Archive by Author

What is HSTS: HTTP Strict Transport Security

HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone keen on protecting their site, as proper implementation can help to ensure that your website’s […]

Password Security & Password Managers

In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to their sensitive credentials. Weak passwords make it easier for bad actors to […]

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing new waves of Balada malware injections on websites that were actively using tagDiv themes. This […]

WordPress Vulnerability & Patch Roundup September 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

What Is ‘Error Establishing a Database Connection’ & How To Fix It in WordPress

Experiencing the ‘Error Establishing a Database Connection‘ on your WordPress website? This common error indicates that your site is unable to connect to its database, rendering it inaccessible to users — and potentially impacting your visitors, user experience, and sales. In this blog post, we’ll explain what the database connection error means, common reasons for […]

How to Find & Fix Japanese SEO Spam

Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO artists to make a website show up in search engine results for spam keywords in Japanese language when they shouldn’t. In this post, we’ll detail what Japanese SEO spam is, […]

What is Secure Shell (SSH) & How to Use It: Security & Best Practices

Navigating your WordPress site’s dashboard can provide you with significant control over your website’s functionality and appearance. Yet it won’t offer a direct interaction or management of your server. This is where Secure Shell Access (SSH) steps in. SSH is a protocol that provides a secure and effective way to connect with your website and […]

Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images

MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a […]