Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: WordPress Security

BabaYaga: The WordPress Malware That Eats Other Malware

This entry was posted in Research, WordPress Security on June 6, 2018 by Mikey Veenstra   15 Replies

Recently, Defiant's analysts have been tracking a particularly sophisticated malware infection responsible for generating spam links and redirection, while still remaining relatively difficult for victims to detect....read more

Hijacked WordPress.com Accounts Being Used To Infect Sites

This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas   25 Replies

Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement:...read more

How the Wordfence Scanner Protects Your Site

This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen   8 Replies

When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally important role, alerting you to myriad of security findings that help you keep your site secure and respond quickly if you get hacked....read more

Introducing Discounted Hacked Site Cleanings

This entry was posted in Wordfence, WordPress Security on May 15, 2018 by Mark Maunder   3 Replies

Last month we introduced 'high demand' pricing for our site cleaning service. We did this because demand for site cleanings is seasonal and it became a challenge for us to deal with the surges in business we would see while maintaining a high level of customer service....read more

WordPress: Tracking Emerging Cryptomining Threats

This entry was posted in Research, Wordfence, WordPress Security on May 8, 2018 by Mark Maunder   16 Replies

This is a post written by James Yokobosky who works on the Defiant Threat Intelligence team. In his daily job he analyzes new WordPress threats as they emerge and adds detection capability to the Wordfence malware scanner. In addition to making sure we detect new malware, James also researches the pieces of malware we find to learn more about how they work, what they do and who is behind each campaign....read more

Solved: Jetpack Generating Mysterious Admin Email Change Messages

This entry was posted in WordPress Security on May 2, 2018 by Mark Maunder   11 Replies

We've received quite a few questions about this in the past 24 hours, either via forums, email or twitter. Roughly 14 hours ago we started seeing reports that WordPress site owners running Jetpack were receiving emails that stated the following:...read more

Getting the Most From Wordfence Premium

This entry was posted in Wordfence, WordPress Security on April 18, 2018 by Kathy Zant   7 Replies

If your WordPress site matters, upgrading to Wordfence Premium gives you the best protection available. And at $99 per year, it is incredibly affordable. Once you've made this great investment, there are a few things you can do to optimize your site's security....read more

Is WordPress Secure?

This entry was posted in General Security, WordPress Security on April 3, 2018 by Mark Maunder   31 Replies

I recently got a call from a friend I haven't seen for a while asking me if I'd like to grab a coffee. He had a few questions about whether WordPress is secure. I'm always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. Plus Chris is an all-round awesome guy who works for a well-known social media startup, so I wanted an update!...read more

PSA: Lessons From The Atlanta Ransomware Situation

This entry was posted in Learning, Wordfence, WordPress Security on March 27, 2018 by Mark Maunder   11 Replies

In the past few days the City of Atlanta has been hit with a ransomware attack. Several major computer systems that provide city services have been encrypted by an attacker. The attacker is demanding $51,000 worth of bitcoin to decrypt the systems, and the city has not yet ruled out paying the ransom. The attack occurred five days ago, and as of this writing, the systems remain inaccessible....read more

Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked?

This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen   9 Replies

This question came in from Keith, a Premium Wordfence customer. We've dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in!...read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.