WordPress – Understanding its True Vulnerability
Tony Perez Everyday we manage thousands of clients running a wide range of applications, built across a number of different platforms. It should be of no surprise…
Browsing Category
WordPress Security
672 posts
Brute force attacks against WordPress sites
Daniel Cid We talk a lot about the importance of using strong passwords, but sometimes it it hard to see how important it really is, or what…
Latest Mass Compromise of WordPress sites – More Details
We are getting lots of questions about the latest mass compromise targeting WordPress sites (redirecting to fake AV) that has affected over 30,000 domains. The…
Vulnerability in the Absolute Privacy Plugin
David Dede We are seeing reports that a vulnerability in the Absolute Privacy WordPress plugin (link) is being used to hack and compromise sites with it installed.…
New WordPress ToolsPack Plugin
We deal with many compromised sites daily and lately we are seeing something in common across many of the sites running WordPress. They have installed…
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability…
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player…
WordPress 3.3 is Out
For all our WordPress users, please remember to update to WordPress 3.3 that was just released. It should be a quick 1-click process in your…
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search…
Dre Armeda: WordPress End-User Security
Sucuri Co-Founder Dre Armeda did a great presentation at WordCamp Chicago about end-user security for WordPress users. Check out the video here: Dre will also…
Timthumb.php Mass Infection – Aftermath – Part I
If you use WordPress you’re probably aware of the mass infection caused by a vulnerability in the timthumb.php script, a photo manipulation script included in…