Wordfence – Page 2

Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed

Posted on 5 December 2023 by

In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary WordPress options (settings). The possibility of the vulnerability was flagged by proactive Continue reading Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed→

Latest Release of Contact Form 7 Didn’t Actually Fix Authenticated (Editor+) Arbitrary File Upload Vulnerability

Posted on 1 December 2023 by

Recently, the WordPress security provider Wordfence was criticizing another provider, Patchstack, for incentivizing low quality claims of vulnerabilities in WordPress plugins: There are an extremely high number of low risk and low quality vulnerabilities being submitted to databases like Patchstack,” Continue reading Latest Release of Contact Form 7 Didn’t Actually Fix Authenticated (Editor+) Arbitrary File Upload Vulnerability→

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

Posted on 1 December 2023 by

The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an Continue reading PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin→

Patchstack vs Wordfence WordPress Plugin Vulnerability Data: It’s Largely The Same Inaccurate Data

Posted on 27 November 2023 by

When it comes to protecting WordPress websites from vulnerabilities in WordPress plugins, one piece of the solution involves being warned if you are using plugins with known vulnerabilities. Doing that well requires doing a lot of work. That is something Continue reading Patchstack vs Wordfence WordPress Plugin Vulnerability Data: It’s Largely The Same Inaccurate Data→

WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That

Posted on 20 November 2023 by

Last week, we noted that the marketing for the Wordfence Security plugin was promoting its firewall as being the industry leader, despite that not being supported by them with anything whatsoever and objective testing showing that being far from the Continue reading WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That→

Wordfence Security Doesn’t Offer The Industry Leading Firewall

Posted on 16 November 2023 by

While looking into something for another post, we noticed that the developer of the Wordfence Security plugin is marketing their solution as having the “Industry Leading Firewall”: [Read more] ShareTweetSharePostSharePin It!

Wordfence Security’s Country Blocking Isn’t an Effective Measure Against Hackers

Posted on 13 November 2023 by

Last week, we wrote about one feature of the Wordfence Security plugin that doesn’t actually provide the protection that Wordfence has been able to convince people otherwise. Another feature that was brought up to us by the same person asking Continue reading Wordfence Security’s Country Blocking Isn’t an Effective Measure Against Hackers→

Fostering Innovation in Web Security

Posted on 10 November 2023 by

I’ve always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazine’s top 50 websites of 2005. These days Continue reading Fostering Innovation in Web Security→

The Wordfence Security Plugin Isn’t Actually Protecting Against Brute Force Attacks

Posted on 8 November 2023 by

We recently had a potential customer ask if our firewall plugin protected against brute force attacks as they believed the Wordfence Security plugin is doing. They also noted that using something different than what Wordfence Security provides would seem like Continue reading The Wordfence Security Plugin Isn’t Actually Protecting Against Brute Force Attacks→

Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”

Posted on 31 October 2023 by

Note: If you’re a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command Continue reading Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”→

Wordfence Reviews and Where to Find Them

Posted on 24 October 2023 by

Just a quick note. If you’re looking for objective Wordfence reviews, you can find them on the official WordPress plugin repository in the Wordfence reviews section which is linked to from the Wordfence entry in the official WordPress repository. The Continue reading Wordfence Reviews and Where to Find Them→

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)

Posted on 19 October 2023 by

Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that Continue reading Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)→

WordPress 6.3.2 Security Release – What You Need to Know

Posted on 12 October 2023 by

WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to Continue reading WordPress 6.3.2 Security Release – What You Need to Know→

Wordfence Security Increases Protection in October Test of WordPress Security Plugins’ Zero-Day Protection

Posted on 10 October 2023 by

One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Wordfence Security Increases Protection in October Test of WordPress Security Plugins’ Zero-Day Protection→

The WordPress Function sanitize_text_field() Isn’t Always Enough Security to Protect Against XSS

Posted on 5 October 2023 by

The Automattic owned WPScan recently claimed a serious persistent cross-site scripting (XSS) vulnerability had been in a WordPress plugin and had been fixed. Their report lacked the kind of information that would be needed to easily recheck things. What was Continue reading The WordPress Function sanitize_text_field() Isn’t Always Enough Security to Protect Against XSS→

Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware

Posted on 2 October 2023 by

With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of Continue reading Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware→

Hacker Targeted WordPress Plugin Still in Plugin Directory Despite Publicly Disclosed Unfixed SQL Injection Vulnerability

Posted on 27 September 2023 by

On Saturday we had what appeared to be a hacker probing for usage of the WordPress plugin WP Job Portal on our website. That plugin is available in the WordPress Plugin Directory and has 3,000+ active installations according to WordPress’ Continue reading Hacker Targeted WordPress Plugin Still in Plugin Directory Despite Publicly Disclosed Unfixed SQL Injection Vulnerability→

Introducing Wordfence CLI: A High Performance Malware Scanner Built for the Command Line

Posted on 24 August 2023 by

Today, we are incredibly excited to announce the launch of Wordfence CLI: an open source, high performance malware scanner built for the command-line. With Wordfence CLI you can detect malware and other indicators of compromise on a host system by Continue reading Introducing Wordfence CLI: A High Performance Malware Scanner Built for the Command Line→

Wordfence Claims to Own WordPress.org, Abusing DMCA Takedowns to Cover Up Coverage of Their Repeated Inaccuracies

Posted on 24 August 2023 by

Dealing with the security of WordPress plugins, we see a lot of the bad parts of the WordPress business space. Plugin developers making extraordinary claims about their handling of security, while not even doing the basics isn’t uncommon. Much worse Continue reading Wordfence Claims to Own WordPress.org, Abusing DMCA Takedowns to Cover Up Coverage of Their Repeated Inaccuracies→

Wordfence Intelligence (and Possibly WordPress) Mishandled Unfixed Vulnerabilities in WordPress Plugin

Posted on 22 August 2023 by

Earlier today, we warned our customers about unfixed vulnerabilities in a WordPress plugin named Posts Like Dislike. We ran across those vulnerabilities as at least one of our customers was using the plugin and the changelog for the latest version Continue reading Wordfence Intelligence (and Possibly WordPress) Mishandled Unfixed Vulnerabilities in WordPress Plugin→