Maintenance
WordPress 6.3.2 Security Release – What You Need to Know
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to potentially allow site takeover, and thus the 6.3.2 update has the most significant security fixes […]
Read More
What is HSTS: HTTP Strict Transport Security
HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone keen on protecting their site, as proper implementation can help to ensure that your website’s […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)
Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
WordPress Phishing Hack: Fix and Protect Your Site
You are here because your website has either been marked as a phishing site, sending out phishing emails to your visitors, or has a bunch of phishing pages on it—that you haven’t added. But, why is any of this happening? Yours is not a phishing website! If you are experiencing these symptoms, the chances are […]
Read More
How to find the WordPress login URL
Logging in with your WP login URL is the only way to access your site’s admin panel or WordPress dashboard. The dashboard is where you can customize your pages, or install plugins and update the theme. But, if you’re new to WordPress, you will need to learn how to log in. It’s also possible that […]
Read More
Password Security & Password Managers
In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to their sensitive credentials. Weak passwords make it easier for bad actors to […]
Read More
Backdoor Masquerading as Legitimate Plugin
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other complications that may arise as a result […]
Read More
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing new waves of Balada malware injections on websites that were actively using tagDiv themes. This […]
Read More
How to remove WordPress site not secure warning
Does your WordPress site says Not Secure warning? Is this ‘Not Secure’ warning spread all over the pages on your WordPress site? This is a pretty familiar but serious issue that is enough to scare both you and your site’s visitors as well as affect your site’s search engine rankings. So, how do you dismiss […]
Read More