WordPress Security

WordPress Redirect Hack via Test0.com/Default7.com

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and

[ Read More ]

WooCommerce Credit Card Skimmer Hides in Plain Sight

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment

[ Read More ]

WooCommerce Credit Card Swiper Hides in Plain Sight

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment

[ Read More ]

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability

[ Read More ]

WPScan Intro: How to Scan for WordPress Vulnerabilities

In this post, we look at how to use WPScan. The tool provides you a better understanding of your WordPress website and its vulnerabilities. Be sure to check out our post on installing WPScan to get started with the software. Big Threats Come from Unexpected Places Imagine for a second that you’re a survivor in

[ Read More ]

WPScan Intro: How to Install the WordPress Vulnerability Scanner 

What does your WordPress site look like to hackers? Would it be tough to crack? Or does it have unlocked doors and unlatched windows just waiting for someone to try them? If you want to run a security test on your WordPress site that’ll reveal its weaknesses, get familiar with WPScan.   Even though most hackers don’t have insider knowledge of your site’s weaknesses, there’s a lot

[ Read More ]

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores. Over recent years, attackers whose goal it is to fradulently obtain credit card information have mostly focused on e-commerce specific platforms such as Magento, PrestaShop and OpenCart (knowing

[ Read More ]

Server Side Data Exfiltration via Telegram API

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration. What’s more, attackers may be able to accomplish this

[ Read More ]

SQL Triggers in Website Backdoors

Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition is met. What makes this especially problematic for website owners is that most malware cleanup guides focus

[ Read More ]

Optimizing Performance and Behavior with WordPress and the Sucuri WAF

Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing even better than dedicated CDNs based on recent tests. CDNs can significantly help speed up your website by storing and delivering content as close to

[ Read More ]