WordPress Database Brute Force and Backdoors

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess.
However, the WordPress login is not the only point of entry that hackers use to break into sites…. Continue reading WordPress Database Brute Force and Backdoors

7 Tips for Protecting Your Website

For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat … Continue reading 7 Tips for Protecting Your Website

How to Find & Remove SEO Spam on WordPress

Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis.
Witho… Continue reading How to Find & Remove SEO Spam on WordPress

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.

The… Continue reading Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

6 Simple Steps for Hardening your WordPress Security

Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks.
6 ways to Harden WordPress Security
You can harden your WordPress site by following these six si… Continue reading 6 Simple Steps for Hardening your WordPress Security

Hacked Website Threat Report – 2019

The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works dilig… Continue reading Hacked Website Threat Report – 2019

Malicious JavaScript Used in WP Site/Home URL Redirects

Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen ov… Continue reading Malicious JavaScript Used in WP Site/Home URL Redirects

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server… Continue reading Authentication Bypass Vulnerability in InfiniteWP Client

Top 10 Sucuri Research Articles in 2019

As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future.
With that thought in mind, we asked our researchers to choose their favorite blog posts… Continue reading Top 10 Sucuri Research Articles in 2019

Unmasking Black Hat SEO for Dating Scams

Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it.
Recently, we came across an interesting case where attackers went a few extra mi… Continue reading Unmasking Black Hat SEO for Dating Scams