Think Like a Hacker Podcast Episode 1: An Interview with Josepha Haden
Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users’ security and more. Click here to download an MP3 version of this podcast. Note that we are in the process of syndicating video and audio versions of this podcast to your favorite player, and we needed […]

PCI DSS Compliance for WordPress eCommerce & Business Sites
If you have an ecommerce or business WordPress site then PCI compliance is not new for you. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal or Stripe, there are still some regulatory requirements your website has to adhere to. We have prepared this definitive guide to PCI compliance for WordPress site owners to help you build a PCI DSS compliant website. In this guide we explain in detail all you need to know […]

How to Add SSL & Move WordPress from HTTP to HTTPS
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate. Why is Important to Have a WordPress SSL Certificate? SSL has become increasingly important in the past couple of years, not only for securely transmitting information to and from your website, but also to increase visibility and lower the chances of being penalized by website authorities. Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS […]

Blog2Social <= 5.0.2 – Authenticated Cross-Site Scripting (XSS)

Quiz And Survey Master – Authenticated Cross-Site Scripting (XSS)

Hacked Website Trend Report – 2018
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of 25,168 cleanup requests and summarizes the latest trends by bad actors. We’ve built this analysis from prior reports to identify the latest tactics, techniques, and procedures (TTPs) detected by our Remediation Group. Continue reading Hacked Website Trend Report – 2018 at Sucuri Blog.

PCI DSS for WordPress | Requirement 10: Track & Monitor All Access
PCI DSS stands for Payment Card Industry Data Security Standards. It is a set of compliance regulations that any eCommerce and WordPress site that somehow deals with cardholder data has to adhere to. Websites have to be compliant even if they do not store cardholder data and uses a third party payment gateway. PCI DSS consist of 12 different requirements which cover every aspect of network, physical and web application security that is required to protect the cardholder data and achieve compliance. In this post we will focus specifically on how PCI DSS requirement 10 applies to WordPress sites and what you […]

Fake Browser Updates Push Ransomware and Bank Malware
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog.

Coinhive closes – hackers will lose their favorite tool of exploitation
Coinhive development team published a blog post about the discontinuation of Coinhive system. Yes, the same Coinhive that we talked about some time ago. Coinhive cryptocurrency mining script used widely by hackers to exploit hacked websites and their visitors by using the computational power of computers used to browse infected sites. For the sake of truth, it should be mentioned that Coinhive was not designed as a tool for hackers, but its concept was perfect for exploiting cracked websites. The development team has also developed a Proof of Work Captcha script that acted as bot protection. Coinhive – Monero cryptocurrency […]

Fremius Library <= 2.2.3 – Authenticated Option Update