How to Protect Your WordPress Site From a Phishing Attack
Kyle Knight If you run a website, manage a business inbox, or even just use online banking, you’ve already lived in the phishing era for a long…
Search Results
wordpress
1160 posts
WordPress Auto-Login Backdoor Disguised as JavaScript Data File
Puja Srivastava During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers…
How to Choose WordPress Caching Options
If you want a faster WordPress site, caching belongs at the center of your performance plan. It reduces the work your server has to do…
Malvertising Campaign Hides in Plain Sight on WordPress Websites
Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.…
Troubleshooting WordPress: How to Fix the White Screen of Death (WSoD)
Rianna MacLeod Navigating to your WordPress site only to be met with the White Screen of Death (WSoD) can be a daunting experience. This error denies access…
Hidden WordPress Backdoors Creating Admin Accounts
During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such…
Locking Down the WordPress Login Page
Due to its flexibility, ease of use, and massive plugin ecosystem, WordPress is a favorite among bloggers, developers, and businesses alike. Given its popularity, attackers…
Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website
Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a…
WordPress Vulnerability & Patch Roundup — July 2025
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Unauthorized Admin User Created via Disguised WordPress Plugin
Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…
Uncovering a Stealthy WordPress Backdoor in mu-plugins
Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder.…