Security Risk: Dangerous Exploitation level: Very Easy/Remote DREAD Score: 8/10 Vulnerability: Persistent XSS Patched Version: 1.4.4 During a routine audit for our Website Firewall (WAF), we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according to wordpress.org). The security issue, as well as another bug-fix […]
Everything You Ever Wanted to Know About WordPress Domain Mapping
by Brenda Barron Domain mapping is a process that you’ll need if you have URLs parked elsewhere that you want to link to your site or redirect completely. Mapping the domain can seem tricky at first, but following the instructions will get you there. Here are a few reasons to map your domain: You have […]
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with this method of infection. Now we are seeing more varieties […]
How to change your WordPress Database Name in 3 Steps
Naming your databases allows you to determine which database is for which site. Aside from that, it is also an added protection from hackers. Here are the simple steps how to do this. Change Your WordPress Database Name in 3 Simple Steps Your WordPress database holds all of your site’s important information, so keeping it […]
Intro to E-Commerce and PCI Compliance – Part I
Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do you really understand what it means for you and your online business? In this series, we will try to explain the PCI standard and how it […]
12 Not-So-Obvious WordPress Tweaks to Improve Posts and Pages
If you want details for the not-so-obvious tweaks that you can do for the following, I suggest you read the full article here. Changing Built-In Settings Changing Permalinks Image Metadata Custom Excerpts Plugin Enhancements Code Enhancements Redirect Single Search Result Pretty Links Auto-Link Text Display All Images for a Post Insert Content Between Paragraphs Create […]
WordPress Malware Causes Psuedo-Darkleech Infection
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is […]
Why Website Reinfections Happen
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It’s this idea that regardless of you are you must always […]
How To Create An RSS To Email Campaign For Your Blog
With new tools it is easier to reach your customers and readers through email. Gone are the days where you send emails manually. The article we’re sharing today teaches how to use email marketing for your blog. How To Create An RSS To Email Campaign For Your Blog by Brenda Barron When you write a […]
OpenSSL Security Advisory of 19 March 2015
Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet). There has been advance notice that an announcement would be forthcoming, although the contents of the vulnerabilities were kept closely controlled and shared only with major operating system vendors until this notice. Based on our […]
