Skimmer Plugin Hides Itself From wp-admin
Luke Leal Our analyst Moe O recently discovered an interesting Javascript injection that was stealing submitted payment data from visitors on a WordPress website with a Woocommerce…
Browsing Category
WordPress Security
646 posts
Malicious WordPress User Hijacker
Our analyst Liam Smith recently found a malicious file with the name wp-atom2.php on a compromised WordPress site that had been infected with pharma spam.…
How to Find & Remove SEO Spam on WordPress
Art Martori Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one…
Email Scraper: Mass Mail Grabber from Database
One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary…
6 Simple Steps for Hardening your WordPress Security
Juliana Lewis Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks…
PHP Dropper Concealed in Malicious WordPress Plugin
Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike…
Vulnerabilities Digest: January 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6…
Hacked Website Threat Report – 2019
Rianna MacLeod The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop…
Webshell in Fake Plugin /blnmrpb/ Directory
Our team recently discovered a web shell attempting to hide within a fake WordPress plugin directory wp-content/plugins/blnmrpb/. Inside this fake plugin directory were only two…
Backdoor Found in Compromised WordPress Environment
Our security analyst Ben Martin recently came across a backdoor in a compromised WordPress installation that had been injected into the first line of the…
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to…