WordPress PCI compliance for e-commerce & business sites


If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal or Stripe, there are still some regulatory requirements your website has to adhere to. We have prepared this definitive guide to WordPress PCI compliance for site owners to help you build a PCI DSS compliant website. In this guide we explain in detail all you […]

Vulnerable Plugin Exploited in Spam Redirect Campaign


Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin. Continue reading Vulnerable Plugin Exploited in Spam Redirect Campaign at Sucuri Blog.

WordPress 5.8 Tatum


Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and changed what people thought could be done.  So fire up your music service of choice and enjoy Tatum’s famous recordings of ‘Tea for Two’, ‘Tiger Rag’, ‘Begin the Beguine’, and ‘Night and Day’ as you read about what the latest WordPress version brings to you. Three Essential Powerhouses Manage Widgets with Blocks After months of hard work, the power of blocks has come to […]

WP 2FA 1.7: Refactored plugin for better performance, design, and reliability


Today we are happy to announce update 1.7.0 of the WP 2FA plugin. It has already been one year and three months since we launched the plugin, and since then, we’ve learned a lot about how the plugin is used and how it should work to best serve our users’ needs. In this update, we focused on rewriting many parts of the plugin, which allow for better performance, design, and reliability. Let’s dive right in to see what is new, improved, and fixed in this update. What’s new? With every new update released, we continue to enhance the efficiency of […]

WP Briefing: Episode 13: Cherishing WordPress Diversity


In this episode, Josepha Haden Chomphosy discusses the importance of Diversity, Equity, and Inclusion to the fabric of the WordPress project and how we can move from a place of welcoming it to cherishing it. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First by Kevin MacLeod References Diversity Speaker Training Workshop A WordPress Dinner Party The Burden of Proof Leadership At Any Level Building a Culture of Safety Leadership Basics: Ethics in Communication WordPress 5.6 Transcript […]

Unauthenticated SQL Injection Vulnerability Discovered in WooCommerce


An unauthenticated SQL Injection vulnerability affecting versions of WooCommerce on more than 5 million websites on the Internet has been disclosed to the public by Automattic. Due to the nature […]

WordPress Security Updates: June 2021


This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […]

Critical SQL Injection Vulnerability Patched in WooCommerce


On July 14, 2021, WooCommerce released an emergency patch for a SQL Injection vulnerability reported by security researcher Thomas DeVoss (dawgyg). This vulnerability allowed unauthenticated attackers to access arbitrary data in an online store’s database. WooCommerce is the leading e-Commerce platform for WordPress and is installed on over 5 million websites. Additionally, the WooCommerce Blocks feature plugin, installed on over 200,000 sites, was affected by the vulnerability and was patched at the same time. The Wordfence Threat Intelligence team was able to develop proofs of concept for time-based and boolean-based blind injections and released an initial firewall rule to our […]

How to record a history of failed login attempts on WordPress?


One of the most common methods that hackers use to gain access to a WordPress site is a brute force attack. The best defense against such attacks is to keep a record of failed logins so you can limit them. This article explains how the WP Activity Log plugin keeps a log of failed logins, so you can see the failed login history of a WordPress website. It also showcases the different settings you can use to configure the plugin based on your needs. How the WP Activity Log plugin keeps a record of failed login attempts on WordPress? The […]

WordPress Vulnerability Report: July 2021, Part 2


Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. As one of the largest WordPress Vulnerability Reports to date, please share this post with your friends to help get the word out and make WordPress safer for everyone. In the July, […]