This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Gravatar Advisory: How to Protect Your Email Address and Identity
Update: We’ve added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII.
Avoid Malware Scanners That Use Insecure Hashing
In this post I’m going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification.
Emergency Bulletin: Firefox 0 day in the wild. What to do.
Update at 2:32pm PST / 5:32pm EST: Firefox released a fix for this a few minutes ago.
Hacking 27% of the Web via WordPress Auto-Update
At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community.
Surviving Electmageddon: Protecting against a wave of DNS outages
Update: Our own migration to multiple redundant DNS providers was completed at 10am Pacific time this morning, Friday November 4th.
DynDNS is currently being DDoS’d – May affect your site
[1:28pm Pacific / 4:28pm EST Update: According to Time Magazine Deputy Tech Editor Alex Fitzpatrick, there is now a third DDoS attack underway targeting Dyn – this from 7 minutes ago.
Revslider, MailPoet, GravityForms Exploits Bypass Cloudflare WAF
Update: We have received reports from a plugin vendor that there may be some confusion about whether or not the plugins referred to in this post are still vulnerable.
Endpoint vs Cloud Security: The Cloud WAF User Identity Problem
Imagine you’re a security guard at the entrance to a high security facility.
We are removing Falcon Cache from Wordfence. Here’s what you need to know.
Version 6.2.1 of Wordfence was just released and you may have noticed in the changelog that we’ve announced that we will be removing Falcon from Wordfence.
Endpoint vs Cloud Security: The Cloud WAF Bypass Problem
Earlier this year at Black Hat 2016 there was a lot of buzz around “endpoint security”.
Breaking WordPress Security Research in your inbox as it happens.
