News
What is Secure Shell (SSH) & How to Use It: Security & Best Practices
Navigating your WordPress site’s dashboard can provide you with significant control over your website’s functionality and appearance. Yet it won’t offer a direct interaction or management of your server. This is where Secure Shell Access (SSH) steps in. SSH is a protocol that provides a secure and effective way to connect with your website and […]
Read MoreBeyond Cloudflare: Fortifying WordPress Security
In the WordPress ecosystem, it is widely believed that Cloudflare’s firewall is the gold standard of security that any site can get. Its arsenal of features, including robust DDoS protection and a powerful content delivery network (CDN), has earned it a solid reputation. Some of the top web hosts trust Cloudflare and its ability to […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreMalware Scanning: An Essential Layer of Website Security
Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention, rather than detection, of security incidents. This reflects the increased adoption […]
Read MoreHow to Fix CSS Not Loading over HTTPS in WordPress
Are you frustrated that your WordPress site not loading CSS over https when switching to secure HTTP? Have you been left scratching your head seeing your site’s ‘fashion sense’ suddenly fall apart? Has all the text on your site lost its alignment or basic formatting? If your answer to any of these questions is ‘yes’, […]
Read MoreDecoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a […]
Read MoreOver 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject […]
Read MoreHow To Completely Remove Defacement From WordPress Site?
WordPress defacement is an attack on sites, in which hackers tamper with legitimate content. Defaced sites are always jarring, and never more so than when the site is your own. If hackers deface WordPress site, it is most likely a result of malware. Scan your site to get a definitive analysis so you can recover […]
Read MoreTwo-Factor Authentication for WordPress: The Complete Guide
Login security in WordPress is the first line of defense against unauthorized access to your accounts and sensitive information. Without it, your site is at risk of data breaches, financial loss, and cybercrime. Using strong passwords is a great start, but you can beef up security even more with 2FA. Two-factor authentication (2FA) is a […]
Read More