Password brute forcing is a common attack that hackers have used in the past against WordPress sites at scale. In 2017 Wordfence documented a huge password brute force attack, which saw 14.1 million attacks per hour at its peak. Attackers are looking for users, preferably administrators, with weak passwords to be able to login to WordPress… More

Well, in fact, there is just one change, but it’s a big one. Recently we released some big changes to WPVulnDB, which we recently blogged about. Now, we want to tell you about a big change that we are going to be making to the WPScan CLI tool in version 3.7.0, which will be released sometime within the next… More

The Google Chrome web browser plans to set the SameSite attribute on all cookies by default in Chrome version 80. Google Chrome by far controls the largest share of the web browser market. Their changes have a significant impact on the Web. It wouldn’t be surprising if other major web browsers also followed their lead, implementing the SameSite cookie attribute by… More

Recently we have been working on some big improvements to WPVulnDB, which you will see being released over the next few weeks. Below is a list of the improvements which will impact users the most. More

We released APIv3, the successor to APIv2, on March 20th 2018. The new APIv3 requires users to register a free account on wpvulndb.com and use an API Token to access our API. With the old APIv2, no user registration or API Tokens were required. Requiring API Tokens meant that we could easily identify heavy usage of our API by a… More

It all started on June 16th 2011 with a blog post: More

What are database backup files? There are many tools and WordPress plugins that allow you to create a backup of your database and export it to a file. Sometimes these backup files can end up in publicly accessible locations and with predictable names, such as backup.sql, database.sql, example.com.sql, and so on. What are the security risks with WordPress… More