WFCM 1.6: full integration with WP Activity Log

https://www.wpwhitesecurity.com/wfcm-1-6/

Today we are announcing two releases; Website File Changes Monitor 1.6 and  WP Activity Log 4.1.2. They are being released together because we have integrated the plugins. Let’s dive right in and see what this integration is all about, and what are the benefits to both plugins’ users. Superior file integrity monitoring scans and better activity logs This integration between these two plugins means a superior WordPress file integrity monitoring solution and UX. We are combining the comprehensive activity log of WP Activity Log and the advanced file integrity monitoring technology of the Website File Changes Monitor plugin. From now […]

Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record

https://www.wordfence.com/blog/2020/06/episode-78-targeted-phishing-bypassing-security-checks-and-a-new-ddos-record/

This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record for a massive DDoS attack that targeted an AWS customer. Drupal pushes out some security fixes, and zero-day vulnerabilities found in numerous Netgear routers. Here are timestamps and links in case you’d like to jump around, and a transcript is below.2:35 Targeted phishing campaigns are bypassing Microsoft Outlook spam filters, and Wells Fargo customers targeted by calendar invites4:48 Bitcoin scam using vanity […]

Defiant Participating in Privacy Shield Framework

https://www.wordfence.com/blog/2020/06/defiant-participating-in-privacy-shield-framework/

Defiant, dba Wordfence, is now listed on the Privacy Shield certification list participating in both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. The purpose of these frameworks is to allow for the lawful transfer of personal data from the European Union and Switzerland to the United States. Two years ago when the General Data Protection Regulation (GDPR) was enacted in Europe, we painstakingly worked to ensure that Wordfence was in full compliance with these new regulations governing data protection and privacy for those located in the European Economic Area (EEA). Defiant’s inclusion in the Privacy Shield Framework underscores our commitment […]

How to track WordPress user login history with activity logs

https://wpactivitylog.com/track-wordpress-user-login-history/

WordPress is popular for a reason. If your business site requires multiple people to log in, update content, change settings and collaborate, WordPress has you covered. Setting up a multi-user site has never been easier, but it does come at a cost. With a big team it’s easy to lose track of what everyone is doing, and step in if something goes wrong. This is why it’s important to track your WordPress user login history. It doesn’t have to be complicated either. By installing a WordPress user tracking plugin (also known as activity log plugin), you can track, monitor and […]

How to Quickly Change (Or Reset) WordPress Passwords

https://kinsta.com/blog/change-wordpress-password/

If you need to change your WordPress password, you might be panicking. You’ve lost access to your site and you don’t know how to get in again. Try a free demo Help! Typically this occurs when someone simply forgets their WordPress password, they don’t have access to their email for a standard password reset, or their WordPress site isn’t sending emails correctly. In this post, we’ll walk you through a few quick and easy steps on how to change WordPress passwords (or reset them) for all the different types of scenarios you might encounter. Let’s start by looking at the […]

Episode 77: WordPress 5.4.2 Released, Fake Ransomware Bitcoin Scams

https://www.wordfence.com/blog/2020/06/episode-77-wordpress-5-4-2-released-fake-ransomware-bitcoin-scams/

This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report and what is says about WordPress, and how some white hat hackers are becoming millionaires responsibly disclosing vulnerabilities via HackerOne. Here are timestamps and links in case you’d like to jump around, and a transcript is below.0:20 WordPress 5.4.2 security release fixes multiple XSS vulnerabilities1:47 High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites3:05 Ransomware Bitcoin scam claiming […]

The WordPress security process; Test, Harden, Monitor, Improve

https://www.wpwhitesecurity.com/wordpress-security-process-test-harden-monitor-improve/

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you a false sense of security. Instead, the winning strategy is to follow a continuous process. A process of constantly testing your defenses and iterating on that to improve your website’s security posture. This article aims to offer a simple to follow long-term iterative process you […]

WordPress 5.4.2 Patches Multiple XSS Vulnerabilities

https://www.wordfence.com/blog/2020/06/wordpress-5-4-2-patches-multiple-xss-vulnerabilities/

WordPress Core version 5.4.2 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that would require specific circumstances to exploit. All in all this release contains 6 security fixes, 3 of which are for XSS (Cross-Site Scripting) vulnerabilities. Both the free and Premium versions of Wordence have robust built-in XSS protection which will protect against potential exploitation of these vulnerabilities. A Breakdown of each security issue An XSS issue where authenticated users with […]

WordPress 5.4.2 Security and Maintenance Release

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you. Security Updates WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier […]

WordPress Vulnerability Roundup: June 2020, Part 1

https://ithemes.com/wordpress-vulnerability-roundup-june-2020-part-1/

New WordPress plugin and theme vulnerabilities were disclosed during the first half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on […]