News
SiteLock Review: Is It Worth It?
Several comparison articles may place it in the limelight, but does SiteLock really deliver? Is it worth parting with your hard-earned cash for? More importantly, can it be the dependable guard your WordPress site needs? As seasoned WordPress security experts, we understand what makes a truly reliable security plugin stand out from the crowd. We […]
Read More
How to Configure the X-Content-Type-Options Header in WordPress
Securing your WordPress site is non-negotiable in an age where digital threats are evolving rapidly. Key players in your security lineup are HTTP security headers, and a star defender is the X-Content-Type-Options (XCTO) header. Configuring the XCTO header is a simple yet effective tactic that helps fortify your WordPress site’s defenses with just a few […]
Read More
4 Ways to Get WordPress PHP Error Logs
When working with WordPress, encountering errors is a common part of the development and maintenance process. However, the real challenge lies in accurately diagnosing and resolving these issues. One of the most effective tools at your disposal is the PHP error log. By using PHP error logs, you can gain invaluable insights into the underlying […]
Read More
Top 9 WordPress Vulnerability Scanners Tested and Reviewed
Vulnerabilities are not just a risk; they are the root cause for an overwhelming 95% of all WordPress hacks. Swiftly updating problematic plugins and themes isn’t a suggestion; it’s a necessity, making the difference between security and malware. Vulnerability scanners are a huge help in that respect. But of course, there are so many that […]
Read More
WPScan Intro: How to Scan for WordPress Vulnerabilities
In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding of your WordPress website and any vulnerabilities that may be present in your environment. It also happens to be pre-installed in Kali Linux. If you haven’t set it up yet, […]
Read More
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using plugin shortcodes, which will execute whenever a victim accesses […]
Read More
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as a researcher and submit your vulnerabilities today! On November 8th, 2023, Wordfence launched a […]
Read More
Clarifying the Elementor Arbitary File Upload Vulnerability
Recently, a security vulnerability in Elementor, a popular WordPress plugin, made headlines. Two databases rated its severity at a staggering 9.9 and 8.8. This raised immediate concerns, leading to a straightforward action plan: “Stop everything and update Elementor first.” But is it really that simple? Let’s delve into the key questions: Are millions of Elementor […]
Read More
PSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We immediately released a firewall rule to Wordfence Premium, […]
Read More