Collaborate Disseminate
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it.
This happens all the time and is totally normal, but it’s important to remember that attackers regularly monitor domain expiratio… Continue reading Hackers Love Expired Domains
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists.
This is by design — attackers intentionally try to prevent detection by arranging inje… Continue reading Hidden SEO Spam Link Injections on WordPress Sites
Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You ne… Continue reading The 5 best WordPress security plugins for complete site security
WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines a user’s current page, and which may cause a few other problems … Continue reading Reflected XSS in WordPress v5.5.1 and Lower
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect.
However, sometimes entirely new attack tools are created and deployed by threat actors who … Continue reading R_Evil WordPress Hacktool & Malicious JavaScript Injections
WordPress vulnerabilities statistics show that the main source of WordPress vulnerabilities are in WordPress plugins. These vulnerabilities statistics also show how important it is to always run the latest version of WordPress core, plugins and themes…. Continue reading Statistics highlight the biggest source of WordPress vulnerabilities
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.
Another common scenario includes malware which is directly inject… Continue reading Backdoor Shell Dropper Deploys CMS-Specific Malware
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it?
I’ve previously written about malware that reverses security hardening measures enacted either … Continue reading WordPress Malware Disables Security Plugins to Avoid Detection
If you’ve been managing a WordPress site for a while, you may be wondering why a strong password policy is so important. Surely, users are aware that they need to use strong passwords? Unfortunately, many users knowingly use weak passwords, putting you… Continue reading Why a strong password policy is so important for your WordPress website
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the action… Continue reading Reflected XSS in WordPress Plugin Admin Pages