Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: Wordfence

Ransomware Targeting WordPress – An Emerging Threat

This entry was posted in Wordfence, WordPress Security on August 15, 2017 by Mark Maunder   46 Replies

Recently, the Wordfence team has seen ransomware being used in attacks targeting WordPress. We are currently tracking a ransomware variant we are calling "EV ransomware." The following post describes what this ransomware does and how to protect yourself from being hit by this attack....read more

TrafficTrade Infection Spreading – How to Protect Yourself and Detect TrafficTrade

This entry was posted in Vulnerabilities, Wordfence, WordPress Security on August 8, 2017 by Mark Maunder   37 Replies

We have seen a significant increase in the number of websites affected by malware we refer to as 'TrafficTrade'. This malware is a piece of javascript that an attacker drops into your website content once they have compromised it. Your visitors are then redirected to websites that install malicious browser plugins or serve up spam advertising....read more

Why Choose An Endpoint Firewall Like Wordfence

This entry was posted in Wordfence, WordPress Security on August 3, 2017 by Mark Maunder   15 Replies

When choosing a firewall for your WordPress website to protect it against attacks, you have a handful of choices. Wordfence is one of the only effective "endpoint" firewalls available. The alternative is a "cloud" firewall from vendors like Sucuri (now owned by GoDaddy) and Cloudflare....read more

Wordfence Scan Gets Faster and Smarter

This entry was posted in Wordfence on July 19, 2017 by Mark Maunder   0 Replies

Wordfence is highly effective at securing your website in part because it is tightly integrated with the WordPress API. We know your visitor identity information, so we can make smart decisions about who gets access and who gets blocked. It's very different from the way generic firewalls work....read more

Vulnerability Roundup: 3 Vulnerable WP Plugins and Update Your Joomla

This entry was posted in Wordfence, WordPress Security on July 6, 2017 by Mark Maunder   12 Replies

It's been a tough week for the WP Statistics plugin. Last Friday, Sucuri (now owned by GoDaddy) discovered a SQL injection vulnerability in the WP Statistics plugin version 12.0.7 and older. To exploit the vulnerability, an attacker needs to register an account (or use a compromised account) with subscriber-level access. They can then exploit a weakness in a WP Statistics shortcode to launch a SQL injection attack. This allows them to, for example, create an admin-level user and sign in to your website as an admin....read more

The 2017 WordPress Security Half-Time Report

This entry was posted in Wordfence on June 27, 2017 by Mark Maunder   5 Replies

2017 has been a remarkable year so far for Wordfence and our customers. We are about halfway through the year at this point, so I'd like to give you an update on some of the incredible innovation and progress at Wordfence in 2017....read more

New in Wordfence 6.3.11: Abandoned and Removed Plugin Alerts

This entry was posted in Wordfence, WordPress Security on June 20, 2017 by Dan Moen   22 Replies

On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory. In this post, we explain how each of these new alerts work and why they're so important to the security of your website....read more

Wordfence Launches WordPress Security Audit Service

This entry was posted in General Security, Wordfence, WordPress Security on May 23, 2017 by Mark Maunder   42 Replies

This morning I am very excited to announce that Wordfence is officially launching a WordPress Security Audit service. Many of our customers have asked us for a service like this and it has finally arrived....read more

22 Abandoned WordPress Plugins with Vulnerabilities

This entry was posted in Wordfence, WordPress Security on May 10, 2017 by Mark Maunder   41 Replies

As an interesting research project, Pan Vagenas, one of our researchers, took a closer look at abandoned plugins in the WordPress repository. His work was inspired by a recent post by Isabel Castillo where she lists the oldest abandoned plugins in the WordPress plugin repository....read more

The April 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, Wordfence, WordPress Security on May 4, 2017 by Mark Maunder   17 Replies

Today we are releasing the WordPress Attack Report for April, 2017. You can also find these previous attack reports on our blog:...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.