Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this

Symptoms of a hack can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website — all of these events may indicate that your website has been hacked. Fortunately, there are a number of quick

Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a backdoor that we’ve been tracking. In today’s post we’ll be discussing what cron jobs are,

Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to WordPress security. Essentially modified versions of official WordPress themes and plugins with their licensing restrictions removed, these nulled software copies are often touted as premium functionality packaged in a free

The Sucuri Firewall functions as a reverse proxy. A simple change to your DNS settings is all it takes to thoroughly filter incoming traffic to sniff and parse out bad requests from the good ones. However, these DNS changes can affect connectivity to your mail service if not properly implemented. In fact, this is a

Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained very little useful information to a regular visitor, but — more importantly — also contained Google Adsense advertisements. It appeared to be an attempt to artificially pump ad views to

Your website’s search results and rankings are vital to the success of your online business. Better search visibility equates to more traffic — which results in more opportunities to convert leads into customers. And while it may be tempting to game search engine algorithms to come out on top, there’s a hard line in the

Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors that we have observed over the last few months has been designed to evade detection

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this