Maintenance
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
Malware Scanning: An Essential Layer of Website Security
Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention, rather than detection, of security incidents. This reflects the increased adoption […]
Read More
How to Fix CSS Not Loading over HTTPS in WordPress
Are you frustrated that your WordPress site not loading CSS over https when switching to secure HTTP? Have you been left scratching your head seeing your site’s ‘fashion sense’ suddenly fall apart? Has all the text on your site lost its alignment or basic formatting? If your answer to any of these questions is ‘yes’, […]
Read More
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a […]
Read More
Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject […]
Read More
How To Completely Remove Defacement From WordPress Site?
WordPress defacement is an attack on sites, in which hackers tamper with legitimate content. Defaced sites are always jarring, and never more so than when the site is your own. If hackers deface WordPress site, it is most likely a result of malware. Scan your site to get a definitive analysis so you can recover […]
Read More
Two-Factor Authentication for WordPress: The Complete Guide
Login security in WordPress is the first line of defense against unauthorized access to your accounts and sensitive information. Without it, your site is at risk of data breaches, financial loss, and cybercrime. Using strong passwords is a great start, but you can beef up security even more with 2FA. Two-factor authentication (2FA) is a […]
Read More
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect your site’s SEO because search engines like Google flag sites without an HTTPS (HyperText Transfer […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)
Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More