Maintenance
New Guide on Secure VPS Configuration
One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. This is particularly common within cPanel environments when add-on domains are used, or within improperly […]
Read More
WordPress Hacked? Scan & Clean Your Hacked WordPress Site
Is your website behaving strangely? Redirecting visitors to unsavoury sites, spam in your search results, or even something as simple as code showing up on your site’s header or footer. Before reading any further, the first thing you should do if you suspect that your WordPress site is hacked, is to scan your website. With […]
Read More
PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information. […]
Read More
How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS)
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings. In this post, we’ll take a look […]
Read More
Spamdexing: What is SEO Spam & How to Remove It
Ever had an uninvited guest crash your party, resulting in chaos, confusion, and some unhappy visitors? Well, SEO spam is that party crasher — just for websites. Why should you care, you ask? Well, just imagine your meticulously crafted website content being replaced with unsolicited ads for services and products that would make your grandma […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin
On May 28, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, which is actively installed on more than 30,000 WordPress websites. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on […]
Read More
How to Remove Favicon.ico Virus From Your WordPress Website?
You may have encountered irregularities such as unexpected slowdowns, intrusive pop-up ads, or unusual changes to your content. You may also have seen anomalies in your WordPress files—such as unusual favicon files or oddly named wp-config files. These signs may indicate that your WordPress site has been hacked using the favicon malware. If you suspect […]
Read More
WordPress Vulnerability & Patch Roundup June 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read More