This entry was posted in WordPress Security on July 31, 2018 by Dan Moen 0 Replies
In early June we published an article and accompanying white paper detailing an interesting malware infection which we've internally dubbed BabaYaga. The relatively sophisticated malware is unique because it contains a number of features intended to ensure the infected site remains in working order. It keeps WordPress core up to date, performs and stores backups and even scans for and removes malware....read more
As you're probably aware, Wordfence's Security Services Team (SST) provides world-class remediation services in the event that your site falls victim to malicious activity. Our analysts combine their considerable expertise with the best threat intelligence in the industry to deliver results we're consistently proud to stand behind. To be clear, the word "consistently" is used deliberately here, as the continued reliability of our services is crucial in maintaining the trust placed in us by our users....read more
Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges. Some details can be found on the WordPress.org blog....read more
This entry was posted in Wordfence, WordPress Security on July 5, 2018 by Kathy Zant 15 Replies
As a part of the Wordfence Client Partner initiative, we’ve recently had some in depth conversations with organizations using Wordfence at scale. These conversations have been enlightening, and we wanted to share some of the stories we’ve heard about how different organizations use Wordfence....read more
The security community has been abuzz this week following the disclosure of a vulnerability present in all current versions of WordPress. The flaw, published in a detailed report by RIPS Technologies, allows any logged-in user with an Author role or higher to delete files on the server....read more
Last spring, after discussing the tools and tech used by our team, we published a list of 51 Tools for Security Analysts. The article was well-received, and the comments offered some great suggestions to top it all off....read more
Recently, Defiant's analysts have been tracking a particularly sophisticated malware infection responsible for generating spam links and redirection, while still remaining relatively difficult for victims to detect....read more
This entry was posted in Research, WordPress Security on May 22, 2018 by Brad Haas 25 Replies
Update on May 23 at 11:50AM: A representative from WordPress.com reached out to us with the following statement:...read more
This entry was posted in Wordfence, WordPress Security on May 21, 2018 by Dan Moen 8 Replies
When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally important role, alerting you to myriad of security findings that help you keep your site secure and respond quickly if you get hacked....read more
This entry was posted in Wordfence, WordPress Security on May 15, 2018 by Mark Maunder 3 Replies
Last month we introduced 'high demand' pricing for our site cleaning service. We did this because demand for site cleanings is seasonal and it became a challenge for us to deal with the surges in business we would see while maintaining a high level of customer service....read more
