Page 21 of 24
If you’re new to WordPress, you’ve likely stumbled across a question that puzzles many beginners: what’s the difference between posts and pages? At first glance, they might seem interchangeable—both let you add text, images, and other content to your site…. Continue Reading →
The Ubuntu 20.04 runner image (ubuntu-20.04) for GitHub Actions will soon be deprecated as of April 1, 2025. In preparation for this upcoming change, there will be scheduled brownouts that will result in failed deployments. These scheduled brownouts will occur… Continue Reading →
Managing multiple websites can quickly turn into a logistical nightmare, draining time and resources. But what if there was a way to simplify it all? Enter WordPress multisite! It’s a game-changer for agencies looking to streamline their workflow and scale… Continue Reading →
Running a WooCommerce store means credibility can make or break your success. Shoppers want proof they’re making a smart buy—reviews deliver that trust. A solid review plugin doesn’t just collect feedback; it turns browsers into buyers by showcasing social proof,… Continue Reading →
Have you ever wondered how to give your WordPress site an extra edge in the search engine rankings? If so, let’s talk about a hidden gem that often flies under the radar: the .htaccess file. This small but mighty configuration… Continue Reading →
Migrating your website to a new domain might sound like a daunting task, but sometimes it’s necessary. You may intend to rebrand, switch to a better domain name, or plan to merge multiple sites. Switching to a new domain can… Continue Reading →
WordPress widgets are one of the platform’s most powerful features—allowing you to add extra content and functionality to your site without touching a single line of code. In this post, we’ll explore what widgets are, the evolution from classic to… Continue Reading →
Chances are, your website has a clearly defined objective—whether it’s attracting new customers, selling a service, or growing your email list. If that’s the case, you’ll want to achieve the best results possible, right? What if making a few small… Continue Reading →
We’ve all been there: you’re working on your WordPress site, making great progress, when suddenly something breaks. Maybe a plugin update went wrong, your theme isn’t behaving as expected, or you’re seeing the dreaded “white screen of death.” Whatever the… Continue Reading →
A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil… Continue Reading →
Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost… Continue Reading →
Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated… Continue Reading →
Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data… Continue Reading →
Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit,… Continue Reading →
A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed… Continue Reading →
A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn… Continue Reading →
Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a… Continue Reading →
A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US… Continue Reading →
A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any… Continue Reading →
Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild - Wordfence Blog
Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers… Continue Reading →
Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of… Continue Reading →
An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor… Continue Reading →
A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the… Continue Reading →
The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in… Continue Reading →
Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use… Continue Reading →
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited…. Continue Reading →
A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites,… Continue Reading →
The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new… Continue Reading →
Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE - Wordfence Blog
WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code… Continue Reading →
An analysis of WordPress-related search trends found that interest in WooCommerce related results dominated during 2020. We discuss recent vulnerabilities discovered by our threat intelligence team in Ninja Forms, affecting over 1 million sites. WordPress issues a statement that pirated… Continue Reading →
