Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code.…
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve…
Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could potentially require the connection details to be hard coded or manually…
Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to make Wordfence even more robust, and includes…
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script,…
Sure, there are tons of one-click installers floating around for WordPress. But they’re not always the most secure option — and can still be tedious to use, especially if you need to update default configurations after installation. But what if…
Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a clear way for services to educate and protect end users…
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates infect the victim’s computer with various types of malware including…