http://feedproxy.google.com/~r/sucuri/blog/~3/i_aFuWVcTOY/evaluating-cookies-to-hide-backdoors.html
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example, an attacker can inject a single line of code containing less than 130 characters into a website file. While this may not seem like a lot of code, this short string can be used to load PHP web shells on your website at the attacker’s whim — while also preventing website visitors and administrators from detecting the malicious behavior. Continue […]Interview with Ryan Dewhurst, founder of WPScan
https://www.wpwhitesecurity.com/interview-ryan-dewhurst-wordpress-vulnerabilities/
Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. The WPScan CLI tool currently uses a database of 21,875 WordPress vulnerabilities. 1. For those who do not know you, tell us what you do and a bit about your past and credentials. I’ve been interested in computers and […]Bogus CSS Injection Leads to Stolen Credit Card Details
The Month in WordPress: December 2020
https://wordpress.org/news/2021/01/the-month-in-wordpress-december-2020/
We bid goodbye to 2020 in style with the release of WordPress 5.6 and the launch of Learn WordPress. But these weren’t the only exciting updates from WordPress in December. Read on to learn more! WordPress 5.6 is here The latest major WordPress release, version 5.6 “Simone”, came out on December 8. The release ships with a new default theme called Twenty Twenty One. It offers a host of features, including: Greater layout flexibility More block patterns Video captioning support Auto-updates Beta-compatibility for PHP 8.0 Application password support for the REST API Updates to jQuery In addition, WordPress 5.6 is […]How to safely add custom code to WordPress websites
https://www.wpwhitesecurity.com/safely-add-custom-code-wordpress-websites/
Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom code to your website. However, there are a few things that you need to look out for when adding custom code making these changes to your WordPress website. This article highlights what to look out for, and the best practices to adding custom code to your WordPress website. What to look for before adding […]SEO Spam Links in Nulled Plugins
http://feedproxy.google.com/~r/sucuri/blog/~3/5HXxjdP_fig/seo-spam-links-in-nulled-plugins.html
It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting posts on social media, and ranking on search engines — all this costs a lot of money. At the end of the day, some site owners may even choose to cut expenses by installing pirated (or nulled) software on their websites. Unfortunately, as discussed in some of our earlier posts about free software and fake verification, these “free” components may still come with a hefty price tag. Continue reading SEO Spam Links in Nulled Plugins […]Who Attacked SolarWinds and Why WordPress Users Need to Know
https://www.wordfence.com/blog/2020/12/who-attacked-solarwinds-and-why-wordpress-users-need-to-know/
Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced certifications including OSCP and OSWE which are 24 and 48 hour exams respectively, that require hands-on hacking skills to pass. Chloe works full-time at Wordfence to identify and reverse engineer emerging threats facing WordPress. She works closely with vendors to remediate vulnerabilities they have, develops firewall rules for Wordfence, and publishes her research here, once the affected software has been patched […]SolarWinds and Supply Chain Attacks: Could it happen to WordPress?
WordPress Vulnerability Roundup: December 2020, Part 2
https://ithemes.com/wordpress-vulnerability-roundup-december-2020-part-2/
New WordPress plugin and theme vulnerabilities were disclosed during the second half of December. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes. In the December, Part 2 Report WordPress Core Vulnerabilities No new WordPress core vulnerabilities have been disclosed this month. The latest version of WordPress core is currently 5.6. As a WordPress security best practice, make sure you’re running the latest version […]