Tag Archives: passwords

WordPress User Enumeration: Risks & Mitigation Steps

User enumeration is a technique used by attackers to discover valid usernames associated with a CMS or website. By exploiting certain features, bad actors can compile a list of usernames, which can then be used to launch brute force attacks. These attacks systematically try various password combinations to gain unauthorized access to user accounts on […]

From Web3 Drainer to Distributed WordPress Brute Force Attack

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]

How to Secure the WordPress Login Page

Given that WordPress powers millions of websites worldwide, it’s no surprise that it’s a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access — all of which can wreak havoc on your site’s functionality, damage reputation, or even result in lost revenue and sales. A common entry point […]

Password Security & Password Managers

In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a lax approach to their sensitive credentials. Weak passwords make it easier for bad actors to […]

How to Find & Clean Up the AnonymousFox Hack

The AnonymousFox hack targets insecure websites and actively exploits them to spread phishing, spam, and other malware. A major nuisance for website owners, it also happens to be one of the more prevalent types of malware seen on client sites in the past two years. In this post we’ll describe what AnonymousFox is and how […]

An Overview of Basic WordPress Hardening

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic […]

Password Attacks 101

According to the 2020 Data Breaches report by Verizon, 25% of all breaches involved the use of stolen credentials. And for small businesses, that number hit 30%. Brute force attacks have a similar share, accounting for 18% of all breaches, and 34% of those for small businesses. Why are password attacks like brute forcing so […]

Top 10 Hacks & Attacks from 2019

Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the point of infection, up 4% over 2018. SEO spam remained a universal threat, while backdoors allowed hackers to reinfect sites recovering from an initial attack. […]