Blog

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you […] More info: https://www.wpwhitesecurity.com/wordpress-security-process-test-harden-monitor-improve/

New WordPress plugin and theme vulnerabilities were disclosed during the first half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. New WordPress plugin and […] More info: https://ithemes.com/wordpress-vulnerability-roundup-june-2020-part-1/

WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions […] More info: https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

NGINX Controller API Vulnerability CVE-2020-5901 Security Advisory Security Advisory Description Undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the ... More info: https://support.f5.com/csp/article/K43520321?utm_source=f5support&utm_medium=RSS

NGINX Controller vulnerability CVE-2020-5900 Security Advisory Security Advisory Description Insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. ( ... More info: https://support.f5.com/csp/article/K31044532?utm_source=f5support&utm_medium=RSS

NGINX Controller vulnerability CVE-2020-5899 Security Advisory Security Advisory Description Recovery code required to change a users password is transmitted and stored in the database in plain ... More info: https://support.f5.com/csp/article/K25434422?utm_source=f5support&utm_medium=RSS

These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […] More info: https://pagely.com/blog/wordpress-security-updates-may-2020/

Since the last couple of weeks, the security researchers at Astra have been tracking a push notifications malware on WordPress. This campaign has been combined with the on-going redirection campaign on WordPress websites. A few malicious domains where redirection is happening include inpagepush[.]com, asoulrox[.]com and iclickcdn[.]com, justcannabis[.]online. Hackers have gone one step ahead this time […] More info: https://www.getastra.com/blog/cms/wordpress-security/fix-push-notifications-malware/

The most highly requested WP 2FA feature we are asked for is to allow users to setup two-factor authentication from a website page. In eCommerce stores and membership / subscription websites users only have access to custom user profile pages, so it was not possible for them to setup 2FA. With this update of our […] More info: https://www.wpwhitesecurity.com/wp-2fa-1-3/

Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of […] More info: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/