Wordfence Research and News

Newest

COVID-19 and WordPress Community Engagement in 2020

This is an update regarding Wordfence’s community engagement in 2020 along with a recommendation for WordCamps globally and for the global WordPress community. As always, I’m taking a data-driven approach to this post. I present an update from the WHO regarding the containment of COVID-19 in China and what has worked. I then discuss what …
Read More

Botnet of Infected WordPress Sites Attacking WordPress Sites

The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites.

Details of an Additional File Deletion Vulnerability – Patched in WordPress 4.9.7

Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges.

WordPress Update Breaks Future Auto-Updates. Manually Update Now!

[Update at 10:50am PST: Based on the comments we’ve received below, it sounds like this problem only affects certain sites.

Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC

A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time.

The WPSetup Attack: New Campaign Targets Fresh WordPress Installs

At Wordfence, we track millions of attacks from a wide variety of sources every day.

WordPress 4.7.5 Security Release – Immediate Update Recommended

A few hours ago WordPress abruptly released 4.7.5 which is a security release.

The March 2017 WordPress Attack Report

Today we are releasing the WordPress Attack Report for March, 2017.

Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

On approximately January 31st, version 56 of the Chrome web browser will be released.

Critical Vulnerability in PHPMailer. Affects WP Core.

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski.