Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective security product for our customers and analysts alike.

This crucial tool handles tasks like issuing security warnings and alerts to our clients, notifying them that they have been compromised, and assisting our analysts in detecting new and emerging variants of malware.

Continue reading Server Side Scans and File Integrity Monitoring at Sucuri Blog.

WPScan Intro: How to Scan for WordPress Vulnerabilities

In this post, we look at how to use WPScan. The tool provides you a better understanding of your WordPress website and its vulnerabilities. Be sure to check out our post on installing WPScan to get started with the software.

Big Threats Come from Unexpected Places

Imagine for a second that you’re a survivor in a zombie apocalypse.

You’ve holed up in a grocery store, barricading windows and checking door locks.

Continue reading WPScan Intro: How to Scan for WordPress Vulnerabilities at Sucuri Blog.

How to Find & Fix Mixed Content Issues with SSL / HTTPS

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole.

With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content warnings.

Today, let’s look at these common errors, what causes them, and how you can fix them.

Continue reading How to Find & Fix Mixed Content Issues with SSL / HTTPS at Sucuri Blog.

WPScan Intro: How to Install the WordPress Vulnerability Scanner 

What does your WordPress site look like to hackers? Would it be tough to crack? Or does it have unlocked doors and unlatched windows just waiting for someone to try them? If you want to run a security test on your WordPress site that’ll reveal its weaknesses, get familiar with WPScan.  

Even though most hackers don’t have insider knowledge of your site’s weaknesses, there’s a lot they can figure out based on its publicly visible code. 

Continue reading WPScan Intro: How to Install the WordPress Vulnerability Scanner  at Sucuri Blog.

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores.

Over recent years, attackers whose goal it is to fradulently obtain credit card information have mostly focused on e-commerce specific platforms such as Magento, PrestaShop and OpenCart (knowing that 100% of these websites are dealing with payment information).

Continue reading WordPress Continues to Fall Victim to Carding Attacks at Sucuri Blog.

Pin It on Pinterest