Wordfence Research and News

Blog icon
Category: Wordfence
Extortion Email Featured Image
Newest

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a vulnerability on the site. The …
Read More

featured image of icicles on black background with the text Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely …
Read More

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is part of a larger project known as Wordfence Intelligence Community Edition, which we are launching …
Read More

Spikes in Attacks Serve as a Reminder to Update Plugins

Spikes in Attacks Serve as a Reminder to Update Plugins

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend in December. Attack attempts have spiked for vulnerabilities in two plugins. The …
Read More

Wordfence 7.8.0 Is Out! Here Is What Is Included

Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to make Wordfence even more robust, and includes a fundamental change in the way our signup works. Since our launch in 2012, the …
Read More

Not Just for the Government: Using the NIST Framework to Secure WordPress

Not Just for the Government: Using the NIST Framework to Secure WordPress

When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a cybersecurity plugin like Wordfence significantly reduces the chances of a successful …
Read More

Wordfence Premium Price Increase Coming in December – The First Since 2016

It has been over 6 years since we last raised our prices. Since then our team has more than doubled in size and we have introduced significant improvements to the core Wordfence product, launched a range of free and paid products, and introduced new services that include 24 hour incident response. Starting December 5th, 2022, …
Read More

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script

While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control (C2) script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automatic C2 script that is developed and distributed …
Read More

Two Weeks of Monitoring ProxyNotShell Threat Activity

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of writing, we have observed 1,658,281 exploit attempts across our network of 4 million protected websites. …
Read More

Threat Advisory: CVE-2022-40684

Threat Advisory: CVE-2022-40684 Fortinet Appliance Auth bypass

This morning, the Wordfence Threat Intelligence team began tracking exploit attempts targeting CVE-2022-40684 on our network of over 4 million protected websites. CVE-2022-40684 is a critical authentication bypass vulnerability in the administrative interface of Fortinet’s FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager, and is being actively exploited in the wild¹,². At the time of …
Read More