It’s not uncommon for users to experience “DDoS Protection” pages when casually browsing the web. These DDoS protection pages are typically associated with browser checks performed by WAF/CDN services which[…]
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin[…]
On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over[…]
The Brute Protection Technique is the 3 Step process to secure WordPress websites from hack, malicious and brute force attacks in 2022.
Attempted attacks are just the background radiation of the internet – let’s look at practical examples of what constitutes a threat, and what does not.
The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of[…]
While WordPress core is well-tested and widely used, it allows plugins to be installed. Those plugins can be developed by, well, anyone! They enable many significant enhancements to the core[…]
Our story starts like many others told on this blog: A new client came to us with reported cases of credit card theft on their eCommerce website.The website owner had[…]
We’ve seen forced updates become increasingly common and less controversial over time. But who decides, and how is that decision made? Are there unofficial channels and processes, like a decision[…]
Late last week, Ninja Forms users received a forced security update from WordPress.org for a critical PHP Object Injection vulnerability. This particular vulnerability can be exploited remotely wit…
On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security[…]
Ahacked WordPress site isn’t a subject most WordPress site owners want to think about. But they are a real issue, impacting over 30,000 websites every single day.
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000[…]