Website Security News
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes…
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was…
Read More about Hackers Change WordPress Siteurl to Pastebin
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability…
Recent statistics show that over 32% of website administrators across the web use WordPress. Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit…
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software:…
Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin…
Read More about New Guide on How to Use the Sucuri WordPress Security Plugin
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and…
This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites. When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA…
Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin…
Read More about Fake Plugins with Popuplink.js Redirect to Scam Sites
We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam…
Read More about Google and Facebook Used in Phishing Campaigns
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
