Collaborate Disseminate
The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org:
“A successful attack allows an unauthen… Continue reading Arbitrary Directory Deletion in WP-Fastest-Cache
While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability.
It was not being abused externally and impacts over 500,000 sites. It’s urgency is defined by the associ… Continue reading Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis.
Sucuri offers website monitoring, protect… Continue reading The Importance of Website Logs
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles.
The way the capabilities are handled on W… Continue reading Using Innocent Roles to Hide Admin Users
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]n… Continue reading Hackers Change WordPress Siteurl to Pastebin
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for Word… Continue reading Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability
Recent statistics show that over 32% of website administrators across the web use WordPress.
Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a si… Continue reading New WordPress Security Email Course
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.
These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.
Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin with over 400k installations.
If you… Continue reading New Guide on How to Use the Sucuri WordPress Security Plugin
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and anomaly checks. In this blog post, we’re going to be focusing… Continue reading Core Integrity Verifications