Introducing Wordfence 7

Wordfence is the most popular WordPress security software in the world for good reason. The protection offered by the endpoint firewall outperforms alternatives. The scanner delivers the best detection in the industry. A long list of other features like country blocking, two-factor authentication and password auditing make Wordfence the best and most comprehensive security solution... Read More

SQLi Vulnerability in YITH WooCommerce Wishlist

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites. Are You at Risk? This vulnerability... Read More

Malicious Website Cryptominers from GitHub. Part 2.

Recently we wrote about how GitHub/ was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for serving malicious code. Encrypted CoinHive Miner in Header.php The following encrypted malware was found in the header.php file of the active WordPress theme: There are... Read More

Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature

Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion clear text credentials. No one had seen 14% of the exposed username/password pairs before, making this a ripe opportunity for hackers to attempt to break into WordPress sites. Historically, brute force attacks targeting WordPress... Read More

Three Plugins Backdoored in Supply Chain Attack

In the last two weeks, the repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in search results. Each of them had been purchased in the previous six months as part of... Read More

Reverse Javascript Injection Redirects to Support Scam on WordPress

Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with ‘riskware’ and will be disabled unless they call what... Read More

Backdoor in Captcha Plugin Affects 300K WordPress Sites

The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check... Read More