For your WordPress protection, be informed about the latest vulnerabilities in WP plugins: WP Statistics SQL injection reported by Sucuri. Exploit allows to create an admin-level user and sign in to your WordPress as an admin. Cross-Site Scripting (XSS) reported by Dewhurst Security. Exploit allows attackers to compromise a WordPress…
WP Security
If you are unable to login to your WordPress site, then there is a chance that hackers may have compromised your admin account from WordPress. There are some common tell-tale signs that should help you figure out if your WordPress site is compromised. Don’t panic, but this is serious! In…
If you look at your analytic reports and see a sudden and constantly dropping trend in your website traffic, then it could be a sign that your WordPress site is hacked. There are some common tell-tale signs that should help you figure out if your WordPress site is compromised. No…
Back in 2013, a web publishing company, Interconnect/IT, released a handy tool for finding and replacing text in a website’s database. This tool, a stand-alone file published as “searchreplacedb2.php”, includes built-in WordPress compatibility that makes working with WordPress databases a breeze. Unfortunately, since the first public version, it did not…
Malicious redirects are very common in compromised websites. Attackers DO TAKE ADVANTAGE of the site resources to promote spam, distribute other malware, backdoors, and perform all kinds of malicious activities. Sucuri, during an Incident Response investigation, found that malicious redirects were coming from a JavaScript loading via the website enmask.com,…
With so many bad news of vulnerabilities and hackers attempting to compromise WordPress sites regularly, you start wondering if WordPress is really secure at all. You can stop wondering because WordPress is secure! The popularity numbers create this negative effect. Today, WordPress powers 27% of all sites on the web…
A new kind of attack targets fresh WordPress installations. Attack starts with a scan after the “/wp-admin/setup-config.php” URL. This is the setup URL for any freshly installed WordPress. If the attackers find that URL and it contains a setup page, it indicates that someone has recently installed WordPress on the…
For your WordPress protection, be informed about the latest vulnerabilities in WP plugins: All-in-One WP Migration Cross-Site Scripting (XSS) reported by Twitter user @0w4ys. Immediately update to version 6.46 to fix the vulnerability. Ultimate Product Catalogue Authenticated SQL Injection reported by Twitter user @log_oscon. Immediately update to version 4.2.3 to…
WordPress security is often referred to as “reinforcement” or “hardening”. Makes sense. After all, the process is like adding reinforcements to your existing security, hardening the current capabilities. We created a few fun quizzes, to allow users to test their own WordPress Security skills. All these quizzes can be 100%…