WordPress powers 19% of the web, and 48 of the top 100 blog sites online. With a strong community of users and developers, the WordPress platform is evolving day by day, with more features and Add-ons.
This, in turn, poses some threats as well. Vulnerabilities and hacks can end up disrupting the website functioning. There have been many instances where a blog owner lost complete access to his site. (more…)
If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:
- CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
- CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.
Linux servers have a great set of open source anti-malware tools like Linux Malware Detect, ClamAV + SaneSecurity, etc. These tools do a good job in identifying the vast majority of malware that’s out there. However, they still need a bit of time to create signatures from malware samples found in the wild. So, in some cases such as zero-day exploits, these anti-malware tools may need anywhere from a few hours to a couple of days to update their virus database. (more…)
On 18th Sep, Sucuri reported a sudden spike in the number of WordPress, Joomla and other CMS sites infected with the now infamous visitorTracker_isMob malware code. Using a malware signature published by Linux Malware Detect, we were able to secure all servers under our care from 18th onwards, but little was known about the mode of infection. (more…)
OK. So, I started off writing this post explaining why SSL is important and how Google considers HTTPS as a ranking signal, but then I realized no one really needs a pitch on why secure website access is important. So, let’s get right to the meat of the matter. (more…)