This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: WordPress Security
Wordfence Blocks Username Harvesting via the New REST API in WP 4.7
WordPress 4.7 was released 6 days ago, on December 6th. It includes a REST API that will be used by many WordPress plugins, mobile apps, desktop applications, cloud services and even WordPress core in future.
Gravatar Advisory: How to Protect Your Email Address and Identity
Update: We’ve added comments at the end of the post pointing out that the National Institute of Standards and Technology (NIST) considers an email address to be personally identifiable information or PII.
Avoid Malware Scanners That Use Insecure Hashing
In this post I’m going to discuss a major problem that exists with several WordPress malware scanners: The use of weak hashing algorithms for good and bad file identification.
Hacking 27% of the Web via WordPress Auto-Update
At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community.
Surviving Electmageddon: Protecting against a wave of DNS outages
Update: Our own migration to multiple redundant DNS providers was completed at 10am Pacific time this morning, Friday November 4th.
DynDNS is currently being DDoS’d – May affect your site
[1:28pm Pacific / 4:28pm EST Update: According to Time Magazine Deputy Tech Editor Alex Fitzpatrick, there is now a third DDoS attack underway targeting Dyn – this from 7 minutes ago.
Revslider, MailPoet, GravityForms Exploits Bypass Cloudflare WAF
Update: We have received reports from a plugin vendor that there may be some confusion about whether or not the plugins referred to in this post are still vulnerable.
Endpoint vs Cloud Security: The Cloud WAF User Identity Problem
Imagine you’re a security guard at the entrance to a high security facility.
Endpoint vs Cloud Security: The Cloud WAF Bypass Problem
Earlier this year at Black Hat 2016 there was a lot of buzz around “endpoint security”.
18X Speedup in Wordfence Scan
Wordfence 6.2.0 was released yesterday and it includes something really special: a huge improvement in scan performance.
Breaking WordPress Security Research in your inbox as it happens.
