Beware of Applications Misusing Root Stores

We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store … Read moreThe post Beware of Applications Misusing Root Stores appeared first on Mozilla Security Blog. More info: https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/

How to Find & Fix Mixed Content Issues with SSL / HTTPS

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole. With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make that transition with your website. But it can also have an unintended consequence for […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/_g9FmAupO1A/how-to-find-fix-mixed-content-issues-with-ssl-https.html

Episode 115: Update Your Mac: Gatekeeper Bypass Vulnerability Exploited in the Wild

Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers […] More info: https://www.wordfence.com/blog/2021/04/episode-115-update-your-mac-gatekeeper-bypass-vulnerability-exploited-in-the-wild/

SQL Injection Vulnerability Patched in CleanTalk AntiSpam Plugin

On March 4, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all […] More info: https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/

The Month in WordPress: April 2021

As WordPress grows, both in usage as a CMS and in participation as a community, it’s important for us to shed the idea that software creation is only about what literally can be done to code or what literally can be done to core or what literally can be done to the CMS. That was […] More info: https://wordpress.org/news/2021/05/the-month-in-wordpress-april-2021/

WordPress Vulnerability Report: May 2021, Part 1

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is […] More info: https://ithemes.com/wordpress-vulnerability-report-may-2021-part-1/

SQL Injection: A Guide for WordPress Users

If you’re serious about your website’s security, then it’s time to learn about the dangers of SQL injections and how you can combat them. The term SQL injection (also called SQLi) refers to a type of cyberattack technique that is a common way for hackers to compromise websites of all kinds, including sites that run […] More info: https://ithemes.com/sql-injection-wordpress/

Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over […] More info: https://www.wordfence.com/blog/2021/05/episode-116-packagist-patch-shows-how-supply-chain-threats-could-impact-wordpress/

WordPress Security Updates: April 2021

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […] More info: https://pagely.com/blog/wordpress-security-updates-april-2021/

How to keep a log of Yoast SEO changes on your website

Most site owners are well-aware of the impact of both good and bad Search Engine Optimization (SEO). As such, monitoring how SEO affects your site is vital. In fact, there’s a simple way to keep a log of Yoast SEO changes across your entire site. We develop an activity log extension with which you can […] More info: https://wpactivitylog.com/keep-log-yoast-seo-changes/
Translate »