Website Security News
Read articles related to WordPress security, including the latest WordPress vulnerabilities disclosured in popular plugins and themes. Learn about emerging website malware infections that could impact WordPress, industry reports, and best practices to secure your WordPress websites. If your website has been hacked, check out our guide to clean hacked WordPress sites.
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins. Why…
Read More about WordPress Malware Collects Sensitive WooCommerce Data
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research,…
Read More about Duplicated Vulnerabilities in WordPress Plugins
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make…
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This…
Read More about OneTone Vulnerability Leads to JavaScript Cookie Hijacking
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection. Typically this type…
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not…
Read More about WordPress Database Brute Force and Backdoors
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security…
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at…
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to…
Read More about 6 Simple Steps for Hardening your WordPress Security
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…
