WP-CLI Guide: Secure WordPress Backup and Update
Alycia Mitchell Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your…
Browsing Category
WordPress Security
680 posts
WP-CLI Guide: Connect to WordPress via SSH Intro
Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet,…
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the website security terminology used to describe the causes and effects of…
Security Advisory: Object Injection Vulnerability in WooCommerce
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…
Website Security: How Do Websites Get Hacked?
Tony Perez In 2014, the total number of websites on the internet reached 1 billion. Today it’s hovering somewhere in the neighborhood of 944 million due to…
Fake jQuery Scripts in Nulled WordPress Plugins
Denis Sinegubko We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not…
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
David Dede Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included…
Hacked Websites Redirect to Bitcoin
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using…
Critical Persistent XSS 0day in WordPress
*Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Daniel Cid Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by…
FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited…