Select Page

wordpress security


How to secure WordPress website from hacks!

How to secure WordPress website from hacks!

WordPress powers 19% of the web, and 48 of the top 100 blog sites online. With a strong community of users and developers, the WordPress platform is evolving day by day, with more features and Add-ons.

This, in turn, poses some threats as well. Vulnerabilities and hacks can end up disrupting the website functioning. There have been many instances where a blog owner lost complete access to his site. (more…)

WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:

  • CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
  • CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.

(more…)

How to find malware and malicious code that anti-malware tools cannot

How to find malware and malicious code that anti-malware tools cannot

Linux servers have a great set of open source anti-malware tools like Linux Malware Detect, ClamAV + SaneSecurity, etc. These tools do a good job in identifying the vast majority of malware that’s out there. However, they still need a bit of time to create signatures from malware samples found in the wild. So, in some cases such as zero-day exploits, these anti-malware tools may need anywhere from a few hours to a couple of days to update their virus database. (more…)

How Active VisitorTracker Campaign malware spreads and how to block it

How Active VisitorTracker Campaign malware spreads and how to block it

On 18th Sep, Sucuri reported a sudden spike in the number of WordPress, Joomla and other CMS sites infected with the now infamous visitorTracker_isMob malware code. Using a malware signature published by Linux Malware Detect, we were able to secure all servers under our care from 18th onwards, but little was known about the mode of infection.  (more…)

WordPress Multisite SSL – How to enable shared or dedicated HTTPS in WPMU domains

WordPress Multisite SSL – How to enable shared or dedicated HTTPS in WPMU domains

OK. So, I started off writing this post explaining why SSL is important and how Google considers HTTPS as a ranking signal, but then I realized no one really needs a pitch on why secure website access is important. So, let’s get right to the meat of the matter. (more…)