Tag: wordpress (Page 1 of 2)

SiteLock Whitepaper

Protecting the Enterprise against Third-Party Code

“Websites are the one IT asset you want to be publicly available. You want the customer to engage and interact. But you still need it to be safe.” – Neill Feather, President at SiteLock

October is National Cybersecurity Awareness Month (NCSAM), a month dedicated to raising awareness around the importance of cybersecurity. At SiteLock, we strive to make the Internet a safer place by protecting websites and educating users about cybersecurity risks and solutions.

As part of our commitment to cybersecurity, SiteLock has developed a report in conjunction with Crowd Favorite to distinguish key website features that increase the likelihood of a website compromise. The report also includes five basic security steps all organizations should take to protect themselves from exposure and mitigate cyber risks. This blog provides a recap of the report. You can also download the full report here.

Read More

Factors that increase website vulnerabilities

The More Popular The Website, The More Likely The Cyberattack

In honor of National Cybersecurity Awareness Month (NCSAM), SiteLock has published new website security data to help raise awareness about the need for increased website protection and cybersecurity.

Over 760,000 websites are breached each year. However, only 6 percent of website owners use proactive website monitoring for suspicious activity, while 84 percent don’t find out about website attacks until after they’ve been compromised.

Read More

SiteLock | This Week in Exploits

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Visit wpdistrict.sitelock.com for the full story.

This Week in Exploits-SiteLock

This Week in Exploits: A Brief Survey of Fake WordPress Plugins

In this week’s installment of TWiE, we’ll discuss how fake plugins get on to WordPress sites, analyze a well known fake plugin to provide a sense of what they can do, look at a non-exhaustive list of fake plugins and a couple of interesting features, and discuss ways to avoid being victimized by fake plugins.

Read the full story at our WordPress microsite wpdistrict.sitelock.com.

This Week in Exploits-SiteLock

This Week in Exploits: My Hacked WordPress Site Was Fixed, Now What?

The unfortunate happens and your WordPress site is compromised. You recover from the hack through backups or SiteLock’s malware removal service, yet you still feel at unease.

The truth is, once a WordPress site recovers from a compromise, there’s a bit more to do. Learn about simple post-compromise steps that can help harden your site from future attacks.

Learn more at wpdistrict.sitelock.com.

SiteLock Research Team Identifies Malicious Plugin

During a routine site cleaning, the SiteLock Research Team found suspicious code in a WordPress plugin file.

Get the full details at wpdistrict.sitelock.com.

SiteLock | This Week in Exploits

This Week in Exploits: An Overview of SiteLock Research Efforts

As SiteLock continues to innovate and push the boundaries of web site protection, we’ve invested in and grown our research team to provide new capabilities and content for customers and the security community at large.

This week, we will discuss what the SiteLock Research Team is, the team’s mission, and provide an overview of the team’s emerging efforts, as well as where to find and how to interact with the team.

Read More

How to Secure Your Open Source Platform Website

WordPress vulnerabilities

Open source content management systems like WordPress, Joomla and Drupal have become some of the most popular platforms for creating websites. So much in fact, that 17% of the entire internet is hosted on WordPress.

Platforms like WordPress are free and have a huge community of users and developers, providing a vast ecosystem themes and plugins. Unfortunately, since they’re so popular, open source platforms are often a large target for hackers and since much of the platform is developed by volunteers, code vulnerabilities may exist.

Read More

SiteLock and the WordPress 4.2 XSS Vulnerability: What You Need to Know

Recently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.

The vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000’). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.

If you run WordPress, here’s what you need to know.

Read More

SiteLock and WordPress SEO by Yoast: What You Need to Know  

YOASTThis past Wednesday, Yoast, makers of one of the most popular WordPress plugins, WordPress SEO by Yoast, disclosed a blind SQL injection vulnerability against authenticated users given a successful cross site request forgery (CSRF) attack.

What is blind SQL injection and CSRF, how can the WordPress SEO vulnerability affect your site, and what should you do about it?

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén