On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an encrypted value inside the wp_option table of the WordPress database. […]
Archive by Author
WP-CLI: How to Install WordPress via SSH
Sure, there are tons of one-click installers floating around for WordPress. But they’re not always the most secure option — and can still be tedious to use, especially if you need to update default configurations after installation. But what if I told you there’s a simple and reliable way to manage and install WordPress using […]
How to Fix the “This Site May Harm Your Computer” Warning
Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a clear way for services to educate and protect end users from accessing malicious websites. A hacked website can result in a plethora of headaches: unwanted […]
New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates infect the victim’s computer with various types of malware including remote access trojans (RATs). SocGholish malware is often the first step in severe targeted ransomware […]
Top 12 Website Hardening Tips
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to keep your site and server secure. In today’s post, we’ll be outlining the top twelve steps you can take to harden your website and enhance the security of your environment. […]
Massive ois[.]is Black Hat Redirect Malware Campaign
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far. Our […]
What Is Cross-Origin Resource Sharing (CORS)?
Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer’s vocabulary — and for good reason. It’s common practice for modern web applications to load resources from multiple domains. But accessing these website resources from different origins requires a thorough […]
Black Friday & Cyber Monday Ecommerce Security Threats
Consumers spent a whopping $33.9 billion during Cyber Week last year. With the average adult spending $430 on Black Friday alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making bank alongside online retailers. As we enter the holiday season, ecommerce websites are at an increased risk […]
WordPress Vulnerability & Patch Roundup October 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Malware vs Virus: What’s the Difference?
There appears to be a general misunderstanding among internet users about the difference between malware and viruses. The two terms are often used interchangeably — and to an extent, this is perfectly fine. But in today’s article, we’ll be clarifying the difference between viruses and malware while helping to identify the most common types of […]
