Website Security News
Read articles related to WordPress security, including the latest WordPress vulnerabilities disclosured in popular plugins and themes. Learn about emerging website malware infections that could impact WordPress, industry reports, and best practices to secure your WordPress websites. If your website has been hacked, check out our guide to clean hacked WordPress sites.
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection. Typically this type of malware targets dedicated ecommerce platforms such as Magento and Prestashop (due to their focus…
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not…
Read More about WordPress Database Brute Force and Backdoors
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security…
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at…
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to…
Read More about 6 Simple Steps for Hardening your WordPress Security
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At…
Read More about Malicious JavaScript Used in WP Site/Home URL Redirects
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one…
Read More about Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future….
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content…
Read More about 5 Year Anniversary of the SoakSoak Malware Tsunami
