It isn’t hard to find people citing the Cloudflare service as a good security solution for WordPress websites. What is lacking is any of those people citing evidence that Cloudflare provides effective protection for WordPress websites. If it was an Continue reading Cloudflare Isn’t Adding New Firewall Rules to Protect Against Vulnerabilities in WordPress Plugins
A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average Continue reading The cost of a WordPress website security breach
Magento’s payment provider gateway offers functionalities for site owners to integrate stores with payment service providers. This handy feature lets a website create and handle transactions based on order details and allows for out-of-the-box integrations with payment service providers like Continue reading Credit Card Stealer Targets PsiGate Payment Gateway Software
The Wordfence Security plugin is promoted with the claim that its firewall stops websites from getting hacked: Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. [Read more] ShareTweetSharePostSharePin It!
The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection. During a recent investigation for an Continue reading Analyzing a WooCommerce Credit Card Skimmer
Earlier today, Wordfence released an odd post on their blog. In the post they disclosed an incredibly easy to exploit a vulnerability in a WordPress plugin named Jupiter X Core, which allows anyone logged in to WordPress to change their Continue reading Hackers Probably Already Targeting Vulnerability Wordfence Disclosed Despite Fix Not Being Generally Available
On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege Continue reading Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side. X-Cart’s e-commerce platform is not nearly as popular as Magento or Continue reading X-Cart Skimmer with DOM-based Obfuscation
We are happy to announce the latest release of WPassword, the password security plugin for WordPress. This version includes several improvements and bug fixes for an even smoother user and administrative experience while maintaining focus on WordPress password security. Release Continue reading Announcing the release of WPassword 2.6
The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue Continue reading Millions of Attacks Target Tatsu Builder Plugin
Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads
Cybercrime is one of the biggest threats facing businesses today. As websites, connected technologies, and data become increasingly crucial to running a business, cybersecurity has become a concern across all industries. But how can you tell if you’re a potential Continue reading How Do Hackers Choose Their Targets?
One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when Continue reading WordPress Plugin Developer Security Advisory: anadnet
Since CAPTCHA was first introduced, it has undergone various iterations and evolutions. With each step, the aim always has been to make it easier for humans and more challenging for non-humans to pass the test. Over time, this led to Continue reading The different types of CAPTCHA checks for WordPress websites
Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised Continue reading Examining Emerging Backdoors
One of the little understood realities of security issues with WordPress plugins is that insecurity of WordPress plugins is not evenly spread across them. Instead, many developers are properly securing their plugins and others get them properly secured when alerted Continue reading WordPress Plugin Developer Security Advisory: mndpsingh287
Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website. In this article, we’ll focus on how Continue reading What Happens During a DDoS Attack and How to Know if You Are Under an Attack
One of the little understood realities of security issues with WordPress plugins is that insecurity of WordPress plugins is not evenly spread across them. Instead, many developers are properly securing their plugins and others get them properly secured when alerted Continue reading WordPress Plugin Developer Security Advisory: Genetech Solutions
During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit Continue reading Manually Identifying an X-Cart Credit Card Skimmer
Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images