Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities. Other organizations and […]
Archive by Author
Hacked Website Threat Report – 2022
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques observed in […]
High Severity Vulnerability in WordPress Elementor Pro Patched
On March 22nd, 2023 a security patch was issued for the popular website builder plugin Elementor Pro. Website administrators using this plugin should immediately patch to at least version 3.11.7 to avoid a potential website compromise. The security issue is reported to affect only the Pro version of the plugin and not the free version […]
WordPress Vulnerability & Patch Roundup March 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and patches for the WordPress ecosystem this past […]
The Top 10 Most Dangerous Types of Injection Attacks
When it comes to protecting your website from bad actors, there’s one threat you should be aware of: injection attacks. These attacks target weaknesses in your website’s security and are unfortunately quite common. In fact, the well-known organization OWASP ranks injection attacks as the third most significant risk to web application security. Simply put, injection […]
Critical Vulnerability Discovered in WooCommerce Payments
On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over half a million active installations. Thankfully the vulnerability was discovered by white hat security researcher Michael Mazzolini and responsibly disclosed through HackerOne, giving websites time to install the patched version […]
WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin
Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Overall they are both robust and secure payment platforms that are perfectly safe to use. […]
What is a Headless CMS?
Running a website isn’t easy, but modern content management systems (CMS) like WordPress have revolutionized the way you can manage your website. Headless CMS solutions take this a step further, decoupling the back-end source of the website content from its presentation on the front end. This makes for faster, safer, and more flexible sites that […]
How to Know If You’re Under DDoS Attack
Nowadays, the term DDoS raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, shut down, or dysfunctional website. In this article, we’ll focus on how to know if you’ve been DDoSed, how to spot […]
What is a Website Defacement?
Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process. In many cases, website defacements display social or political messages that are completely unrelated to the […]
