 by Mark Maunder   80 Replies   

At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.