Website Security

Understanding Website SQL Injections

SQL injection is one of the most common types of web hacking techniques used today. As data breaches continue to happen to some of the most high-profile corporations and brands, it’s become more important for web users to adapt to these increased breaches with changes in behavior like system generated passwords and 2FA.  In this

[ Read More ]

How to Stop & Prevent DDoS Attacks

With DDoS attacks being an ever growing threat to servers across the globe, it’s become a fundamental part of website security. This impacts businesses both in terms of site presence, availability and profits. Over the last 8 or so years the web has had to evolve to respond to the increase in these attacks. For

[ Read More ]

The People Behind Us – Website Security Champions 2021

Kayleigh Martin is a tier 2 Website Security Analyst. Her daily responsibilities include investigating sites for malware, removing the malware, and advising clients on how to prevent future attacks. The most exciting part of her day is finding new malware that’s not been seen before. She finds that if she focuses on doing her job

[ Read More ]

Finding & Fixing Google Blocklist Warnings

When a website is added to a blocklist by blocklist authorities it can be painfully stressful for their business. SEO rankings take a dive, and loss in revenue/traffic is hit even harder if not resolved quickly. In this article we’ll be discussing what blocklists are exactly, why you should consider them when starting a website,

[ Read More ]

WordPress 5.8.3 Security Release

On January 6th, Automattic released an important security update for the WordPress core which addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately. All WordPress versions between 3.7 and 5.8 are affected by this, and the security issues include SQL injection, stored XSS and object injection, which we will review

[ Read More ]

A Walk Through a Year of Website Security: Part II

Part I of our 2021 Security Walkthrough shows the initial 5 posts of our top 10. 6 – Vulnerable Plugin Exploited in Spam Redirect Campaign It was brought to our malware research team’s attention that a vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. The type of vulnerability found is known as

[ Read More ]

A Walk Through a Year of Website Security: Part I

Over the last year, Sucuri has provided a wide array of posts in regards to how sites are infected, the types of attacks we’ve discovered, how to detect them, and how to prevent future infections with certain methods and tools. In this article we’ll discuss our top 10 posts involving website security, and what site

[ Read More ]

Most Interesting Vulnerabilities of 2021

As with most years, there’s been a wide array of critical vulnerabilities found within content management systems, plugins, API keys, etc. We’ll be recapping our discoveries and how these vulnerabilities were exploited, or potentially could have been.  Adobe Patches Critical Magento Vulnerabilities This past year, Adobe released several critical security patches for both their commercial

[ Read More ]

How to Find and Fix a WordPress Pharma Hack

Did you know that one quarter of all spam emails are accredited to pharmaceutical ads? Pharma hacks go beyond the inbox and spam websites by redirecting traffic and adding fake keywords and subdomains to the search results. Why, and how did the medical world get tangled up in spam emails, SEO spam, redirects, and website

[ Read More ]