Tag Archives: WordPress Security

Choosing the Best CMS for Your Needs

Knowing which is the right CMS is key when launching a new site. Websites are no longer just online brochures; they’re where businesses sell products, protect private information, chat with customers, and build their entire online brand. A good CMS gives you flexibility, room to grow, and strong security, so you can easily manage your […]

Vulnerability & Patch Roundup — August 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Locking Down the WordPress Login Page

Due to its flexibility, ease of use, and massive plugin ecosystem, WordPress is a favorite among bloggers, developers, and businesses alike. Given its popularity, attackers do not waste time guessing where sensitive assets live. By default, on every WordPress site the front door is conveniently labeled /wp‐login.php or /wp‐admin/. On even a modest site, server […]

Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website

Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a suspicious external domain. This type of malicious script aims to force users to view unsolicited content, often for ad fraud, traffic generation, or deceptive social engineering. This is the fake […]

WordPress Vulnerability & Patch Roundup — July 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Uncovering a Stealthy WordPress Backdoor in mu-plugins

Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder. In fact, back in March, we saw a similar trend with hidden malware in this very directory, as detailed in our post Hidden Malware Strikes Again: MU-Plugins Under Attack. This […]

WordPress Redirect Malware Hidden in Google Tag Manager Code

Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after a user landed on the site. Upon closer inspection of the site’s source code we found a suspicious Google Tag Manager loading. This isn’t the first time we’ve seen GTM […]

Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors

Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware deeply embedded within their site’s core files. This wasn’t just a simple redirect; it was a complex operation designed for search engine poisoning and unauthorized content injection. What Did We […]