This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Category: WordPress Security
WordPress Security: Reminder to Upgrade SSL Certificates from SHA1 to SHA2
With Chrome version 39 which is in the process of being released (see footnote), Google has started issuing warnings if a website is using a certificate that has a signature algorithm that uses the older and less secure SHA1.
WordPress Security: Nulled Scripts and the CryptoPHP Infection
Our friends over at Fox-IT based in Delft in the Netherlands just contacted me with some amazing research they’ve just published.
Multiple Critical Vulnerabilities in WordPress Core
WordPress 4.0.1 has just been released and with it the announcement that multiple critical vulnerabilities have been discovered and fixed in several versions of WordPress Core including the current version 4.0.
SSL Will be Free Starting Summer 2015
If you aren’t using SSL to have a conversation with a website, your traffic is readable by anyone on the Net who can see your network packets flying past.
Wordfence 5.3.2 Released, now with Referer Blocking
The newest version of Wordfence includes a much requested feature and you can thank Tim Cantrell for listening to your requests and getting us to put this in 5.3.2.
WordPress Security: Vulnerabilities in BulletProof Security .51 and Notes on Responsible Disclosure
Multiple vulnerabilities exist in BulletProof Security version .51 and earlier including an XSS, SQL injection and SSRF vulnerability.
Are Web Application Firewalls Vulnerable?
Anyone else remember Gauntlet or Firewall-1? They were two of the most popular firewall products back in the early 1990’s when Firewalls were just beginning to reach the market.
WordPress Security: Vulnerability in WP eCommerce Plugin
A serious vulnerability was announced within the last 24 hours in the WP eCommerce Plugin.
WordPress Security Plugin Vulnerabilities for Oct 30th
This is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to.
What to do about the POODLE SSL Vulnerability for Surfers, Admins and Devs
POODLE which stands for “Padding Oracle On Downgraded Legacy Encryption”, describes a security vulnerability in the SSL Version 3 cryptogram used by older Internet browsers.
Breaking WordPress Security Research in your inbox as it happens.
