Creating a WP 2FA tab within the WooCommerce My Account dashboard

If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA authentication can protect you from security breaches due to weak passwords. Thankfully, our WP 2FA plugin makes this a breeze. If you’re not already using it, I strongly suggest doing so today, so you can increase your site’s security in a matter of minutes. This article will show you how you can enhance your WooCommerce store’s security by adding our 2FA configuration form to a […]

PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons

Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHP_SELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar vulnerability related to the use of PHP_SELF. On August 16, 2021, the Wordfence Threat Intelligence team attempted to initiate disclosure for a reflected Cross-Site Scripting vulnerability in Easy Social Icons, a WordPress plugin with over 40,000 installations. After 2 weeks without a response, we forwarded the issue to the WordPress plugins team on August 30, 2021. An initial patch, […]

What is Cryptocurrency Mining Malware?

Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the cyber criminals controlling it.  Instead of using video game consoles or graphics card farms, these particular cryptominers are using the computers and servers of the people around them for their processing power – without permission. This type of malware mines cryptocurrencies on the systems of their targets or even steals cryptocurrency from other targets, using its resources in such a way that the owner wouldn’t know. Continue reading What is […]

WordPress Hacked: 7 Warning Signs To Watch

One of the most frustrating and stressful situations you could ever run into as a WordPress site owner is finding out that your site has been hacked. One minute your site is humming along, bringing in traffic and, hopefully, revenue. And then, next thing you know, you discover something is very wrong with your WordPress site. Unfortunately, the reality that your WordPress site could be hacked needs to be dealt with as efficiently and effectively as possible to make sure it never happens. Because if you find yourself facing a hacked website, you’ll probably be asking yourself why your site, […]

PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin

Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of PHP_SELF. So be sure to look out for that post via our mailing list, which you can join on this page, in case you’re not already a member. On August 16, 2021, the Wordfence Threat Intelligence team attempted to initiate disclosure for a reflected Cross-Site Scripting vulnerability in underConstruction, a WordPress plugin with over 80,000 installations. After […]

Upcoming Gallery Block improvements

Thanks to @javiarce & @annezazu for design and copy contributions. An exciting update to the Gallery Block gives you more ways to show off images in your posts and pages. While this change won’t be available for most folks until WordPress 5.9’s launch in December, we wanted to share some of what’s to come to get you excited about the future. Style individual images You can now use the same tools that are available for individual image blocks on each image in the Gallery Block! This added flexibility means you can do more customization – from adding links to each […]

Interview with Aurelio Volle, WP Umbrella CMO & Product Owner

Aurelio Volle is the Chief Marketing Officer and Product Owner of LIVEN – the umbrella company that has brought us Image SEO Optimizer and WP Umbrella – a PHP errors, performance, and uptime monitoring service for WordPress. With 4 degrees to his name, he works as a lobbyist and university lecturer by day, while handling marketing and communications for LIVEN by night. With several successful WordPress projects under his belt, we had a socially distant conversation with Aurelio. We got to know him a little bit better while getting some insight into how WP Umbrella helps WordPress site administrators, what […]

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an attacker to export sensitive information and send arbitrary emails from a vulnerable site that could be used to phish unsuspecting users. Wordfence Premium users received a firewall rule to protect against any exploits targeting this vulnerability on August 2, 2021. Sites still using the free version of Wordfence received the same protection on September 1, 2021. We sent the full disclosure details […]

What Is a Zero-Day Vulnerability? 6 Steps to Protect Your Website

Have you ever heard of a zero-day vulnerability or a zero-day attack on a WordPress site? If not, you’re not alone. While WordPress site owners typically have a strong understanding of WordPress security and the measures required to maintain a secure site, it’s almost impossible to keep track of all of the different attacks your site might be under. Brute force attacks, cross-site scripting, DDoS attacks, spambots, and malware are all substantial threats to the security of your WordPress site. A zero-day vulnerability or zero-day attack can be any of these things and can blindside site owners who haven’t prepared. […]

WP Briefing: Episode 16: A Sneak Peek at WordPress 5.9

In addition to this episode’s small list of big things, Josepha Haden Chomphosy reviews the upcoming 5.9 WordPress release and its Full Site Editing features. Have a question you’d like answered? You can submit them to, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First by Kevin MacLeod References WordPress 5.9 Planning  5.9 Target Features Gallery Block Refactor Dev Notes The Cathedral and the Bazaar, 19 Lessons of Open Source WordPress Translation Day WordCamp US 2021 Letters to an open source contributor, by Andrea Middleton Transcript Josepha Haden Chomphosy  00:10 Hello, […]