Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Introducing High Demand Pricing for Security Services

This entry was posted in Wordfence on April 5, 2018 by Dan Moen   15 Replies

In Summer 2016,  we began offering a site cleaning service for people with hacked websites. In Spring 2017, we added a second service: site security audits. The popularity of both services has grown tremendously since then. We now service hundreds of sites every month....read more

Is WordPress Secure?

This entry was posted in General Security, WordPress Security on April 3, 2018 by Mark Maunder   31 Replies

I recently got a call from a friend I haven't seen for a while asking me if I'd like to grab a coffee. He had a few questions about whether WordPress is secure. I'm always looking for an excuse to visit the hip Georgetown neighborhood just south of Seattle, so I jumped at the chance. Plus Chris is an all-round awesome guy who works for a well-known social media startup, so I wanted an update!...read more

Service Vulnerability: MelbourneIT Fixes NFS Permissions Problem

This entry was posted in Research, Vulnerabilities on March 30, 2018 by Brad Haas   0 Replies

In February, we wrote about a vulnerability on three shared hosting services.  Following our Vulnerability Disclosure Policy, we had alerted them about vulnerable permissions on shared drives on their servers. They fixed the problem, making things safer both for their customers and for their customers' site visitors....read more

PSA: Highly Critical Drupal Core Vulnerability Impacts Over 1 Million Sites

This entry was posted in General Security on March 29, 2018 by Dan Moen   6 Replies

Yesterday the Drupal security team announced a highly critical unauthenticated remote code execution vulnerability in Drupal core. The vulnerability allows an attacker to leverage multiple attack vectors and take complete control of a website. The Drupal team estimates that, at the time of the announcement, over one million sites are affected - about 9% of Drupal sites. They also reported that, to their knowledge, it was not being actively exploited....read more

PSA: Lessons From The Atlanta Ransomware Situation

This entry was posted in Learning, Wordfence, WordPress Security on March 27, 2018 by Mark Maunder   11 Replies

In the past few days the City of Atlanta has been hit with a ransomware attack. Several major computer systems that provide city services have been encrypted by an attacker. The attacker is demanding $51,000 worth of bitcoin to decrypt the systems, and the city has not yet ruled out paying the ransom. The attack occurred five days ago, and as of this writing, the systems remain inaccessible....read more

Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked?

This entry was posted in Ask Wordfence, WordPress Security on March 14, 2018 by Dan Moen   9 Replies

This question came in from Keith, a Premium Wordfence customer. We've dealt with this question a few times in different ways on the blog, but pulling it all together sounds like a great post. Let’s dive in!...read more

PSA: Replace Your SSL/TLS Certs by Symantec, Thawte, VeriSign, Equifax, GeoTrust and RapidSSL

This entry was posted in General Security, WordPress Security on March 12, 2018 by Mark Maunder   28 Replies

This is a public service announcement and a reminder to site owners. Google's Chrome browser has already started the process of ending support for Symantec SSL/TLS certificates. This includes companies owned by Symantec including Thawte, Verisign, Equifax, GeoTrust and RapidSSL....read more

New Guides From Wordfence To Help Clean a Hacked Website

This entry was posted in General Security, WordPress Security on March 8, 2018 by Mark Maunder   7 Replies

At Wordfence, one of our goals is to empower you as much as possible to be self-sufficient, at no additional cost. To do that, we provide Wordfence as a free security plugin. Over the years we have also developed a comprehensive WordPress Security Learning Center that provides readers with a complete understanding of WordPress Security and how to run a secure website. We have also published a number of articles explaining how to recover from a hack, should that worst-case scenario ever arise....read more

New Feature Protects Against Password Leak Attacks

This entry was posted in Wordfence, WordPress Security on March 1, 2018 by Brad Haas   9 Replies

To better protect our users' websites, we work with a lot of data from sources like our Security Services Team and the Wordfence network. We try to understand not just what attackers are doing, but also how and why. Our research into a recent campaign revealed an interesting method of attack, and contributed to the development of a new feature....read more

Wordfence 7 Update

This entry was posted in Wordfence on February 16, 2018 by Dan Moen   29 Replies

It has now been a few weeks since we launched Wordfence 7. Overall we are confident that the change was a good one. The product is now cleaner, more modern and is much easier for a new user to navigate....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.