WordPress Security – Page 24

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

Posted on 7 April 2022 by

On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over 400,000 sites. This flaw makes it possible for attackers to Continue reading Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin→

WordPress Vulnerability Report – April 6, 2022

Posted on 6 April 2022 by

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – April 6, 2022→

WordPress Overtakes Magento in Credit Card Skimmers

Posted on 4 April 2022 by

One of the most important monitoring tools in our security platform is our Sucuri SiteCheck scanner. It’s a free tool to scan your website for known malicious content and malware injections. The usage of SiteCheck also allows us to monitor Continue reading WordPress Overtakes Magento in Credit Card Skimmers→

WordPress Popunder Malware Redirects to Scam Sites

Posted on 1 April 2022 by

Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. So far this year our monitoring has detected over 3,000 websites infected with this injection this year and over 17,000 in total since Continue reading WordPress Popunder Malware Redirects to Scam Sites→

WordPress Vulnerability Report – March 30, 2022

Posted on 30 March 2022 by

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

Posted on 30 March 2022 by

Update – after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didn’t receive our disclosure because our contact at the company was no longer the correct recipient for this type Continue reading Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk→

What is the difference between CAPTCHA, ReCAPTCHA, and NoCAPTCHA?

Posted on 29 March 2022 by

If you’ve been thinking about adding CAPTCHA to your WordPress website (or have recently installed our amazing CAPTCHA 4WP plugin), you’ll undoubtedly have come across the many different versions and iterations of the word CAPTCHA. If you find all of Continue reading What is the difference between CAPTCHA, ReCAPTCHA, and NoCAPTCHA?→

The Mystery Admin User

Posted on 25 March 2022 by

One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept Continue reading The Mystery Admin User→

WordPress Vulnerability Report – March 23, 2022

Posted on 23 March 2022 by

Introducing Site Scan + Vulnerability Protection for Everyone – New in iThemes Security 8.1

Posted on 22 March 2022 by

The mission of iThemes Security is to make WordPress security simple. We’re here to provide the most effective and cutting-edge website security measures freely available to everyone, in one easy-to-use plugin. In the latest release of the free iThemes Security plugin, Continue reading Introducing Site Scan + Vulnerability Protection for Everyone – New in iThemes Security 8.1→

Increase In Malware Sightings on GoDaddy Managed Hosting

Posted on 16 March 2022 by

Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress Continue reading Increase In Malware Sightings on GoDaddy Managed Hosting→

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Posted on 11 March 2022 by

Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 Continue reading WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities→

We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs

Posted on 3 March 2022 by

48 hours ago we deployed our commercial real-time threat intelligence automatically, and for free, to all Ukrainian websites with the .UA top-level domain. That has made over 8,000 sites in Ukraine using the free version of Wordfence significantly more secure. Continue reading We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs→

Ukraine Universities Hacked As Russian Invasion Started

Posted on 2 March 2022 by

Note: This article has been updated to reflect that the hosting provider “Njalla”, which routed the malicious traffic involved in this attack, is based in Sweden, not in Finland, although IP geolocation data indicates that the specific server that the Continue reading Ukraine Universities Hacked As Russian Invasion Started→

How to stay safe online as a new WordPress administrator

Posted on 1 March 2022 by

As a new WordPress administrator, you undoubtedly have a lot to think about and do. After all, WordPress websites are as fun and exciting as they are demanding. Even so, one thing that many new administrators do not think about Continue reading How to stay safe online as a new WordPress administrator→

Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin

Posted on 24 February 2022 by

On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an Continue reading Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin→

Entering a Higher State of Vigilance – Ukraine Under Attack

Posted on 24 February 2022 by

It appears that Russia has just commenced the invasion of Ukraine. Check your preferred international news outlet, but according to the Ukrainian foreign minister “Putin has just launched a full-scale invasion of Ukraine.” Ukrainian airspace is closed with flights diverting. Continue reading Entering a Higher State of Vigilance – Ukraine Under Attack→

Configuring HTTP security headers on WordPress

Posted on 23 February 2022 by

Most modern browsers support a variety of HTTP security headers to improve the security of your WordPress website, better protect your visitors from classes of browser attacks such as clickjacking, cross-site scripting, and other common attacks, and even improve your Continue reading Configuring HTTP security headers on WordPress→

Reflected XSS in Header Footer Code Manager

Posted on 22 February 2022 by

On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent Continue reading Reflected XSS in Header Footer Code Manager→

2021: A year in review

Posted on 2 February 2022 by

2021 was touted as the year in which everything returns back to normality. Alas, this was not to be, as the developments we were hoping for didn’t fully materialize. 2021, however, was a year of hope in which human ingenuity Continue reading 2021: A year in review→