WordPress 6.2.1 Security & Maintenance Release
Cesar Anjos On May 16, 2023, the WordPress core team released a crucial update — WordPress 6.2.1. This latest security and maintenance release addresses a number of…
Browsing Category
Website Security
1015 posts
Websites Defaced with Belarusian Bottled Water Company Content
Ben Martin It’s not often that we get the opportunity to write about website defacements on this blog. Defacements — where a website homepage is replaced with…
Xjquery Wave of WordPress SocGholish Injections
Denis Sinegubko In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish…
What is XML-RPC? Security Risks & How to Disable
Rianna MacLeod XML-RPC is a protocol designed for WordPress to standardize communication between different systems, allowing external applications (such as other blogging platforms and desktop clients) to…
What is Steganography? (Or, How Hackers Hide Malware On Websites)
As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to…
WordPress Vulnerability & Patch Roundup April 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
WP-CLI: How to Connect to WordPress via SSH
The WordPress admin dashboard, though intuitive and feature-rich, can be time-consuming to explore. If you’re looking for a more direct approach to website management, consider…
How to Prevent SSH Brute Force Login Attacks
What is an SSH brute force attack? A Secure Shell (SSH) brute force attack is a common form of attack that targets remote services, particularly…
Massive Abuse of Abandoned Eval PHP WordPress Plugin
Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of…
How to Set Up a Content Security Policy (CSP)
What is a Content Security Policy (CSP)? A Content Security Policy (CSP) is a security feature used to help protect websites and web apps from…
Limit Login Attempts Vulnerability – Patch Now!
On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000…