News
Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our full disclosure on August 23, 2023. A patched version of the […]
Read More
What is Secure Shell (SSH) & How to Use It: Security & Best Practices
Navigating your WordPress site’s dashboard can provide you with significant control over your website’s functionality and appearance. Yet it won’t offer a direct interaction or management of your server. This is where Secure Shell Access (SSH) steps in. SSH is a protocol that provides a secure and effective way to connect with your website and […]
Read More
Beyond Cloudflare: Fortifying WordPress Security
In the WordPress ecosystem, it is widely believed that Cloudflare’s firewall is the gold standard of security that any site can get. Its arsenal of features, including robust DDoS protection and a powerful content delivery network (CDN), has earned it a solid reputation. Some of the top web hosts trust Cloudflare and its ability to […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read More
Malware Scanning: An Essential Layer of Website Security
Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections. In recent years, the WordPress community has seen a shift in emphasis towards prevention, rather than detection, of security incidents. This reflects the increased adoption […]
Read More
How to Fix CSS Not Loading over HTTPS in WordPress
Are you frustrated that your WordPress site not loading CSS over https when switching to secure HTTP? Have you been left scratching your head seeing your site’s ‘fashion sense’ suddenly fall apart? Has all the text on your site lost its alignment or basic formatting? If your answer to any of these questions is ‘yes’, […]
Read More
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a […]
Read More
Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject […]
Read More
How To Completely Remove Defacement From WordPress Site?
WordPress defacement is an attack on sites, in which hackers tamper with legitimate content. Defaced sites are always jarring, and never more so than when the site is your own. If hackers deface WordPress site, it is most likely a result of malware. Scan your site to get a definitive analysis so you can recover […]
Read More