Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Archive by Author
12 Best Practices to Secure Your WordPress Login Page
WordPress powers a significant portion of websites on the internet. With this popularity comes the need for strict security measures, especially for the login page. These entry points are prime targets for hackers and malicious actors. By implementing proper security practices outlined in this guide, you can maintain a secure WordPress login and protect your […]
WordPress Websites Used to Distribute ClearFake Trojan Malware
Unfortunately, scams are all over the place, and anybody who has surfed the web should know this. We’ve all gotten phishing emails, or redirected to questionable websites at some point or another. Being on your guard is an important posture to take online, and part of that is knowing how to identify threats, scams, or […]
The Security Risks of Using Nulled WordPress Plugins
The prospect of obtaining premium features without spending a dime is tempting. Nulled WordPress plugins and themes, often being advertised as the no cost versions of their premium counterparts, can seem like a dream come true for many WordPress users. Who doesn’t want to save some money while still enjoying the enhancements and extended features […]
PrestaShop GTAG Websocket Skimmer
During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website. While PrestaShop is not the most popular eCommerce solution for online stores it is still in the top 10 most common ecommerce platforms in use on the web, and clocks […]
What is Website Monitoring?
Picture this: It’s October 2016, and you’re trying to access your favorite websites – Twitter, Netflix, Spotify – but nothing’s loading. If you can believe it, this wasn’t just a bad day for the internet; it was the result of one of the largest DDoS attacks in history, targeting Dyn, a major DNS provider. Fast […]
Security Tips for Modern Web Administrators
Keeping your website secure is crucial to protecting user data and maintaining trust. Think of your website as a digital vault that needs constant safeguarding against potential threats. By understanding and implementing key security practices, you can significantly reduce the risk of attacks and ensure a safe experience for your users. Let’s break down some […]
WordPress Vulnerability & Patch Roundup July 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
How to Enable HTTP/2 On a Server
HTTP/2 is a game-changer in web protocol technology, offering significant improvements in speed, efficiency, and security over its predecessor, HTTP/1.1. With features like multiplexing, header compression, and server push, HTTP/2 can drastically reduce web page load times and enhance the overall user experience. Additionally, HTTP/2 is enabled by default for Sucuri’s Web Application Firewall (WAF), […]
Attackers Abuse Swap File to Steal Credit Cards
When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in a recent incident we investigated, where bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the […]
