Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Using Wordfence Central Teams

This entry was posted in on October 27, 2020 by Ram Gall   0 Replies

Teams are a Wordfence Central feature that lets multiple users collaborate and manage websites under a single account.

Introducing Wordfence Central Teams

This entry was posted in Wordfence on October 27, 2020 by Matt Barry   5 Replies

Last year, we introduced Wordfence Central and today thousands of WordPress site owners are using this free tool to manage their WordPress sites. Whether you’re using Wordfence Premium or still on the free plugin, Wordfence Central makes it possible for you to manage your sites’ security settings, tune your security alerts, and quickly assess security …
Read More

Vulnerability in wpCentral Plugin Leads to Privilege Escalation

This entry was posted in Vulnerabilities, WordPress Security on February 17, 2020 by Chloe Chamberland   5 Replies

Description: Improper Access Control to Privilege Escalation Affected Plugin: wpCentral Affected Versions: <= 1.5.0 CVE ID: CVE-2020-9043 CVSS Score: 8.8 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Patched Version: 1.5.1 On February 13th, our Threat Intelligence team discovered a vulnerability in wpCentral, a WordPress plugin installed on over 60,000 sites. The flaw allowed anybody to escalate their privileges …
Read More

Major Central Release: Alerts, Security Events and Slack Integration

This entry was posted in Wordfence on June 18, 2019 by Dan Moen   4 Replies

In February we launched Wordfence Central, an efficient way to manage the security of many WordPress sites in one place. If you have multiple sites and haven’t checked it out yet, you should. It includes a powerful dashboard, a single interface to view and manage security findings across all of your sites and robust new …
Read More

Connecting your sites to Wordfence Central

This entry was posted in on February 05, 2019 by wfphil   0 Replies

Learn how to connect multiple sites to Wordfence Central.

Wordfence Free

This entry was posted in on November 11, 2021 by Ram Gall   0 Replies

Wordfence Free is an all-in-one security solution for WordPress websites that includes an endpoint firewall, security scanner, login security, alerts, centralized management, and more.

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

This entry was posted in Podcasts on October 17, 2020 by Kathy Zant   0 Replies

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. With WordPress …
Read More

Episode 83: 100,000 Sites Impacted by Vulnerabilities in Advanced Access Manager

This entry was posted in Podcasts on August 21, 2020 by Scott Miller   0 Replies

The Wordfence Threat Intelligence team discovered vulnerabilities in the Advanced Access Manager plugin installed on over 100,000 WordPress sites. A high severity authorization bypass could lead to privilege escalation and site takeover. Critical vulnerabilities found in the Quiz and Survey Master plugin could also lead to site takeover on the 30,000 WP sites using the …
Read More

10 WordPress Security Mistakes You Might Be Making

This entry was posted in General Security, Wordfence, WordPress Security on August 19, 2020 by Chloe Chamberland   15 Replies

Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making. This companion blog post reviews the recommendations we provided to avoid these mistakes and better secure your WordPress environment. You can watch the video of Wordfence Live below. Timestamps You can click on these timestamps to jump around …
Read More

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record

This entry was posted in Podcasts on June 22, 2020 by Kathy Zant   0 Replies

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates