Tag Archives: WordPress Security

Fake UpdraftPlus Plugins

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins Sourced from UpdraftPlus Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can be used. While their code More Info »

Cryptominers & Backdoors Found in Fake Plugins

When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in the number of malicious plugins which have been added to compromised websites as well. These plugins appear to be legitimate, but inspecting the code reveals More Info »

A New Wave of Buggy WordPress Infections

We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to prevent detection. For example, last More Info »

Raising Awareness: WPBeginner Spotlight

We’re dedicated to creating the best website security guides and professional services. One way we get our message out is by partnering with open-source CMS communities, web devs, and industry professionals. Small businesses and bloggers don’t often think about website security, but our partners are doing their part to raise awareness. This includes educating audiences More Info »

Fake Human Verification Spam

We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced Booking Calendar — and it didn’t take long before we were receiving clean up requests for websites that had already been exploited through this plugin. More Info »

Misuse of WordPress update_option() function Leads to Website Infections

In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of  WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers do not implement the permission flow correctly, attackers can gain admin access or inject arbitrary data More Info »

Dissecting the WordPress 5.2.3 Update

Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. Based on our More Info »

How to Audit & Cleanup WordPress Plugins & Themes

In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress Vulnerable? “Here’s the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS’ popularity, with the end user thrown into the mix, make for More Info »

Malicious Plugin Used to Encrypt WordPress Posts

During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the openssl_encrypt More Info »