Tag Archives: WordPress Security

WP-CLI: How to Connect to WordPress via SSH

The WordPress admin dashboard, though intuitive and feature-rich, can be time-consuming to explore. If you’re looking for a more direct approach to website management, consider giving the WordPress Command Line Interface (WP-CLI) a try! WP-CLI is an efficient and powerful way to manage your WordPress installation, allowing you to update your core files and plugins, […]

Massive Abuse of an Abandoned Eval PHP WordPress Plugin

Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of backdoors: PHP scripts designed to allow attackers access and control even after you’ve changed your passwords and thought that the worst was over. Since external scans are unable to see […]

Limit Login Attempts Vulnerability – Patch Now!

On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000 installations, it’s among the most popular WordPress plugins in use to help prevent unauthorized access to administrator dashboards. In an ironic twist, this vulnerability may allow attackers to do just […]

Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities. Other organizations and […]

Hacked Website Threat Report – 2022

Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques observed in […]

WordPress Vulnerability & Patch Roundup March 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and patches for the WordPress ecosystem this past […]

Critical Vulnerability Discovered in WooCommerce Payments

On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over half a million active installations. Thankfully the vulnerability was discovered by white hat security researcher Michael Mazzolini and responsibly disclosed through HackerOne, giving websites time to install the patched version […]

WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin

Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Overall they are both robust and secure payment platforms that are perfectly safe to use. […]

Magbo Spam Injection Encoded with hex2bin

We recently had a new client come to us with a rather peculiar issue on their WordPress website: They were receiving unwanted popup advertisements but only when the website was accessed through links posted on FaceBook. Initially we thought that this must be a rogue ad coming through an otherwise legitimate advertising network but it […]