News
MalCare Proactively blocks 100,000+ attacks Targeting Popup Builder XSS vulnerability
MalCare has been proactively blocking over 100,000 cross-site scripting (XSS) attacks daily targeting customer websites. These attacks attempt to exploit a vulnerability found in the popular Popup Builder plugin, and MalCare’s Atomic Security has stopped them cold—without needing a special patch. This vulnerability has seen a huge volume of attacks because it has a very […]
Read MoreFrom Web3 Drainer to Distributed WordPress Brute Force Attack
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]
Read MoreWP Umbrella Review: Features, Pricing and Details
Managing a WordPress site has two big tasks: keep an eye on things (monitor) and keep things running well (maintain). Without good management, your website is at risk. Your visitors’ experience worsens. Your place on Google search results can drop. You could even start losing money. Trying to keep an eye on all this stuff […]
Read More11 Managed WordPress Security Services To Effectively Keep Out Threats
Every website owner knows that security should be a top priority but, what is the best way to do so? There are a few routes you can take. You can manage security by configuring a security plugin like MalCare. You can also get some modicum of security by choosing a secure web hosting provider—but those […]
Read MoreNew Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 77 vulnerabilities disclosed in 53 WordPress Plugins and 1 WordPress Theme that have been […]
Read MoreWordPress Vulnerability & Patch Roundup February 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read MoreSpring into Action! Earn up to $10,000 with our Extended Bug Bounty Program Extravaganza through Memorial Day!
Spring into action and kick-start your spring cleaning with a tech twist! We’re excited to announce the extension of our Bug Bounty Extravaganza through Memorial Day, May 27th, 2024. Now, you have a golden opportunity to earn up to $10,000 for reporting vulnerabilities in WordPress software over the next three months. It’s the ideal moment […]
Read More$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme
???? Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 6th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an Arbitrary […]
Read More