WordPress Malware Causes Psuedo-Darkleech Infection

Malware in nav-menu.php

Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It's difficult to detect because the malware is only active when both server and site
Read More

Why Website Reinfections Happen

Core WordPress Files viewed in FTP program

I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this
Read More

The Impacts of a Hacked Website

Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a
Read More

Understanding WordPress Plugin Vulnerabilities

The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more relevant, while others are what we'd categorize as noise. How are you supposed to make
Read More

Inverted WordPress Trojan


Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated)
Read More

Security Advisory: MainWP-Child WordPress Plugin


Security Risk: Critical Exploitation level: Very Easy/Remote DREAD Score: 9/10 Vulnerability: Password bypass / Privilege Escalation Patched Version: During a routine audit of our Website Firewall (WAF), we found a critical vulnerability a
Read More

Why A Free Obfuscator Is Not Always Free.

We all love our code but some of us love it so much that we don't want anyone else to read or understand it. When you think about it, that’s understandable – hours and hours of hard dev work, days of testing and weeks (months?, years?) of fixing bugs
Read More

Malware Cleanup to Arbitrary File Upload in Gravity Forms


During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn't have anything special or fancy, it was an updated WordPress installation and had 3 out-of-date plugins; that's pretty
Read More

Why Websites Get Hacked

I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, there is a common question that often comes up: Why would anyone ever hack my w
Read More

Security Advisory – WP-Slimstat 3.9.5 and lower

The weak 'secret' token

Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injections Patched Version: 3.9.6 WP-Slimstat's users should update as soon as possible! During a ro
Read More