Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Major Central Release: Alerts, Security Events and Slack Integration

This entry was posted in Wordfence on June 18, 2019 by Dan Moen   4 Replies

In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new …
Read More

Podcast Episode 22: Ninja Forms Developer James Laws on Building & Expanding a WordPress Business

This entry was posted in Podcasts on June 13, 2019 by Kathy Zant   1 Reply

Ninja Forms is used on over 1 million WordPress sites. In this episode, Mark interviews James Laws, the co-founder of WP Ninjas, the developers behind this robust and powerful form builder. James and Mark talk about revenue models that work, how to find new opportunities through market research, experimentation with new products and services as …
Read More

Podcast Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach

This entry was posted in Podcasts on June 11, 2019 by Kathy Zant   5 Replies

This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port …
Read More

Podcast Episode 20: Making Big Changes by Adopting Micro-Habits with Nathan Ingram

This entry was posted in Podcasts on June 07, 2019 by Kathy Zant   1 Reply

At WordCamp Orange County, Nathan Ingram participated in a unique business track discussion about failure, something with which most entrepreneurs are intimately familiar. Immediately after his talk, Nathan sat down with Mark for this interview. The conversation goes deep fast, as both Mark and Nathan share their thoughts about being an entrepreneur and how “the …
Read More

Podcast Episode 19: Service Vulnerabilities in Four Hosting Companies

This entry was posted in Podcasts on June 06, 2019 by Kathy Zant   0 Replies

In episode 19 we talk to Brad Haas about recently patched service vulnerabilities that impacted four popular hosting companies. We also talk about a new login security plugin for WordPress that we’ve launched. In the news we cover a wave of SIM swapping attacks hitting cryptocurrency users, NGINX vulnerabilities and recent data breaches affecting the …
Read More

Introducing the Wordfence Login Security Plugin

This entry was posted in Wordfence, WordPress Security on June 04, 2019 by Mark Maunder   16 Replies

Today we are excited to announce the release of a brand new plugin: Wordfence Login Security. This plugin is a completely standalone plugin and you don’t need to install the full version of Wordfence to take advantage of the specific security features included in it. Wordfence Login Security is designed by our team to secure …
Read More

Service Vulnerability: Four Popular Hosting Companies Fix NFS Permissions and Information Disclosure Problems

This entry was posted in Vulnerabilities, WordPress Security on June 03, 2019 by Brad Haas   7 Replies

Last year, we published two disclosures of service vulnerabilities on hosting platforms. The first one included a trio of brands: Hostway, Momentous, and Paragon Group. The second was for MelbourneIT. In all cases, we were happy to report that the affected companies took our disclosures seriously and moved quickly to fix the problems. Today we’re …
Read More

Podcast Episode 18: Scaling a WordPress Agency with Entrepreneur Verious Smith

This entry was posted in Podcasts on May 31, 2019 by Kathy Zant   2 Replies

At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to an agency, and trust and …
Read More

Podcast Episode 17: 3 Severe WordPress Plugin Vulnerabilities

This entry was posted in Podcasts on May 29, 2019 by Kathy Zant   0 Replies

Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of a SIM port attack, zero-day …
Read More

Critical Vulnerability Patched in Popular Convert Plus Plugin

This entry was posted in Vulnerabilities, WordPress Security on May 29, 2019 by Mikey Veenstra   3 Replies

Description: Unauthenticated Administrator Creation CVSS v3.0 Score: 10.0 (Critical) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Plugin: Convert Plus Plugin Slug: convertplug Affected Versions: <= 3.4.2 Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an estimated 100,000 active installs. This flaw allowed …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates