Wordfence Research and News

Blog icon
Category: WordPress Security

The September 2017 WordPress Attack Report

This edition of the WordPress Attack Report is a continuation of the monthly series we’ve been publishing since December 2016.

Ask Wordfence Episode 1: Setting Up Minimum Viable WordPress Security

Last week we emailed a small group of our customers asking them to contribute questions for a series of videos we will be running.

3 Zero-Day Plugin Vulnerabilities Being Exploited In The Wild

As part of our site cleaning service, our security analysts track down the method the attacker used to compromise the site.

9 WordPress Plugins Targeted in Coordinated 4.5-Year Spam Campaign

On Tuesday last week we published a post that described how someone had released an update to the Display Widgets plugin which contained a backdoor that allowed them to publish content to any site using the plugin.

WordPress Security Update 4.8.2 – Update Immediately

WordPress Core version 4.8.2 has just been released. This is a minor update and a security release which means that your sites will update automatically within the next 24 hours unless you have disabled auto updates.

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

WordPress sites are under constant attack by criminals around the world.

The August 2017 WordPress Attack Report

This is the ninth edition of the WordPress Attack Report series we’ve been publishing since December 2016.

The Man Behind Plugin Spam: Mason Soiza

This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“.

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites

Note: This post is the first part of a series. The series has a second detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam.

XSS Vulnerability in WooCommerce Product Vendors Plugin

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce known as the ‘Product Vendors‘ plugin.
  • Ask Wordfence
  • General Security
  • Holiday
  • Learning
  • Long Read
  • Miscellaneous
  • Monthly Attack Activity Report
  • Podcasts
  • PSA
  • Research
  • SEO
  • Threat Research
  • Uncategorized
  • Videos
  • Vulnerabilities
  • Wordfence
  • Wordfence CLI
  • Wordfence Intelligence
  • WordPress Security

    • Breaking WordPress Security Research in your inbox as it happens.

    Example of a news story

    This site uses cookies in accordance with our Privacy Policy.