Podcast Episode 59: Mailpoet’s Kim Gjerstad on Beating Spammers and Improving Net Promoter Scores

https://www.wordfence.com/blog/2019/12/podcast-episode-59-mailpoets-kim-gjerstad-on-beating-spammers-and-improving-net-promoter-scores/
Kim Gjerstad, one of the founders of Mailpoet, visited with Mark at the Wordfence booth at WordCamp US. Kim and Mark talked about the origins of Mailpoet, the plugin that gives users a full email management system within the WordPress administrative dashboard. They talk about email deliverability as well as the challenges of fighting email abuse, a constant battle that Mailpoet is winning. They also talk about net promoter scores and what it means for the success of a SaaS business. Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast. Click here […]

Scoutnet Kalender <= 1.1.0 – Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9969

Best practices for managing WordPress activity log data

https://www.wpsecurityauditlog.com/wordpress-admin/best-practices-managing-wordpress-activity-logs-data/
The data stored in the WordPress activity log is sensitive and confidential. So should you back it up? Should you archive it and keep it secure? Many compliance regulations stipulate who can access such data, and how such data should be stored, secured and backed up. This is common practise in the finance and healthcare industries. Typically they also stipulate for how long activity log data should be kept. Therefore installing WP Security Audit Log to keep a log of user and site changes is just the beginning. As a business you are also responsible for the security and management of […]

CSS Hero <= 4.03 – Authenticated Reflected XSS

https://wpvulndb.com/vulnerabilities/9966

Using WPScan to find WordPress vulnerabilities on your website

https://www.wpwhitesecurity.com/wpscan-wordpress-security-scanner/
WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes. Since it is a WordPress black box scanner, it mimics a real attacker. This means it does not rely on any sort of access to your WordPress dashboard or source code to conduct the tests. In other words, if WPScan can find a vulnerability in your WordPress website, so can an attacker. WPScan uses the vulnerability database called wpvulndb.com to check the target for known vulnerabilities. The team […]

How To Remove Malicious Redirects From Your Site?

https://blogvault.net/malicious-redirects/
The post How To Remove Malicious Redirects From Your Site? appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.

How to Detect the .bt WordPress Hack

https://bitofwp.com/security/how-to-detect-the-bt-wordpress-hack/
Just recently we cleaned a WordPress site which was apparently hacked many years ago. The hack was still active and our client was lucky that we found it since he asked us to host the site for him(we’ll talk about this added service in a new blog post). Every time we handle a WordPress site we check if it has any signs of being hacked or compromised, we did the same for this site as well and we’ve found that it has been hacked for more than 2 years. While the site’s frontend worked fine its backend wasn’t maintained and […]

WP Spell Check <= 7.1.9 – Cross-Site Request Forgery (CSRF)

https://wpvulndb.com/vulnerabilities/9956

Update 3.5.2 – New filter hooks & better support for CPTs on multisite

https://www.wpsecurityauditlog.com/releases/update-3-5-2/
Today we are releasing WP Security Audit Log 3.5.2. This update contains an important patch for better handling of custom post types on multisite networks. In this update we are also introducing new filter hooks which allow you to further customize the plugin’s behaviour. New filter hooks for plugin users In this update we have included 3 new filter hooks: wsal_filter_prevent_deactivation_email_delivery: this filter hook deactivates the email that is automatically sent to the administrator when the plugin is deactivated. wsal_filter_deactivation_email_delivery_address: this filter hook can be used to change the email address to where the automated email is sent when the […]

Why you need both Two-factor Authentication & strong passwords on WordPress sites

https://www.wpwhitesecurity.com/two-factor-authentication-strong-passwords-wordpress/
Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide tips for using strong passwords on your WordPress website to compliment 2FA. Two-factor authentication explained Two-factor authentication is a way to authenticate to a system using a combination of two different factors. Generally, there are three different “factors” that may be used for 2FA. These […]