News
WP Content Uploads: A Complete Guide
Having a solid understanding of WordPress file structure is crucial to security your WordPress site—and the wp-content/uploads folder is a big part of that equation. This folder can be confusing for everyone, whether you’re a newbie trying to figure out where your uploaded content goes or an experienced user wrestling with managing the folder’s size […]
Read More
How to Configure the X-Frame-Options Header in WordPress
With the rapid rise in online threats, safeguarding your WordPress site becomes not just a priority but a mandate. Among the essential tools at your disposal are HTTP security headers, and taking center stage in this defense strategy is the X-Frame-Options header. Getting the X-Frame-Options header in place is a straightforward process that significantly bolsters […]
Read More
Sitelock vs Wordfence: The Ultimate Comparison
Navigating the world of WordPress security plugins can be daunting, particularly when you’re weighing up highly recommended choices like Wordfence and SiteLock. We, at MalCare, with vast experience in WordPress security, aim to simplify this decision process for you. Our expertise comes from hands-on experience. We purposefully infected several test websites with malware and measured […]
Read More
How to Configure the HTTP Strict-Transport-Security (HSTS) Header in WordPress
In the modern web, securing data transmission is not just best practice—it’s essential. That’s where HTTP Strict Transport Security (HSTS) comes into play, particularly for WordPress site administrators who are serious about cybersecurity. Configuring the HSTS header on your WordPress website can appear daunting at first, but it is a vital step in fortifying your […]
Read More
MalCare Stands Strong Against Attacks Exploiting the Elementor Plugin v3.18.1 RCE Vulnerability
Recently, a critical vulnerability was discovered in the Elementor plugin, the popular page-building tool for WordPress. This vulnerability posed a significant risk to the millions of websites using the plugin worldwide. Here, we detail the nature of the vulnerability and how MalCare’s state-of-the-art Atomic Security provided a timely defense for all the WordPress sites it […]
Read More
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall, two-factor authentication and more. We’ve just released Wordfence CLI 2.1.0 which includes […]
Read More
Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) vulnerability on your site, which allows attackers to execute malwares and steal your data, user […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were 109 vulnerabilities disclosed in 98 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence […]
Read More
Critical RCE Vulnerability Patched in Backup Migration Plugin
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days later after users were given an opportunity to install the patch, although the official CVE is still locked down in “reserved” mode. Website administrators are advised to update to the […]
Read More