What is an attack vector? An attack vector is a path or means by which a hacker gains access to your server or WordPress (or both) to execute a malicious payload. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Why the WordPress attack vector is so…
WP Security
name: WordPress REST API Vulnerability officially announced: FEBRUARY 1, 2017 Security Risk: Severe Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation + Content Injection Patched Version: WordPress 4.7.2 what: This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0….
Infected code is loaded onto computers from the internet via the web browser, often unknown to the user, when they visit an infected website. These malware programs change browser settings, alter system files and create new default webpages. Typically, malware collects personal information or renders computer unusable. Several malware programs…
name: DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) officially announced: March 2016 what: DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the…
WordPress sites are notoriously lacking when it comes to security. Be it due to an insufficient security expertise of the developer, or the use of one of the many FREE plugins available (of which the security cannot be guaranteed). With WordPress running on 1 in 5 sites on the internet,…