Tag Archives: WordPress Security

WordPress Vulnerability & Patch Roundup July 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Malicious Injection Redirects Traffic via Parked Domain

During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue. Investigating obfuscated JavaScript Our investigation revealed the following piece of obfuscated JavaScript […]

How to Harden WordPress: A Basic Overview

Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you take a few of these steps to harden WordPress and protect your environment against bad bots, brute force, and other automated attacks. For example, the WordPress login page is – […]

New Guide on Secure VPS Configuration

One of the most common problems that we observe among many of our clients is the persistent threat of cross contamination – that is, malware that spreads from one website to another when they are hosted in the same environment. This is particularly common within cPanel environments when add-on domains are used, or within improperly […]

WordPress Vulnerability & Patch Roundup June 2023

Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions

Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as well as peculiar includes and file extensions within their WordPress backdoors to conceal their malware […]

New WooCommerce Security Best Practices Guide

WooCommerce is a widely used e-commerce platform, powering nearly 6 million online stores worldwide. Its popularity makes it a prime target for cybercriminals looking to exploit vulnerabilities and steal sensitive data and credit card information. In fact, according to data from our latest 2022 hacked website report, the top three most common cleanup signatures for […]

What Are WordPress Salts & Security Keys?

In the realm of WordPress security, there’s a powerful tag team working tirelessly behind the scenes to safeguard your website’s login process. Meet salts and security keys, the cryptographic wonders responsible for protecting the sensitive information housed within the cookies that WordPress depends on for authentication. Think about it: when you log into your WordPress […]

What is a 403 Error & How to Fix It

A 403 error can be a frustrating interruption to anyone’s day; it can lead to exasperated website visitors, even leading to lost traffic and website revenue depending on the affected page. When you (or your site visitors) encounter an unexpected 403, it’s vital to assess the issue promptly in the event that it’s the symptom […]

How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI

WordPress, like other open-source content management systems, allows you to enhance your website’s appearance and functionality through custom code and third-party components like plugins and themes. It’s these extensions that allow you to publish content with added functionality for your visitors and facilitate the unique look of your brand. While the developers who build these […]

Stratusclear.org

Stratusclear Network