How to Create a Website Maintenance Plan & Contract
In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have a hard time convincing them on the value of managed services. It’s a common mindset. Much like the homeowner who is unwilling to invest in a rock solid insurance policy or an uninsured car owner who gets insurance after a reckless driver rams into the back of it. Continue reading How to Create a Website Maintenance Plan & Contract at Sucuri Blog.

Podcast Episode 38: Automattic Buys Tumblr from Verizon
The Wall Street Journal reported on Monday, August 12, 2019 that Verizon is selling social media and blogging platform Tumblr to Automattic for an undisclosed sum, though rumors state that it may be as low as $3 million dollars. After the announcement, Automattic CEO Matt Mullenweg discussed the news on PostStatus, stating that they plan to migrate infrastructure off of Verizon, move Tumblr’s backend to WordPress, and support the same APIs on both and Tumblr. Mullenweg noted on PostStatus that this acquisition is “by far the largest investment or acquisition Automattic has ever made.” In this episode, we discuss […]

Give <= 2.5.0 – SQL Injection

Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 – Multiple Issues

PPOM for WooCommerce <= 18.3 – Authenticated Stored XSS

CformsII <= 15.0.1 – Unauthenticated HTML Injection & CSRF

Troldesh Ransomware Dropper
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php This type of infected URL is usually spread through malicious emails or through services like social media. Malicious “JSC Airline” JScript File Once a victim clicks the URL and loads it, a JScript file downloads to the victim’s computer. Continue reading Troldesh Ransomware Dropper at Sucuri Blog.

ND Restaurant Reservations <= 1.3 – Unauthenticated Options Change

Podcast Episode 37: Vito Peleg Talks Breaking the Agency Glass Ceiling & Building a Product with Customers
 In this episode, Mark chats with Vito Peleg, the founder of WP Feedback, a plugin that helps WordPress-focused agencies streamline approval and support for their customers. Vito talks about the glass ceiling in agencies where managing people and projects begins to inhibit growth and profitability. He also shares some interesting thoughts on where pain points lie and how to move past them, as well as how to effectively leverage your own customers to inform product design. Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast. Click here to download an MP3 […]

Prevention is the way to go when it comes to WordPress security
A common misconception is that malicious hackers only target websites with large income, or those that store valuable sensitive information. However, WordPress websites generally get a lot of unwanted attention, which is why it’s important to take preventive measures from the get-go. The good news is that (on top of basic measures such as having a robust updating strategy) WordPress offers you a lot of options to protect your website against hack attacks. Even simple implementations, such as enabling Two-Factor Authentication (2FA) can drastically improve the security of your website or eCommerce store. In this article, we’ll talk about why […]