In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding of your WordPress website and any vulnerabilities that may be present in your environment. It Continue reading WPScan Intro: How to Scan for WordPress Vulnerabilities
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, Continue reading 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Website hacking — the act of exploiting weaknesses to gain unauthorized access to a website, database, cPanel, or admin dashboard — is a reality that some webmasters struggle with. In the hands of bad actors, automated hack tools and exploit Continue reading Common Website Hacking Techniques
SSL port numbers serve as communication endpoints for transmitting or receiving data. One of the primary functions of these ports is to establish a secure connection between a web page and a website hosting server or the CDN/WAF that might Continue reading HTTPS Protocol: What is the Default Port for SSL & Common TCP Ports
The digital world isn’t all rainbows, unicorns, and cat gifs; it also has a dark side. As threats become increasingly sophisticated, website owners and administrators need to up their game. That’s why we’ve created this tailored email course — to Continue reading New Email Course: Common Website Threats & Malware
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to secure your site and server from attacks and malware. In today’s post, we’ll be outlining Continue reading How to Harden & Secure a Website (12 Steps)
Consumers spent a whopping $35.3 billion during last year’s cyber week shopping season. With Cyber Monday accounting for $11.3 billion in revenue alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making Continue reading Black Friday & Cyber Monday Ecommerce Security Threats
Your website’s database is a treasure trove of valuable information. However, this also makes it a prime target for hackers looking to steal sensitive data or modify your site’s content and behavior. The unfortunate reality is that a compromised website Continue reading New Hacked Database Guide
Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It is one of the most common types of website malware. It tricks unsuspecting users into Continue reading FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware nestled within JavaScript or PHP files, which can be directly executed by browsers or servers. Continue reading Shifting Malware Tactics & Stealthy Use of Non-Executable .txt & .log Files
HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone Continue reading What is HSTS: HTTP Strict Transport Security
In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of the most fundamental aspects of website security, yet we too often see webmasters taking a Continue reading Password Security & Password Managers
Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO artists to make a website show up in search engine results for spam keywords in Continue reading How to Find & Fix Japanese SEO Spam
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect Continue reading How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning of 2023, this malware campaign had expanded to over a hundred domain names to redirect Continue reading Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating Continue reading How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS)
A question we frequently get from new users as they’re onboarding is: why does WordPress get hacked? Of course, this question makes sense in this context; it’s extremely frustrating to find out that your WordPress website has been compromised and Continue reading Why WordPress Gets Hacked
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of Continue reading From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Remote Website Scanner — Mid-Year 2023 Report
The notorious Error 404 Not Found stands firmly at the top of the list of most common website issues. Encountering this HTTP status code indicates that your requested page is nowhere to be found on the server. A 404 Page Continue reading What is Error 404? How to Fix & Troubleshoot 404’s On Your Site