The Wordfence 2020 WordPress Threat Report
Over the course of 2020, and in the process of protecting over 4 million WordPress customers, the Wordfence Threat Intelligence team gathered a massive amount of raw data from attacks targeting WordPress and infection trends, in addition to the malware samples...
New Linux Server Vulnerability
Security researchers at Qualys discovered a Privilege Escalation vulnerability in the Linux program sudo. An attacker could exploit the vulnerability to increase the privileges and take over the server. How does this server vulnerability affect WordPress websites? The...
WordPress Vulnerability Roundup: January 2021, Part 2
New WordPress plugin and theme vulnerabilities were disclosed during the second half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. This weeks...
WordPress security & hardening, the definitive guide
WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or eCommerce site. As a result, it is no surprise that WordPress websites are a...
Phishing & Malspam with Leaf PHPMailer
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment. To support these activities, attackers seek out tools that...Episode 101: Supporting Remote Students with Free Site Audits & Cleanings
Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about the growing prevalence of...Password Policy Manager 2.3.4: improved plugin interoperability & bug fixes
Today we are in the third week of 2021, and we are happy to announce the third plugin update of the year: Password Policy Manager 2.3.4. This update features better interoperability with third party plugins, a few minor improvements, and a number of bug fixes....