Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may still be found in the wild. Back in early 2017, our research team was looking into More Info »
Tag Archives: WordPress Security
WordPress Database Brute Force and Backdoors
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers More Info »
7 Tips for Protecting Your Website
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat landscape, some folks might need it simplified even further. Okay, we hear ya. If you’re More Info »
How to Find & Remove SEO Spam on WordPress
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis. Without clicking anything (seriously, don’t), take a close look at the results. More Info »
6 Simple Steps for Hardening your WordPress Security
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to Harden WordPress Security You can harden your WordPress site by following these six simple steps: 1 – Keep WordPress updated It is important to keep More Info »
Hacked Website Threat Report – 2019
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect website owners from compromise. Education is key to protecting yourself More Info »
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen over two thousand new infected sites since we started tracking this infection. The injection seen below is used More Info »
Authentication Bypass Vulnerability in InfiniteWP Client
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as More Info »
Top 10 Sucuri Research Articles in 2019
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future. With that thought in mind, we asked our researchers to choose their favorite blog posts from 2019. If your New Year’s resolution for 2020 is More Info »
Unmasking Black Hat SEO for Dating Scams
Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection. Mysterious wp-config.php Inclusion During the More Info »
