WordPress, like other open-source content management systems, allows you to enhance your website’s appearance and functionality through custom code and third-party components like plugins and themes. It’s these extensions that allow you to publish content with added functionality for your visitors and facilitate the unique look of your brand.

While the developers who build these extensions often have extensive knowledge of development best practices, security is not always their core competency — and third party components may contain known (or undiscovered) bugs and vulnerabilities that can pose a serious threat to your website.

Continue reading How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI at .

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading WordPress Vulnerability & Patch Roundup May 2023 at .

Welcome to another installment in helping website owners secure their digital assets, this time with a focus on the world of ecommerce. If you’re an ecommerce website owner, you’re likely aware that online stores face a unique set of challenges when it comes to security. Your success hinges on the trust customers place in your ability to protect sensitive data and provide a safe shopping environment.

In this latest post, we’ll delve into the world of securing ecommerce websites, from the basics of understanding the software and platforms you’re working with, to critical actions for reducing the attack surface and ensuring secure payments.

Continue reading How to Secure Your Online Store: A Ecommerce Security Primer at .

Welcome to the world of keyloggers, where every keystroke you make may be watched, recorded, and potentially used against you! Now that we’ve got your attention, let’s dive into the somewhat unsettling realm of these sneaky little digital spies.

In this blog post, we’ll uncover the mysteries behind keyloggers — what they are, how they work, and why they pose a potential threat to our privacy and security. We’ll also share some tips to help you identify if a website is infected and serving malicious downloads for trojans like keyloggers and other information stealers.

Continue reading What Is a Keylogger? at .

On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Over one million websites use this plugin and the fallout from this has been absolutely massive, with over 6,000 detections by SiteCheck already so far and 1637 detections in publicWWW scan results.

Naturally, if you are a website owner using this plugin and haven’t yet already, patch now!

Continue reading Vulnerability in Essential Addons for Elementor Leads to Mass Infection at .