Wordfence 6 Updates: Keeping the Bad Guys at Bay

Security is ever changing. Hackers, exploiters, and script kiddies never really sleep. They keep poking, and prodding, and testing, always trying to find a way to do what they want to do. Sometimes they want to use a website to host malware. Sometimes they want to use a website to send spam. Sometimes they just want to change your homepage to say “YOU GOT HAXORED!!!”

Regardless of why they do it or how they do it, the end result is the same.   It’s a pain in the neck to you. And because the bad guys never stop looking, here at Wordfence, we never stop. We keep improving our plugin and adding signatures for new threats as they arise. Security is what we do, and we do it well.

It was just about three weeks ago that we released version 6.0.1 and it sure was a watershed moment for Wordfence. We released a brand new version, we passed 6 million downloads, and  began more robust support for IPv6. Since that time, we’ve released 5 more times, each time making the plugin better than before. We thought it might be a great time to recap and talk about some of the important changes that have been made over the past 3 weeks.

* We began officially supporting IPv6. This included whois lookups, IP range blocking, IPv6 city lookups on our live traffic page, country blocking, and all of our other security functions. This wasn’t a small change either. It required examining almost every bit of code we had written, modifying some, removing some, and writing some from scratch.
* We addressed websites’ server performance issues by adding focus/blur events to the scan activity area.
* We introduced option table scanning based on some very nasty code we found out in the wild. This code generated spam urls in the database, visible to Google but hidden from the public and on the posts page. The user was only alerted after Google flagged him as being hacked. After finding that, we discovered several other similar cases and acted quickly to add the scans. This work also included merging the new vulnerability scans with the existing option table scanning, resulting in better detection and performance overall.
* We improved detection for Googlebot to make absolutely sure your site continues to get crawled while the bad guys are kept out.

These are just some of the things we did. Overall, we made around 38 changes and updates, added multiple samples to our scan engine every day, supported 800.000 active Premium and free users, and more.

So, what are we trying to say in this post?  Are we just tooting our own horn?   Are we taking a second to brag about how great we are?   No.  We want to remind you, our customers, that we value the trust you put in us and we just wanted to let you know that however hard the hackers work, we’ll work harder.   That’s what we do at Wordfence.  We work hard so that you can rest easier.

The post Wordfence 6 Updates: Keeping the Bad Guys at Bay appeared first on Wordfence Blog.

Comments are closed.