Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly[…]
Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost,[…]
Sloppy statistics and sketchy incentives are damaging WordPress’s security reputation, even though the core software keeps getting better.
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well[…]
Patchstack has published its State of WordPress Security whitepaper with a summary of threats to the WordPress ecosystem recorded in 2021. The whitepaper aggregates data from multiple sources, incl…
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The[…]
Most modern browsers support a variety of HTTP security headers to improve the security of your WordPress website, better protect your visitors from
On January 4, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a[…]
UpdraftPlus, a plugin that allows users to backup to various cloud providers, has patched a severe security vulnerability that would allow logged-in users to download a site’s latest backups. The[…]
We uncovered a backup download vulnerability in UpdraftPlus plugin that could grant attackers access to privileged information.
The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts[…]
On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This[…]
We discovered a backdoor in themes and plugins by AccessPress Themes. If you have any of these themes or plugins on your site, we recommend updating or migrating to a[…]
Enter your account data and we will send you a link to reset your password.
To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%
AcceptHere you'll find all collections you've created before.
