WordPress Security Updates: June 2020

https://s17528.pcdn.co/blog/wordpress-security-updates-june-2020/

These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]

WordPress Vulnerability Roundup: July 2020, Part 1

https://ithemes.com/wordpress-vulnerability-roundup-july-2020-part-1/

New WordPress plugin and theme vulnerabilities were disclosed during the first half of July, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core WordPress plugins WordPress themes WordPress Core Vulnerabilities There have not been any WordPress core vulnerabilities disclosed in July. WordPress Plugin Vulnerabilities 1. Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Coming Soon Page, Under Construction […]

Critical Vulnerabilities Patched in Adning Advertising Plugin

https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/

On June 24, 2020, our Threat Intelligence team was made aware of a possible vulnerability in the Adning Advertising plugin, a premium plugin with over 8,000 customers. We eventually discovered 2 vulnerabilities, one of which was a critical vulnerability that allowed an unauthenticated attacker to upload arbitrary files, leading to Remote Code Execution(RCE), which could allow complete site takeover. The next day, on June 25, 2020, we privately disclosed these vulnerabilities to the plugin’s author, Tunafish. A patched version was made available in less than 24 hours, on June 26, 2020. We strongly recommend updating to the latest version of […]

iThemes Security Pro Feature Spotlight #2: Trusted Devices

https://ithemes.com/ithemes-security-pro-feature-spotlight-2-trusted-devices/

Welcome to the second edition of the iThemes Security feature spotlight. In these posts, we pick a feature in the iThemes Security Pro plugin and share a bit about why we developed it, who the feature is for, and how to use the feature to strengthen your WordPress website’s security. Today we are going to cover Trusted Devices, a really cool way to help secure your WordPress site. Why We Developed Trusted Devices Let’s say you follow all of the WordPress security best practices to protect your user account. Not only do you use a unique, strong password for every […]

WordPress file permissions: the guide to configuring secure website & web server permissions

https://www.wpwhitesecurity.com/wordpress-file-permissions-guide-secure-website-server/

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can allow unauthorized users to gain access to potentially sensitive files and data. Such data can then be used as a stepping stone to a larger attack. As a WordPress administrator, file permissions may seem a bit daunting, especially if you’re new to Linux. Fear not! […]

5 Best WordPress Vulnerability Scanners To Find Security Vulnerabilities

https://blogvault.net/wordpress-vulnerability-scanner/

Are you worried that your WordPress site is not secure enough? Do you want to find and fix the security flaws that exist on your site? You’re on the right track. If hackers find vulnerabilities on your site, they exploit it and run all sorts of malicious activities such as redirecting your visitors to unknown […] The post 5 Best WordPress Vulnerability Scanners To Find Security Vulnerabilities appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.

Activity log for WPForms update: logs of entry edits & access control settings changes

https://wpactivitylog.com/activity-log-for-wpforms-update-logs-of-entry-edits-access-control-settings-changes/

Today we are happy to announce a new update of the activity log for WPForms extension. In this update we increased the activity log coverage. With this extension, WP Activity Log keeps a record of entry edits and access control changes. Both these features were introduced in WPForms 1.6.0 just a few weeks ago. Let’s dive right in to see what is new and improved in the latest update of our activity log for the WPForms extension. Keep a log of entry edits in WPForms “Getting accurate data and having control over your form entries should be simple.” – WPForms […]

iThemes Security Pro Feature Spotlight #1: Magic Links & Passwordless Login

https://ithemes.com/ithemes-security-pro-feature-spotlight-1-magic-links-passwordless-login/

Welcome to the first edition of the iThemes Security Pro feature spotlight. In these posts, we are going to highlight a feature and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover Magic Links and Passwordless Logins, two great features in the iThemes Security Pro plugin. Magic Links iThemes Security Pro is great at locking out bad guys. However, if a bad guy used the username Bob in a brute force attack, and Bob is an actual user on the site, Bob would […]

WordPress Vulnerability Roundup: June 2020, Part 2

https://ithemes.com/wordpress-vulnerability-roundup-june-2020-part-2/

New WordPress plugin and theme vulnerabilities were disclosed during the second half of June, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into four different categories: WordPress core WordPress plugins WordPress themes WordPress Core Vulnerabilities There have not been any WordPress vulnerabilities disclosed in the second half of June 2020. WordPress Plugin Vulnerabilities 1. Brizy – Page Builder Brizy – Page Builder versions below 1.0.126 […]

Malware Detection: Measuring Recall to Catch Them All

https://www.wordfence.com/blog/2020/06/malware-detection-measuring-recall-to-catch-them-all/

At Wordfence, we take performance seriously on all levels. While speed is one way to measure performance, there are other metrics that are equally important. Over the past year, our Threat Intelligence team has improved our malware scan by leaps and bounds. We wanted to share some of the metrics we use and what they mean for our customers. We’ll also take a brief look at the new Jetpack Scan and see how it compares. Measuring Recall to catch them all Wordfence currently has more than 1.5 million malware samples on file, ranging from backdoors and shells to SEO spam. […]