In the realm of WordPress security, there’s a powerful tag team working tirelessly behind the scenes to safeguard your website’s login process. Meet salts and security keys, the cryptographic wonders responsible for protecting the sensitive information housed within the cookies Continue reading What Are WordPress Salts & Security Keys?
Recently Automattic’s WPScan claimed that there had been what is normally a fairly serious type of vulnerability in a WordPress plugin. That being, as they put it, an “unauthenticated stored XSS” vulnerability or, as we would put it, a persistent Continue reading Automattic’s WPScan, Wordfence, and Patchstack Don’t Appear to Have a Basic Grasp of What Vulnerabilities Are
A 403 error can be a frustrating interruption to anyone’s day; it can lead to exasperated website visitors, even leading to lost traffic and website revenue depending on the affected page. When you (or your site visitors) encounter an unexpected Continue reading What is a 403 Error & How to Fix It
Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated Continue reading Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities
So often, what passes for security journalism misses the important details in claims made by security providers that are the sole source for stories. Take, for instance, a recent story that popped up a Google News alert we have to Continue reading Akamai Warns Their Web Application Firewall (WAF) Doesn’t Protect WordPress and WooCommerce Websites
Imagine this scenario: You’re sipping a delightful cup of tea (I’m English) while catching up on the latest news when suddenly – wham! You find yourself blocked by a website, encounter a captcha verification — or perhaps your comment on Continue reading Why Your IP Address is Blocked & How to Fix It
On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the Continue reading Credential-Stealing Server Side Request Forgery Patched in Getwid
In the next couple of days, the team will be making its way to Athens, Greece, where we will be attending WordCamp Europe 2023. As one of the event’s sponsors, we will have a booth set up – and we Continue reading Melapress goes to Athens
In March, the details of a vulnerability that had been fixed in a WordPress plugin that extends the functionality of the plugin WooCommerce were disclosed. The exploitabilty of it should have been limited as it required having access to a Continue reading WooCommerce Security Issue Plays Critical Role in Exploiting Serious Vulnerabilities in Other Plugins
WordPress, like other open-source content management systems, allows you to enhance your website’s appearance and functionality through custom code and third-party components like plugins and themes. It’s these extensions that allow you to publish content with added functionality for your Continue reading How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI
Last week, there were 90 vulnerabilities disclosed in 77 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29 Vulnerability Researchers that contributed to WordPress Security last week. Review those Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Emails are everywhere. They have become one of the most common methods of communication among people over the Internet. WordPress administrators and website owners use emails for various purposes, such as personal and professional communication, marketing, recruitment, and more. Emails Continue reading Why should I worry about securing my WordPress emails?
On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible Continue reading WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup May 2023
Welcome to another installment in helping website owners secure their digital assets, this time with a focus on the world of ecommerce. If you’re an ecommerce website owner, you’re likely aware that online stores face a unique set of challenges Continue reading How to Secure Your Online Store: A Ecommerce Security Primer
Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version Continue reading Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
Following the success of last year’s survey, we are happy to announce that this year’s WordPress Security Survey is now live. The survey aims to gain a clearer picture of the state of WordPress security in 2023 as well as Continue reading Announcing WordPress Security Survey 2023