Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

WordPress Security Update 4.8.2 – Update Immediately

This entry was posted in WordPress Security on September 19, 2017 by Mark Maunder   9 Replies

WordPress Core version 4.8.2 has just been released. This is a minor update and a security release which means that your sites will update automatically within the next 24 hours unless you have disabled auto updates....read more

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

This entry was posted in Wordfence, WordPress Security on September 19, 2017 by Dan Moen   12 Replies

WordPress sites are under constant attack by criminals around the world. It is unnerving to see them at work, looking for security vulnerabilities to exploit and trying thousands of passwords. And when they are successful, they inflict pain in the form of lost revenue, damaged reputation and clean-up expenses. It's no wonder that Wordfence users love our blocking features. There's nothing more satisfying than taking direct action against an evil adversary....read more

The August 2017 WordPress Attack Report

This entry was posted in Monthly Attack Activity Report, WordPress Security on September 15, 2017 by Dan Moen   6 Replies

This is the ninth edition of the WordPress Attack ReportĀ series we've been publishing since December 2016. You can find reports from the previous months here:...read more

The Man Behind Plugin Spam: Mason Soiza

This entry was posted in General Security, WordPress Security on September 13, 2017 by Mark Maunder   161 Replies

This post is part of a series. This is the second post and a follow-up to our first story titled "Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites". There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period....read more

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites

This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder   71 Replies

Note: This post is the first part of a series. The series has a secondĀ detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam. Then there is a third in the series which explains how the same spammer influenced a total of 9 plugins over 4.5 years....read more

Just How Good Is Wordfence Customer Service?

This entry was posted in Wordfence on September 7, 2017 by Mark Maunder   13 Replies

When my co-founder, Kerry and I started scaling Wordfence as a business, our first hire was in customer service. We had both been taking shifts answering customer service tickets and forum posts along with doing engineering, QA, finance and everything else. We knew customer service was labor-intensive, but we also knew that the kind of business we wanted to create in Wordfence would need to have great customer service....read more

Cyber Insurance: Should You Get It?

This entry was posted in General Security on September 5, 2017 by Mark Maunder   3 Replies

You have probably noticed the gradual increase in the number of ads over the past two years selling "cyber insurance," or insurance that covers a hack. The market for this kind of insurance has been growing....read more

XSS Vulnerability in WooCommerce Product Vendors Plugin

This entry was posted in Vulnerabilities, WordPress Security on August 31, 2017 by Mark Maunder   3 Replies

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce known as the 'Product Vendors' plugin. This plugin is used by 28% of all online WooCommerce stores. Update: As a commenter pointed out, WooCommerce is used by 28% of all online stores, not the affected extension....read more

Wordfence Launches Short-Circuit Scan Signatures – Up to 6X Performance Increase

This entry was posted in Wordfence on August 30, 2017 by Mark Maunder   11 Replies

In October 2016, the Wordfence team started chatting about a way to radically boost the speed of scans once we grow beyond a certain number of scan signatures. As a reminder, a scan signature is a pattern that recognizes a certain kind of malware....read more

The Benefits of Wordfence Premium

This entry was posted in Wordfence, WordPress Security on August 29, 2017 by Mark Maunder   11 Replies

On April 21 this year, Wordfence celebrated our fifth year making the world's best firewall and malware scan for WordPress. The date came and went as we continued to focus on innovating and securing our customers. Today Wordfence has been downloaded over 45 million times and maintains a 4.8 star rating out of 5 stars, from over 3000 reviews on the official WordPress plugin repository....read more

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.