Wordfence Research and News

Blog icon

Large distributed brute force attack underway at 40,000 attacks per minute

We’re seeing an unusually large WordPress attack underway – as you can see it triggered our automated alerting system which posted to Facebook and Twitter.

[WordPress Security] Vulnerabilities in BuddyPress, Better WP Security, WP Cron Dashboard and more.

This went out on our WordPress Security mailing list a few minutes ago: We are now seeing exploits for the following vulnerabilities in the wild.

Large distributed brute force attack underway

Update at 10am EST, Feb 11th: The attack appears to be abating with brief spikes in activity.

How to Secure Your Upload Scripts and How Hackers use Google to find Vulnerable Sites.

This week we’ve seen two new exploits hit the wild, one in the Ghost commercial theme and another in WP-Mailinglist.

About to choose GoDaddy for WordPress hosting? Read this.

In dealing with a support issue with one of our customers (now resolved) I realized that when you set up your WordPress site, you get to choose between a Windows web server and a Linux web server.

How referrer spam affects search engine rankings

A question I receive fairly often is: Wordfence ran a scan on my site and found a known malicious URL in one of my files.

What to do about the Adobe Hack.

Within the last 48 hours Adobe announced that they have been hacked and that the user account data of 2.9 million Adobe users has been breached.

Three new WordPress Plugin Vulnerabilities and what to do about them

The Plugin Complete Gallery Manager 3.3.3 contains a remotely exploitable file upload vulnerability.

What to do when popular plugins or themes contain malicious URLs.

A couple of weeks ago a popular theme started showing up in Wordfence scans as containing a malicious URL.

Why is Wordfence flagging a popular theme or plugin as containing malware?

A couple of weeks ago a popular theme started showing up in Wordfence scans as containing a malcious URL.