Wordfence – Page 4

Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

Posted on 6 March 2023 by

Last week, Wordfence disclosed the details of an authenticated persistent cross-site scripting (XSS) vulnerability they had found in a popular WordPress plugin with 3+ million installs (as well as something else that wasn’t really a vulnerability). There were some things Continue reading Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It→

Wordfence WooCommerce 2FA: Set Up This New Feature To Protect Your Customers

Posted on 1 March 2023 by

On February 15, we made the exciting announcement that the latest release of Wordfence, version 7.9.0, includes a new feature: WooCommerce 2FA (two-factor authentication) for customer level users. What does this mean for you as an e-commerce store operator? And Continue reading Wordfence WooCommerce 2FA: Set Up This New Feature To Protect Your Customers→

You Need to Make Sure Proof of Concepts for Vulnerabilities in WordPress Plugins You Use Have Been Tested

Posted on 28 February 2023 by

Are you relying on a security provider to warn about vulnerabilities in WordPress plugins you use? Are you not testing out the proof of concepts for those vulnerabilities because the security provider claims they are verifying things for you or Continue reading You Need to Make Sure Proof of Concepts for Vulnerabilities in WordPress Plugins You Use Have Been Tested→

The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common

Posted on 28 February 2023 by

The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress Continue reading The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common→

Wordfence Adds Two Factor Auth for WooCommerce Customers

Posted on 15 February 2023 by

Wordfence 7.9.0 has been released and it includes a very exciting feature for WooCommerce sites and other WordPress sites wanting to make two factor authentication (2fa) available to their site users or members. Wordfence 7.9.0 now lets you give your Continue reading Wordfence Adds Two Factor Auth for WooCommerce Customers→

WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability

Posted on 8 February 2023 by

A month ago, we saw a hacker looking to exploit a vulnerability that had recently been fixed in the WordPress plugin User Verification. That vulnerability discovered by Lana Codes involved the plugin’s functionality to email a one-time password for logging Continue reading WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability→

PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money

Posted on 23 January 2023 by

On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email Continue reading PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money→

Cutting Through Wordfence’s FUD on Millions of Attack Attempts Against WordPress Websites

Posted on 19 January 2023 by

It isn’t uncommon to see comments online from people scared after a WordPress security solution, say, the Wordfence Security plugin, has alerted them that the solution has blocked a large amount of hacking attempts. The best advice as to what Continue reading Cutting Through Wordfence’s FUD on Millions of Attack Attempts Against WordPress Websites→

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Posted on 12 January 2023 by

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This Continue reading Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells→

Wordfence Isn’t Telling the Truth About the Sourcing and Reliability of Their Plugin Vulnerability Data

Posted on 6 January 2023 by

As we have documented multiple times before, Wordfence is providing highly inaccurate information on vulnerabilities in WordPress plugins. We keep running into more examples of that. Earlier this week someone contacted the developer of a plugin about Wordfence’s claim that Continue reading Wordfence Isn’t Telling the Truth About the Sourcing and Reliability of Their Plugin Vulnerability Data→

Providers of WordPress Plugin Vulnerability Data Not Actually Verifying if Vulnerabilities Are Fixed

Posted on 5 January 2023 by

Recently, three ostensibly competing data providers for information on vulnerabilities in WordPress plugins all claimed that a vulnerability had been fixed in a certain version of the plugin Super Socializer. Here was WPScan, the original source for the claim: [Read Continue reading Providers of WordPress Plugin Vulnerability Data Not Actually Verifying if Vulnerabilities Are Fixed→

Two Weeks Later WordPress Hasn’t Taken Action With WordPress Plugin That Loaded Malicious JavaScript

Posted on 4 January 2023 by

Anyone who has spent much time trying to use WordPress’ support forum and the connected plugin review system knows that the moderators of that often get in the way and causing unnecessary problems (as well other troubling behavior, including deleting Continue reading Two Weeks Later WordPress Hasn’t Taken Action With WordPress Plugin That Loaded Malicious JavaScript→

Wordfence Security and Wordfence Premium Fail to Provide Protection Against Privilege Escalation Vulnerability in Targeted Plugin

Posted on 2 January 2023 by

The Wordfence Security plugin is promoted with the claim that its firewall stops websites from getting hacked: Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. [Read more] ShareTweetSharePostSharePin It!

Wordfence Intelligence Community Edition Data Continues to Be a Mess

Posted on 21 December 2022 by

If data providers for WordPress plugin vulnerability information want to keep up with vulnerabilities, one important place to monitor is the WordPress Support Forum. Today, doing that allowed us to warn our customers of a plugin with 8,000+ installs that Continue reading Wordfence Intelligence Community Edition Data Continues to Be a Mess→

WPScan and Wordfence Intelligence Community Edition Providing Misleading Data on When Information Was Published

Posted on 15 December 2022 by

Trust is an important part of security, so it probably isn’t surprising that security is in such bad shape and that at the same time, security companies are so obviously dishonest so often. That is something we frequently run across Continue reading WPScan and Wordfence Intelligence Community Edition Providing Misleading Data on When Information Was Published→

Wordfence Intelligence Community Edition Fails to Warn About Serious Vulnerability Because It Copies Inaccurate Data From WPScan

Posted on 15 December 2022 by

Yesterday, we highlighted some of the problems we found when looking at the data on plugin vulnerabilities coming from Wordfence’s new Wordfence Intelligence Community Edition. That is data they were previously trying to sell access to as part of something Continue reading Wordfence Intelligence Community Edition Fails to Warn About Serious Vulnerability Because It Copies Inaccurate Data From WPScan→

Wordfence Intelligence Community Edition Data Falsely Claims That Unfixed Plugin Vulnerability Was Fixed Twice

Posted on 14 December 2022 by

In what appears to be a significant setback for Wordfence, but promoted as “a gift to the community”, they announced they are now giving away data on vulnerabilities in WordPress plugins they have been trying to sell access to since Continue reading Wordfence Intelligence Community Edition Data Falsely Claims That Unfixed Plugin Vulnerability Was Fixed Twice→

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Posted on 14 December 2022 by

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is Continue reading Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal→

Spikes in Attacks Serve as a Reminder to Update Plugins

Posted on 12 December 2022 by

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and Continue reading Spikes in Attacks Serve as a Reminder to Update Plugins→

Even Wordfence Competitor Has Been Fooled by Untruthful Marketing of Wordfence Premium

Posted on 8 December 2022 by

We recently tried to add a WordPress firewall plugin named BitFire in to our automated testing system of WordPress security plugins, but found that the plugin wasn’t working properly and then an update totally broke it. We also noticed that Continue reading Even Wordfence Competitor Has Been Fooled by Untruthful Marketing of Wordfence Premium→

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31