Wordfence Research and News

Blog icon
Category: WordPress Security

Service Vulnerabilities: 3 Hosting Companies Fix NFS Permissions Problem

In mid-December we updated our Vulnerability Disclosure Policy to include Service Vulnerabilities.

WordPress Update Breaks Future Auto-Updates. Manually Update Now!

[Update at 10:50am PST: Based on the comments we’ve received below, it sounds like this problem only affects certain sites. 

WordPress Supply Chain Attacks: An Emerging Threat

In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins.

Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature

Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion clear text credentials.

Three Plugins Backdoored in Supply Chain Attack

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors.

Massive Cryptomining Campaign Targeting WordPress Sites

On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed.

Backdoor in Captcha Plugin Affects 300K WordPress Sites

The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.

Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC

A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time.

New Service Vulnerability Disclosure Policy

The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk.

Vulnerabilities in Formidable Forms, Duplicator and Yoast SEO Plugins

Vulnerabilities have been reported in the Formidable Forms, Duplicator and Yoast SEO WordPress plugins.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.