News
Introducing Atomic Security: The Future of WordPress
It is our belief that WordPress sites should never get hacked. But the vast majority of the WordPress ecosystem would say that this is a pipedream. Every few weeks, a major vulnerability is discovered in a popular plugin, and thousands of sites are crippled. Credentials are leaked. Data is compromised. Losses pile up. We’ve all […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023)
Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreFakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It is one of the most common types of website malware. It tricks unsuspecting users into downloading what appears to be an update to their Chrome browser, but is actually a […]
Read MoreSeveral Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details. Receipt of […]
Read MoreFix the Mixed Content Warning on WordPress
Are you seeing a mixed content warning on your WordPress site? Has your browser blocked access to your site due to a mixed content error? The mixed content warning is a common issue that affects a lot of websites. It is caused by your site loading some content over unsecured HTTP connections while the site […]
Read MoreHow to Secure the WordPress Login Page
Given that WordPress powers millions of websites worldwide, it’s no surprise that it’s a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access — all of which can wreak havoc on your site’s functionality, damage reputation, or even result in lost revenue and sales. A common entry point […]
Read MoreIntroducing WP-Radar: The Definitive Way to Test Your WordPress Site Security
If we were to ask you, which of these people had a secure site, what would your answer be? Person A: “My site is on a premium tier of a good host.” Person B: “I use a cloud firewall.” Person C: “Everything on my site is always up to date.” Person D: “I backup my […]
Read MoreWordfence Reviews and Where to Find Them
Just a quick note. If you’re looking for objective Wordfence reviews, you can find them on the official WordPress plugin repository in the Wordfence reviews section which is linked to from the Wordfence entry in the official WordPress repository. The Wordfence plugin is available in the repository and that is also where users of Wordfence […]
Read More4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LightSpeed Cache Plugin
On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular cache plugin. The vulnerability enables threat actors with contributor-level permissions or higher to […]
Read More