Wordfence Research and News

Category: WordPress Security

WordPress Used as Command and Control Server in 2016 Election Hack

On Friday evening the Department of Homeland Security released a report [PDF link] containing updated and broader analysis of Russian civilian and military intelligence organization’s attempts to interfere with the 2016 US election.

Rapid Growth in Defacements, Who was Hit, Who is Attacking

Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2.

A Feeding Frenzy to Deface WordPress Sites

In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild.

The January 2017 WordPress Attack Activity Report

Last month we introduced a monthly attack activity report. This report gives you an indication of attack trends during the past month and how they have changed.

Reminder to Update to WordPress 4.7.2 and Check Your Site

During the past few weeks we have seen two WordPress core security updates.

XMLRPC or WP-Login: Which do Brute Force Attackers Prefer

At Wordfence we constantly analyze attack patterns to improve the protection our firewall and malware scan provides.

Announcing Wordfence 6.3.0 – Exciting Improvements

This morning I’m very excited to announce the release of Wordfence 6.3.0.

Do You Need a WordPress Security Plugin?

At Wordfence we are a big team these days with millions of customers, and we think about security all day long.

Analysis: Methods and Monetization of a Botnet Attacking WordPress

At Wordfence we see a huge range of infection types every day as we help our customers repair hacked websites.

Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

On approximately January 31st, version 56 of the Chrome web browser will be released.