WP Security

Website / WP Forum / Wordfence Forum 
June 9, 2016 - Version 6.1.8

From the author:

Our WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.

From the author

January 22, 2014

Version 4.0.1 Updates:

  • Real-time WordPress Security Network Launched.
  • If another site is attacked and blocks the attacker, your site also blocks the attacker. Shared data among Wordfence sites.
  • See our home page on www.wordfence.com for a live map of attacks being blocked. Then blog about us!!
  • Fixed bug where wfBrowscapCache.php is reported as malicious.
  • Big improvement in scanning speed and efficiency of URL's and IP addresses.
  • Fixed preg_replace() warning by using newer preg_replace_callback() func.

December 12, 2013

Dear WordPress Publisher,

The newest version of WordPress, version 3.8, also known as "Parker" was released a few minutes ago. We've released an updated version of Wordfence which is fully compatible and includes several fixes and improvements, so upgrade your WordPress and Wordfence now.

Wordfence also now includes the ability to verify the core files of WordPress 3.8 and as always will verify the integrity of your core files for all previous versions of WordPress too.

We've seen new exploits in the wild for the following themes and plugins. If any are listed, make sure you've upgraded to the newest version and that the theme or plugin is being maintained by it's author:

  • WordPress Download Manager. The current version is 2.5.8 and this contains a cross site scripting vulnerability which does not appear to have been fixed yet. The XSS security hold exists in the form used to create a new download package where the title input field is not sanitized.
  • The Page Flip Image Gallery plugin contains a remote file upload vulnerability which was published on the 7th of December and appears to exist in the current version of this popular plugin. Please contact the author for further information.

If you found this alert helpful, please give us a 5 star rating on WordPress.org on the right of the page.

Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.
PS: If you aren't already a member you can subscribe to our WordPress Security and Product Updates mailing list here. You're welcome to republish this email in part or in full provided you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your "Plugin" menu, click "add new" and search for "wordfence".


  • Built-in Firewall
    Get Peace of Mind with the Wordfence Web Application Firewall. The Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Powered by the Threat Defense Feed, it is automatically updated with new firewall rules that protect you from the latest threats. Even if you are running a vulnerable plugin or theme, Wordfence will protect you from being hacked by blocking attacks based on known and constantly updated attack patterns.
  • Protects you from new and emerging threatsThe Wordfence Forensic Lab is constantly adding new firewall rules to the Threat Defense Feed
  • Wordfence prevents Brute Force Attacks by:
    • Locking out users after too many login failures
    • Locking out users after using the “forgot password” form too many times
    • Optionally locking out anyone who uses an invalid username
    • Preventing WordPress from giving hackers information about what usernames may exist on your system
    • Enforcing Cell Phone Sign-in (Two Factor Authentication) with Wordfence Premium