At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I...
Website Maintenance Tips
PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin
On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one...
Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think
At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking...
Cross-Site Scripting Vulnerability In Download Manager Plugin
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in...
The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner
One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to...
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter...
Millions of Attacks Target Tatsu Builder Plugin
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which...
Have you been maintaining your websites AODA compliance?
Was your website created to be AODA compliant? Is it still compliant? Did you know that any time you make a content update to the website – that is...
PHP Object Injection Vulnerability in Booking Calendar Plugin
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the...
Critical Remote Code Execution Vulnerability in Elementor
On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that...