Swift Insights
Misleading Domain Name Registry Mail
Misleading Domain Name Mail Tip/Warning Just a tip/reminder that if you get official-looking physical mail from a company called "Domain Registry", "Domain Registry of Canada", or something along those lines stating, that your domain name is about to expire, you can...
Critical Remote Code Execution Vulnerability in Elementor
On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor plugin that allowed any authenticated user to upload arbitrary PHP code. Elementor is one of the most popular WordPress plugins and...
Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. These were both reflected Cross-Site scripting...
Increase In Malware Sightings on GoDaddy Managed Hosting
Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host...
5 Search Engine Optimization (seo) Tips
It's amazing how many sites we take on that don't have even the basics of Search Engine Optimization applied. If you're hoping for business from the googles, its worth having at least the basics applied to help people find your website. Here's 5 SEO tips.Identify a...
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects...
Credit Card Velocity Attacks
Credit Card Testing/Velocity Attacks: Ever Hear of These? They are when a "bad actor" purchases a product from your online store, and then tries to pay with a stolen, fake, or otherwise fraudulent credit card. Not just one credit card though, when the transaction...
We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs
48 hours ago we deployed our commercial real-time threat intelligence automatically, and for free, to all Ukrainian websites with the .UA top-level domain. That has made over 8,000 sites in Ukraine using the free version of Wordfence significantly more secure. At...
Ukraine Universities Hacked By Brazilian Via Finland As Russian Invasion Started
The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia, and resulted in at least 30 compromised Ukrainian university websites. We have identified the threat actor behind the attack, who is...