Maintenance
How to Harden WordPress: A Basic Overview
Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you take a few of these steps to harden WordPress and protect your environment against bad bots, brute force, and other automated attacks. For example, the WordPress login page is – […]
Read More
Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin
On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker with minimal permissions, such as a subscriber, to upload […]
Read More
Dissecting a Clever Malware Sample for Optimized Detection and Protection
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other complications that may arise as a result of […]
Read More
MalCare Releases Plugin Update with Improved Authentication Systems
Recently, a vulnerability in the MalCare plugin was disclosed to our team by a security researcher. We responded to the security researcher, after conducting our due diligence. In the rare situation, where a site has a pre-existing, high severity SQL injection vulnerability, an attacker might be able to read the MalCare key. To address such […]
Read More
What is php.ini? Where It’s Located, How to Edit & Common Directives
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates, your system hunts down this file to identify directives that will be applied to your site’s scripts. While your PHP initialization file comes pre-configured, there may be instances when you […]
Read More
Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources. As you can imagine, this was quite the challenge as each and every data source came with […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
Change Your WordPress Password: 7 Tried-and-Tested Ways
There are numerous reasons to change your WordPress password. Maybe you’re worried that a hacker has changed your username and password, and you’re locked out of your site. It’s also possible that you just want to create a stronger password. Maybe you had shared your login credentials and now want sole control over your website’s […]
Read More
How to Protect Against the AnonymousFox Hack and Secure Your WordPress Site
Do you suspect that your WordPress site is hacked? Perhaps you have noticed new user accounts using the word ‘fox’ or created with strange email addresses. Maybe there are plugins with weird names on your site all of a sudden. Another sign is that you’re noticing a high number of failed login attempts. You would […]
Read More