In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress Vulnerable? “Here’s the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS’ popularity, with the end user thrown into the mix, make for […]
Tag Archives: WordPress Security
How Domain Expiration Can Potentially Disrupt Other Websites
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the web page. This irritating pop-up didn’t come from malware placed in the website’s files or database, but rather from a single JavaScript source that the owner added to a widget: […]
Malicious Plugin Used to Encrypt WordPress Posts
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the openssl_encrypt […]
Neapolitan Backdoor Injection
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remains of the notably less popular vanilla and strawberry flavours. While cleaning a […]
Reverse Hardening WordPress Config
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has, the more potential points of entry an attacker has to leverage. For example, a popular method for hardening WordPress installations is to disable the backend […]
Icegram Persistent Cross-Site Scripting
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers. Versions 1.10.28.2 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account […]
7 Things You Should Monitor in WordPress Activity Logs
WordPress activity logs can be helpful when troubleshooting or trying to identify a hack. In this article, you’ll learn about the seven things you should monitor in your WordPress logs. Over the years, WordPress has grown more complex. WordPress is used by people in a variety of environments, ranging from small shops to large enterprises. […]
Massive 1800ForBail WordPress Hacks
Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the titles of vulnerable WordPress sites. 1800ForBail in Search Results Google currently returns 158,000 results for the [intitle:1800ForBail] query. Of course, this count includes internal pages on compromised websites. At the […]
Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world — even if their site is not hacked. It all began with a pretty regular sample of an infected WordPress index.php file containing a long, encrypted one-line injection in front of […]
OS Command Injection in WP-Database-Backup
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs. Are You Affected? On April […]
