Side Effects of the Site_url Hack
Denis Sinegubko We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their…
Browsing Category
WordPress Security
666 posts
Hackers Change WordPress Siteurl to Pastebin
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net.…
Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability
Pedro Peixoto We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is…
New WordPress Security Email Course
Rianna MacLeod Recent statistics show that over 32% of website administrators across the web use WordPress. Unfortunately, the CMSs popularity comes at a price — attackers often…
Fake Wp.org/jquery.js
There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts: <script type=”text/javascript” src=”hxxps://www.XX[X]wp[.]org/jquery.js”></script> Where XX[X] are 2 or…
Saskmade[.]net Redirects
Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we…
Multiple Ways to Inject the Same Tech Support Scam Malware
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly…
Backdoor Uses Paste Site to Host Payload
Bruno Zanelato Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found…
Multi-Vector WordPress Infection from Examhome
This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.> The script looks…
Outdated Duplicator Plugin RCE Abused
Peter Gramantik We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked…
New Guide on How to Use the Sucuri WordPress Security Plugin
Juliana Lewis Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained…