Website Security News
Read articles related to WordPress security, including the latest WordPress vulnerabilities disclosured in popular plugins and themes. Learn about emerging website malware infections that could impact WordPress, industry reports, and best practices to secure your WordPress websites. If your website has been hacked, check out our guide to clean hacked WordPress sites.
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and…
Read More about Hackers Change WordPress Siteurl to Pastebin
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability…
Recent statistics show that over 32% of website administrators across the web use WordPress. Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit…
Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of…
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the…
Read More about Multiple Ways to Inject the Same Tech Support Scam Malware
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A…
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software:…
Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin…
Read More about New Guide on How to Use the Sucuri WordPress Security Plugin
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance…
Read More about WordPress Database Upgrade Phishing Campaign
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and…
Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how…
