Website Security News
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies…
Read More about Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent…
Read More about Ask Sucuri: Can Your cPanel Page Be Maliciously Redirected?
When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean up the infection and look no…
Read More about Learning From Buggy WordPress Wp-login Malware
Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability. As we’ve seen some exploits attempts occurring in the wild, we feel it is a…
Read More about Details on the Privilege Escalation Vulnerability in Joomla
The Joomla team released a patch for a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of Joomla, you’re encouraged…
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search Console (formerly Webmaster Tools). Google…
Read More about Malicious Google Search Console Verifications
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file…
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal and so many others,…
Today we are launching the new and improved Protected Page capability in our Website Firewall. It allows for a simple (1-click) activation of secondary authentication methods on any page of…
Read More about Website Firewall Update – Introducing 2FA and More
It was not long ago that I was sitting on a call with other members of the WordPress community in which we were talking abou brute-force. When asked why WordPress…
Read More about Protecting Against WordPress Brute-Force Attacks
I’m not sure why more emphasis isn’t put on access in website security discussions, but I’ll spend some time on it today. Understand that this emphasis is not just something…
