Introducing the Wordfence Login Security Plugin

Today we are excited to announce the release of a brand new plugin: Wordfence Login Security. This plugin is a completely standalone plugin and you don’t need to install the full version of Wordfence to take advantage of the specific security features included in it.

Wordfence Login Security is designed by our team to secure your login and authentication system. It’s worth noting that this plugin does not include the firewall, malware scanner and other features that the full Wordfence plugin comes with.

If you already have an alternative firewall solution in place and are covered for malware scanning, then this plugin is perfect for you because it secures your login system against several dangerous and targeted attacks.

Wordfence Login Security includes the following features:

  • It provides robust two-factor authentication that is not vulnerable to cellphone SIM porting attacks.
  • It includes a login page CAPTCHA that protects you from sophisticated credential stuffing attacks that use a wide range of IP addresses.
  • It also includes XML-RPC protection.

These features are also included in the full Wordfence plugin. So if you are using Wordfence already, you don’t need to install this new plugin. You can learn more about how these features are available in Wordfence by checking out last week’s announcement post.

Why did we do this?

Over the last year we have spent a lot of time talking to WordPress users. One thing we learned, from larger companies especially, is that everyone’s situation is different. And that even means (gasp!) that some people can’t or don’t run Wordfence on some of their sites. The reasons vary, but in most cases there are many features they could benefit from using.

With that in mind, when we decided to completely rewrite our two-factor authentication feature we decided to also release it as a separate plugin. Our hope is that by making sets of related features available in “modular” plugins like this, that more websites will benefit from Wordfence protection. Our goal, after all, is to make the web safer. The more sites we can keep safe the better.

Do I need both plugins?

In a word, no. Wordfence Login Security and the full Wordfence plugin share the same code for these features. If you already have the full Wordfence plugin installed you already have all of the features available in Wordfence Login Security. If you try to install Wordfence Login Security, nothing will change.

Can I install the full Wordfence plugin if I have Wordfence Login Security installed?

Wordfence Login Security and Wordfence are built to play nicely together. They integrate seamlessly. If you are using Wordfence Login Security and then install the full version of Wordfence, all of your settings are preserved.

Once you install the full version of Wordfence, a new ‘Wordfence’ section will be added to your menu. The settings for Wordfence Login Security will appear in this area as one of the security features available to you.

Again, all your settings are preserved and you can continue knowing your site has the additional features that Wordfence includes like our firewall and malware scanner.

Do I need to upgrade to Premium to use Wordfence Login Security?

This plugin is free and you do not need to pay to use it. In addition, the features that are included in Wordfence Login Security are also available in the free version of the full Wordfence plugin.

The Wordfence team is committed to making the Web a safer place. We wanted to make these essential security features available to absolutely every WordPress site owner and user at no cost. We also built the plugin to be as widely compatible as possible so that there is no barrier to entry when it comes to securing your website against credential stuffing attacks and other attacks targeting your login system.

What’s next for Wordfence Login Security?

Our team spent the past year developing and testing Wordfence Login Security. Our team has taken the plugin through a rigorous QA process that ensures it is widely compatible, rock solid and ready for production. We have also performed a comprehensive security audit on it to ensure that there are no loopholes or issues that an attacker can exploit.

At this point, Wordfence Login Security is an extremely stable and robust security solution for your WordPress authentication system. Our intention is to set the standard for WordPress two-factor authentication with this product.

Our next steps are to listen to the community feedback while providing excellent support for our customers. This will help guide the product direction and our development team.

If you are not currently using the full version of Wordfence, we hope you will at the very least install Wordfence Login Security to protect your WordPress authentication system. Our team is installing this plugin on their own sites – in fact many have been running the beta version for months.

Wordfence Login Security is a huge step forward in helping secure WordPress and we hope you will help spread the word in the community that this plugin is available, completely free, and does an excellent job of improving the security posture of a WordPress website.

Regards,

Mark Maunder
Wordfence/Defiant Founder and CEO

The post Introducing the Wordfence Login Security Plugin appeared first on Wordfence.

Read More

Podcast Episode 16: Cami Kaos talks WordCamps, Meetups and Community


If you’ve ever attended a WordCamp or a WordPress meetup in the last 6 years, that community experience was based on the guidance and support from WordCamp Central and Community Manager Cami Kaos. Cami is the primary contact for the 150 WordCamps and over 600 WordPress meetups taking place around the world this year. Her efforts ensure that the volunteers contributing to community events have what they need to succeed. Cami shares her thoughts on getting started with WordPress meetups and WordCamps, challenges facing the growing community, and how to get involved.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find me on Twitter as @mmaunder and Cami Kaos as @CamiKaos. You can learn more about getting involved with the WordPress community on make.wordpress.org. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 16: Cami Kaos talks WordCamps, Meetups and Community appeared first on Wordfence.

Read More

Podcast Episode 14: Interview with Trauma Surgeon and Plugin Dev Andy Fragen


 
Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had the pleasure of talking with Andy at WordCamp Orange County. He’s a fascinating person and I really think you’ll enjoy our conversation.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

You can find me on Twitter as @mmaunder and Dr. Andy Fragen as @andyfragen. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 14: Interview with Trauma Surgeon and Plugin Dev Andy Fragen appeared first on Wordfence.

Read More

Podcast Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My!

We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue’s use of facial recognition technology. We take a look at GoDaddy’s removal of 15,000 spam subdomains, the Docker breach and Slack’s upcoming IPO and their dire warning to investors.

This week, I chat with Jon Brown, CEO of 9seeds, a digital agency. We chatted at Chris and Katie Bayer’s Black Mountain Coffee Roastery in Idyllwild, California. Jon and I talk about running an agency, remote work, being a digital nomad and of course, WordPress. We had a great conversation, and I think you’ll enjoy it.

Here are approximate timestamps in case you want to jump around:
1:15 WordPress plugin WooCommerce Checkout Manager vulnerabilities
3:40 Buddy Press vulnerabilities disclosed
4:42 WordPress 5.2 expected release
9:27 Dark web marketplace exit scammed
12:20 Congress asking questions about Google Sensorvault
14:39 Richard Stallman on Facebook
21:10 JetBlue facial recognition
26:17 GoDaddy spammy subdomain
29:25 IoT devices with P2P component flaws vulnerable
32:12 Docker breach
37:33 The Slack pre-IPO SEC disclosure
41:39 The Jon Brown Interview

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder and Kathy as @kathyzant, and Jon Brown at @jb510 or at 9seeds.com. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My! appeared first on Wordfence.

Read More

Podcast Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More

This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google’s Sensorvault and how it’s being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a new AirBnB scam. I also talked to Tyler Lau at WordCamp Phoenix last month, and we share that interview with you today. Tyler is the Social Community Manager at Sandhills Development. Sandhills makes some very popular plugins including Easy Digital Downloads, AffiliateWP. We talked about the WordPress community, WordPress in general and some of the cool things that Sandhills is involved in. Enjoy!

Here are approximate timestamps in case you want to jump around:
0:51 Assange taken into custody
20:27 Irresponsible security researcher
30:50 Google Sensorvault
35:14 Bayrob malware gang
43:07 Land Lordz service powering AirBnB scams
49:57 Tyler Lau interview

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

  • Julian Assange is taken into custody after seven years in the Ecuadorian embassy in London. The US Department of Justice is charging him with conspiracy to commit computer intrusion for agreeing to break a password to a classified U.S. government computer.
  • Ars Technica publishes details about the rogue security researcher with a grudge dropping 0days on innocent WordPress users. We’ve covered this irresponsible researchers on past episodes. Mark had a bit of a Tweet storm about this over the weekend. Here’s the link to the WordPress HackerOne bug bounty program.
  • Google’s sensorvault, a database of location records from hundreds of millions of devices, is being used by law enforcement.
  • A fascinating story about the Bayrob malware gang from Romania gives an detailed look at who makes money from malware, their expertise, and ultimately how they were caught.
  • Scammers use a new tool called Land Lordz to automate fake AirBnB scams, but there are ways to detect this scam and stay safe.

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Tyler Lau as @tylermaximuslau. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 7: The Tyler Lau Interview, Assange, Thought Experiments, AirBnB Scams and More appeared first on Wordfence.

Read More

Podcast Episode 3: The Cory Miller Interview and Active Exploits Target Easy WP SMTP Plugin

Welcome to Think Like a Hacker, Episode 3. In this episode Mikey Veenstra, a threat analyst at Wordfence, discusses an active exploit in the Easy WP SMTP plugin. This is breaking news which we added to the podcast at the very last minute.

We also chat with Cory Miller, the founder and former CEO of iThemes about how he created his business, why he sold to Liquid Web, what it’s like being an entrepreneur and much more. You can find Cory on Twitter at @corymiller303. And as always we cover the news with Kathy Zant.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Mikey as @heyitsmikeyv. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 3: The Cory Miller Interview and Active Exploits Target Easy WP SMTP Plugin appeared first on Wordfence.

Read More

Podcast Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview

Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence, discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam’s personal WordPress journey, community engagement success and the future of WordPress. You can find Adam on Twitter at @wpmodder. And as always we cover the news with Kathy Zant.

Find us on iTunes, Spotify, YouTube, SoundCloud, TuneIn and Stitcher. More platforms coming soon!

Click here to download an MP3 version of this podcast.

This week in the news we cover:

  • The web just took a big step toward a password-free future with WebAuthn. The Worldwide Web Consortium approved the WebAuthn standard on March 4. We look at how it works, why this is important, and what it means for WordPress.
  • A marketing company left a massive database of detailed marketing data exposed. Security researchers discovered the database, including a trove of personally identifiable information about over 800 million people.
  • Researchers have discovered a collection of MongoDBs containing information collected by China about their citizens from a variety of platforms, tied to individual profiles and distributed to police across the country.
  • It’s been 30 years of the web, and Sir Tim Berners-Lee wrote a blog post about the state of the web some thoughts on where we’re going next.

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Mikey as @heyitsmikeyv. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview appeared first on Wordfence.

Read More

Podcast Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview

Welcome to Think Like a Hacker, Episode 2. In this episode Mikey Veenstra, a threat analyst at Wordfence, discusses a serious XSS vulnerability in an abandoned cart plugin. We also chat with Adam Warner, a well known figure in the WordPress community. In our interview we chat about Adam’s personal WordPress journey, community engagement success and the future of WordPress. You can find Adam on Twitter at @wpmodder. And as always we cover the news with Kathy Zant.

Find us on iTunes, Spotify, YouTube, SoundCloud, TuneIn and Stitcher. More platforms coming soon!

Click here to download an MP3 version of this podcast.

This week in the news we cover:

  • The web just took a big step toward a password-free future with WebAuthn. The Worldwide Web Consortium approved the WebAuthn standard on March 4. We look at how it works, why this is important, and what it means for WordPress.
  • A marketing company left a massive database of detailed marketing data exposed. Security researchers discovered the database, including a trove of personally identifiable information about over 800 million people.
  • Researchers have discovered a collection of MongoDBs containing information collected by China about their citizens from a variety of platforms, tied to individual profiles and distributed to police across the country.
  • It’s been 30 years of the web, and Sir Tim Berners-Lee wrote a blog post about the state of the web some thoughts on where we’re going next.

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Mikey as @heyitsmikeyv. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 2: Mikey Veenstra Talks XSS Vulnerability + The Adam Warner Interview appeared first on Wordfence.

Read More

Think Like a Hacker Podcast Episode 1: An Interview with Josepha Haden

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at https://josepha.blog. In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users’ security and more.

Click here to download an MP3 version of this podcast. Note that we are in the process of syndicating video and audio versions of this podcast to your favorite player, and we needed to publish our first episode to enable syndication. So check back in a few days and you should find us just about everywhere. Thanks for your patience.

This week in the news we cover:

  • WordPress as of version 5.1 now alerts site owners on the dashboard if they’re using an out of date version of PHP.
  • The 2018 hacked site report from GoDaddy Security/Sucuri indicates increased prevalence of WordPress sites in their site cleaning business. In better news, they’re seeing more WordPress sites updated than in years past, and the WordPress sites are being updated much more frequently than eCommerce platforms.
  • Freemius, a library used by a number of plugins with large installation bases, recently experienced a vulnerability disclosure and a challenging experience with a security researcher. Their blog post is a heartening read about how we all can handle security vulnerability disclosures that serve customers and the community as a whole.
  • The widely used Chrome browser requires an update to patch a very serious vulnerability.
  • WordPress core team is hoping to tighten major release cycles that hopes to streamline development for contributors as well as encourage more site owners to enable autoupdating.
  • A distributed cryptocurrency mining platform called CoinHive is ceasing operations. CoinHive was popular amongst hackers as a new way to mine cryptocurrency on hacked websites, but the crash in cryptocurrency value made it less profitable.

You can find me on Twitter as @mmaunder and Kathy as @kathyzant. Please don’t hesitate to post your feedback in the comments below.

The post Think Like a Hacker Podcast Episode 1: An Interview with Josepha Haden appeared first on Wordfence.

Read More

Live Event: Wordfence Central Official Launch and Demo

Today we are very excited to announce the launch of Wordfence Central. Our team has been working hard for almost a year on this ground-breaking project. Wordfence Central gives you the power of a security events and information manager for WordPress.

Join me for a live event starting at 8am Pacific time, 11am EST where I will provide a walkthrough of the new product. I will also be taking your questions at the end of the event. Dan Moen, our head of product, will be joining me for the webcast.

You can pre-post your questions right here as a comment on this blog post. I will start off our Q&A by answering questions that have already been posted and you are welcome to post new questions while we are streaming.

This video is live with a delay of less than 3 seconds, so I will be able to take your questions in real-time. Please note that I may answer some questions offline due to time and content constraints.

I hope to see you tomorrow at 8am Pacific, 11am Eastern time!! Until then you can read the official Wordfence Central announcement on this page.

This live stream has ended.

Thank you to everyone who participated. In future we will record the live streams our team does. This has been a fun experiment and we received a lot of questions from everyone – thank you all so much for participating. It was a resounding success and we will be experimenting more with this medium in future.

Mark Maunder – Wordfence Founder & CEO.

The post Live Event: Wordfence Central Official Launch and Demo appeared first on Wordfence.

Read More
Page 1 of 1112345»10...Last »