WordPress Security News & Updates

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

Daniel Cid

December 24, 2014

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the…

Read the Post

SoakSoak Campaign Evolves – New Wave of Attacks

Denis Sinegubko

December 22, 2014

Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional…

Read the Post

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Denis Sinegubko

December 16, 2014

Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the…

Read the Post

RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise

Daniel Cid

December 15, 2014

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to…

Read the Post

SoakSoak Malware Compromises 100,000+ WordPress Websites

Tony Perez

December 14, 2014

This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts…

Read the Post

Leveraging the WordPress Platform for SPAM

Keir Desailly

December 5, 2014

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment…

Read the Post

Security Advisory – High Severity– WordPress Download Manager

Mickael Nadeau

December 3, 2014

If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall…

Read the Post

Security Advisory – High Severity – InfiniteWP Client WordPress plugin

Marc-Alexandre Montpas

December 2, 2014

If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…

Read the Post

Protecting Against Unknown Software Vulnerabilities

Daniel Cid

November 24, 2014

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs…

Read the Post

Security Advisory – High severity – WP-Statistics WordPress Plugin

Marc-Alexandre Montpas

November 20, 2014

If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…

Read the Post

The Psychology Behind Why Websites Get Hacked

Joseph Herbrandson

November 12, 2014

It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine,…

Read the Post