I don’t often re-post other people’s web content, but the video below from Sucuri is worth the look if you are interested in learning why an attacker would want your website, and what they could possibly do with it, how that affects your reputation, and most importantly, what you could do to prevent it in the first place. If you have the time, take a look. The running time is 25 minutes. With the Q&A Session, it goes out to 40 ...
Continue Reading →
We have written before about the importance of properly securing your WordPress website. According to a recent post on the WordFence blog, the Mossack Fonseca breach, commonly known as the “Panama Papers,” was apparently made possible by an unpatched WordPress plugin, and also a mail program that stored user credentials in plaintext..
This again reiterates the importance of keeping your WordPress version up to date (version 4.5 as of ...
Continue Reading →
I know it’s April Fool’s Day, but this is a straight up serious post. If you own, operate, host, support, or develop WordPress sites, this article is for you.
We have written a few articles covering the subject of WordPress security. I recently received an email from John Stevens over at HostingFacts.com, inviting me to review their excellent tutorial, 28 ...
Continue Reading →
Some of the nastiest exploits going around are the many variants of the CryptoLocker and CryptoWall malware that encrypt all your personal files and hold them for ransom. Payment in bitcoin is required, in amounts starting at $200 and ranging upward to the $17,000 (400 BTC) that Hollywood Presbyterian Hospital just paid to unlock their files. Or even more. The amount will be whatever the attackers think they can extract from the victim.
Last Friday we dove down the WordPress Security bunny hole to chase the Aethera botnet and the other attack platform that WordFence reported. Today we are looking a their new WordPress Security Learning Center.
If you are a developer or security professional, you should check this site out, and take the time to fit the classes into your schedule. If you are ...
Continue Reading →WordFence Security released a post back on February 2 that detailed their findings on a sophisticated exploit against WordPress sites. We have discussed the importance of proper WordPress security on our blog several times in the past. See the links below to review those articles.
You can see the video that WordFence created here.
This exploit can be used to load ...
Continue Reading →Just received an email from WordFence, the WordPress security plugin-developer, that popular WordPress hosting company WPEngine had a breach that may have included customer user name and password information. The full text of the email I received follows.
Continue Reading →“We learned about an hour ago that there has been a data breach at WPEngine. Some of their customer login credentials have been exposed. ...
Today we are going to take a deeper dive into the subject of website security. Web servers can be breached in a number of ways, but the most common is simply stealing your user ID and password, either through a clever spearphishing email, or an automated brute force password cracking program. The second most common way is through software vulnerabilities in the web site code itself that opens it ...
As we have mentioned in previous postings, WordPress has become one of the world’s leading web design tools, with a 27% share of all web sites, and a 65% share of CMS or Content Management System type websites. Because it is an open source product that is free to use, it has become hugely popular. We have been designing in WordPress ourselves ...
Just a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack. According to Sophos:
Continue Reading →“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted