Category: WordPress Security (Page 1 of 2)

Ask the Expert SiteLock Blog

Ask the Expert: Q&A with Morten Rand-Hendriksen

Brought to you by SiteLock, Ask the Expert is our new Q&A series where we learn from industry innovators, thought leaders, and entrepreneurs about how they’re influencing their field. Throughout this series, you’ll find our interviewees share one commonality: they’re passionate about open-source content management systems (CMS), like WordPress, Joomla! and Drupal. Join us as we dive into a variety of subjects, including social media, blogging and website security.

We are excited to kick-off Ask the Expert with Morten Rand-Hendriksen, web developer, author, educator, and WordPress mover and shaker!

Read More

WordPress security

The Potential Dangers Of WordPress Multisite

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

Visit for the full story.

WordPress security

Increased WordPress Security On Hosted Websites

A recent article reported that is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.

If you’re a user, one way to take advantage of WordPress’s exemplary efforts is to go further and enhance the security of your site with protection services.

Visit for the full story.

WordPress security

Speeding Up Your WordPress Site


CDNs are great for WordPress sites because much of the post content is static and can easily be cached and served by a CDN. With visitors receiving cached content from the closest CDN data center, origin server load decreases, allowing sites to load faster for site visitors. At the same time, serving a site from multiple data centers makes the origin server more robust. A fortuitous spike in traffic won’t take a site down as the data centers handle the increased load.

Visit for the full story.

how to prevent security breaches

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Visit for the full story.

WordPress security

A Brief Survey of Fake WordPress Plugins

In the latest article from the SiteLock research team, we’ll discuss how fake plugins get on to WordPress sites, analyze a well known fake plugin to provide a sense of what they can do, look at a non-exhaustive list of fake plugins and a couple of interesting features, and discuss ways to avoid being victimized by fake plugins.

Read the full story at our WordPress-focused site,

WordPress security

My Hacked WordPress Site Was Fixed, Now What?

The unfortunate happens and your WordPress site is compromised. You recover from the hack through backups or SiteLock’s malware removal service, yet you still feel at unease.

The truth is, once a WordPress site recovers from a compromise, there’s a bit more to do. Learn about simple post-compromise steps that can help harden your site from future attacks.

Learn more at

Malicious WordPress plugin site

Malicious WordPress Plugin Adsense High CPC

While scanning website files, SiteLock SMART flagged three particular files as suspicious.  Inspection of the files by the SiteLock research team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.

In the following article, we will:

  • detail the malware contained in the malicious plugin
  • reveal the relationships between the malicious plugin and other websites
  • discuss mitigation for sites using the plugin and how to avoid such situations

Read More

How to Secure Your Open Source Platform Website

WordPress vulnerabilities

Open source content management systems (CMS) like WordPress, Joomla! and Drupal have become some of the most popular platforms for creating websites. So much in fact, that over 25 percent of the entire internet is powered on WordPress.

Platforms like WordPress are free and have a huge community of users and developers, providing a vast ecosystem themes and plugins. Unfortunately, since they’re so popular, open source platforms are often a large target for hackers and since much of the platform is developed by volunteers, code vulnerabilities may exist.

Read More

XSS vulnerability - cross-site scripting

The WordPress Genericons XSS Vulnerability

Earlier this week a security researcher reported a cross site scripting vulnerability, also known as an XSS vulnerability, in the WordPress icon package, Genericons.  Genericons is an icon package that was used with the default-installed WordPress theme, Twenty Fifteen.   Genericons included an HTML file, named example.html, which actually had the cross site scripting flaw.

About The Genericons XSS Vulnerablity

The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén