Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website.
Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious… Continue reading Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

The “Best” WordPress Malware Scanner Is Not What You Think

Are you: Worried that your WordPress site has been hacked? Looking for the best WordPress malware scanner online? Not sure of what malware scanner plugin to use? Good. You’re in the right place! Let’s get a few things out of the way as ear… Continue reading The “Best” WordPress Malware Scanner Is Not What You Think

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities:
PluginVulnerabilityPatched VersionInstalls
Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000
Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000
Comments – wpDiscuz 7.0.0 –
Arbitrary Fi… Continue reading Vulnerabilities Digest: July 2020

Reverse String WooCommerce WordPress Credit Card Swiper

As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper tha… Continue reading Reverse String WooCommerce WordPress Credit Card Swiper

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites.
During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it conta… Continue reading Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Pirated WordPress Plugins Bundled with Backdoors

One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another m… Continue reading Pirated WordPress Plugins Bundled with Backdoors

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setti… Continue reading WordPress file permissions: the guide to configuring secure website & web server permissions

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business req… Continue reading The WordPress security process; Test, Harden, Monitor, Improve

How to Find & Fix WordPress Pharma Hack

It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad… Continue reading How to Find & Fix WordPress Pharma Hack