Category
WordPress Security
A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim… Continue Reading →
Although it’s easy to overlook, the WordPress Login Page is an important part of your site. It provides a prime opportunity to display your branding but can also be a serious security vulnerability. With LoginPress, you can apply custom styling… Continue Reading →
If you own a WordPress-powered website or are considering using WordPress as your CMS, you may be concerned about potential WordPress security issues. In this post, we’ll outline a few of the most common WordPress security vulnerabilities, along with steps… Continue Reading →
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate… Continue Reading →
Today one worldwide phenomenon which has proved to be a revolutionary in the IT sector is Hacking. People who have the technical know-how to manipulate the data and control the networks with an intention of stealing and breaching sensitive data… Continue Reading →
A default and up-to-date WordPress installation with a strong password is quite secure. However, to survive on the internet that is not enough. That’s where File Integrity Monitoring (FIM) comes into play. A File Integrity Monitoring tool or plugin monitors… Continue Reading →
Change your WordPress login URL and hide your wp-admin to outsmart hackers and prevent brute-force attacks… it’s easier to make your site harder to crack than you think! Let’s not kid ourselves. Even script kiddies know that all they have… Continue Reading →
Description: Stored XSSCVSS Severity Score: 6.1 (Medium)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NAffected Software: SyntaxHighlighter EvolvedPlugin Slug: syntaxhighlighterAffected Version: 3.5.0Patched Version: 3.5.1 While doing a security audit of the plugins and themes we run on wordfence.com, I discovered a stored XSS vulnerability in SyntaxHighlighter… Continue Reading →
Description: Open RedirectCVSS v3.0 Score: 7.1 (High)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LAffected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter FeedPlugin Slugs: qode-instagram-widget, qode-twitter-feedAffected Versions: Bridge Theme: 18.2 / Plugins: 2.0.1Patched Version: Bridge Theme: 18.2.1… Continue Reading →
The best WordPress optin plugin just keeps getting better. Improve your hustle with the latest features of Hustle! The new security features covered in this blog post are included with the free version of Hustle, but you get a whole lot… Continue Reading →
Description: Full Path DisclosureCVSS v3.0 Score: 4.3 (Medium)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NAffected Plugin: Fast Velocity MinifyPlugin Slug: fast-velocity-minifyAffected Versions: <= 2.7.6Patched Version: 2.7.7 A few days ago, our Threat Intelligence team identified a vulnerability present in Fast Velocity Minify, a WordPress… Continue Reading →
This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […]
It feels like every week there’s another security breach in the news. It can cause panic, especially when we think website security has to be complicated. But protecting your WordPress website doesn’t have to be hard. WordPress security is easier… Continue Reading →
Did you know that out of the top 10 million websites, WordPress is used by nearly a third of all sites? It has nearly 60% market share among content management systems. The customizability and functionality of WordPress make it the… Continue Reading →
Looking to improve the security of your WordPress website? Here I’m sharing all the tips and strategies that I have learned running this award-winning WordPress blog. Just to let you know, In recent times, WordPress has been highly targeted by… Continue Reading →
Description: Authentication Bypass with Information DisclosureCVSS v3.0 Score: 7.5 (High)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NAffected Plugin: GiveWPPlugin Slug: giveAffected Versions: <= 2.5.4Patched Version: 2.5.5 A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a WordPress plugin installed on over… Continue Reading →
Several new WordPress plugin and theme vulnerabilities were disclosed during the last half of September, so we want to keep you aware. In this post, we cover recent WordPress plugin and theme vulnerabilities and what to do if you are… Continue Reading →
Love infographics? We do, too! From WordPress security basics to how to secure your website, we have 8 WordPress security infographics for you to download and share. 1. Five Ways to Secure Your WordPress Website It feels like every week… Continue Reading →
Description: XSS Via Unauthenticated Plugin Options UpdateAffected Plugin: Rich ReviewsAffected Versions: <= 1.7.4CVSS Score: 8.3 (High)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The… Continue Reading →
In this webinar, Michael Moore explains why passwords are soon to be a relic of the past and why are all of the major tech companies trying to kill passwords. He also walks through how to use the new iThemes… Continue Reading →
The benefits of this WordPress security guide are two fold: Learn exactly what you need to know about WordPress security in 2019. Understanding WordPress security helps you adopt a security-oriented […]
Having your WordPress site hacked is not something you ever want to experience, but it happens more often that we’d like. There are ways to help prevent hacks, but if it happens to you, here are a few things you… Continue Reading →
