This site uses cookies in accordance with our Privacy Policy.
Search Results
Suggestions:
Login Security Options
May 14, 2019
The Login Security page currently contains settings for two-factor authentication (2FA) and reCAPTCHA. In a future Wordfence version, existing login-related features will also move to the same page.
Unauthenticated Media Deletion Vulnerability Patched In WooCommerce Checkout Manager Plugin
May 2, 2019
Earlier this week, a security update was released for the WooCommerce Checkout Manager plugin for WordPress. This update fixes two distinct vulnerabilities: an arbitrary file upload flaw present in certain configurations, and a flaw allowing attackers to delete media files from affected sites. The plugin’s users are advised to install the latest available version (4.3 …
Read More
Zero-Day Vulnerability in Yellow Pencil Visual Theme Customizer Exploited in the Wild
April 11, 2019
On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More
Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin
March 29, 2019
This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin’s developer can grant themselves administrative access to sites using the plugin, or even delete affected …
Read More
Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
March 20, 2019
Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should …
Read More
Introducing Wordfence Central
February 6, 2019
Over the last several months, we have been focused on making Wordfence a better option for organizations with a large number of WordPress sites to protect. To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you haven’t already. …
Read More
XSS Injection Campaign Exploits WordPress AMP Plugin
November 20, 2018
News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. The …
Read More
Agency Solutions
October 16, 2018
Here are some of the capabilities we can offer to agencies, your dedicated partner will help you find the best approach to meet your needs. Site Security Audits Optimized Firewall & Scanner Onboarding & Training Proactive Threat Mitigation Incident Response Forensic Investigation Premium Support Dedicated Agency Partner Talk to a client partner to receive a…
New Feature: Premium Development Subdomains
June 5, 2018
For our premium customers using staging, development, or test subdomains for managing their site’s updates and development, we are happy to announce the ability to utilize premium licenses across subdomains for a premium installation of Wordfence. How it Works When developing and testing a new WordPress website, many people will create a test or staging …
Read More
How the Wordfence Scanner Protects Your Site
May 21, 2018
When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally …
Read More
Breaking WordPress Security Research in your inbox as it happens.
