Browsing Category
WordPress Security
669 posts
Malvertising Campaign Hides in Plain Sight on WordPress Websites
Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.…
Vulnerability & Patch Roundup — September 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Troubleshooting WordPress: How to Fix the White Screen of Death (WSoD)
Navigating to your WordPress site only to be met with the White Screen of Death (WSoD) can be a daunting experience. This error denies access…
Hidden WordPress Backdoors Creating Admin Accounts
During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such…
Vulnerability & Patch Roundup — August 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Locking Down the WordPress Login Page
Due to its flexibility, ease of use, and massive plugin ecosystem, WordPress is a favorite among bloggers, developers, and businesses alike. Given its popularity, attackers…
Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website
Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a…
WordPress Vulnerability & Patch Roundup — July 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Unauthorized Admin User Created via Disguised WordPress Plugin
Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…
Uncovering a Stealthy WordPress Backdoor in mu-plugins
Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder.…
WordPress Redirect Malware Hidden in Google Tag Manager Code
Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after…