Early this week we are tracking an approximate doubling of brute force attacks (login guessing attacks) on WordPress sites. Our attacks per minute increased from 10,000 per minute to around 20,000 per minute on Monday evening. Historically this is far from the highest we’ve seen, but it’s a clear increase and worth mentioning.
In other news, Jonathan Lampe over at the Infosec Institute ran a few security tests on websites belonging to presidential candidates including Donald Trump, Jeb Bush, Bernie Sanders and many others. The only candidate that scored an A for security is Jim Webb and the reason he scored the A is because he is running Wordfence.
No matter which way you’re voting, it’s always nice to hear that Wordfence is helping secure a former Secretary of the Navy’s campaign website.
WordPress 4.4 Beta 1 was released a few days ago and the production release is slated for December 8th. We will of course alert you when it’s time to upgrade, but for planning purposes make sure you’re around to upgrade your site in early December as it may contain security fixes and these are generally not pre-announced.
There are a handful of plugin vulnerabilities you should be aware of this month:
- We’ve already notified you about the recent Akismet XSS vulnerability.
- The WordPress Calls To Action plugin has an XSS vulnerability in 2.4.3 and earlier, so upgrade to 2.5.0 as soon as you can.
- The Events Made Easy plugin has an XSS vulnerability in version 1.5.49 and earlier and this is fixed in 1.5.50.
- The WP-Piwik plugin has an XSS vulnerability in version 1.0.4 and version 1.0.5 fixes this.
If you are running any of these plugins, make sure you upgrade to the newest version as soon as possible. In some cases technical details of the vulnerabilities will be released later this month which would make the exploit available to hackers targeting your site if you are still running the older version of a vulnerable plugin.
A big thank you to our community for participating in our WordPress Security Survey. We had over 7,000 responses which is spectacular. Our team is hard at work parsing the results as I write this and we’re already seeing data that we think will benefit the community and help us all better understand the community’s security posture and needs. We will be sharing those results with you in the coming weeks.
That’s all for now. The Wordfence Team wishes you an awesome rest-of-the-week!
The post Brute Force Attacks, Presidential Candidates and Plugin Vulnerabilities appeared first on Wordfence.
The post Brute Force Attacks, Presidential Candidates and Plugin Vulnerabilities appeared first on WP Security Bloggers.