Page 5 of 8
Chances are, your website has a clearly defined objective—whether it’s attracting new customers, selling a service, or growing your email list. If that’s the case, you’ll want to achieve the best results possible, right? What if making a few small… Continue Reading →
We’ve all been there: you’re working on your WordPress site, making great progress, when suddenly something breaks. Maybe a plugin update went wrong, your theme isn’t behaving as expected, or you’re seeing the dreaded “white screen of death.” Whatever the… Continue Reading →
With Drupal 7 having reached its end-of-life earlier this month, organizations still running on this legacy platform face increasing security risks and maintenance challenges. While Drupal has served many websites well, WordPress has continued to cement its position as the… Continue Reading →
The .htaccess file is one of the most versatile tools available to WordPress site owners. It’s a configuration file that offers a variety of options to control how your site interacts with the server, improving functionality, security, and performance. In… Continue Reading →
If you run a WordPress site, you’ve probably noticed the default login page is, well, a little bland. While it’s functional, it’s generic and doesn’t reflect the personality of your site or brand. Fortunately, WordPress’s flexibility allows you to create… Continue Reading →
Do you want to know about the different types of WordPress redirects and how they can impact your website? If so, you’re in the right place! For folks who are casually browsing the internet, a 404 error page is a… Continue Reading →
The White Label Agency is your behind-the-scenes WordPress development and design partner. We help digital agencies scale up while staying completely invisible to their clients. With over 100 developers and 3,000+ projects completed annually, we can be your dedicated team… Continue Reading →
Design agencies thrive on creativity and innovation, but the true measure of success often lies in their ability to attract and retain clients. Securing a steady stream of new clients can be challenging, however, with thorough planning and strategic actions,… Continue Reading →
Configuring a WordPress site requires careful consideration of both security and usability. One key measure you can take is leveraging the user roles and permissions features built into the WordPress CMS. These roles determine what each user can do, whether… Continue Reading →
At rtCamp, we always believe in seamless migration, so we understand how every project handled by small or enterprise organizations can face pushback when aligning digital initiatives with WordPress. To help you figure out and create a simplified migration strategy,… Continue Reading →
A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil… Continue Reading →
Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost… Continue Reading →
Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated… Continue Reading →
Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data… Continue Reading →
Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit,… Continue Reading →
A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed… Continue Reading →
A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn… Continue Reading →
Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a… Continue Reading →
A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US… Continue Reading →
A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any… Continue Reading →
Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild - Wordfence Blog
Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers… Continue Reading →
Attacks on unpatched SolarWinds systems continue. We’re now learning of a supply chain attack that started in late January 2021 affecting 29,000 customers of Codecov, as well as a zero-day under active attack affecting customers of PulseSecure VPN. Customers of… Continue Reading →
An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor… Continue Reading →
A new Wix ad campaign targets WordPress but ends up being tone deaf in both content and strategy. New details emerge about the PHP compromise, but the full story remains unclear. Facebook user data from 2019 ends up on the… Continue Reading →
The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in… Continue Reading →
Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use… Continue Reading →
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited…. Continue Reading →
A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites,… Continue Reading →
The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new… Continue Reading →
Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE - Wordfence Blog
WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code… Continue Reading →
