News
Detecting and Mitigating a Phishing Threat: “Greatness”
Emerging in 2022, a phishing tool known as Greatness has caught the attention of our research team due to its coordinated efforts to breach Microsoft 365 accounts and presence on compromised websites. More disturbingly, it has shown effectiveness against multi-factor authentication (MFA), elevating the potential threat level. Identified as a Phishing as a Service (PhaaS) […]
Read More
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 52 vulnerabilities disclosed in 42 WordPress Plugins and no WordPress themes that have been […]
Read More
The Wordfence 2023 State of WordPress Security Report
Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising […]
Read More
The WordPress 6.4.3 Security Update – What You Need to Know
Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in WordPress Core. The first patch addresses an issue that allows users with Administrator (or Super Administrator on Multisite) privileges to upload PHP files directly to a site via the Plugin and Theme file upload mechanism. […]
Read More
$1,275 Bounty Awarded For Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin
Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On December 5th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for […]
Read More
Vulnerability & Patch Roundup January 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read More
4 Ways To Put Your Site In Maintenance Mode
Putting your site in maintenance mode is like putting an “Out Of Service” sign outside an elevator. It makes sure clients and customers know that there is the site is undergoing changes and to not interact with it. Without maintenance mode, you risk losing data like comments, new posts, new registrations, new orders, etc. This […]
Read More
WordPress Security and Misinformation: Session Cookie Stealing is Not Responsible for 60% of Hacks
We’re here to talk about an important issue in WordPress security. Some people believe that stolen session cookies cause most website hacks—up to 60% of them. This simply isn’t true, and believing it can lead to bad security choices. Misconceptions can cause people to use the wrong fixes, ignoring real security issues. We’re in a […]
Read More
Complete Guide To WordPress Account Management
Managing multiple user accounts on your WordPress site can seem daunting. It includes several tasks that range from managing user roles to monitoring user activity. Unmanaged user accounts are not just an administrative oversight, but they significantly heighten the risk of security breaches on your website. For example, allowing anyone to register without verification can […]
Read More