Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Tag Archives: WordPress Security
Mastering WordPress File Permissions: A Guide for All Levels
File permissions might seem like a small part of managing a WordPress site, but they play a key role in your website’s security and functionality. Incorrect permissions can leave your site vulnerable to attacks, while overly restrictive settings can hinder its operation. This guide is designed to walk you through the essentials of WordPress file […]
How to Set Cache Control Headers
When it comes to your website performance, every millisecond counts. Whether you’re managing a personal blog or a large-scale e-commerce site, the speed at which your pages load can profoundly impact everything from user experience to search engine rankings. This is where using HTTP headers, specifically cache control headers, can come in really handy. HTTP […]
New Variation of WordFence Evasion Malware
We recently came across an infected WordPress environment which contained a new variation of WordFence evasion malware using some sneaky tactics to conceal itself from view. The site administrator was reporting some issues with potential credit card theft malware on their website, but they had already removed that themselves by the time we arrived at […]
WordPress User Enumeration: Risks & Mitigation Steps
User enumeration is a technique used by attackers to discover valid usernames associated with a CMS or website. By exploiting certain features, bad actors can compile a list of usernames, which can then be used to launch brute force attacks. These attacks systematically try various password combinations to gain unauthorized access to user accounts on […]
WordPress Vulnerability & Patch Roundup June 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Hundreds of Websites Targeted by Fake Google Chrome Update Pop-Ups
Fake Browser Update campaigns are known for their deceptive tactics used by hackers to trick users into downloading malicious software. These campaigns typically involve injecting malicious code into a website, which then displays a popup message urging users to update their web browser. Clicking on the provided link usually results in downloading malware, such as […]
WordPress Vulnerability & Patch Roundup May 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Server Side Credit Card Skimmer Lodged in Obscure Plugin
Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from […]
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It’s another lesson for web users to be careful what they click on, and to be wary of anything suspicious that pops up in their browser […]
