Swift Insights
PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium,...
Investigating and Fixing a Slow Website
Recently a client reached out to us whom we hadn't heard from in a while: their website had become very slow. It wasn't just impacting site visitors, the admin was very slow as well, making it difficult for them to update.Once we were able to track down the source of...
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it...
WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities....
Analyzing Attack Data and Trends Targeting Ukrainian Domains
As we continue to monitor the cyber situation in Ukraine, the data we are seeing shows some interesting trends. Not only has the volume of attacks continued rising throughout the conflict in Ukraine, the types of attacks have been varied. A common tactic of cyber...
Is your website (still) optimized for Search Engines?
We often encounter sites that were optimized when they were first built, but nothing has been done since. Thats a lost opportunity for new business. Every new page, section, news or blog article can be optimized. With ecommerce sites the opportunity is even greater,...
Wordfence Launches Wordfence Intelligence for Hosts and Network Defenders
This morning the Wordfence team is launching Wordfence Intelligence live at Black Hat 2022 in Las Vegas. Our entire team is here in Las Vegas, including our international team members. I’d like to tell you more about what we’re launching and how Wordfence Intelligence...
Ukrainian Website Threat Landscape Throughout 2022
The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites....
Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week
Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack...
Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability...