Activity Log extensions for Yoast SEO, WooCommerce & WPForms updated
Today we are updating the three most popular activity log extensions. Even though mostly these are maintenance updates, we have also improved the coverage of Yoast SEO plugin settings changes and WooCommerce orders changes. Let’s dive right in to see what is new and...
Analysis of a Phishing Kit (that targets Chase Bank)
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. Once entered, the attackers syphon off those login details and use...Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities
On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability...
How Passwords Get Hacked
Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. In fact, 66% of people polled admitted to using the...An Update on the Classic Editor Plugin
Before the release of WordPress 5.0 in 2018, the Classic Editor plugin was published to help ease the transition to the new block editor. At the time, we promised to support the plugin through 2021 and adjust if needed as the deadline got closer. After discussing this...Exposed backup and unreferenced files and how to find them
Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria...Nested Pages Patches Post Deletion Vulnerability
On August 13, 2021, the Wordfence Threat Intelligence team responsibly disclosed two vulnerabilities in Nested Pages, a WordPress plugin installed on over 80,000 sites that provides drag and drop functionality to manage your page structure and post ordering. These...
7 Ways to Secure Magento 1
While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform....