Hostgator Website Hacked and Suspended: Here’s How To Fix It
The post Hostgator Website Hacked and Suspended: Here’s How To Fix It appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.

Severe Flaws Patched in Responsive Ready Sites Importer Plugin
On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions. We reached out to the plugin’s developer on March 3, 2020, and they were proactive and quick to respond. They released patches consisting of nonce and permissions checks on nearly all of the […]

WordPress 5.4 RC3
The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) Or download the release candidate here (zip). For details about what to expect in WordPress 5.4, please see the first release candidate post. RC3 addresses improvements to the new About page and 8 fixes for the following bugs and regressions: 49657 – Block Editor: Update WordPress Packages WordPress […]

Should maintained plugins be suspended from the WordPress repository when there is a security issue?
On 27th February 2020, at 9:34PM (CET) we received an email notifying us that our plugin WP Security Audit Log was “temporarily withdrawn from the Plugin directory due to an exploit”. We submitted a fix on Friday, 28th February 2020, at 4:08PM. It only took us 16.5 hours to release the fix. We would have fixed the issue much earlier if this happened during our normal working hours (we are based in Europe), because we have a very good support response time (reference). Our plugin was reinstated on Monday 2nd March 2020 at 1:00PM. That is 69 hours after […]

How to Secure a WordPress Site in 7 Simple Steps
At any moment, your website might be under attack without you knowing it. Bots could be probing your pages, trying to find vulnerabilities to inject malware or gain access to user data. It’s your job to secure your WordPress site so it isn’t low-hanging fruit for them. Although WordPress is secure in and of itself, that doesn’t mean there aren’t steps you can take to protect your content further. A few changes here and there can turn your website into a fortress and ensure your user data remains safe. In this guide, we’re going to talk about WordPress security in general. […]

Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites
On March 4th, our Threat Intelligence team discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites. One vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, to export a list of all newsletter subscribers, export system configuration information, and grant themselves access to various features of the plugin. We privately disclosed these issues to the plugin’s author, who responded within a few hours. We worked with […]

Google Showing Japanese Keywords For Your Website – Fixing Japanese Keyword Hack
Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack. In a Japanese keyword hack, auto generated Japanese text starts to appear on your site. This particular Blackhat SEO technique hijacks Google search results by …

Vulnerability Patched in Import Export WordPress Users
On February 26th, our Threat Intelligence team discovered a vulnerability in Import Export WordPress Users, a WordPress plugin installed on over 30,000 sites. The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users. We reached out to the plugin’s developer on February 26th, who responded that they were currently working on updating their plugin with several security fixes. They released a patch for the problem before we provided the full disclosure of the vulnerability to them. After the initial release, we provided some additional security recommendations for issues not addressed […]

WordPress Vulnerability Roundup: March 2020, Part 1
New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into four different categories: WordPress core WordPress plugins WordPress themes WordPress Core Vulnerabilities There haven’t been any disclosed WordPress vulnerabilities in 2020. WordPress Plugin Vulnerabilities Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested […]

The Dangers of Unlicensed WordPress Plugins and Themes
One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can […]