Imagine that one day you discover that a burglar has broken into your home and attempted to make off with your big-screen TV. Fearing for your safety, you immediately contact local law enforcement, and they promptly apprehend the criminal. But to your horror, as they drag the burglar away in handcuffs, they have an additional shocking revelation: the burglar has not only been living in the basement of your home for months, entirely undetected by you, but he's also converted your basement into an elaborate base for all of his criminal operations. ...read more
This entry was posted in Wordfence, WordPress Security on June 20, 2017 by Dan Moen 22 Replies
On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory. In this post, we explain how each of these new alerts work and why they're so important to the security of your website....read more
This entry was posted in Research, WordPress Security on June 15, 2017 by Dan Moen 18 Replies
Yesterday at 7pm UTC (noon PDT) we saw the volume of brute force attacks on the WordPress sites that we protect more than double from the average for the previous 24 hours. The number of attacking IPs more than tripled....read more
This entry was posted in WordPress Security on June 8, 2017 by Dan Moen 10 Replies
On this blog, we often talk about employing a "defense in depth" approach to WordPress security. The majority of our focus is on the prevention and detection features offered by the Wordfence plugin. Today we turn our attention to WordPress backups, an incredibly important remediation topic....read more
Today's post is a continuation of the WordPress Attack Report series we've been publishing since December 2016. Previous versions can be found here: April 2017, March 2017, February 2017, January 2017 and December 2016....read more
This entry was posted in WordPress Security on May 31, 2017 by Andie La-Rosa 45 Replies
Because of its incredible popularity as a platform, WordPress enjoys a sizable, generous community of users that spend their time sharing information, resources, tips and insights with other WordPress users online. Understandably, online security is at the forefront of concerns for many site owners, and a lot of the online conversation about WordPress centers around the best ways to keep your site safe from hackers and security breaches. Despite the best of intentions from most users, there are a few myths surrounding WordPress security that persist and spread like wildfire, even if the recommendations they make don't do anything to keep your site safe....read more
This morning I am very excited to announce that Wordfence is officially launching a WordPress Security Audit service. Many of our customers have asked us for a service like this and it has finally arrived....read more
This entry was posted in WordPress Security on May 17, 2017 by Mark Maunder 10 Replies
A few hours ago WordPress abruptly released 4.7.5 which is a security release. It fixes six vulnerabilities which are detailed on the wordpress.org blog....read more
As an interesting research project, Pan Vagenas, one of our researchers, took a closer look at abandoned plugins in the WordPress repository. His work was inspired by a recent post by Isabel Castillo where she lists the oldest abandoned plugins in the WordPress plugin repository....read more
Today we are releasing the WordPress Attack Report for April, 2017. You can also find these previous attack reports on our blog:...read more
