Wordfence Research and News

Blog icon
Category: General Security

The Hacker Motive: What Attackers Are Doing with Your Hacked Site

Yesterday, September 15, 2020, the Wordfence Live team covered The Hacker Motive: What Attackers Are Doing with Your Hacked Site.

10 WordPress Security Mistakes You Might Be Making

Yesterday, August 18, 2020, the Wordfence Live team covered 10 WordPress Security Mistakes You Might be Making.

Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin

On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites.
Malware Detection: measuring recall to catch them all feature image

Malware Detection: Measuring Recall to Catch Them All

At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important.

Large Scale Attack Campaign Targets Database Credentials

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files.
Nearly a Million WP Sites Targeted in Large-Scale Attacks

Nearly a Million WP Sites Targeted in Large-Scale Attacks

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data.
Staying Safe While Video Conferencing

Safety and Security While Video Conferencing with Zoom

With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming.
Let's Encrypt Revoking Certificates

Happening Now: Over 2 Percent of Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings

On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug.

How We Think About WordPress Security and Research

This weekend I had a really fun conversation with Doc Pop from Torque Magazine.

Using PHP 5 Becomes Dangerous in 2 Months

WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.