With the latest release of iThemes Security Pro, we have added encryption to protect the two-factor authentication (2FA) codes used for multi-factor login authentication. To ensure that your site is using this new functionality, upgrade to iThemes Security Pro version Continue reading Release Note: Encryption Added to Two-Factor Codes in iThemes Security Pro
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – October 19, 2022
The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. As with every WordPress core Continue reading Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes
One of the most popular tactics of malicious attackers is to add malicious redirect malware to a site for the purpose of driving traffic to another site. This can be detrimental not only to the site owner, but to site Continue reading How to Recover from Malicious Redirect Malware Hack
While working on or maintaining your WordPress website, you’ll inevitably encounter an error that prevents it from properly functioning. Knowing how to securely debug and troubleshoot WordPress is an exceptionally important skill. But there’s one important step you’ll want to Continue reading How to Securely Debug WordPress Errors on Your Website
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – October 12, 2022
The WordPress login redirect loop is a common issue that no WordPress website owner is safe from. You enter your admin credentials, but instead of loading the admin dashboard, WordPress returns you to the login page. Most tutorials suggest you Continue reading How to Fix the WordPress Login Redirect Loop Issue
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – October 5, 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup September 2022
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – September 28, 2022
The attack is simple: when browsing an infected website, the user receives a notification that insists they must download a file to continue to access the content. What they don’t know is that the file is actually a Remote Access Continue reading New Malware Variants Serve Bogus CloudFlare DDoS Captcha
“Too many redirects,” also known as a redirect loop, is an error the browser will return if the requested web page fails to load due to an endless number of redirects it has to follow to retrieve any content from Continue reading Too Many Redirects: What This Error Means And How to Fix It
Recently, iThemes Security Pro added passkeys as a primary authentication method for WordPress sites. This groundbreaking release is the first of its kind in the WordPress space, and it’s something you should know about. Once again, iThemes Security has shown Continue reading Passwords are Broken. WebAuthn is the New Standard for Authentication
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – September 21, 2022
All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and Continue reading A Guide to Virtual Patching for Website Vulnerabilities
Morning in the office. The phone rings. One of my clients calling with panic in his voice: “My website is gone. We can’t get to it! It’s not there!” His business depends on customers placing orders on his website all Continue reading My Website Is Broken. Now, What Do I Do?
The easiest and most secure way to log in to your WordPress site is here! iThemes Security Pro just added biometric logins (like Face ID, Touch ID, and Windows Hello) and passkey technology supported by all major browsers, including Chrome, Continue reading New! Passkeys with Biometric Logins for WordPress are Here in iThemes Security Pro
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a Continue reading Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes Continue reading WordPress Vulnerability Report – September 14, 2022
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium, Wordfence Continue reading PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild