Maintenance
Cookie Stealing in WordPress: Understanding the Risks and Consequences
Cybercriminals can quietly steal information from unsuspecting website visitors by stealing their cookies. And while cookie stealing security advice online is typically geared towards users and site visitors, it’s important to understand that as a site owner, you’re also at risk from these types of WordPress attacks. There are a couple of ways that cookie […]
Read MoreWordPress Vulnerability & Patch Roundup April 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to Apr 23, 2023)
Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. There were more unpatched vulnerabilities than patched last week, so it’s more important than ever to review […]
Read MoreWP-CLI: How to Connect to WordPress via SSH
The WordPress admin dashboard, though intuitive and feature-rich, can be time-consuming to explore. If you’re looking for a more direct approach to website management, consider giving the WordPress Command Line Interface (WP-CLI) a try! WP-CLI is an efficient and powerful way to manage your WordPress installation, allowing you to update your core files and plugins, […]
Read MoreMultiple Vulnerabilities Patched in Shield Security
On March 20, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for two vulnerabilities in Shield Security, a security plugin with over 50,000 installations. One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into […]
Read MoreHow to Prevent SSH Brute Force Login Attacks
What is an SSH brute force attack? An SSH brute force attack is a common form of attack that targets remote services, particularly unix-based servers running SSH services for secure remote connections. These attacks often involve automated tools and bots to continuously attempt common password and username combinations until they successfully gain access to a […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023)
Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreHow To Fix Chinese Search Results Spam
Are you noticing some strange symptoms on your website? A sudden drop in search engine rankings? A decrease in website traffic? Are you seeing random Chinese characters, unrelated to your website’s content? There might also be unfamiliar files or directories on your server that look suspicious or malicious. If any of that is true, we’ve […]
Read MoreMassive Abuse of an Abandoned Eval PHP WordPress Plugin
Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of backdoors: PHP scripts designed to allow attackers access and control even after you’ve changed your passwords and thought that the worst was over. Since external scans are unable to see […]
Read More