Hacking WordPress Sites on Shared Servers
Denis Sinegubko A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server,…
Browsing Category
WordPress Security
654 posts
New Guide on How to Fix Hacked WordPress Sites
Alycia Mitchell Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on…
Cleaning the Wp-Page Pharma Hack in WordPress
Tony Perez Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceutical content to search engines…
SQL Injection Vulnerability in Ninja Forms
Marc-Alexandre Montpas As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently…
Analyzing and Cleaning Hijacked Google SEO Spam Results
Luke Leal Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display…
Spotlight – How Cart66 Maintains Security for Ecommerce
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security components, Cart66 provides everything…
A Plugin’s Expired Domain Poses a Security Threat to Websites
Krasimir Konov Do you keep all of your website software (including third-party themes, plugins, and components) up to date? You should! We always recommend this to our…
Spotlight: How iThemes Manages Their Website Security
iThemes was one of the first premium theme shops for WordPress. Over the years their focus has expanded to include premium WordPress plugins that help…
Realstatistics Malware Campaign Leads To Ransomware
Daniel Cid Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last two weeks ( codenamed “Realstatistics“). This campaign has compromised thousands of websites built…
WP Mobile Detector Vulnerability Being Exploited in the Wild
Douglas Santos ***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t…
Security Advisory: Stored XSS in Jetpack
During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…