Secure Hosting WP Blog
Security Updates are Brought to You from Wordfence and Sucuri. Two trusted security plugins for WordPress users.
“Free” Symchanger Malware Tricks Users Into Installing Backdoor
In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had exploited a vulnerability or compromised login details for the website. But did you know...
Hackers Love Expired Domains
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally normal, but it’s important to remember that attackers regularly monitor domain expirations and may target...
Hidden SEO Spam Link Injections on WordPress Sites
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is by design — attackers intentionally try to prevent detection by arranging injected links so...
PHP 8: What WordPress Users Need to Know
PHP 8.0 is set to be released on November 26, 2020. As the programming language powering WordPress sites, PHP’s latest version offers new features that developers will find useful and improvements that promise to greatly enhance security and performance in the long...
Episode 96: Hosting Provider Failures and Incident Response Preparedness
Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations...
Wordfence Site Cleaning Guarantee Extended to 1 Year
Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an 1-year clean site guarantee. If your site is compromised again after our team has cleaned and secured your WordPress site, we’ll clean it again for free. Additionally,...
PrestaShop SuperAdmin Injector and Login Stealer
According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically target these environments. We recently came across an infected PrestaShop...
Evasive Maneuvers in Data Stealing Gateways
We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came across this example of a PHP script that attackers use for many different...
Large-Scale Attacks Target Epsilon Framework Themes
On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites. So far today, we have...
Episode 95: Critical Privilege Escalation Vulnerabilities Affect Over 100K WordPress Sites
Three critical privilege escalation vulnerabilities in the Ultimate Member plugin put over 100,000 sites at risk. We also talk about the Page Experience metric to be added as a ranking signal for Google search in May 2021 and what this means for WordPress sites using...
Another Credit Card Stealer That Pretends to Be Sucuri
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site. The first 109 lines of the malware don’t contain...
Code Comments Reveal SCP-173 Malware
We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for example, a short description of a feature or functionality for other developers to reference. Oftentimes, hackers...
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin
On October 23, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites. These flaws made it possible for attackers to escalate their privileges to those of an administrator...
Episode 94: Hosting Provider Exposed 63 Million Customer Records
A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress...
ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an...
Object Injection Vulnerability in Welcart e-Commerce Plugin
On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan. After we finished our investigation, we contacted...
Legacy Mauthtoken Malware Continues to Redirect Mobile Users
During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up...
CSS-JS Steganography in Fake Flash Player Update Malware
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using...
Unpacking the WordPress 5.5.2/5.5.3 Security Release
On Thursday, October 29, the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet. There was a subsequent...
Episode 93: Nitro Documents on the Dark Web and Botnets Targeting Older Vulnerabilities
We cover a couple of breaking stories this week, including the emergency release of WordPress 5.5.3 on Friday, October 30. In preparation for this, a number of sites autoupdated to version 5.5.3-alpha. We also look at the the defacement of the Trump Campaign website,...
WordPress News
WordPress 5.5.1 Maintenance Release
WordPress 5.5.1 is now available! This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade. You can download WordPress 5.5.1 directly, or visit...
The Month in WordPress: August 2020
August was special for WordPress lovers, as one of the most anticipated releases, WordPress 5.5, was launched. The month also saw several updates from various contributor teams, including the soft-launch of the Learn WordPress project and updates to Gutenberg. Read on...
WordPress 5.5 “Eckstine”
Here it is! Named “Eckstine” in honor of Billy Eckstine, this latest and greatest version of WordPress is available for download or update in your dashboard. Welcome to WordPress 5.5. In WordPress 5.5, your site gets new power in three major areas: speed, search, and...
WordPress 5.5 Release Candidate 2
The second release candidate for WordPress 5.5 is here! WordPress 5.5 is slated for release on August 11, 2020, but we need your help to get there—if you haven’t tried 5.5 yet, now is the time! You can test the WordPress 5.5 release candidate in two ways: Try...
The Month in WordPress: July 2020
July was an action-packed month for the WordPress project. The month saw a lot of updates on one of the most anticipated releases – WordPress 5.5! WordCamp US 2020 was canceled and the WordPress community team started experimenting with different formats for...