WP Security

Website / WP Forum / Wordfence Forum 
From the author

January 22, 2014

Version 4.0.1 Updates:

  • Real-time WordPress Security Network Launched.
  • If another site is attacked and blocks the attacker, your site also blocks the attacker. Shared data among Wordfence sites.
  • See our home page on www.wordfence.com for a live map of attacks being blocked. Then blog about us!!
  • Fixed bug where wfBrowscapCache.php is reported as malicious.
  • Big improvement in scanning speed and efficiency of URL's and IP addresses.
  • Fixed preg_replace() warning by using newer preg_replace_callback() func.


December 12, 2013

Dear WordPress Publisher,

The newest version of WordPress, version 3.8, also known as "Parker" was released a few minutes ago. We've released an updated version of Wordfence which is fully compatible and includes several fixes and improvements, so upgrade your WordPress and Wordfence now.

Wordfence also now includes the ability to verify the core files of WordPress 3.8 and as always will verify the integrity of your core files for all previous versions of WordPress too.

We've seen new exploits in the wild for the following themes and plugins. If any are listed, make sure you've upgraded to the newest version and that the theme or plugin is being maintained by it's author:

  • WordPress Download Manager. The current version is 2.5.8 and this contains a cross site scripting vulnerability which does not appear to have been fixed yet. The XSS security hold exists in the form used to create a new download package where the title input field is not sanitized.
  • The Page Flip Image Gallery plugin contains a remote file upload vulnerability which was published on the 7th of December and appears to exist in the current version of this popular plugin. Please contact the author for further information.

If you found this alert helpful, please give us a 5 star rating on WordPress.org on the right of the page.

Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.
PS: If you aren't already a member you can subscribe to our WordPress Security and Product Updates mailing list here. You're welcome to republish this email in part or in full provided you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your "Plugin" menu, click "add new" and search for "wordfence".