Wordfence Research and News

Blog icon

One week after HeartBleed, 1% of WordPress sites we tested running SSL are still vulnerable

Highlight: Wordfence 5.0.4 is currently in beta and will be released tomorrow around noon.

Wordfence 5.0.4 Beta1 now available. Targeting tomorrow for release.

Hi Beta Testers! Wordfence 5.0.4 Beta1 is now available for your downloading pleasure at: http://www.wordfence.com/betas/wordfence-5.0.4-beta1.zip What we’ve changed: Feature: We now scan for the infamous heartbleed openssl vulnerability using a non-intrusive scan method safe for production servers.

Vulnerabilities in WordPress older than 3.8.2, Twitget Plugin and Quick Page Post Redirect Plugin.

WordPress Vulnerability: WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role.

The first Falcon Engine results are in and WOW!

We’ve had amazing feedback from our customers on how the new Falcon Engine we built into Wordfence has improved their site performance.

We have launched a Wordfence Beta Testing Program

As part of our ongoing effort to improve our release process and ensure that every release of Wordfence is enterprise ready and rock solid, we’re introducing a Beta Program for Wordfence.

Serious Vulnerability in JetPack. Upgrade immediately.

In what is turning out to be the worst week for security in recent history, JetPack has a major vulnerability which allows an attacker to post to your site without permission.

Removing the ability to disable XML-RPC in emergency release 5.0.3

We screwed up. Wordfence 5 was a very big release for us and in our haste to get it out the door we didn’t sufficiently test one of the features we added towards the end of the development cycle: The ability to disable XML-RPC.

What WordPress site owners need to do about the HeartBleed vulnerability

[Updated 10:26am EST]: Here is where you can test whether your site is vulnerable to HeartBleed.

Wordfence 5 with Falcon Engine Released!

This is a big day for us. We’ve been quietly working on a release that will fundamentally improve the amount of protection that Wordfence provides for your site and your online presence.

We’re hiring

Updated November 20th, 2014. We’re looking for talented, motivated team members to fill the following roles.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.