Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
  • Immediate Help
Login
Login

New Customer?

Sign up now.
  • Submit a ticket
  • Knowledge base
  • Chat now
  • Website Malware Infections
  • WordPress Security

Thousands of Sites with Popup Builder Compromised by Balada Injector

  • Denis Sinegubko
  • January 10, 2024
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
Read the Post
What is the Principle of Least Privilege? PoLP
  • Website Security

What is the Principle of Least Privilege?

  • Rianna MacLeod
  • January 9, 2024
If you own a website and collaborate with other people, the Principle of Least Privilege (PoLP) is a crucial security concept which has applications and…
Read the Post
How to Stop a DDoS Attack
  • Security Education
  • Website Security

How to Stop a DDoS Attack in 5 Steps

  • Victor Santoyo
  • January 2, 2024
As a website administrator, keeping your site online during large traffic spikes is what you strive for. But how can you be sure traffic spikes…
Read the Post
December WordPress Vulnerability Roundup
  • Security Advisory
  • Vulnerability Disclosure
  • WordPress Security

WordPress Vulnerability & Patch Roundup December 2023

  • Sucuri Malware Research Team
  • December 28, 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Read the Post
New Broken Access Control Guide
  • Security Education
  • Website Security

New Guide: Broken Access Control

  • Rianna MacLeod
  • December 26, 2023
The complexity of modern websites exposes countless potential vulnerabilities to lurking attackers. One of the most underestimated threats? Broken Access Control (BAC). The risk lies…
Read the Post
MageCart WordPress Plugin
  • Ecommerce Security
  • Website Malware Infections
  • WordPress Security

MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer

  • Ben Martin
  • December 21, 2023
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…
Read the Post
What is a Content Security Policy
  • Security Education
  • Website Security

What is a Content Security Policy (CSP)

  • Gerson Ruiz
  • December 19, 2023
It’s always a good idea to be aware of the security issues that might affect your site. For example, cross-site scripting (XSS) attacks consist of…
Read the Post
Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
  • Website Malware Infections
  • WordPress Security

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign 

  • Denis Sinegubko
  • December 14, 2023
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…
Read the Post
WordPress Vulnerability
  • Security Advisory
  • Vulnerability Disclosure
  • WordPress Security

Critical RCE Vulnerability Patched in Backup Migration Plugin

  • Sucuri Malware Research Team
  • December 13, 2023
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days…
Read the Post
How to Scan WordPress for Vulnerabilities
  • Security Education
  • Website Security
  • WordPress Security

WPScan Intro: How to Scan for WordPress Vulnerabilities

  • Rianna MacLeod
  • December 12, 2023
In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding…
Read the Post
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
  • Ecommerce Security
  • Magento Security
  • Website Malware Infections
  • Website Security

40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager

  • Denis Sinegubko
  • December 7, 2023
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…
Read the Post
Search
Sucuri Sidebar Malware Removal to Signup Page
Sucuri Logo

Let’s Connect

Products
Website Firewall Website Security Platform WordPress Security Website Backups Hack Assistance Pricing
Solutions
DDoS Protection Malware Detection Malware Removal Malware Prevention Blacklist Removal SEO Spam Removal
USE CASES
Developers Ecommerce Agency Plans Enterprise Services HTTPS/2 Virtual Patching
Support
Knowledge Base SiteCheck Guides Research Labs Report Abuse Status Report
Company
About Sucuri Contact Blog Referral Partners Testimonials
Terms of Use Privacy Policy Do Not Sell My Personal Information Frequently Asked Questions

© 2025 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.

back to top

'