Server Security: Import WordPress Events to OSSEC
Daniel Cid We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System…
Browsing Category
WordPress Security
666 posts
Massive Admedia/Adverting iFrame Infection
Denis Sinegubko This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those…
Using WPScan: Finding WordPress Vulnerabilities
Alycia Mitchell When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
jQuery.min.php Malware Affects Thousands of Websites
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
WPScan Intro: WordPress Vulnerability Scanner
Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have…
Security Advisory: Stored XSS in Jetpack
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…
WordPress Malware – VisitorTracker Campaign Update
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code.…