Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature

Wordfence Now Includes 1.4 Billion Leaked Passwords in Password Auditing Feature Last week, we reported a massive upsurge in brute force login attempts following the leak of a database of 1.4 billion cleartext credentials. No one had seen 14% of the exposed username/password pairs before, making this a ripe opportunity for hackers to […]

Three Plugins Backdoored in Supply Chain Attack

Three Plugins Backdoored in Supply Chain Attack In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been […]

Massive Cryptomining Campaign Targeting WordPress Sites

Massive Cryptomining Campaign Targeting WordPress Sites On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able to isolate […]

Backdoor in Captcha Plugin Affects 300K WordPress Sites

Backdoor in Captcha Plugin Affects 300K WordPress Sites The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check to see if it […]