Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could potentially require the connection details to be hard coded or manually Continue reading Configuration Probing: Your Backups Might Be Your Greatest Weakness
Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to make Wordfence even more robust, and includes Continue reading Wordfence 7.8.0 Is Out! Here Is What Is Included
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something Continue reading Not Just for the Government: Using the NIST Framework to Secure WordPress
A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at https://democrats.org with DDOS (Distributed Denial of Service) attacks this morning, November 8th, 2022, which is Election Day in the Continue reading Russian Hacktivist Group Targets Political Websites with DDOS Attacks
On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks. Vulnerable versions of Continue reading Missing Authorization Vulnerability in Blog2Social Plugin
It has been over 6 years since we last raised our prices. Since then our team has more than doubled in size and we have introduced significant improvements to the core Wordfence product, launched a range of free and paid Continue reading Wordfence Premium Price Increase Coming in December – The First Since 2016
While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control (C2) script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. Continue reading What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script
Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Continue reading Wordfence Intelligence Launches New Malware Hash Feed!
On October 17, 2022, the Wordfence Threat Intelligence team began monitoring for activity targeting CVE-2022-42889, or “Text4Shell” on our network of 4 million websites. We started seeing activity targeting this vulnerability on October 18, 2022. Text4Shell is a vulnerability in Continue reading Threat Advisory: Monitoring CVE-2022-42889 “Text4Shell” Exploit Attempts
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of Continue reading Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity
The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. As with every WordPress core Continue reading Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes
This morning, the Wordfence Threat Intelligence team began tracking exploit attempts targeting CVE-2022-40684 on our network of over 4 million protected websites. CVE-2022-40684 is a critical authentication bypass vulnerability in the administrative interface of Fortinet’s FortiGate firewalls, FortiProxy web proxies, Continue reading Threat Advisory: CVE-2022-40684 Fortinet Appliance Auth bypass
October is National Cyber Security Awareness Month in the U.S., and this year’s theme is “See Yourself in Cyber.” What is really being said by this theme is that we all have a role to play in cyber security, whether Continue reading National Cyber Security Awareness Month: You Could Be the Biggest Threat to Your WordPress Site
Wordfence 7.7.0 has just been released and as usual, it includes several awesome enhancements and updates for our security conscious WordPress publishers and e-commerce websites. This post goes into a little more detail on each change we’ve included. We don’t Continue reading Wordfence 7.7.0 Is Out! Here Are The Changes
Vulnerabilities are a fact of life for anyone managing a website, even when using a well-established content management system like WordPress. Not all vulnerabilities are equal, with some allowing access to sensitive data that would normally be hidden from public Continue reading Cross-Site Scripting: The Real WordPress Supervillain
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium, Wordfence Continue reading PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for Continue reading PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. These patches have Continue reading WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the conflict in Ukraine, the types of attacks have been varied. Continue reading Analyzing Attack Data and Trends Targeting Ukrainian Domains
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell you more about what we’re launching Continue reading Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders