WordFence – Page 2 – WindowsTechs.com

Attackers tried to grab WordPress configuration files from over a million sites

Posted on June 5, 2020 by Zeljka Zorz

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. In b… Continue reading Attackers tried to grab WordPress configuration files from over a million sites→

Nearly a million WordPress sites targeted in extensive attacks

Posted on May 6, 2020 by Zeljka Zorz

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s … Continue reading Nearly a million WordPress sites targeted in extensive attacks→

WordPress Plugin Bug Opens 100K Websites to Compromise

Posted on April 28, 2020 by Tara Seals

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace. Continue reading WordPress Plugin Bug Opens 100K Websites to Compromise→

Cookie-nabbing app could have served users side helping of XSS

Posted on February 14, 2020 by Danny Bradbury

A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to XSS attacks. Continue reading Cookie-nabbing app could have served users side helping of XSS→

WordPress sites hit by malvertising

Posted on November 7, 2019 by Danny Bradbury

An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing. Continue reading WordPress sites hit by malvertising→

Hackers are infecting WordPress sites via a defunct plug-in

Posted on September 26, 2019 by Danny Bradbury

If you’re a Wordpress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. Continue reading Hackers are infecting WordPress sites via a defunct plug-in→

WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign

Posted on September 3, 2019 by Tara Seals

An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks. Continue reading WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign→

Attackers are exploiting vulnerable WP plugins to backdoor sites

Posted on September 3, 2019 by Zeljka Zorz

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the vulnerable installations, Wordfence’s Mikey Veenstra warns. The attacks T… Continue reading Attackers are exploiting vulnerable WP plugins to backdoor sites→

WordPress sites are being backdoored with rogue admin users

Posted on September 2, 2019 by John E Dunn

A malvertising campaign has evolved to give hackers control of entire sites. Continue reading WordPress sites are being backdoored with rogue admin users→

Update now! WordPress abandoned cart plugin under attack

Posted on March 13, 2019 by John E Dunn

Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce. Continue reading Update now! WordPress abandoned cart plugin under attack→