Swift Insights
2024 Annual WordPress Security Report by Wordfence
The 2024 WordPress security landscape saw significant changes, with new Bug Bounty Programs such as Wordfence’s creating opportunities for numerous researchers to earn a sustainable income by examining WordPress software. Despite another record year for disclosed...
Use Genuine Wordfence and Stay Secure, Stay Supported, and Avoid Malware, Vulnerabilities and Backdoors
Genuine Wordfence is only available on Wordfence.com or from the WordPress Plugin Repository. Given our popularity and excellent reputation, there are unfortunately quite a few nulled or counterfeit versions of Wordfence, and plugins that modify Wordfence in the wild....
Enhancing the Wordfence Bug Bounty Program: New Incentives & a Stronger Focus on High-Impact Research
Last year was a year of growth and refinement for the Wordfence Threat Intelligence team. In December of 2023, we launched our Bug Bounty Program, rewarding security researchers for identifying and reporting in-scope vulnerabilities to further our mission of Securing...
30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin
On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker...
Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program
Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity...
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 16, 2024 to January 5, 2025)
Special Note: This weeks Wordfence Intelligence Weekly WordPress Vulnerability Report is an extended edition to cover the last few weeks in December over the holidays and the first week in January. Over the past three weeks, there were 348 vulnerabilities disclosed in...
4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability
Introductory Note: This is one of the more serious vulnerabilities that we have reported on in our 12 year history as a security provider for WordPress. This vulnerability affects Really Simple Security, formerly known as Really Simple SSL, installed on over 4 million...
WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1
Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 which includes a much requested feature from security analysts, hosting providers and ops teams: Database scanning for WordPress. Now you can scan any WordPress database you have access...
Wordfence Price Increases Coming December 5th, 2024
We haven’t raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a...
WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program
From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting (XSS) vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers....