Navigating your WordPress site’s dashboard can provide you with significant control over your website’s functionality and appearance. Yet it won’t offer a direct interaction or management of your server. This is where Secure Shell Access (SSH) steps in. SSH is a protocol that provides a secure and effective way to connect with your website and […]
Archive by Author
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a […]
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect your site’s SEO because search engines like Google flag sites without an HTTPS (HyperText Transfer […]
Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning of 2023, this malware campaign had expanded to over a hundred domain names to redirect traffic to low quality Q&A sites and monetize traffic via Google AdSense. In fact, since […]
How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS)
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings. In this post, we’ll take a look […]
WordPress Vulnerability & Patch Roundup August 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Compromised OpenCart Payment Module Steals Credit Card Information
Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major credit card company who had identified their domain as a “common point point of purchase” […]
Why WordPress Gets Hacked
A question we frequently get from new users as they’re onboarding is: why does WordPress get hacked? Of course, this question makes sense in this context; it’s extremely frustrating to find out that your WordPress website has been compromised and you need to tackle an infection or increase security controls. Surely you’d want to understand […]
Critical Security Update for Magento Open Source & Adobe Commerce
Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read. Affected versions of Magento Open Source […]
From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of UDP packets, bruteforce tools trying to guess SSH credentials, phishing and credit card skimming malware […]
