Common Website Security Terminology Defined

Common wordpress risks and issues

If you want to keep your website safe, it is important to understand the website security terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website
Read More

Analyzing a Facebook Clickbait Worm


Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. Malicious Facebook posts are one way that hackers can use social engineering to attract and attack
Read More

Magento Platform Targeted By Credit Card Scrapers


We’ve been writing a lot about ecommerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and the more important it will be to talk about it. We live in an online world where a single mi
Read More

Websites Hacked Via Website Backups


The past few months we've been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wrong; interestingly enough though, they are often the forgotten pillar of security. It's why we
Read More

10 Tips to Improve Your Website Security


In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal and so many other allow business owners to quickly and efficiently build their
Read More

Security Advisory: Object Injection Vulnerability in WooCommerce

The get_paypal_order method

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version:  2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce
Read More

SweetCAPTCHA Service Used to Distribute Adware

Fake tech support from www .onlinesystem .info pop-up

SweetCaptcha is a free CAPTCHA service that offers to match "sweet" images instead of making you recognize distorted digits and characters. It has integrations with many website platforms including;  pure PHP, WordPress (10,000+ plugin
Read More

Your Website Hacked but No Signs of Infection


Imagine for a moment, you have a suspicion that you have somehow had your website hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and c
Read More

Introducing Free Global Website Performance Tool

Website Performance Test

We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across the globe. We extract three key metrics that are critical to the performance of any
Read More

Fake jQuery Scripts in Nulled WordPress Plugins

Fake jQuery script injection

We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it happened due to some script loaded by the web pages. A
Read More