Archive by Author

Malware Serving SEO Spam from External Sites

We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to SEO spam campaigns through PHP, database injections or .htaccess redirects. An SEO spam infection can be devastating to a website’s credibility and reputation. Many website owners recognize and appreciate More Info »

Website Hosting: Security Awareness Can Reduce Costs

Website hosting security has matured in recent years. Naturally, the types of security issues have changed because of it. For example, cross-contamination over multiple shared hosting accounts used to be a major problem for large website hosting providers,  but this isn’t really a huge threat today. However, malware attacks and other website security-related issues at the More Info »

Fake Plugins, Fake Security

WordPress users are becoming increasingly more aware of security threats and as a result they are taking more actions to secure their websites (e.g. by installing security plugins). While this is a good thing, there are always black hats trying to take an advantage of new opportunities to compromise websites. For example, we’re seeing a More Info »

Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1. Are You at Risk? The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting More Info »

Hacked Websites Mine Cryptocurrencies

Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon. This trend resulted in emergence of online platforms that allow webmasters to install coin miners into their websites as an More Info »

Using a VeraCrypt File Container to Encrypt Local Website Files

If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting these sensitive files. In the event that your computer is compromised, the encrypted container prevents an attacker from gaining access to your website (via database configuration files) and other private data. This More Info »