Keep your wordpress plugins updated at all time, ensure your wordpress admin account is secure do not use admin as user name, lastly use wordfence or similar firewall to monitor your wordpress 24/7.
On Friday, August 23, 2019, 01:51:23 PM EDT, Wordfence [email protected] wrote:
Over the past few weeks, the Defiant Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations.
In today’s post we’ll look at the attacks associated with this campaign, and we’ll provide some useful indicators of compromise (IOCs) to assist in identifying similar activity.
The two most prevalent vulnerabilities targeted by this campaign are covered by Premium rules in the Wordfence firewall. Release dates for Free users are detailed in the post.
Check it out on the Wordfence Blog…
Mikey Veenstra – Wordfence Threat Analyst
Introducing the Wordfence Login Security Plugin
If you aren’t running the full Wordfence plugin on one of your sites, use Wordfence Login Security for robust, layered protection from brute force attacks. It includes two-factor authentication, XML-RPC protection, and login page CAPTCHA. Learn More
If you would like to stop receiving WordPress security alerts and product updates from Wordfence, please use the “unsubscribe” link at the bottom of this email. You subscribed to this list via the Wordfence security plugin for WordPress.
If you aren’t already a member, you can subscribe to our WordPress Security and Product Updates mailing list here. You’re welcome to republish this email in part or in full, provided that you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.
Defiant, Inc. 800 5th St STE 4100 Seattle WA 98104 United States
You received this email because you are subscribed to Wordfence Security Mailing List from Defiant, Inc..
Update your email preferences to choose the types of emails you receive.
Unsubscribe from all future emails