On Februrary 28, we publicly warned that the WordPress plugin Mistape had what appeared to have a backdoor added in its latest release. Part of the code would contact the developer’s website and let them know if the plugin was Continue reading A Month Later, WordPress Still Hasn’t Taken Action for Websites With Backdoored Plugin They Distributed
Recently our Remediation and Research teams have noticed a new wave of malicious cron jobs associated with the notorious AnonymousFox malware. The cron jobs are purpose-built to reinfect the victim websites and make removal of the infection more cumbersome and Continue reading New Wave of AnonymousFox Cron Jobs
Update – after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didn’t receive our disclosure because our contact at the company was no longer the correct recipient for this type Continue reading Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk
If you’re a website developer or server administrator it’s always a good idea to inform your clients about the basics in terms of their website’s security, and the inherent need for cautious security practices. Attacks and the methods of gaining Continue reading Top 5 Topics to Discuss with Clients About Website Security
A week ago we had what look to be a hacker probing for the WordPress plugin Press Elements on one of our websites through a request for the following file. /wp-content/plugins/press-elements/package.json [Read more] ShareTweetSharePostSharePin It!
If you’ve been thinking about adding CAPTCHA to your WordPress website (or have recently installed our amazing CAPTCHA 4WP plugin), you’ll undoubtedly have come across the many different versions and iterations of the word CAPTCHA. If you find all of Continue reading What is the difference between CAPTCHA, ReCAPTCHA, and NoCAPTCHA?
A company that earns a customer’s trust is more likely to see repeat business. Many things can impact whether someone puts their trust in a brand. The post Can Cybersecurity Impact Your Site’s Conversion Rates? appeared first on Security Ninja. Continue reading Can Cybersecurity Impact Your Site’s Conversion Rates?
One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept Continue reading The Mystery Admin User
On August 9, 2021, a security update was released for the WordPress plugin Favicon by RealFaviconGenerator, which has 200,000+ installs. The changelog for that was: Fix XSS security issue, reported by WPSpan.com. See https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9?fbclid=IwAR2aRMXRjbGm9ppoI9tM-OHm26Q0ax4yt0MkcP5sp0-pz9D4eVIEHQwvG1Y [Read more] ShareTweetSharePostSharePin It!
Seeking a reliable security testing tool can be overwhelming, given how large the opsec environment has grown over these last few years. Given how large things have grown, it’s become common to overcharge people in the industry for security services Continue reading What are the Best Security Testing Tools (Open Source)?
Two months ago, a review of the WordPress plugin Category Specific RSS feed Subscription was made with the title “Exploit?” with this information provided: Lot’s of bots are looking for this file used with this plugin: [Read more] ShareTweetSharePostSharePin It!
Visiting websites throughout the decades has always had its risks. With the creation of Flashplayer and JavaScript, site visitors could potentially be impacted by malicious viruses, like the notorious YouAreAnIdiot[.]org pop-ups that caused computers to be overrun by a massive Continue reading Can you be Hacked by Visiting a Website?
Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress Continue reading Increase In Malware Sightings on GoDaddy Managed Hosting
Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers. Additionally, in many situations, web Continue reading A guide to hardening your web server
It should be no shock by now that a professional can break through anything. These days, zero-days are a dime a dozen, so it’s important to ensure your site is hardened and protected as much as possible. While an SSL Continue reading Can an HTTPS Website be Hacked?
Today we are launching version 7.0.6 of CAPTCHA 4WP Free Edition. This latest release includes several improvements and fixes, for a smooth-running and stable CAPTCHA plugin for WordPress. What’s new? Version 7.0.6 includes a number of UX (User Experience) and Continue reading CAPTCHA 4WP 7.0.6 Free Edition
Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 Continue reading WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
Having an E-Commerce website can have its fair share of risks these days. As a site owner that handles online payments, however, it’s even more important to understand said risks and the best methods of avoiding it from not only Continue reading Demystifying E-Commerce Website Security
Since we acquired CAPTCHA 4WP (previously Advanced noCaptcha & invisible Captcha (v2 & v3)) we set about updating the code and mechanics of the plugin to bring it in line with WP White Security’s standards. In many ways. Version 7.0.0 Continue reading CAPTCHA 4WP Premium version 7.0.6 – You spoke, we listened
CAPTCHA is one of the best tools WordPress administrators and website owners have at their disposal in their fight against spam, such as spam comments and fake user registrations. Just like every other tool, sometimes it needs to be sharpened Continue reading Still experiencing spam with CAPTCHA on WordPress? Here’s what to do