Category: SiteLock Research (Page 1 of 3)

This Week in Exploits: A Quick Look at Turkish Escort Spam

This Week in Exploits-SiteLock

This week we’ll take a look at an interesting SEO spam campaign that recently came across the SiteLock research desk. Turkish escorts are apparently big business and we had the opportunity to dig a bit into the makings of a malicious Turkish escort spam campaign.

Read More

This Week in Exploits-SiteLock

This Week in Exploits: Know Your Sites (KYS)

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

Visit for the full story.

This Week in Exploits: It’s Not You, Firefox, It’s Me. Well, Maybe It IS You.

I love Firefox. I’ve used it since it was Firebird, if not Phoenix, and it’s my main browser on every device. I value Mozilla’s dedication to an open, secure, and private internet, and because of that, I recommend Firefox to friends and family. That’s why two recent Firefox developments have me concerned. This week we’ll discuss a troubling statement about the state of Firefox security, the sunsetting of SHA-1 and Firefox’s recent exception to that, and whether Firefox is still a secure browsing option.

Read More

SiteLock | This Week in Exploits

This Week in Exploits: Backups Are Essential… And a Problem


Backups are essential to a site’s security. With regular, tested backups, a site can recover from hardware failures, accidental deletions, or attacks like defacements and ransomware. They can also be problematic. This week we’ll discuss why backups are essential, and then reveal how backup strategy can harm a website and how to prevent it.

Read More

This Week in Exploits: Speeding Up Your WordPress Site

CDNs are great for WordPress sites because much of the post content is static and can easily be cached and served by a CDN. With visitors receiving cached content from the closest CDN data center, origin server load decreases, allowing sites to load faster for site visitors. At the same time, serving a site from multiple data centers makes the origin server more robust. A fortuitous spike in traffic won’t take a site down as the data centers handle the increased load.

Visit for the full story.

how to prevent security breaches

This Week in Exploits: A Cuppa IoT with Your Security?

There’s no bigger buzzword in the security world now than the ‘Internet of Things.’ The Internet of Things, or IoT, is the connectedness of everyday devices and sensors to allow the quantification and control of systems. Video doorbells alert wayward homeowners of visitors. Bluetooth fobs connect car keys to smartphones. Thermostats track heating and cooling preferences to select a tailored temperature for a homeowner.

Read More

how to prevent security breaches

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Visit for the full story.

This Week in Exploits-SiteLock

This Week in Exploits: A Brief Survey of Fake WordPress Plugins

In this week’s installment of TWiE, we’ll discuss how fake plugins get on to WordPress sites, analyze a well known fake plugin to provide a sense of what they can do, look at a non-exhaustive list of fake plugins and a couple of interesting features, and discuss ways to avoid being victimized by fake plugins.

Read the full story at our WordPress microsite

This Week in Exploits-SiteLock

This Week in Exploits: My Hacked WordPress Site Was Fixed, Now What?

The unfortunate happens and your WordPress site is compromised. You recover from the hack through backups or SiteLock’s malware removal service, yet you still feel at unease.

The truth is, once a WordPress site recovers from a compromise, there’s a bit more to do. Learn about simple post-compromise steps that can help harden your site from future attacks.

Learn more at

malicious plugin

SiteLock Research Team Identifies Malicious Plugin

During a routine site cleaning, the SiteLock Research Team found suspicious code in a WordPress plugin file.

Visit our WordPress blog, the District, for full details on this malicious plugin.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén