Secure Hosting WP Blog
Security Updates are Brought to You from Wordfence and Sucuri. Two trusted security plugins for WordPress users.
Defiant Participating in Privacy Shield Framework
Defiant, dba Wordfence, is now listed on the Privacy Shield certification list participating in both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. The purpose of these frameworks is to allow for the lawful transfer of personal data from the European Union and...
Episode 78: Targeted Phishing Bypassing Security Checks and a new DDoS Record
This week, we look at some targeted phishing attacks that are bypassing Microsoft Outlook’s protective filters, and phishing campaigns using calendar invitations to target unsuspecting recipients. We also look at some successful bitcoin scams and a new record...
Malware Detection: Measuring Recall to Catch Them All
At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted...
Critical Vulnerabilities Patched in Adning Advertising Plugin
On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2 vulnerabilities, one of which was a critical vulnerability that allowed...
Episode 77: WordPress 5.4.2 Released, Fake Ransomware Bitcoin Scams
This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report and what is says about...
WordPress 5.4.2 Patches Multiple XSS Vulnerabilities
WordPress Core version 5.4.2 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that would require...
What is the Gibberish Hack?
Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?” But when...
Experience + Technology: How We Clean Infected Websites at Sucuri
Our malware removal service is particularly effective because it combines automated and human elements. The process gets off to a quick start thanks to cleanup scripts developed by our threat researchers. Real people also get their hands dirty handling tough work that...
Evasion Tactics in Hybrid Credit Card Skimmers
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers. Though popular with bad actors, one of the drawbacks of this approach is...
Large Scale Attack Campaign Targets Database Credentials
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point,...
What is a Website Defacement?
Website defacement is the most obvious sign of a hack. In these cases, bad actors who have gained access to an environment leave their mark through digital vandalism. For website owners, it means trying to access your homepage, only to find all of the code and content...
Labs Notes Monthly Recap – May/2020
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our...
High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites
A few weeks ago, our Threat Intelligence team discovered several vulnerabilities present in Page Builder: PageLayer – Drag and Drop website builder, a WordPress plugin actively installed on over 200,000 sites. The plugin is from the same creators as wpCentral, a...
What is FTP? Why use it to clean hacked websites?
The File Transfer Protocol (FTP) is a network protocol used to transfer files between a client server and a network. In other words, it is through FTP that we get text and images onto a website. Why is FTP used to clean up a website? Not only is FTP used to insert...
WordPress Malware Collects Sensitive WooCommerce Data
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave...
The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites
On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin installed on approximately 1 million sites. That vulnerability was being exploited in conjunction with another vulnerability found in Ultimate...
Episode 76: Ongoing Attacks on WP Growing in Volume Plus Numerous Plugin Vulnerabilities
On this week’s Think Like a Hacker podcast, we cover an active attack campaign targeting WordPress sites and numerous plugin vulnerabilities. This active attack campaign has been ongoing and has outpaced all other attacks on WordPress vulnerabilities. Our threat...
Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access
On April 21st, our Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site...
YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators. Phishing Behavior The...
One Attacker Outpaces All Others
Starting April 28th, we saw a 30 times increase in cross site scripting attack volume, originating from a single attacker, and targeting over a million WordPress sites. We published research detailing the threat actor and attack volume increase on May 5th. By the time...
WordPress News
WordPress 5.5 Beta 1
WordPress 5.5 Beta 1 is now available for testing! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.5 beta in...
The Month in WordPress: June 2020
June was an exciting month for WordPress! Major changes are coming to the Gutenberg plugin, and WordCamp Europe brought the WordPress community closer together. Read on to learn more and to get all the latest updates. WordPress 5.4.2 released We said hello to...
WordPress 5.4.2 Security and Maintenance Release
WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so...
Equity and the Power of Community
Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t...
The Month in WordPress: May 2020
May was an action-packed month for WordPress! WordPress organizers are increasingly moving WordCamps online, and contributors are taking big steps towards Full Site Editing with Gutenberg. To learn more and get all the latest updates, read on. Gutenberg 8.1 and...