This entry was posted in Vulnerabilities, Wordfence on March 11, 2020 by Chloe Chamberland 0 Replies
On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who responded …
Read More
This entry was posted in Wordfence on March 01, 2020 by Mark Maunder 1 Reply
This is an update regarding Wordfence’s community engagement in 2020 along with a recommendation for WordCamps globally and for the global WordPress community. As always, I’m taking a data-driven approach to this post. I present an update from the WHO regarding the containment of COVID-19 in China and what has worked. I then discuss what …
Read More
This entry was posted in Vulnerabilities, Wordfence on February 25, 2020 by Chloe Chamberland 2 Replies
On January 17th, our Threat Intelligence Team discovered several vulnerabilities in Pricing Table by Supsystic, a WordPress plugin installed on over 40,000 sites. These flaws allowed an unauthenticated user to execute several AJAX actions due to an insecure permissions weakness. Attackers were also able to inject malicious Javascript due to a Cross-Site Scripting (XSS) vulnerability, …
Read More
This entry was posted in Wordfence on February 11, 2020 by Mark Maunder 2 Replies
A few minutes ago it was announced that Wordcamp Asia has been cancelled due to the recent COVID-19 concerns in the region. This was a very tough call, but I believe the right one. To give you some context, I’m going to include an extract from the final part of the World Health Organization Director …
Read More
This entry was posted in Wordfence on August 21, 2019 by Matt Barry 15 Replies
Today we are launching a version of Wordfence containing a new feature for sites on hosting providers with read-only file systems such as WP Engine or for environments where multiple web servers are behind a load balancer. This new feature uses a MySQL storage engine for firewall attack data to protect WordPress sites in complex …
Read More
This entry was posted in Wordfence on June 18, 2019 by Dan Moen 4 Replies
In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new …
Read More
This entry was posted in Wordfence, WordPress Security on June 04, 2019 by Mark Maunder 16 Replies
Today we are excited to announce the release of a brand new plugin: Wordfence Login Security. This plugin is a completely standalone plugin and you don’t need to install the full version of Wordfence to take advantage of the specific security features included in it. Wordfence Login Security is designed by our team to secure …
Read More
This entry was posted in Wordfence, WordPress Security on May 14, 2019 by Dan Moen 23 Replies
Spend any time looking at blocked attacks in Wordfence Live Traffic and you’ll walk away worried about login security. WordPress sites are under constant attack by bots attempting to guess your users’ passwords. A lot of these attacks simply test lists of commonly used passwords along with usernames they think you may have chosen, like …
Read More
This entry was posted in Ask Wordfence, Learning, Wordfence on February 06, 2019 by Mark Maunder 5 Replies
Today we are very excited to announce the launch of Wordfence Central. Our team has been working hard for almost a year on this ground-breaking project. Wordfence Central gives you the power of a security events and information manager for WordPress. Join me for a live event starting at 8am Pacific time, 11am EST where …
Read More
This entry was posted in Wordfence on February 06, 2019 by Dan Moen 19 Replies
Over the last several months, we have been focused on making Wordfence a better option for organizations with a large number of WordPress sites to protect. To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you haven’t already. …
Read More
