How To Create a Website Backup Strategy


We've all heard it million times before - backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why are backups so
Read More

FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities


The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities: Continuous Web site defacements
Read More

Security Advisory: Persistent XSS in WP-Super-Cache

WP Super Cache Details Key

Security Risk: Dangerous Exploitation Level: Very Easy/Remote DREAD Score: 8/10 Vulnerability: Persistent XSS Patched Version:  1.4.4 During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability
Read More

Website Malware – The SWF iFrame Injector Evolves

VirusTotal Results for

Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with
Read More

Intro to E-Commerce and PCI Compliance – Part I


Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an ecommerce website you probably have already heard about it, but do you really understand what it means for you and your online business? In this series we will try to
Read More

WordPress Malware Causes Psuedo-Darkleech Infection

Malware in nav-menu.php

Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to insert hidden iframes with certain responses. It's difficult to detect because the malware is only active when both the server and
Read More

Why Website Reinfections Happen

Core WordPress Files viewed in FTP program

I joined Sucuri a little over a month ago. My job is actually the Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this
Read More

The Impacts of a Hacked Website

Today, with the proliferation of open-source technologies like WordPress, Joomla and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a
Read More

Understanding WordPress Plugin Vulnerabilities

The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more relevant, while others are what we'd categorize as noise. How are you supposed to make
Read More

Inverted WordPress Trojan


A trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated)
Read More