Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerabilities & Patch Roundup — August 2022
Every once in a while, we get a glimpse into the strange behavior that happens after a site is compromised. Hacked websites are known to result in a plethora of headaches for webmasters, including malicious redirects, broken links, and unwanted Continue reading Post-Hack Instructions: SEO Spam & 404 Errors in Search Console
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – August 24, 2022
Since 2020 considerable attention has been spent analysing the emergence of MageCart malware within WordPress environments which most commonly affects sites using WooCommerce. As demonstrated in a previous post WordPress has quickly become the most commonly affected CMS platform for Continue reading Examining Less-Common WordPress Credit Card Skimmers
As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the conflict in Ukraine, the types of attacks have been varied. Continue reading Analyzing Attack Data and Trends Targeting Ukrainian Domains
It’s not uncommon for users to experience “DDoS Protection” pages when casually browsing the web. These DDoS protection pages are typically associated with browser checks performed by WAF/CDN services which verify if the site visitor is, in fact, a human Continue reading Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – August 17, 2022
Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned by our remediation team in the last few years. This NDSW/NDSX malware — also referred Continue reading SocGholish: 5+ Years of Massive Website Infections
Have you ever looked at your server or website logs and realized that they make absolutely no sense to you? Or thought that logs just seem to take up a lot of valuable server space? Or perhaps they fail to Continue reading The Importance of Website Logs
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell you more about what we’re launching Continue reading Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – August 10, 2022
The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign Continue reading Ukrainian Website Threat Landscape Throughout 2022
Since the Gutenberg WordPress editor became the default page editor, many WordPress users have started seeing “The response is not a valid JSON response” error messages on their website trying to update posts or upload media. While switching back to Continue reading How to Fix “The Response Is Not a Valid JSON Response” Message in WordPress
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: Continue reading Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible Continue reading Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – August 3, 2022
On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated Continue reading High Severity Vulnerability Patched in Download Manager Plugin
Most people would agree — living in a house full of accumulated debris and unnecessary objects can create a chaotic environment, and even cause health problems. This scenario is easily applicable to your website, too. You can think of your Continue reading 7 Tips to Clean & Maintain Your Website
This is an ‘ultimate’ or comprehensive guide to WordPress password protection for business website administrators and owners. It’s written for those who manage or are the administrators of WordPress websites. Roles aside, the next most vulnerable and easily hardened WordPress Continue reading WordPress Password Protection – A Complete Guide
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerabilities & Patch Roundup — July 2022