At Wordfence our business is to secure over 4 million WordPress websites and keep them secure. My background is in network operations, and then I transitioned into software development because my ops role was at a scale where I found myself writing a lot of code. This led me to founding startups, and ultimately into … Read more
On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security updates in WordPress plugins and themes, our team analyzed the plugin to determine the exploitability and severity of the vulnerability that had been patched. We … Read more
At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking IP addresses over a 30 day period, you might be surprised to find out where these attacks are originating, and what they are doing. When most people hear about … Read more
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985. All Wordfence users, including Free, Premium, Care, and Response, are protected from exploits targeting this … Read more
One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent unauthorized access to data, while the Integrity pillar … Read more
