Dissecting a WordPress Brute Force Attack
Tony Perez Update: Brute force protection now available: http://cloudproxy.sucuri.net/brute-force-protection Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With…
Browsing Category
WordPress Security
662 posts
WordPress 3.5.2 Security and Maintenance Release
Dre Armeda The WordPress team just pushed out a new version of WordPress (3.5.2) that has some security bugs fixed. Straight from their release post, these are…
W3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild
As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we…
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins…
The WordPress Brute Force Attack Timeline
Daniel Cid Authored by Daniel Cid, Tony Perez. We have been blogging about the massive brute force attacks against WordPress websites over the past few days, today…
WordPress Malicious Plugin – WPPPM – Abusing 404 Redirects with SEO Poisoning
Bruno Borges, of our security team, came across an interesting case this week, in which a WordPress plugin was abusing the 404 rewrite rules and…
Mass WordPress Brute Force Attacks? – Myth or Reality
We are seeing in the media some noise about a large distributed brute force attacks against all hosts targeting WordPress sites. According to reports, they…
Protecting Against WordPress Brute-Force Attacks
It was not long ago that I was sitting on a call with other members of the WordPress community in which we were talking abou…
When Good Plugins Go Bad – SEO Spam on Joomla Websites
We recently published an article about an interesting case where a very popular WordPress Plugin (Social Media Widget), with more than 900,000 downloads, got sold…
WordPress Plugin Social Media Widget Hiding Spam – Remove it now
Authored by Daniel Cid and Tony Perez. If you are using the Social Media Widget plugin (social-media-widget), make sure to remove it immediately from your…
WordPress Security Presentation by Tony Perez
Tomorrow I will be flying to my hometown (Miami) to give a Website Security presentation to a bunch of enthusiastic online professionals at an event…