Archive | Security

RSS feed for this section

Yoast and Sucuri Partner to Create a Safer Web

We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature of the Security in the WordPress ecosystem it only makes sense. It also comes at a time where we, as an organization, are reinvesting into Website Security space through extensive […]

Backups – The Forgotten Website Security Pillar

I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website security education and awareness. In these travels, regardless of the community I am engaging with, there are always common questions like, “How important is it to proactively protect my […]

Experimenting with mozjpeg 2.0

One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure that they are as small as possible and can be delivered to web browsers as quickly as possible. We’ve recently rolled out a new version of Polish that uses updated techniques (and was […]

New Brute Force Attacks Exploiting XMLRPC in WordPress

Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is always interesting however are the tools employed to make it happen. You create a website, because it’s super easy these days, publish the content and within a few weeks […]

MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites

A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the issue. The vulnerability allowed an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many […]

Massive Malware Infection Breaking WordPress Sites

The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break. While we’re still researching, we do want to share share some observations: This infection is aimed at websites built on the […]