News
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim […]
Read MoreEarn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!
At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find vulnerabilities in […]
Read MoreSkimming Credit Cards with WebSockets
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the same could be said for card skimming attacks: Once the trick-or-treaters have gone home for […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 […]
Read MoreHow To Change The Database Prefix On Your WordPress Site
As new site owners, navigating your way through the world of website security can be daunting. A pervasive notion across numerous articles online is that changing your database prefix is a smart security measure. But, what does it mean to change the default prefix? Can it crash your site? Why should you do it? As […]
Read MoreHTTPS Protocol: What is the Default Port for SSL & Common TCP Ports
SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might sit in front of it. These add an extra layer of security by leveraging either […]
Read More2 Ways to Get WordPress Error Logs
When it comes to troubleshooting issues on your WordPress site, WordPress error logs are a godsend. Logs are snapshots about issues on your site, showing verbose error messages so you can resolve them easily. WordPress sites are not set up to log error information by default. However, certain web hosts do enable logging on their […]
Read MoreHow to Disable the File Editor on WordPress
Disabling file editing in your WordPress admin panel is a simple but effective way to minimize the effect of a security breach. WordPress has always prioritized giving site admins control over their site…including security. But, if you’re not a developer, you’ll need to do your research and create a WordPress security checklist that lists the […]
Read MoreWordPress Vulnerability & Patch Roundup November 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read More