https://secupress.me/blog/website-hacked-for-seo-spam/Did you think hackers were just nefarious for the sake of being nefarious? That’s not the case. Google makes it clear in their webmaster channel that SEO is a big motivator for hackers. Once hackers get into your WordPress, it can be very tricky to remove their code. Another thing to keep in mind is that most black SEO experts go
https://www.wpwhitesecurity.com/wordpress-security/why-malicious-hacker-target-wordpress/We’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive information? The hacking to steal
https://www.pluginvulnerabilities.com/2017/02/17/wordpress-shutdowns-discussion-of-their-refusal-to-warn-about-unfixed-vulnerable-plugins/Since 2012 we have been trying to get WordPress to start warning webmasters when their websites are using plugins that have been removed from the Plugin Directory due to security issues (and notify people in general that they are using plugins that have been removed from it). In the past WordPress’ position was that they were working on implementing this, but as of
https://www.pluginvulnerabilities.com/2017/02/17/reflected-cross-site-scripting-xss-vulnerability-in-time-sheets/We recently found that the Time Sheets plugin contains a reflected cross-site scripting (XSS) vulnerability on one the plugin’s admin pages, Old Timesheets. As of version 1.3.1, in the file /entry.php the GET inputs “start_date”, “end_date”, and “include_completed” were echo’d out with being sanitized or escaped to prevent malicious code from being placed on the page: $start_date = $_GET[‘start_date’]; $end_date
https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/Recently while looking in to what turned out to be unrelated probing from a hacker for WordPress plugins we took a look at the plugin GTranslate and found that it has an open redirect vulnerability. In the file /url_addon/gtranslate.php a redirect will occur if two variables are the same: 30 31 32 33 if($glang
https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/About Julio Potier All of Julio Potier’s posts Co-founder of WP Media, french startup of 14 passionates, known for WP Rocket and Imagify. Julio is also co-organisator of WordCamp Paris. Compulsive speaker and WordPress expert, he’s a specialist in security for years and contribute to WordPress various ways.
https://www.wordfence.com/blog/2017/02/malware-to-scan-signatures/This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder 0 Replies One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the ‘Threat Defense Feed’. This is a combination of people, software, business processes and data. It’s an incredibly effective way to keep hackers
https://www.pluginvulnerabilities.com/2017/02/13/applying-the-lessons-of-recent-wordpress-defacements-to-the-handling-of-plugins-on-your-website/Recently quite a few WordPress websites (though not as many as the inflated claims by Wordfence and other security companies would have you believe) have been defaced due in large part to improper handling of security by the webmasters of those websites. While an exploitable vulnerability existed in 4.7.0 and 4.7.1, most websites running WordPress 4.7 at the time were protected