News
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We urge all WordPress users to update to 6.4.2 immediately, […]
Read More
Common Website Hacking Techniques
Website hacking — the act of exploiting weaknesses to gain unauthorized access to a website, database, cPanel, or admin dashboard — is a reality that some webmasters struggle with. In the hands of bad actors, automated hack tools and exploit kits make it especially easy for hackers to gain access to a plethora of information, […]
Read More
How To Edit The wp-config.php File?
Managing a WordPress site often treads the line between leveraging the software’s user-friendly interface and diving into its deeper, more technical settings. One area that might seem daunting, but is critical to both your website’s performance and security, is the wp-config.php file. There is a lot of advice floating around on how to edit the […]
Read More
The Ultimate Guide To WordPress Databases
The WordPress database is like a map of all the information needed for your website. You need to understand it to navigate and customize your site. But, it can seem overwhelming and scary. What does all that data mean? How does it work? When should you modify it? What if you crash your site? Our […]
Read More
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! On November 24, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process […]
Read More
7 WordPress Logs That You Should Know
When it comes to managing a WordPress website, WordPress logs are an indispensable diagnostic tool. They provide a comprehensive record of website activities in real-time and help track a wide range of events and transactions occurring on your WordPress website. From highlighting errors to monitoring user activities, these logs come in various types, each serving […]
Read More
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim […]
Read More
Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find vulnerabilities in […]
Read More
Skimming Credit Cards with WebSockets
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the same could be said for card skimming attacks: Once the trick-or-treaters have gone home for […]
Read More