Secure Hosting WP Blog
Security Updates are Brought to You from Wordfence and Sucuri. Two trusted security plugins for WordPress users.
1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs
Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites. This led us into an investigation which uncovered an active...
PHP Re-Infectors – The Malware that Keeps On Giving
We all know why bad actors infect sites: monetary gain, boosts in SEO ratings for their malware or spam campaigns and a number of other reasons explained in our post on hacker’s motivations. It defeats the purpose of the attack if the malware is easily and quickly...
Authentication Bypass Vulnerability Patched in User Registration Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability...
WooCommerce Credit Card Swiper Injected Into Random Plugin Files
It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card theft are most rampant. Administrators of ecommerce websites need to be extra vigilant as this case will demonstrate. This story...
Is My Site Hacked? 4 Gut Checks
The consequences of a hacked site have wide-ranging financial repercussions that extend beyond the cost of cleaning the site. Drop-offs can be anticipated for new sales from prospects spooked by “not secure” url warning labels. The same downward turn can be expected...
WordPress Admin Creator – A Simple, But Effective Attack
Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates these malicious users can hide in plain sight. Injecting a malicious admin user into a WordPress site can allow...
XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we...
What We’ve Learned About SSH Brute Force Attacks
The first time I encountered brute force attacks I was a hosting specialist who received calls from frustrated site owners that wanted to know who’d gained access to their server. Many of them didn’t understand the importance of a password’s character strength, or how...
Why You Shouldn’t Use SMS For 2FA
Two factor authentication (2FA) provides an extra layer of security that passwords alone can’t provide. Requiring an extra step for users to verify their identity reduces the chance a bad actor can gain access to data however. One of the most common methods of 2FA is...
AWS Attacks Targeting WordPress Increase 5X
The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled. We’ve seen a global increase in attacks...
GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe
Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include: tsoHost Media Temple 123Reg...
GoDaddy Breached – Plaintext Passwords – 1.2M Affected
This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this number does not include the number...
An Overview of Website Reinfection Vectors
The website security landscape is as complicated as it is treacherous. We often deal with clients who become reinfected over and over again. Once the attackers establish a foothold in an environment and recognize that a website is vulnerable, you can guarantee that...
What is a Website Backdoor?
What is a Backdoor? A backdoor provides a shortcut for authorized or unauthorized users to gain access to an unauthorized location of a website, software, or system. There are many different ways to categorize backdoors, but they are usually not in plain sight and are...
WooCommerce Extension – Reflected XSS Vulnerability
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we...
Fake Ransomware Infection Spooks Website Owners
Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN” were sitting at 6 last week and increased to 291 at the time of writing this. Upon visiting their website...
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor,...
Understanding .htaccess Malware
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with blackhat SEO tactics, hide backdoors, inject content, modify php.ini values; the possibilities are endless. Many...
WooCommerce Skimmer Spoofs Checkout Page
Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt appeared in their browser soliciting credit card billing information: This form was foreign to our client and...
Product Update: Sucuri Firewall in India
Sucuri is pleased to announce the completion of a strategic expansion, with the opening of a data center campus in Mumbai – India. This addition adds another layer of security and performance for customers located in the South Asian region. Our Mumbai site, along with...
WordPress News
WordPress 5.5 “Eckstine”
Here it is! Named “Eckstine” in honor of Billy Eckstine, this latest and greatest version of WordPress is available for download or update in your dashboard. Welcome to WordPress 5.5. In WordPress 5.5, your site gets new power in three major areas: speed, search, and...
WordPress 5.5 Release Candidate 2
The second release candidate for WordPress 5.5 is here! WordPress 5.5 is slated for release on August 11, 2020, but we need your help to get there—if you haven’t tried 5.5 yet, now is the time! You can test the WordPress 5.5 release candidate in two ways: Try...
The Month in WordPress: July 2020
July was an action-packed month for the WordPress project. The month saw a lot of updates on one of the most anticipated releases – WordPress 5.5! WordCamp US 2020 was canceled and the WordPress community team started experimenting with different formats for...
WordPress 5.5 Release Candidate
The first release candidate for WordPress 5.5 is now available! This is an important milestone in the community’s progress toward the final release of WordPress 5.5. “Release Candidate” means that the new version is ready for release, but with...
WordPress 5.5 Beta 4
WordPress 5.5 Beta 4 is now available! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.5 Beta 4 in two ways: Try the...