The Guide to WordPress Password Security
Weak passwords are one of the biggest threats that put the security of a WordPress site at risk. As an internet user, or if you guest author on a WordPress site you have definitely been told to use complex passwords, to use a different password for every website or service you are subscribed to, and to change your passwords every few months. Also, you should always logout from the sessions once ready, not use the remember me setting on websites, and not save your passwords in the web browser, in case your computer gets hacked. On top of that you […]

Wechat Broadcast <= 1.2.0 – Local/Remote File Inclusion

FV Flowplayer Video Player <= – Authenticated Cross-Site Scripting (XSS)

How to Use a WordPress Firewall for Enhanced Security and Performance
You know that it’s better to proactively secure your WordPress site than to wait to clean up after an attack. A security breach is a serious and costly matter and one that you don’t want to get involved with if you don’t have to. This is why you develop a well-rounded security plan that takes into account all the different points of entry a hacker could attack your site from. A lot of the time, though, we take these automated security strategies and tools for granted without ever really understanding the underlying technology that keeps our websites safe. So, today, […]

E-Commerce Security – Planning for Disasters
This is the last post in our series on E-commerce Security: Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store – Part 2 Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps you can take to secure your online store. So far in this series, we have touched on how to identify potential risks and how to defend against threats via WAF technologies. Continue reading E-Commerce Security – Planning for Disasters at Sucuri Blog.

Localize My Post 1.0 – Unauthenticated Local File Inclusion (LFI)

How to Limit & Manage Users Sessions in WordPress Sites & Multisite Networks
Do you ever wonder who is logged in to your WordPress site or multisite network right now? And what content they are reading, or what they are doing while logged in to your site? Knowing such information is crucial for a WordPress site owner or administrator. It will help you better manage your site and stay on top of the game. You can use a WordPress session management plugin to know what your sub contractors or colleagues are doing when logged in to the site. Or if you run a subscription business you can find out how often your customers […]

Arigato Autoresponder and Newsletter <= 2.5 – Multiple Vulnerabilities

Yes, You Should Probably Have A TLS Certificate
Last week’s article covering the decision to distrust Symantec-issued TLS certificates generated a great response from our readers. One common question we received, and one that pops up just about any time SSL/TLS comes up, is how to determine when a site does and does not need such a certificate. Spoiler: Your site should probably have a TLS certificate. This post is Copyright 2018 Defiant, Inc. and was published on the official blog. Republication of this post without permission is prohibited. You can find this post at: A subject of some discussion in the web community surrounds the […]

Backdoor Uses Paste Site to Host Payload
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to increase their chances of retaining control of the website so they can reinfect it continuously. Continue reading Backdoor Uses Paste Site to Host Payload at Sucuri Blog.