This site uses cookies in accordance with our Privacy Policy.
The Login Security page currently contains settings for two-factor authentication (2FA) and reCAPTCHA. In a future Wordfence version, existing login-related features will also move to the same page.
Earlier this week, a security update was released for the WooCommerce Checkout Manager plugin for WordPress. This update fixes two distinct vulnerabilities: an arbitrary file upload flaw present in certain configurations, and a flaw allowing attackers to delete media files from affected sites. The plugin’s users are advised to install the latest available version (4.3 …
Read More
On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More
This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin’s developer can grant themselves administrative access to sites using the plugin, or even delete affected …
Read More
Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should …
Read More
Over the last several months, we have been focused on making Wordfence a better option for organizations with a large number of WordPress sites to protect. To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you haven’t already. …
Read More
News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. The …
Read More
Here are some of the capabilities we can offer to agencies, your dedicated partner will help you find the best approach to meet your needs. Site Security Audits Optimized Firewall & Scanner Onboarding & Training Proactive Threat Mitigation Incident Response Forensic Investigation Premium Support Dedicated Agency Partner Talk to a client partner to receive a…
For our premium customers using staging, development, or test subdomains for managing their site’s updates and development, we are happy to announce the ability to utilize premium licenses across subdomains for a premium installation of Wordfence. How it Works When developing and testing a new WordPress website, many people will create a test or staging …
Read More
When we think about Wordfence and how it improves your WordPress security posture, there are two core features we tend to focus on: the firewall, and the security scanner. As the first layer of defense, the Wordfence firewall gets the most attention because it blocks hackers from gaining access. But, the scanner plays an equally …
Read More