Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Using PHP 5 Becomes Dangerous in 2 Months

This entry was posted in General Security, WordPress Security on October 30, 2018 by Mark Maunder   0 Replies

WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, …
Read More

Video: WordCamp Atlanta Security Panel with Wordfence

This entry was posted in Wordfence, WordPress Security on October 18, 2018 by Dan Moen   6 Replies

In April, Wordfence sponsored WordCamp Atlanta and several of our team members attended the event. While there, we held a capture the flag (CTF) contest, which helps WordPress site owners learn to think like a hacker so that they can better defend their websites. Part of hacker culture is the art of lock picking, which …
Read More

Introducing Wordfence Agency Solutions

This entry was posted in Wordfence, WordPress Security on October 16, 2018 by Kathy Zant   0 Replies

Throughout 2018, we have had many conversations with agencies and other organizations protecting a large number of WordPress sites with Wordfence. You’ve told us what you need to be more successful, and we’ve responded with many changes to both our licensing and our capabilities. To start, we added the ability to secure your staging and …
Read More

Breaking Out of Shells at DerbyCon

This entry was posted in Miscellaneous on October 12, 2018 by Nate Smith   0 Replies

I downloaded my first copy of BackTrack when I was 13. I had no idea what I was doing, or how to use it, but I knew that I was hooked. I’ve been fascinated with technology since I was a kid, so the idea that I could interact with that technology in new and unexpected …
Read More

Three WordPress Security Mistakes You Didn’t Realize You Made

This entry was posted in General Security, WordPress Security on October 02, 2018 by Mikey Veenstra   20 Replies

Considering the amount of malicious activity that takes place on the internet, it’s no surprise that successful attacks on WordPress sites are launched across a wide variety of vectors. Whether outdated plugin code is to blame, or password reuse, or any number of other security flaws, no site owner sets out to introduce a vulnerability …
Read More

Meet the Defiant Team

This entry was posted in Wordfence on September 25, 2018 by Dan Moen   13 Replies

In August, most of our team attended DefCon, a hacker conference in Las Vegas attended by tens of thousands of security professionals. All of us work remotely, so it is always really special to spend time together as a team. While we were there we completed a fun project. We created a video with footage …
Read More

Yes, You Should Probably Have A TLS Certificate

This entry was posted in General Security, WordPress Security on September 18, 2018 by Mikey Veenstra   13 Replies

Last week’s article covering the decision to distrust Symantec-issued TLS certificates generated a great response from our readers. One common question we received, and one that pops up just about any time SSL/TLS comes up, is how to determine when a site does and does not need such a certificate. Spoiler: Your site should probably …
Read More

Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In October

This entry was posted in General Security on September 13, 2018 by James   7 Replies

This is a final reminder that legacy TLS certificates issued by Symantec, including those issued by authorities like Thawte, Geotrust, and RapidSSL which used Symantec as a central authority, will be distrusted by both Google Chrome and Mozilla Firefox beginning in October. Apple products have partially distrusted these certificates and plan to also distrust the full …
Read More

PSA: Multiple Vulnerabilities Present In Firefox 61

This entry was posted in General Security, Vulnerabilities on September 06, 2018 by Mikey Veenstra   2 Replies

In an advisory published yesterday, Mozilla disclosed the presence of nine security flaws in Firefox 61 which have been patched in the latest release of the browser. Some of the bugs are severe, but at this time do not appear to be receiving attacks in the wild. To protect yourself as a Firefox user, ensure …
Read More

Duplicator Update Patches Remote Code Execution Flaw

This entry was posted in Vulnerabilities, WordPress Security on September 05, 2018 by Mikey Veenstra   3 Replies

A critical remote code execution (RCE) vulnerability has been patched in the latest release of Duplicator, a WordPress backup and migration plugin with millions of downloads. In their public disclosure of this flaw, Synacktiv detailed its scope and severity, and provided a viable proof of concept exploit for the security community. In this post we’ll …
Read More


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates