Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Category Archive: WordPress Security

Vulnerabilities in Formidable Forms, Duplicator and Yoast SEO Plugins

This entry was posted in Vulnerabilities, WordPress Security on November 16, 2017 by Mark Maunder   16 Replies

Vulnerabilities have been reported in the Formidable Forms, Duplicator and Yoast SEO WordPress plugins. The Premium version of Wordfence protects against all of these vulnerabilities, even if you have not updated your plugins yet. We do recommend that you update immediately, whether or not you are using the Premium version of Wordfence....read more

Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking?

This entry was posted in Ask Wordfence, WordPress Security on November 15, 2017 by Dan Moen   19 Replies

This is the fifth installment in a new series we started last month called Ask Wordfence. You can access previous posts here....read more

Your Site Reputation Makes You a Target

This entry was posted in General Security, WordPress Security on November 10, 2017 by Mark Maunder   12 Replies

I've mentioned Troy Hunt a few times on this blog. He's one of the good guys in our industry and runs a website called haveibeenpwned.com. If you want to scare your friends and family at a get together, send them to haveibeenpwned.com and get them to type in their email address. You'll discover that we've all been hacked at some point in the past decade and your data is already out there. The site will tell you which breaches you have been affected by....read more

Ask Wordfence: How to Limit Security Risks From Plugins

This entry was posted in Ask Wordfence, WordPress Security on November 8, 2017 by Dan Moen   11 Replies

This is the fourth installment in a new series we started last month. You can access previous posts here....read more

The October 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on November 6, 2017 by Dan Moen   3 Replies

This month's WordPress Attack Report is a continuation of a series we have been publishing since December 2016. Reports from the previous months can be found here....read more

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas   11 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected....read more

Ask Wordfence Episode 3: Should You Hide Your WordPress Login Page?

This entry was posted in Ask Wordfence, WordPress Security on October 25, 2017 by Mark Maunder   131 Replies

In today's episode of Ask Wordfence, I answer a common question we receive from customers: Should I hide my WordPress login page?...read more

Zero Day Vulnerability Fixed in Ultimate Form Builder Lite

This entry was posted in Vulnerabilities, WordPress Security on October 23, 2017 by Brad Haas   2 Replies

Last month, we identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. We deployed new and improved firewall rules to block that kind of exploit....read more

New Attacker Scanning for SSH Private Keys on Websites

This entry was posted in General Security, WordPress Security on October 18, 2017 by Mark Maunder   21 Replies

Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem....read more

12.8% of Sites Have Sensitive File Disclosure Vulnerabilities

This entry was posted in Vulnerabilities, WordPress Security on October 12, 2017 by Dan Moen   5 Replies

As you probably know we launched Gravityscan this May. Gravityscan is a security scanner for any website that serves as a great complement to Wordfence. Yesterday we were analyzing aggregate scan result data from Gravityscan, and we noticed data that surprised us: 12.8% of sites we scan have at least one sensitive file visible to anyone on the internet....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.