Is WordPress.com SPAM Campaign Due to Compromise?
Tony Perez *****Updated – 20121019***** Both Matt Mullenweg and Barry Abrahamson, System Wrangler with Automattic, have confirmed that there was not an environmental compromise and everything was…
Browsing Category
WordPress Security
672 posts
Dealing with WordPress Malware
A few months back I contributed to a post with Smashing Magazine on the top 4 WordPress Infections, it was released yesterday, and it couldn’t…
WordPress Themes: XSS Vulnerabilities and Secure Coding Practices
As many might imagine, my life revolves around Information Security. If you’re like me, you’re undoubtedly seeing all these new posts talking to insecurities in…
Careful With Fake jQuery Website – jquery-framework. com
Daniel Cid A few days ago we posted in our Labs notes about a Fake jQuery website that is distributing malware. The domain was properly chosen to…
WooThemes Security Audit Process & Development Partner WebDevStudios
WooThemes recently released a post talking to an audit that was performed on their various plugins and framework by our team. While true, it is…
Sociable WordPress Plugin Security Warning
If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you…
WordPress 3.4.2 Released – Maintenance and Security Update!
As many know, today the WordPress team released a new patch for WordPress 3.4.2, and have titled it a maintenance and security release. By now…
WordPress Security – Cutting Through The BS
Update 9/9/16: We released a new guide that provides better instructions on how to clean a hacked WordPress site using the Free WordPress security plugin.…
WordPress Security Presentation (in Portuguese)
David Dede Bruno Borges (from our security team), did a great presentation at WordCamp Sao Paulo (Brazil) about WordPress security and how to keep a site secure.…
Rebots.php JavaScript Malware Being Actively Injected
Dre Armeda Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its…
WordPress Pluggable.php Being Compromised
The last few days we have seen a large number of WordPress sites compromised with a hidden malware payload that lands inside wp-includes/pluggable.php. This is…