Swift Insights
Cross-Site Scripting: The Real WordPress Supervillain
Vulnerabilities are a fact of life for anyone managing a website, even when using a well-established content management system like WordPress. Not all vulnerabilities are equal, with some allowing access to sensitive data that would normally be hidden from public...
Divi Website Editor Training Refresher
Website training refreshers, going over everything from how to edit a page in Divi to how to process orders in Woocommerce, plus anything you'd like to add. Was your website launched 3 months ago, or 3 years ago? Have things changed in the "back end" since your site...
PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium,...
Investigating and Fixing a Slow Website
Recently a client reached out to us whom we hadn't heard from in a while: their website had become very slow. It wasn't just impacting site visitors, the admin was very slow as well, making it difficult for them to update.Once we were able to track down the source of...
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it...
WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities....
Analyzing Attack Data and Trends Targeting Ukrainian Domains
As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the conflict in Ukraine, the types of attacks have been varied. A common tactic of cyber...
Is your website (still) optimized for Search Engines?
We often encounter sites that were optimized when they were first built, but nothing has been done since. Thats a lost opportunity for new business. Every new page, section, news or blog article can be optimized. With ecommerce sites the opportunity is even greater,...
Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell you more about what we’re launching and how Wordfence Intelligence...
Ukrainian Website Threat Landscape Throughout 2022
The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites....