Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our Continue reading The Wordfence 2023 State of WordPress Security Report
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register Continue reading Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described Continue reading Vulnerability Researchers: Check out The Critical Thinking Podcast
In the first post in this series, we covered common PHP encoding techniques and how they’re used by malware to hide from security analysts and scanners. In today’s post, we’re going to dive a little bit deeper into other obfuscation Continue reading Know Your Malware Part Two – Hacky Obfuscation Techniques
With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of Continue reading Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware
Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift Continue reading Malware Scanning: An Essential Layer of Website Security
In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is Continue reading PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time
The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress Continue reading The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our Continue reading The Wordfence 2022 State of WordPress Security Report
On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email Continue reading PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money
The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels, compromised services and Continue reading How Much is Your Hacked Site Worth?
Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is Continue reading Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something Continue reading Not Just for the Government: Using the NIST Framework to Secure WordPress
A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at https://democrats.org with DDOS (Distributed Denial of Service) attacks this morning, November 8th, 2022, which is Election Day in the Continue reading Russian Hacktivist Group Targets Political Websites with DDOS Attacks
While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control (C2) script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. Continue reading What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of Continue reading Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity
October is National Cyber Security Awareness Month in the U.S., and this year’s theme is “See Yourself in Cyber.” What is really being said by this theme is that we all have a role to play in cyber security, whether Continue reading National Cyber Security Awareness Month: You Could Be the Biggest Threat to Your WordPress Site
Vulnerabilities are a fact of life for anyone managing a website, even when using a well-established content management system like WordPress. Not all vulnerabilities are equal, with some allowing access to sensitive data that would normally be hidden from public Continue reading Cross-Site Scripting: The Real WordPress Supervillain
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell you more about what we’re launching Continue reading Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: Continue reading Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week