Tag: wordpress

how to prevent security breaches

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Visit wpdistrict.sitelock.com for the full story.

WordPress security

A Brief Survey of Fake WordPress Plugins

In the latest article from the SiteLock research team, we’ll discuss how fake plugins get on to WordPress sites, analyze a well known fake plugin to provide a sense of what they can do, look at a non-exhaustive list of fake plugins and a couple of interesting features, and discuss ways to avoid being victimized by fake plugins.

Read the full story at our WordPress-focused site, wpdistrict.sitelock.com.

WordPress security

My Hacked WordPress Site Was Fixed, Now What?

The unfortunate happens and your WordPress site is compromised. You recover from the hack through backups or SiteLock’s malware removal service, yet you still feel at unease.

The truth is, once a WordPress site recovers from a compromise, there’s a bit more to do. Learn about simple post-compromise steps that can help harden your site from future attacks.

Learn more at wpdistrict.sitelock.com.

security research

An Overview of SiteLock’s Security Research Efforts

As SiteLock continues to innovate and push the boundaries of web site protection, we’ve invested in and grown our security research team to provide new capabilities and content for customers and the security community at large.

This week, we will discuss what the SiteLock Research Team is, the team’s mission, and provide an overview of the team’s emerging efforts, as well as where to find and how to interact with the team.

Read More

How to Secure Your Open Source Platform Website

WordPress vulnerabilities

Open source content management systems (CMS) like WordPress, Joomla! and Drupal have become some of the most popular platforms for creating websites. So much in fact, that over 25 percent of the entire internet is powered on WordPress.

Platforms like WordPress are free and have a huge community of users and developers, providing a vast ecosystem themes and plugins. Unfortunately, since they’re so popular, open source platforms are often a large target for hackers and since much of the platform is developed by volunteers, code vulnerabilities may exist.

Read More

XSS vulnerability - cross-site scripting

The WordPress 4.2 XSS Vulnerability

Recently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.

How Can The XSS Vulnerability Be Exploited?

The xss vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000’). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.

Important Information For WordPress Users

Read More

Keys to Word Press Security

Word Press Security If you’re using WordPress to host your website or your blog, I hope you’re aware of the growing security risks and what you need to do to avoid them. Not only is WordPress one of the most popular website platforms for businesses, it’s also one of the most popular amongst hackers. But for very different reasons.

There’s little doubt that WordPress has become one of the most popular website and blogging platforms of all time, with more than 60 million WordPress sites around the globe. But being the best comes with a price and, in the case of WordPress, that means sustaining attacks by hackers. WordPress has become such a big target for hackers that earlier this year a security firm decided to log the number of hack attacks over a period of a few months. The results were eye-opening.

Read More

Powered by WordPress & Theme by Anders Norén