On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts. We initially reached out to the plugin’s team on July 28, 2020 through their support […]
More info:
https://www.wordfence.com/blog/2020/10/vulnerability-exposes-over-4-million-sites-using-wpbakery/
Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, without the need to install any software or applications to identify threats. In September alone, a total of 17,138,086 website scans were performed […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/iQ1956w4Bvc/sitecheck-malware-report-september-summary.html
We are happy to announce the launch of WP Activity Log 4.1.4. This update includes a lot of improvements, and is particularly important for Yoast SEO plugin users. From now on the activity log for Yoast SEO functionality will be available through an extension. With this change we are now able to further improve the […]
More info:
https://wpactivitylog.com/wsal-4-1-4/
PhpAdmin vulnerability CVE-2005-3299 Security Advisory Security Advisory Description PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote ...
More info:
https://support.f5.com/csp/article/K05717484?utm_source=f5support&utm_medium=RSS
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover File Change Detection, a great way to keep track of changes made on […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-file-change-detection/
This month was characterized by some exciting announcements from the WordPress core team! Read on to catch up with all the WordPress news and updates from September. WordPress 5.5.1 Launch On September 1, the Core team released WordPress 5.5.1. This maintenance release included several bug fixes for both core and the editor, and many other […]
More info:
https://wordpress.org/news/2020/10/the-month-in-wordpress-september-2020/
A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense. On September 29, 2020, the Wordfence Live team […]
More info:
https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/
Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. […]
More info:
https://www.wordfence.com/blog/2020/10/episode-89-shopify-rogue-employees-medium-and-twitter-vulnerabilities-and-hackers-hiding-out-in-corporate-networks/
Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. […]
More info:
https://www.wordfence.com/blog/2020/10/episode-89-shopify-rogue-employees-medium-and-twitter-vulnerabilities-and-hackers-hiding-out-in-corporate-networks/
We already know the security of your site is important. But this is an undertaking that is hard to do properly without the expertise of a website professional who truly specializes in website security (and backups). Finding the right expert is equally as important, as you could be putting your site at greater risk by […]
More info:
https://blogvault.net/wordpress-security-assistance-gerasimos-interview-codeable/
