WP-CLI Guide: Secure Plugin & Theme Management

WP-CLI Guide to Plugins and Themes

Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely.

Like other open-source content management systems, WordPress lets you easily add code to make your website look and act differently. These are your themes and plugins, built by inspired developers and designers who understand how WordPress works. It’s these extensions that allow you to publish content with added functionality for your visitors and what facilitates the unique look of your brand.

The people who build these extensions know quite a bit about internet technology when it comes to user experience, but there are just too many ways to break a website. All developers should be ready to deal with a security flaw by patching and notifying users of an update if it comes to that.

Security is not the core competency for most developers and designers. Even the most secure code in the world has flaws that can allow an attacker to gain unauthorized access.

WordPress Plugin and Theme Security

Plugins and themes are no exception, in fact, exploitation of software vulnerabilities is one of the leading causes of WordPress infections.


Read More

SweetCAPTCHA Returns Hijacking Another Plugin

sweetcaptcha-plugin-page

Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used
Read More

Malicious Google Analytics Referral Spam

Ghost Analytics Spam Referrers

  Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also
Read More

WP-CLI Guide: Secure WordPress Backup and Update

WP-CLI-Guide--Secure-WordPress-Updates-and-Backups

Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing
Read More

Webutation Distributing Malware Through Safety Badge

mobile-webutation

If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirects hidden within the badge's code. We were analyzing a website that was compromised and
Read More

WP-CLI Guide: Connect to WordPress via SSH Intro

WP-CLI-Guide--Secure-WordPress-Updates-and-Backups

Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet, WP-CLI is an efficient way to manage your WordPress installation using a command line interface, meaning you type text
Read More

10 Years of Joomla! – Supporting JoomlaDay Minnesota

joomladaymin_date2

As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities. Why? Because open source platforms allow individuals to better support their families, capitalize on time at home, and maximize earning
Read More

Common Website Security Terminology Defined

Common wordpress risks and issues

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website infections, and in this
Read More

Analyzing a Facebook Clickbait Worm

danger_ahead-1

Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are not familiar with the term, clickbait is when web content is created in a way that
Read More

Magento Platform Targeted By Credit Card Scrapers

Magento-Logo

We’ve been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and the more important it will be to talk about it. We live in an online world where a single mi
Read More