Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Archive by Author
How to Enable HTTP/2 On a Server
HTTP/2 is a game-changer in web protocol technology, offering significant improvements in speed, efficiency, and security over its predecessor, HTTP/1.1. With features like multiplexing, header compression, and server push, HTTP/2 can drastically reduce web page load times and enhance the overall user experience. Additionally, HTTP/2 is enabled by default for Sucuri’s Web Application Firewall (WAF), […]
Attackers Abuse Swap File to Steal Credit Cards
When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in a recent incident we investigated, where bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the […]
Mastering WordPress File Permissions: A Guide for All Levels
File permissions might seem like a small part of managing a WordPress site, but they play a key role in your website’s security and functionality. Incorrect permissions can leave your site vulnerable to attacks, while overly restrictive settings can hinder its operation. This guide is designed to walk you through the essentials of WordPress file […]
How to Set Cache Control Headers
When it comes to your website performance, every millisecond counts. Whether you’re managing a personal blog or a large-scale e-commerce site, the speed at which your pages load can profoundly impact everything from user experience to search engine rankings. This is where using HTTP headers, specifically cache control headers, can come in really handy. HTTP […]
New Variation of WordFence Evasion Malware
We recently came across an infected WordPress environment which contained a new variation of WordFence evasion malware using some sneaky tactics to conceal itself from view. The site administrator was reporting some issues with potential credit card theft malware on their website, but they had already removed that themselves by the time we arrived at […]
WordPress User Enumeration: Risks & Mitigation Steps
User enumeration is a technique used by attackers to discover valid usernames associated with a CMS or website. By exploiting certain features, bad actors can compile a list of usernames, which can then be used to launch brute force attacks. These attacks systematically try various password combinations to gain unauthorized access to user accounts on […]
WordPress Vulnerability & Patch Roundup June 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
How to Troubleshoot & Fix the “This Site Can’t Be Reached” Error
Whether you’re a website owner or a visitor attempting to access web pages, encountering a “This Site Can’t be Reached” error can be both a frustrating and perplexing experience. Understanding the root causes and knowing how to fix them is key to maintaining a seamless browsing experience. In this post, we’ll dive into the various […]
Decoding the Caesar Cipher Skimmer
Over the last several weeks we’ve observed an interesting new variation of “gtag” credit card skimming attack with a surprisingly high number of detections so far. As of the time of writing this article we have seen nearly 80 detections altogether in the first two weeks alone. Our research team and analysts have found this […]
