Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

WordPress 5.8.3 Security Release

This entry was posted in Vulnerabilities, WordPress Security on January 08, 2022 by Ram Gall   5 Replies

On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every version of WordPress since 3.7. WordPress has supported automatic core updates for security releases since WordPress 3.7, and the vast majority of WordPress sites will have received these patches …
Read More

2021 Mid-Year WordPress Security Report: A Collaboration Between Wordfence and WPScan

This entry was posted in Research, WordPress Security on August 11, 2021 by Chloe Chamberland   0 Replies

Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security. Using attack data from Wordfence’s internal threat intelligence platform, and vulnerability data from WPScan’s vulnerability database, we were able to analyze the current trend of attacks on WordPress and assess the current state of WordPress security. In the …
Read More

Service Vulnerabilities: Shared Hosting Symlink Security Issue Still Widely Exploited on Unpatched Servers

This entry was posted in Research, Vulnerabilities, WordPress Security on June 17, 2021 by Charles Strader Sweethill   6 Replies

The Wordfence site cleaning team helps numerous customers recover from malware infections and site intrusions. While doing so, Wordfence Security Analysts perform a detailed forensic investigation in order to determine how the site was compromised by attackers. In a set of recent cases, we were able to identify a service vulnerability allowing malicious attackers to …
Read More

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings

This entry was posted in Podcasts on June 04, 2021 by Kathy Zant   0 Replies

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-​a-service operation. A critical zero-day vulnerability was discovered by the …
Read More

WordPress 5.7.2 Security Release: What You Need to Know

This entry was posted in Vulnerabilities, WordPress Security on May 13, 2021 by Ram Gall   10 Replies

On May 13, 2021 01:00 UTC, WordPress core released a security patch for a Critical Object Injection vulnerability in PHPMailer, the component that WordPress uses to send emails by default. If your site is set to allow auto updating of minor point releases, your site has probably already updated to WordPress 5.7.2. While we do …
Read More

Multiple security flaws put 3.5 million WordPress websites at risk

This entry was posted in on April 14, 2021 by Kathy Zant   0 Replies

Tutor LMS for WordPress Open to Info-Stealing Security Holes

This entry was posted in on March 22, 2021 by Kathy Zant   0 Replies

Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others

This entry was posted in Podcasts on March 12, 2021 by Ram Gall   0 Replies

A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites, including some prominent WordPress services like Imagify and WP Rocket. WordPress 5.7 was released this …
Read More

Serious WordPress plugin security flaw puts thousands of sites at risk of attack

This entry was posted in on February 15, 2021 by Kathy Zant   0 Replies

Episode 103: Wordfence Innovates with Machine Learning and Security for Schools

This entry was posted in Podcasts on February 05, 2021 by Kathy Zant   0 Replies

Wordfence opens the K-12 site audit and site cleaning service for publicly funded state schools worldwide. Machine learning is now a big part of our malware identification process, which will speed new malware signatures to deployment for WordPress sites protected by Wordfence. A bug in Sudo can let attackers with access to a local system …
Read More

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates