Archive For: WordPress Security
-
July 13, 2023
Categories:
-
Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with... Read More
-
July 13, 2023
Categories:
-
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue. Investigating obfuscated JavaScript Our investigation revealed the following piece of obfuscated JavaScript... Read More
-
July 12, 2023
Categories:
-
Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you take a few of these steps to harden WordPress and protect your environment against bad bots, brute force, and other automated attacks. For example, the WordPress login page is –... Read More
-
July 12, 2023
Categories:
-
On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker with minimal permissions, such as a subscriber, to upload... Read More
-
July 11, 2023
Categories:
-
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other complications that may arise as a result of... Read More
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates, your system hunts down this file to identify directives that will be applied to your site’s scripts. While your PHP initialization file comes pre-configured, there may be instances when you... Read More
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources. As you can imagine, this was quite the challenge as each and every data source came with... Read More
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with... Read More
One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. This is particularly common within cPanel environments when add-on domains are used, or within improperly... Read More
-
June 29, 2023
Categories:
-
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the Wordfence Intelligence Vulnerability Database has the most up to date and accurate information.... Read More
«
1
…
15
16
17
18
19
…
101
»
Tap To Call