This entry was posted in General Security, WordPress Security on January 17, 2017 by Mark Maunder 64 Replies
On approximately January 31st of this month, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it....read more
This entry was posted in Vulnerabilities, WordPress Security on January 13, 2017 by Mark Maunder 6 Replies
WordPress 4.7.1 was released on Wednesday. It contains 8 security fixes including a fix for the PHPMailer issue, which we reported on in late December....read more
This entry was posted in General Security, Miscellaneous on January 12, 2017 by Mark Maunder 151 Replies
Update at 11:30pm on Tuesday January 17th: I have received an official statement from Google regarding this issue. You can find the full update at the end of this post....read more
This entry was posted in Wordfence, WordPress Security on January 10, 2017 by Mark Maunder 35 Replies
In April of 2016 Wordfence launched a full featured WordPress firewall. Since then we have released improvements that make Wordfence faster and better at blocking attacks. If you're not a security professional it may not be clear what the Wordfence firewall does or how it works. In this post I'm going to describe exactly how the firewall works....read more
This entry was posted in General Security, Research, Wordfence, WordPress Security on January 5, 2017 by Mark Maunder 50 Replies
This week we are introducing something new. At the beginning of each month we will be doing a monthly WordPress security report. We will look at the attack data for the previous month from the 1st to the end of the month and provide a report and analysis on the attack activity we have seen on WordPress websites....read more
This entry was posted in General Security, Miscellaneous, Research, Wordfence, WordPress Security on January 2, 2017 by Mark Maunder 13 Replies
On Friday we published an analysis of the FBI and DHS Grizzly Steppe report. The report was widely seen as proof that Russian intelligence operatives hacked the US 2016 election. We showed that the PHP malware in the report is old, freely available from a Ukrainian hacker group and is an administrative tool for hackers....read more
This entry was posted in General Security, Miscellaneous, Research, WordPress Security on December 30, 2016 by Mark Maunder 137 Replies
Update at 1am Pacific Time, Monday morning Jan 2nd: Please note that we have published a FAQ that accompanies this report. It contains a summary of our findings and answers several other questions our readers have had. It also provides some background on our methodology. You can read it either before or after reading this report. The original report follows:...read more
This entry was posted in WordPress Security on December 28, 2016 by Mark Maunder 78 Replies
There is an idea that was popularized a few years ago that if you change WordPress table prefix in your database, it helps protect your WordPress website from attackers....read more
This entry was posted in General Security, Vulnerabilities, WordPress Security on December 26, 2016 by Mark Maunder 68 Replies
A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included....read more
This entry was posted in Wordfence on December 21, 2016 by Mark Maunder 21 Replies
2016 is drawing to a close and has been a very busy year for us at Wordfence. In today's post I'd like to share some of the major events for Wordfence in 2016 and some interesting data....read more
Protect your websites with the #1 WordPress Security Plugin
Get Premium
Over 20 million downloads
