How to Find & Remove SEO Spam on WordPress
Art Martori Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one…
Browsing Category
WordPress Security
666 posts
Email Scraper: Mass Mail Grabber from Database
Luke Leal One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary…
6 Simple Steps for Hardening your WordPress Security
Juliana Lewis Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks…
PHP Dropper Concealed in Malicious WordPress Plugin
Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike…
Vulnerabilities Digest: January 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6…
Hacked Website Threat Report – 2019
Rianna MacLeod The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop…
Webshell in Fake Plugin /blnmrpb/ Directory
Our team recently discovered a web shell attempting to hide within a fake WordPress plugin directory wp-content/plugins/blnmrpb/. Inside this fake plugin directory were only two…
Backdoor Found in Compromised WordPress Environment
Our security analyst Ben Martin recently came across a backdoor in a compromised WordPress installation that had been injected into the first line of the…
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to…
Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4
Marc-Alexandre Montpas An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to…
WordPress Mass Password Changer
Our team recently came across a password changer for WordPress that allows attackers to modify WordPress user passwords within a compromised environment. By default, the…