The Dangers of Using Abandoned Plugins & Themes
It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and we were called to investigate and clean up the site. Old and abandoned plugins and themes...
The NoneNone Brute Force Attacks: Even Hackers Need QA
For the last few weeks we’ve seen and blocked an increase in brute-force, credential stuffing, and dictionary attacks targeting the WordPress xmlrpc.php endpoint, on some days exceeding 150 million attacks against 1.9 million sites in a 24-hour period. These attacks...
What are WordPress plugins?
If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose. It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build a website with...
Why You Should Monitor Your Website
In an effort to maintain unauthorized access or profit off a website’s environment long after an initial compromise, attackers commonly leverage a variety of different techniques and tactics. These techniques range from adding backdoors, stealing sensitive data,...WP Engine: 2020 in Review
This year, we’re extra thankful for all you’ve done to make us who we are! Throughout 2020, we’ve been inspired by your ability to adapt and your unswerving commitment to digital innovation, and we’ve been proud to serve as your digital engine as you’ve tapped into...Introducing Learn WordPress
Learn WordPress is a learning resource providing workshops, quizzes, courses, lesson plans, and discussion groups so that anyone, from beginners to advanced users, can learn to do more with WordPress. Learning how to use, build for, and contribute to WordPress is...Episode 98: How Application Passwords Work in WordPress 5.6
WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version...