Wordfence Research and News

Blog icon

WPEngine Credentials Exposed

Update 1 (3:10pm CST on Dec 10th): WPEngine is working with federal law enforcement as part of their investigation into the breach.

Exodus to Euroland: Early Effects of the EU Safe Harbor Collapse

On October 14th we wrote about the European Court of Justice declaring the Safe Harbor provision that allowed transfer of personally identifiable data (PII) between Europe and the USA as invalid.

New Vulnerabilities in 6 Popular WordPress Plugins

This week we have several high profile plugin vulnerabilities we’d like to bring your attention to.

Moving to Endpoint Security for WordPress

You’ve probably seen the term ‘endpoint’ talked about in the press recently in the context of information security.

Brute Force Attacks, Presidential Candidates and Plugin Vulnerabilities

Early this week we are tracking an approximate doubling of brute force attacks (login guessing attacks) on WordPress sites.

Akismet XSS Vulnerability

A vulnerability in Akismet emerged last week and because Akismet is one of the most widely used plugins for WordPress, we wanted to bring it to your attention.

Storing European User Data on USA Servers? Better read this…

Exec summary:  If you are storing European visitor data on servers based in the USA (most busy WordPress sites are), you are exporting “personally identifiable information”, or PII, of users in Europe to the United States.

Should You Disable XML-RPC on WordPress?

A few questions came up in our recent blog post, where we discuss XML-RPC brute force attacks, about disabling XML-RPC on WordPress.

WordPress XML-RPC Brute Force Attacks with multiple logins.

We’ve had a few questions about whether Wordfence protects against a newer form of attack that seems to have received some press coverage recently.

Commuting Kills

Every year we lose up to 10% of our electricity purely due to resistance during transmission.