Website Security News
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed…
Read More about JetPack and TwentyFifteen Vulnerable to DOM-based XSS
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing in the wild. This specific…
Read More about WP Symposium – Zero Day Vulnerability Dangers
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update that could be…
Read More about WordFence WordPress Security Plugin Pushes a Security Update
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet…
Read More about Thoughts on WordPress Security and Vulnerabilities
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies in the XML entity…
Read More about WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature of the Security in the…
Read More about Yoast and Sucuri Partner to Create a Safer Web
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with them…
Read More about Simplifying the Language of Website Security
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot. This…
Read More about Is My Website Hacked? If You Have to Ask, Then, “Yes.”
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out by multiple compromised websites on a…
Read More about Take Back Your Internet – Demand a Safer Web
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the future of business,…
Read More about Sucuri CloudProxy – Website Firewall Enhancements
We’ve been scanning and removing malware from websites for years and in this time frame we have seen the website security domain grow by leaps and bounds. Over the same…
Read More about Does Sucuri Work With My Host? Yes, Yes We Do.
