This entry was posted in Wordfence on January 21, 2021 by Kathy Zant 5 RepliesWordfence, the leading provider of WordPress security software and services, is announcing today that we are, effective immediately, offering free site cleaning and site...
2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White...
On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload vulnerability in Contact Form 7, the most popular WordPress plugin of all time. The lead researcher, Jinson Varghese, also published...
The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing...
Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported...
A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an...
WPScan, a security company that maintains a database of WordPress vulnerabilities, has been officially designated as a CVE (Common Vulnerability and Exposures) Numbering Authority (CNA). The company joins 151 organizations from 25 countries that...
During a recent audit we discovered an unauthenticated remote code execution in the plugin e-signature. All versions less than 1.5.6.8 are vulnerable.Disclosure / Response TimelineJanuary 7, 2021: Initial contact.January 11, 2021: Patch is live.Current State of the...
New WordPress plugin and theme vulnerabilities were disclosed during the first half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The...
The release of the 2020 ITRC Data Breach Report and launch of the ITRC’s data breach tracking tool supports the Data Privacy Day 2021 initiative to help build trust among consumers and promote transparency around data collection practices. SAN DIEGO, January 13, 2021-...
This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that...
Concerned about WordPress security and would like someone to watch your back? If this sounds like you then you are in the right place. Taking a vacation, or maybe your web designer has wandered away? Why worry about dark side of the Internet. Let...
On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites. One of these flaws made it possible for attackers with contributor level access or above to escalate...
We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress...
Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black...
We bid goodbye to 2020 in style with the release of WordPress 5.6 and the launch of Learn WordPress. But these weren’t the only exciting updates from WordPress in December. Read on to learn more! WordPress 5.6 is here The latest major WordPress release, version 5.6...
Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom...
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced...
The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On...