What is the best way to backup a WordPress website?


If you’re asking what is the best way to backup a WordPress website, then you’ve made a good start. That means you know backing up your WordPress website or blog is necessary. You just want to know which option works best for you. We’re here to help you answer the question. In this blog post, we explain why backups are a neglected but vital aspect of your WordPress website security and maintenance routine. First, we outline the detrimental effects of neglecting to establish a secure backup system and what you stand to lose. But before you rush to solve this […]

WordPress Vulnerability Report: March 2021, Part 4


New WordPress plugin and theme vulnerabilities were disclosed during the final week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on the Common Vulnerability Scoring System. In the March, Part 4 Report WordPress Core Vulnerabilities No new WordPress core vulnerabilities have been disclosed this month. WordPress Plugin Vulnerabilities […]

PHP Repository Exploited by Hackers


The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team. Per a statement released in PHP’s internal mailing list, the current investigation believes the git.php.net server itself has been compromised rather than the individual’s account. Everything points towards a compromise of the git.php.net server. Continue reading PHP Repository Exploited by Hackers at Sucuri Blog.

PHP Compromised: What WordPress Users Need to Know


Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. Remote Code Execution makes it possible to issue commands to a server remotely which allows attackers to do things like create new files, steal data on the server, delete files, and essentially take over the affected server by any websites powered by PHP. In this post, […]

Disable Apache mod_rewrite Rules in any Subdirectory


Let’s say you have some .htaccess rewrite rules in place using Apache’s mod_rewrite. By default if the rewrite rules are located in the root directory, they will be applied to every subdirectory, as expected. But what if you need to disable the rewrite rules so that they do not affect some specific sub-directory or sub-folder? This super quick tutorial shows the easiest way to do it. Don’t blink.. Ready? Here it is: RewriteEngine off Create a new .htaccess file in the subdirectory where you want to turn off mod_rewrite, and then add the above line of code. Done. For example, […]

Episode 110: Active Exploitation Continues on Unpatched Thrive Themes


Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences a breach that could affect customers, and Slack’s new “Slack Connect” feature has some security concerns. Here are timestamps and links in case you’d like to jump around, and a transcript is below. 0:13 Recently Patched Vulnerability in Thrive Themes Actively Exploited in the Wild […]

How Do Websites Get Hacked?


As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close to heart. Consider the Scale of Hacked Websites 1.2 billion sites make up today’s World Wide Web. Assuming a 3-second load time, continuous queries, and not a wink of rest, it’d take you over 160 years to just see every site that currently exists. Continue reading How Do Websites Get Hacked? at […]

Two Vulnerabilities Patched in Facebook for WordPress Plugin


On December 22, 2020, our Threat Intelligence team responsibly disclosed a vulnerability in Facebook for WordPress, formerly known as Official Facebook Pixel, a WordPress plugin installed on over 500,000 sites. This flaw made it possible for unauthenticated attackers with access to a site’s secret salts and keys to achieve remote code execution through a deserialization weakness. In addition, on January 27, 2021, we disclosed a separately identified vulnerability in Facebook for WordPress that was introduced in the rebranding of the plugin in version 3.0.0. This flaw made it possible for attackers to inject malicious JavaScript into the plugin’s settings, if […]

Recently Patched Vulnerability in Thrive Themes Actively Exploited in the Wild


On March 23, 2021, the Wordfence Threat Intelligence Team discovered two recently patched vulnerabilities being actively exploited in Thrive Theme’s “Legacy” Themes and Thrive Theme plugins that were chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites. We estimate that more than 100,000 WordPress sites are using Thrive Theme products that may still be vulnerable. Patches were released on March 12, 2021 for the vulnerable themes and plugins. We are seeing these vulnerabilities being actively exploited in the wild, and we urge users to update to the latest versions available immediately since they contain a […]

Can your WordPress website users damage your business?


Can your employees be a threat? Yes, quite possibly, but in the main unwittingly. I wrote recently on the statistics which highlight the biggest source of WordPress vulnerabilities. However, another sizeable constituent part of your infrastructure is equally vulnerable, if not more so, and which we all too often overlook – our users – who are being targeted directly by the bad actors out there. Table of contents Lessons we can learn from the CIA Why the attacks? What are they after? From where, and how are they gaining access? What can I do about all this? What can we […]