Website Security News
Read articles related to WordPress security, including the latest WordPress vulnerabilities disclosured in popular plugins and themes. Learn about emerging website malware infections that could impact WordPress, industry reports, and best practices to secure your WordPress websites. If your website has been hacked, check out our guide to clean hacked WordPress sites.
Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks….
Read More about Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in compromised websites. These redirects…
Read More about Expired Domain Leads to WordPress Plugin Redirects
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues. While working on the WordPress plugin WP…
Read More about SQL Injection Vulnerability in WP Statistics
Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that…
Read More about Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading…
Based in Melbourne, Australia for over 17 years, 24Digital knows what it takes to succeed in the ever-evolving digital marketing space which is no longer a world resting on desktop…
Read More about Spotlight: How a Digital Marketing Agency Secures Client Sites
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user…
Read More about Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Some website hacks aim to make some political statements. Defacements are well known for this. Some infections redirect visitors to scam sites that push (usually counterfeit) goods or (often illegal)…
Read More about Website Malware: Unwanted Exit to YourBrexit
We’ve been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it…
Read More about WordPress Security – Unwanted Redirects via Infected JavaScript Files
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into…
Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites…
Read More about SEO Spam Campaign Exploiting WordPress REST API Vulnerability
