WordPress Security

WordPress Security Presentation (in Portuguese)

Bruno Borges (from our security team), did a great presentation at WordCamp Sao Paulo (Brazil) about WordPress security and how to keep a site secure.

The video is in Portuguese (pt-br), and can be viewed here:

Watch live streaming video from primaestudio at livestream.com

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags

Sucuri Resources

Locking Down the WordPress Login Page

Kyle Knight

August 22, 2025

Due to its flexibility, ease of use, and massive plugin ecosystem, WordPress is a favorite among bloggers, developers, and businesses alike. Given its popularity, attackers…

Read the Post

Sucuri Vulnerability Roundup - August 2025

Vulnerability & Patch Roundup — August 2025

Sucuri Malware Research Team

August 31, 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Massive ois[.]is Black Hat Redirect Malware Campaign

Ben Martin

November 8, 2022

Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects…

Read the Post

Mastering WordPress File Permissions: A Guide for All Levels

Rianna MacLeod

July 17, 2024

File permissions might seem like a small part of managing a WordPress site, but they play a key role in your website’s security and functionality.…

Read the Post

Reflected XSS in WordPress v5.5.1 and Lower

Marc-Alexandre Montpas

October 30, 2020

WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…

Read the Post

Free Premium themes? There’s always a catch

Pedro Peixoto

April 25, 2019

OK, so we’ve all been there. We want something Premium, such as a paid version of an app or piece of software, but it would…

Read the Post

Hacked Website Threat Report 2021

Ben Martin

April 28, 2022

Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put…

Read the Post

Vulnerability in Essential Addons for Elementor Leads to Mass Infection

Ben Martin

May 18, 2023

On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by…

Read the Post

Insufficient Privilege Validation in WooCommerce Checkout Manager

John Castro

April 29, 2019

Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting…

Read the Post

Malicious Injection Redirects Traffic to Parked Domain for Ad Monetization

Malicious Injection Redirects Traffic via Parked Domain

Puja Srivastava

July 13, 2023

During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The…

Read the Post

Related Tags

Related Categories

You May Also Like