Wordfence Research and News
Using Wordfence Central Teams
Teams are a Wordfence Central feature that lets multiple users collaborate and manage websites under a single account.
Introducing Wordfence Central Teams
Last year, we introduced Wordfence Central and today thousands of WordPress site owners are using this free tool to manage their WordPress sites. Whether you’re using Wordfence Premium or still on the free plugin, Wordfence Central makes it possible for you to manage your sites’ security settings, tune your security alerts, and quickly assess security …
Read More
Vulnerability in wpCentral Plugin Leads to Privilege Escalation
Description: Improper Access Control to Privilege Escalation Affected Plugin: wpCentral Affected Versions: <= 1.5.0 CVE ID: CVE-2020-9043 CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.5.1 On February 13th, our Threat Intelligence team discovered a vulnerability in wpCentral, a WordPress plugin installed on over 60,000 sites. The flaw allowed anybody to escalate their privileges …
Read More
Major Central Release: Alerts, Security Events and Slack Integration
In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new …
Read More
Connecting your sites to Wordfence Central
Learn how to connect multiple sites to Wordfence Central.
Ukraine Universities Hacked As Russian Invasion Started
Note: This article has been updated to reflect that the hosting provider “Njalla”, which routed the malicious traffic involved in this attack, is based in Sweden, not in Finland, although IP geolocation data indicates that the specific server that the traffic transited may be based in Finland. We have also updated the post title to …
Read More
Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin
On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query. This could be used to …
Read More
Wordfence Response
Wordfence Response is for mission-critical WordPress websites that require 24/7/365 security monitoring with a 1-hour response time and 24-hour remediation.
Wordfence Free
Wordfence Free is an all-in-one security solution for WordPress websites that includes an endpoint firewall, security scanner, login security, alerts, centralized management, and more.
Plugin / Theme Conflicts
This is a list of plugins and themes that are currently known to us that can or do conflict with the Wordfence plugin.
Breaking WordPress Security Research in your inbox as it happens.
