Security Education

A Guide to Virtual Patching for Website Vulnerabilities

All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and try to attack it. That’s why keeping your website up-to-date with the latest patches and

[ Read More ]

What Is Clickjacking and How Do I Prevent It?

There are a plethora of techniques that attackers use to redirect site visitors and harvest sensitive information on compromised websites. But when most webmasters think about securing their website, they often don’t think about how attackers can inject clicks on it from another site. In today’s article, we’ll explain what clickjacking is, outline the types

[ Read More ]

How Are Favicon (.ico) Files Used in Website Malware?

When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings Strange redirects to spam websites Blocklisting by Google, Bing and other search authorities Randomly named folders containing spam files and big spam sitemaps If you’re experiencing these

[ Read More ]

What Is a 500 Internal Server Error & How to Fix It

A frustrating interruption to anyone’s day is the infamous 500 internal server error. When it happens not only do you lose traffic or potential site revenue, but it can also reflect badly on your site’s reputation and even affect your Google rankings. Furthermore, 500 server errors can sometimes be an indicator of compromise — the

[ Read More ]

Examining Less-Common WordPress Credit Card Skimmers

Since 2020 considerable attention has been spent analysing the emergence of MageCart malware within WordPress environments which most commonly affects sites using WooCommerce. As demonstrated in a previous post WordPress has quickly become the most commonly affected CMS platform for credit card skimmers due to the CMS’ popularity and ease-of-use. In fact, so far this

[ Read More ]

Fake Instagram Verification & Twitter Badge Phishing

Social media platforms like Instagram and Twitter offer verification badges as a credibility indicator to help show authenticity and integrity to visitors. To obtain a badge, profiles must meet a list of various requirements and undergo verification process. For example, the one found on our Sucuri Twitter profile: Let’s examine how these coveted verification badges

[ Read More ]

7 Tips to Clean & Maintain Your Website

Most people would agree — living in a house full of accumulated debris and unnecessary objects can create a chaotic environment, and even cause health problems. This scenario is easily applicable to your website, too. You can think of your hosting environment as the home where your website lives.   It’s extremely easy for hosting accounts

[ Read More ]

Security Lessons Learned from 2021

There’s no one specific topic or target or audience when it comes to website security. But when you clean enough hacked websites, you start to see trends and techniques emerge in the landscape. In my last presentation at WordCamp Europe, I dove into the latest findings from our threat report to highlight the major themes

[ Read More ]

SiteCheck Malware Trends Report – Q2 2022

Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications. Our

[ Read More ]

Top 5 Most Common WordPress Malware Infections: An Anatomy Lesson

WordPress security is serious business – and an essential consideration for anyone using the world’s most popular CMS (Content Management System).   While the WordPress team quickly addresses known security issues in WordPress’ core to protect the millions of website owners who rely and depend on the software, the reality is that the same cannot be

[ Read More ]