Website Security News
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation…
Read More about Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Sucuri’s focus has always been on educating website owners about the latest threats and vulnerabilities — and much of that depends on our industry-leading research team. As the holiday season…
Read More about Website Security Tips for Black Friday & Cyber Monday
Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: 1…
Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go…
Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens, even hundreds of web applications – time is always the…
Update: Read our new PCI Compliance guide. This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We…
Read More about PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data
This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more…
Website hosting security has matured in recent years. Naturally, the types of security issues have changed because of it. For example, cross-contamination over multiple shared hosting accounts used to be a…
Read More about Website Hosting: Security Awareness Can Reduce Costs
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts…
Read More about Code Injection in Signed PHP Archives (Phar)
In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to use them to better account for client…
From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. We call them backdoors. Backdoors can be done in different ways, either by adding fake…
Read More about Unrestricted Backend Login Backdoor on OpenCart
