The WPSetup Attack: New Campaign Targets Fresh WordPress Installs

At Wordfence, we track millions of attacks from a wide variety of sources every day. From this data we create a list of the worst-of-the-worst attackers and add those to our IP blacklist to protect our Premium customers. We also carefully monitor the activity that those known bad IP addresses engage in. In May and…

WordPress 4.7.5 Security Release – Immediate Update Recommended

A few hours ago WordPress abruptly released 4.7.5 which is a security release. It fixes six vulnerabilities which are detailed on the wordpress.org blog. I’d like to encourage you to update to 4.7.5 as soon as possible. Unless you have disabled automatic updates, your site may have already been upgraded to WordPress 4.7.5. This security…

The March 2017 WordPress Attack Report

Today we are releasing the WordPress Attack Report for March, 2017. You can also find the following previous attack reports on our blog: December 2016, January 2017 and February 2017. This report contains the top 25 attacking IPs for the month of March and their details. It also includes charts of brute force attack activity…

Imminent: Non-HTTPS Sites Labeled “Not Secure” by Chrome

On approximately January 31st of this month, version 56 of the Chrome web browser will be released. There is a significant change in the way it displays websites that are not using HTTPS, also known as SSL. This change may confuse your site visitors or surprise you if you are not expecting it. Starting with the…