Swift Insights
Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata
In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a perfect world, and vulnerabilities can be introduced...
How Much is Your Hacked Site Worth?
The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business...
Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal
Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress...
WooCommerce: 2 Ways to Find Customers who Bought a Specific Product
Sometimes you want to be able to communicate with customers who purchased a particular product. Here's two ways to find them. As you may know, you can go to the orders list in WooCommerce and click into every order, where you will see displayed who the customer is,...
Spikes in Attacks Serve as a Reminder to Update Plugins
The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend...
Configuration Probing: Your Backups Might Be Your Greatest Weakness
Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could potentially require the connection details to be hard coded or manually...
Wordfence 7.8.0 Is Out! Here Is What Is Included
Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to make Wordfence even more robust, and includes a fundamental change...
Not Just for the Government: Using the NIST Framework to Secure WordPress
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a...
Russian Hacktivist Group Targets Political Websites with DDOS Attacks
A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at https://democrats.org with DDOS (Distributed Denial of Service) attacks this morning, November 8th, 2022, which is Election Day...
Missing Authorization Vulnerability in Blog2Social Plugin
On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks. Vulnerable...