Welcome to the world of keyloggers, where every keystroke you make may be watched, recorded, and potentially used against you! Now that we’ve got your attention, let’s dive into the somewhat unsettling realm of these sneaky little digital spies. In this blog post, we’ll uncover the mysteries behind keyloggers — what they are, how they […]
Archive by Author
Vulnerability in Essential Addons for Elementor Leads to Mass Infection
On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Over one million websites use this plugin and the fallout from this has been absolutely […]
WordPress 6.2.1 Security & Maintenance Release
On May 16, 2023, the WordPress core team released a crucial update — WordPress 6.2.1. This latest security and maintenance release addresses a number of bug fixes and vulnerability patches, including an unauthenticated Directory Traversal vulnerability, unauthenticated Cross-Site Scripting vulnerability, and several other lower-severity vulnerabilities. To mitigate risk, we highly recommend verifying that your WordPress […]
Websites Defaced with Belarusian Bottled Water Company Content
It’s not often that we get the opportunity to write about website defacements on this blog. Defacements — where a website homepage is replaced with a hacker logo or some sort of political or religious message — are usually fairly run-of-the-mill and not particularly interesting. However, we’ve recently observed a rash of website defacements that […]
Troubleshooting ERR_SSL_PROTOCOL_ERROR: How to Fix this Pesky Error in 6 Steps
As a website owner (and frequent website visitor), you might have encountered the notorious ERR_SSL_PROTOCOL_ERROR at least once. This Secure Sockets Layer (SSL) error occurs when the browser fails to establish a secure connection with the website, usually due to issues with the website’s SSL certificate or its configuration or the client’s browser. The error […]
Xjquery Wave of WordPress SocGholish Injections
In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish scripts into compromised WordPress sites. A bit later, we documented minor changes in the way this malware worked. By the end of March, 2023, we started noticing a new wave […]
What is XML-RPC? Security Risks & How to Disable
XML-RPC is a protocol designed for WordPress to standardize communication between different systems, allowing external applications (such as other blogging platforms and desktop clients) to interact with WordPress. This feature has been a part of WordPress since its early days, enabling seamless integration with the rest of the online world. However, the xmlrpc.php file, which […]
What is Steganography? (Or, How Hackers Hide Malware On Websites)
As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to jot down my secret message. When combined with a simple heat source (I used the heat of the wood stove), the contents of my top secret note were revealed in […]
WordPress Vulnerability & Patch Roundup April 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
WP-CLI: How to Connect to WordPress via SSH
The WordPress admin dashboard, though intuitive and feature-rich, can be time-consuming to explore. If you’re looking for a more direct approach to website management, consider giving the WordPress Command Line Interface (WP-CLI) a try! WP-CLI is an efficient and powerful way to manage your WordPress installation, allowing you to update your core files and plugins, […]
