Free Premium themes? There’s always a catch
Pedro Peixoto OK, so we’ve all been there. We want something Premium, such as a paid version of an app or piece of software, but it would…
Sucuri’s 10th Anniversary
Daniel Cid It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the…
WP Plugin Hider
Luke Leal One of our analysts recently found an interesting injection that has been found on WordPress installations. Installed by hacker, it is used to hide a…
Reset Email Account Passwords After a Website Malware Infection
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners…
PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Victor Santoyo Update: Read our new PCI Compliance guide. Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI…
Defunct Malware Can Cause Problems Too
Harshad Mane Recently our incident response analyst Harshad Mane worked on a site that redirected users to a third-party malicious site whenever they logged into the WordPress…
ThinkPHP 5.x Remote Code Execution
John Castro Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you…
Thousands of Redirecting Files
Denis Sinegubko We recently cleaned a site where we found thousands of malicious files with the following content: <?php header ( “HTTP/1.1 301 Moved Permanently” ) ;…
From .tk Redirects to PushKa Browser Notification Scam
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities…
SQL Injection in Advance Contact Form 7 DB
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form…
Attacks on Closed WordPress Plugins
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.…